_ _______ Release Date: __ N.I.A. _ ___ ___ Are you on any WAN? Are 08AUG91 ____ ___ ___ ___ ___ you on Bitnet, Internet _____ ___ ___ ___ ___ Compuserve, MCI Mail, Editors: ___ ___ ___ ___ ___________ Sprintmail, Applelink, Judge Dredd ___ ___ ___ ___ ___________ Easynet, Usenet, Lord Macduff ___ ______ ___ ___ ___ FidoNet, et al.? Advisors: ___ _____ ___ ___ ___ If so please drop us a Knight Lighting ____ _ __ ___ line at Jim Thomas ___ _ ___ nia@nuchat.sccsi.com __ _ Network Information Access Ignorance, There's No Excuse. Issue 072 :: Volume 02 "Do you know why there are so few sophisticated computer terrorists in the United States? Because your hackers have so much mobility into the Establishment. Here there is no such mobility. If you have the slightese bit of intellectual integrity you cannot support the government... That's why the best computer minds belong to the opposition." - An anonymous member of the Polish trade union Solitarity. ^*^ Greetings, avid readers! This issue marks a departure from our usual pattern, in that we now have the beginnings of an advisory staff. We would like to welcome Knight Lightning, Ex-editor of the now-late Phrack Inc. magazine. We would also like to welcome Jim Thomas, Editor of the Computer Underground Digest. If you feel you have certain qualities that could improve NIA magazine, please write us at nia@nuchat.sccsi.com. ============================================================================ 1. Index to NIA072 .............................................NIA Editors 2. The Renaissance of Hacking ...............................Mark Hittinger 3. The Hacker Manifesto ......................................Erik Bloodaxe 4. Foiling the Cracker [Dept. of Defense]......................Killing Joke 5. UNIX: JE Documentation ................................Terminal_Erection 6. Network Miscellany ......................................Various Sources 7. CyberTimes (Vox Populi) [1/4] ...............................Judge Dredd 8. CyberTimes (Vox Populi) [2/4] ...............................Judge Dredd 9. CyberTimes (Vox Populi) [3/4] ...............................Judge Dredd 10. CyberTimes (Vox Populi) [4/4] ...............................Judge Dredd 11. Editor's Comments ...........................................NIA Editors ============================================================================ / / / NIA 072 / File 2 / / Hacking and Hackers: The Rise, Stagnation, and Renaissance. / / Copyright(C) 1991 By Mark Hittinger / / / It doesn't take a rocket scientist to figure out that the publicity afforded to hacking has risen to peak levels within the last year. As one would expect, the political attention being paid to the subject of hackers has also risen to peak levels. We are hearing more about hackers each day. The newspapers have articles about alleged computer crime and phone fraud almost weekly. The legal system is issuing indictments, the secret service is running around with wildcard search warrants, and captured naive hackers are turning on each other. Some well known computer people have formed a lobby called the "Electronic Frontier Foundation". Fox TV has news people on the scene during a bust of an alleged "hacker" who was invading their own doofus system! Non-computer "lay" people have been asking me a lot of questions. So who am I? I'm just another computer bum. I got into computers in the early seventies during high school. I've witnessed computing's rise as something social outcasts did to something everybody wanted to be a part of. Babes looked at us with disgust as we grabbed our data on 110 baud teletypes and paper tape. Rolls of paper tape and access to timeshared basic was so great that we didn't even think that it could get better. Well guess what? Computers and our social position kept getting better. It got so good that pretty soon everybody wanted to ask us questions. These days we are like doctors at a cocktail party, we are always getting hit on for free computer consulting! Even from the babes! You've come a long way baby! Later I got into the professional side, that is, systems programming, systems management, and software development. I've worked with GE, Xerox, IBM, Digital, CDC, HP, Prime, anything I could get my hands on. I dearly loved the DEC-10, learned to live with VAX/VMS, and now grit my teeth when I work with Unix/MS-DOS. My hobby became my career, and they paid me money for it. My chosen hacking name is "bugs bunny" and you can find me on some bulletin boards as user "bugs". Bugs was always creating virtual rabbit holes out of thin air and dodging in and out of them. True hackers love to find and fix software "bugs". Yea!! I'm 34 now and a dad. Being involved in computers for a long time gives me a better perspective than most. Over the years there would sometimes be a major media coverage of some computer crime event. As a local computer "heavy", there were always questions coming my way about what these things were all about. Lately, the questions are more frequent and more sophisticated. All these big highly publicized busts are opening a lot of issues. I didn't have answers to some of these questions so I sat down and did some thinking. Writing this article is an outgrowth of that. I am not a writer so grant me some journalistic slack. Back in the early seventies hacking was quite free. Most of the important stuff was running on batch mainframes that had no connection to the outside world. The systems that we played with were not really considered critical by anyone. We were allowed to play to our hearts content, and nobody really worried about it at all. This period is what I like to think of as the "rise of hacking". You can read about some of it in the first section of Levy's book, "HACKERS". I love that section and read it when current events depress me. In those days the definition of hacker was clear and clean. It was fun, it was hi-tech, it was a blast, and it was not a threat. There were no big busts, very few people understood computing, and the public had no interest in it. We hacked for the sheer love of it. How can I describe the depth of interest that we had? We were not concerned with our image or our "identity". We wrote games, wrote neat hacks, and learned the strengths or weaknesses of each system. We were able to obtain access to a broad range of systems. Consider teenage boys comparing and contrasting the systems designed by older engineers! We eventually reached a point where we decided how a system should be set up. At this point we began to make an annoyance of ourselves. In all instances the various administrations considered us minor annoyances. They had much more pressing problems! New users began to show up in the labs. They reluctantly wanted to get something done that absolutely had to be done on the computer. In many cases they had no idea how to start, and were left to their own devices. Centralized data processing management (MIS) didn't want to deal with them. Often, they saw us playing around, joking, laughing, carefree, and not at all intimidated by the computer. They, on the other hand, were quite intimidated. We helped these people get started, showed them were the documentation was, and explained various error conditions to them. We quickly developed reputations as knowing how to get something to work. One of the people I helped made a remark to me that has stuck with me for a long time. He said, "I am trained as a civil engineer, so I don't have a feel for this. But you, you are pure bred. You've gotten into this fresh and taught yourself from the ground up. You haven't been trained into any set doctrine." Phar out man! This is an important point. There were no rules, guidelines, or doctrines. We made our own up as our experiences dictated. As time wore on, the new user pool began to grow more rapidly. The computers began to creak and groan under the work loads that were being placed upon them. During the day time, we came to the computer area to find it packed. We could no longer access the computers during the day. After all, we were just playing! That was OK with us. Soon we were there at night and on weekends. We obtained the off-hour non-prime time access, but this put us further away from the mainstream. These new guys liked the timeshared computers much more than their mainframe batch machines. They started to move their darn *important* crud from the mainframe machines to "our" timesharing computers. Pretty soon the administrations started to think about what it meant to have payroll or grades on the same computers that had "star-trek version 8", "adventure", or "DECWAR version 2.2". They were concerned about security on the timesharing systems, but due to their budget constraints, most of the centralized MIS shops still had to give priority to their batch mainframes. We continued to play, but we cursed at the slow systems when the important stuff was running. I got off "tuning" systems to make them run faster or more efficiently. Interactive response time became the holy grail. The "rise of hacking" was beginning to run out of steam. The timesharing systems had been expanded as much as technology and budgets would allow. We had learned the various systems internals inside and out. We now knew much more about the systems than the "official" maintainers did, and these maintainers perceived us as a threat to their positions. The computers were still overloaded. The nasty politics of access and resources began to rear their head. A convenient scapegoat was to eliminate access to games. Eliminate the people that were just playing. Examine all computing activity and bill for it. This didn't solve any of the problems (we all knew payroll and grades wouldn't fit in!) but it did raise the issue of the hackers to the surface. All of a sudden we became defined as a problem! We were soon getting shut out of various systems. New kids began to show up and pretend to be hackers. They would do anything to show off, and created large problems for "us". At this point the "stagnation" period was beginning. These were hard days for us. Many of my friends quit what they were doing. Many of us got real jobs on the computers we played with as a dodge. Centralized MIS departments began to be placed between the rock and hard place of limited budgets and unlimited customers. The new kids, the overloaded systems, the security concerns for the important applications, and the political situation all resulted in the stagnation of hacking. "Hacker" took on a bad connotation. I saw all kind of debates over what "hacker" meant. Some claimed it was a compliment, and should only be awarded to those bit twiddlers that were truly awesome. Many claimed that hackers were the scum of the earth and should be totally decimated! What could you do but stay out of the way and let things take their course? I realize now that it was in the MIS departments' *VESTED INTEREST* to define the term "hacker". Centralized MIS did not have the courage to fight for larger budgets. Upper level administrators who just approved the budget would freak out when they saw kids playing games on the computers in the library. MIS had to define this as bad, had to say they would put a stop to it. MIS had to look like they were managing the computer resources responsibly. Any unusual or politically unacceptable computer event that couldn't be covered up was caused by "hackers". It was a dodge for MIS! I am not saying that some questionable stuff didn't go down, I am just saying that it was logical to call anything "bad" by some sort of easily accepted label - "hackers". Of course, when the unusual computing event took place your budding journalists were johnny on the spot. You don't climb that journalist ladder by writing about boring stories. Wild computer stories about hacking captured the public interest. I suppose the public liked to hear that somebody could "beat" the system somehow. Journalists picked up on this and wrote stories that even I found hard to believe. The new kids, even when not asked, would blab all day long about the great things that they were doing. And don't you know, they would blab all day long about great hacks they heard that you pulled! Stories get wilder with each re-telling. I realize now that it was in the journalists' *VESTED INTEREST* to define the term "hacker". The public loves robin hood, the journalists went out and found lots of pseudo-robin hoods. More and more stories began to hit the public. We heard stories of military computers getting penetrated. We heard stories of big financial rip-offs. We heard cute stories about guys who paid themselves the round-off of millions of computer generated checks. We heard stories of kids moving space satellites! We heard stories of old ladies getting their phone bills in a heavy parcel box! As an old timer, I found a lot of these stories far fetched. It was all national inquirer type stuff to me. The public loved it, the bureaucrats used it, and the politicians began to see an opportunity! The end of the "stagnation" period coincides the arrival of the politicians. Was it in the *VESTED INTEREST* of the politicians to define the term "hacker"? You bet! Here was a safe and easy issue! Who would stand up and say they were FOR hackers? What is more politically esthetic than to be able to define a bad guy and then say you are opposed to it? More resources began to flow into law enforcement activities. When actual busts were made, the legal system had problems coming up with charges. The legal system has never really felt comfortable with the punishment side of hacking, however, they LOVE the chase. We didn't have guns, we were not very dangerous, but it is *neat* to tap lines and grab headlines! What a dangerous time this was. It was like a feedback loop, getting worse every week. When centralized MIS was unable to cover up a hacking event, they exaggerated it instead. Shoddy design or poor software workmanship was never an issue. Normally "skeptical" journalists did not ask for proof, and thrilled at the claims of multi-million dollar damages. Agents loved to be seen on TV (vote for me when I run!) wheeling out junior's Christmas present from last year, to be used as "evidence". The politicians were able to pass new laws without constitutional considerations. New kids, when caught, would rabidly turn on each other in their desperation to escape. Worried older hackers learned to shut up and not give their side for fear of the feeding frenzy. Hackers were socked with an identity crisis and an image problem. Hackers debated the meaning of hacker versus the meaning of cracker. We all considered the fundamental question, "What is a true hacker?". Cool administrators tried to walk the fine line of satisfying upper level security concerns without squelching creativity and curiosity. So what is this "renaissance" business? Am I expecting to see major hacker attacks on important systems? No way, and by the way, if you thought that, you would be using a definition created by someone with a vested interest in it. When did we start to realize that hacker was defined by somebody else and not us? I don't know, but it has only been lately. Was it when people started to ask us about these multi-million dollar damage claims? I really think this is an important point in time. We saw BellSouth claim an electronically published duplicate of an electronic document was worth nearly $100,000 dollars! We later saw reports that you could have called a 1-800 number and purchased the same document for under twenty bucks. Regular non-computer people began to express suspicion about the corporate claims. They expressed suspicion about the government's position. And generally, began to question the information the media gave them. Just last month an article appear in the Wall Street Journal about some hackers breaking in to electronic voice mail boxes (fancy answering machines). They quoted some secret service agent as saying the damages could run to the tens of millions of dollars. Somebody asked me how in the world could screwing around with peoples answering machines cause over 10 million dollars in damages? I responded, "I don't know dude! Do you believe what you read?" And when did the secret service get into this business? People say to me, "I thought the secret service was supposed to protect the president. How come the secret service is busting kids when the FBI should be doing the busting?" What can I do but shrug? Maybe all the Abu-Nidals are gone and the president is safe. Maybe the FBI is all tied up with some new AB-SCAM or the S&L thing. Maybe the FBI is damn tired of hackers and hacking! In any event, the secret service showed it's heavy hand with the big series of busts that was widely publicized recently. They even came up with *NEAT* code names for it. "Operation SUNDEVIL", WOW! I shoulda joined the secret service!!! Were they serious or was this their own version of dungeons and dragons? In a very significant way, they blew it. A lot of those old nasty constitutional issues surfaced. They really should define clearly what they are looking for when they get a search warrant. They shouldn't just show up, clean the place out, haul it back to some warehouse, and let it sit for months while they figure out if they got anything. This event freaked a lot of lay people out. The creation of the Electronic Frontier Foundation is a direct result of the blatantly illegal search and seizure by the secret service. People are worried about what appears to be a police state mentality, and generally feel that the state has gone to far. I think the average American has a gut level feel for how far the state should go, and the SS clearly went past that point. To be fair, there aren't any good guidelines to go by in a technical electronic world, so the secret service dudes had to decide what to do on their own. It just turned out to be a significant mistake. I saw Clifford Stoll, the author of the popular book "Cuckoos Egg" testify on national C-SPAN TV before congress. His book is a very good read, and entertaining as well. A lot of lay people have read the book, and perceive the chaos within the legal system. Stoll's book reveals that many systems are not properly designed or maintained. He reveals that many well known "holes" in computer security go unfixed due to the negligence of the owners. This book generated two pervasive questions. One, why were there so many different law enforcement agencies that could claim jurisdiction? Lay people found it amazing that there were so many and that they could not coordinate their efforts. Two, why were organizations that publicly claimed to be worried about hackers not updating their computer security to fix stale old well known problems? If indeed a hacker were able to cause damage by exploiting such a well known unfixed "hole", could the owner of the computer be somehow held responsible for part of the damage? Should they? We all watched in amazement as the media reported the progress of Robert Morris's "internet worm". Does that sound neat or what? Imagine all these lay people hearing about this and trying to judge if it is a problem. The media did not do a very good job of covering this, and the computing profession stayed away from it publicly. A couple of guys wrote academic style papers on the worm, which says something about how important it really was. This is the first time that I can remember anyone examining a hacking event in such fine detail. We started to hear about military interest in "worms" and "viruses" that could be stuck into enemy computers. WOW! The media accepted the damage estimates that were obviously inflated. Morris's sentence got a lot of publicity, but his fine was very low compared to the damage estimates. People began to see the official damage estimates as not being very credible. We are in the first stages of the hacking renaissance. This period will allow the hackers to assess themselves and to re-define the term "hacker". We know what it means, and it fits in with the cycle of apprentice, journeyman, and master. Its also got a little artist, intuition, and humor mixed in. Hackers have the chance to repudiate the MISs', the journalists', and the politicians' definition! Average people are questioning the government's role in this and fundamental rights. Just exactly how far should the government go to protect companies and their data? Exactly what are the responsibilities of a company with sensitive, valuable data on their computer systems? There is a distinct feeling that private sector companies should be doing more to protect themselves. Hackers can give an important viewpoint on these issues, and all of a sudden there are people willing to listen. What are the implications of the renaissance? There is a new public awareness of the weakness in past and existing systems. People are concerned about the privacy of their electronic mail or records on the popular services. People are worried a little about hackers reading their mail, but more profoundly worried about the services or the government reading their stuff. I expect to see a very distinct public interest in encrypted e-mail and electronic privacy. One of my personal projects is an easy to use e-mail encrypter that is compatible with all the major e-mail networks. I hope to have it ready when the wave hits! Personal computers are so darn powerful now. The centralized MIS department is essentially dead. Companies are moving away from the big data center and just letting the various departments role their own with PCs. It is the wild west again! The new users are on their own again! The guys who started the stagnation are going out of business! The only thing they can cling to is the centralized data base of information that a bunch of PCs might need to access. This data will often be too expensive or out-of-date to justify, so even that will die off. Scratch one of the vested definers! Without centralized multi-million dollar computing there can't be any credible claims for massive multi-million dollar damages. Everyone will have their own machine that they can walk around with. It is a vision that has been around for awhile, but only recently have the prices, technology, and power brought decent implementations available. Users can plug it into the e-mail network, and unplug it. What is more safe than something you can pick up and lock up? It is yours, and it is in your care. You are responsible for it. Without the massive damage claims, and with clear responsibility, there will no longer be any interest from the journalists. Everybody has a computer, everybody knows how much the true costs of damage are. It will be very difficult for the journalists to sensationalize about hackers. Scratch the second tier of the vested definers! Without media coverage, the hackers and their exploits will fade away from the headlines. Without public interest, the politicians will have to move on to greener pastures. In fact, instead of public fear of hackers, we now are seeing a public fear of police state mentality and abuse of power. No politician is going to want to get involved with that! I expect to see the politicians fade away from the "hacker" scene rapidly. Scratch the third tier of the vested definers! The FBI and the secret service will be pressured to spend time on some other "hot" political issue. So where the heck are we? We are now entering the era of truly affordable REAL systems. What does REAL mean? Ask a hacker dude! These boxes are popping up all over the place. People are buying them, buying software, and trying to get their work done. More often than not, they run into problems, and eventually find out that they can ask some computer heavy about them. Its sort of come full circle, these guys are like the new users of the old timesharing systems. They had an idea of what they wanted to do, but didn't know how to get there. There wasn't a very clear source of guidance, and sometimes they had to ask for help. So it went! The hackers are needed again. We can solve problems, get it done, make it fun. The general public has the vested interest in this! The public has a vested interest in electronic privacy, in secure personal systems, and in secure e-mail. As everyone learns more, the glamour and glitz of the mysterious hackers will fade. Lay people are getting a clearer idea of whats going on. They are less willing to pay for inferior products, and aren't keen about relying on centralized organizations for support. Many know that the four digit passcode some company gave them doesn't cut the mustard. What should we hackers do during this renaissance? First we have to discard and destroy the definition of "hacker" that was foisted upon us. We need to come to grips with the fact that there were individuals and groups with a self interest in creating a hysteria and/or a bogeyman. The witch hunts are over and poorly designed systems are going to become extinct. We have cheap personal portable compatible powerful systems, but they do lack some security, and definitely need to be more fun. We have fast and cheap e-mail, and this needs to be made more secure. We have the concept of electronic free speech, and electronic free press. I think about what I was able to do with the limited systems of yesterday, and feel very positive about what we can accomplish with the powerful personal systems of today. On the software side we do need to get our operating system house in order. The Unix version wars need to be stopped. Bill Gates must give us a DOS that will make an old operating system guy like me smile, and soon! We need to stop creating and destroying languages every three years and we need to avoid software fads (I won't mention names due to personal safety concerns). Ken Olsen must overcome and give us the cheap, fast, and elegantly unconstrained hardware platform we've waited for all our lives. What we have now is workable (terrific in terms of history), but it is a moral imperative to get it right. What we have now just doesn't have the "spark" (I am not doing a pun on sun either!!!). The hackers will know what I mean. If we are able to deal with the challenges of the hacking renaissance, then history will be able to record the hackers as pioneers and not as vandals. This is the way I feel about it, and frankly, I've been feeling pretty good lately. The stagnation has been a rough time for a lot of us. The stock market guys always talk about having a contrarian view of the market. When some company gets in the news as a really hot stock, it is usually time to sell it. When you hear about how terrible some investment is, by some perverse and wonderful force it is time to buy it. So it may be for the "hackers". We are hearing how terrible "hackers" are and the millions of dollars of vandalism that is being perpetrated. At this historic low are we in for a reversal in trend? Will the stock in "hackers" rise during this hacking renaissance? I think so, and I'm bullish on the 90's also! Party on d00des! ------------------------------------------------------------------------------ / / / NIA072 / File 3 / / / / MANIFESTO OF THE AMERICAN COMPUTIST / / by Erik Bloodaxe / / / / / A spectre is haunting the America--the spectre of Computing. All the Powers of Western Capitalism have entered into a holy alliance to exorcise this spectre: BOC and LDS, lawyers and judges, corporate CEOs and federal law enforcement officials. Where is the person in quest of knowledge that has not been decried as "hacker" by opponents in power? Where the Opposition that has not hurled back the branding reproach of Social Miscreant, against the more advanced opposition, as well as against its techno-illiterate adversaries? Two things result from this fact. I. Computers are already acknowledged by all Western Powers to be themselves a power. II. It is high time that the Computists should openly, in the face of the whole world, publish their views, their aims, their tendencies, and meet this nursery tale of the Spectre of Computing with a manifesto of the users themselves. To this end, Computists of various races, purposes, and classes have voiced their opinions, and from these the following Manifesto has been sketched. I. BUSINESSMEN AND USERS The history of all hitherto existing society is the history of struggles. Freeman and slave, patrician and plebeian, lord and serf, guild-master and journeyman, in a word, oppressor and oppressed, stood in constant opposition to one another, carried on an uninterrupted, now hidden, now open fight, a fight that each time ended either in a revolutionary re-constitution of society at large, or in the common ruin of the contending classes. In this, the era of epoch of Big Business, we are again engaged in struggle. This era, however, possesses a distinctive feature: the objective of increased profit masks the reality of those that are truly threats, and those that are merely perceived as such. Through this avaricious vision, government is forced into becoming a pawn of the corporate leaders who wish to stamp out any threat, real or imaginary, upon their first instinct to do so. Through this procedural paranoia, those who get caught in the whirlwind of events stemming from business-induced federal investigations often find their rights in serious jeopardy. The word of Business is taken as law. The colorful portrait of a computer-based threat to the workings of Business, thereby disrupting profit, and in turn the economy, force the politicians to act in great haste in forcing orders down the bureaucratic hierarchy to eliminate the threat. This fact, accompanied by the threat of removal of corporate contributions to political campaigns, increases the bias in which the procedures of investigation are conducted. Business today has achieved near deification. The reach of corporations has become immeasurable. This influence has stripped away the existence of the rights of individuals, leaving behind only a few stray hemp fibers from a once full Constitution. This fact is intolerable. The Government was created by and for the people that it would govern. Special influences have no place in decision making on who is to be governed and how. The corporate grasp must be loosened so that Democracy can flourish in its natural course. II. SOCIETY AND COMPUTISTS To society as a whole, the Computist is an often misunderstood entity. The media representation of the Computist left the public with a jaded image. Stories of Computer-based threats to National Security, to Emergency Networks, and to Hospital Patients left the public enraged by and frightened of the people possessing knowledge to interface with today's electronic world. Actual computer-related incidents that may have adversely affected the nation can be counted on the fingers of one hand, while more minor instances are played up by the Corporations and sent to the media to stir up more unrest against the Computist. The more often occurrence is an action of benefit. Computists point out flaws, alert people to problems in security, and in general assure that the nation's computer networks remain safe from foreign intrusions. These actions are mutually beneficial for both parties. The Computist gains the experience and knowledge, and the Business owning the system gains further protection. For this act of good faith, the Computist is not thanked, rather he is threatened, investigated, fined and possibly jailed. This is most often the case even when the Computist has made himself known from the onset. Computists have the power to do a great many things that society as a whole is unaware of. This power is perceived as a threat to Business, who has kept the mere existence of such power quietly to themselves. It has long been agreed upon that the public should never truly know the true extent of the influence Business actually has over their individual lives. Business, through the use of a computer, has ready access to eavesdrop on any telephone call placed in this country; to view any criminal record, sealed or unsealed; to view and alter any financial and credit records; to seize and transfer assets from any bank or other financial institution and to view any medical or psychiatric records. Business knows who you associate with, what you spend, what you buy, where you go, and who and what you are. Through these records they can designate how much you will have to pay for the things you wish to purchase, and what methods you will most easily succumb to in being forced to do so. To alert the public to these facts and to help in the eradication of Business influence, the Computists call for certain measures to be enacted. 1. The abolition of all current computer crime laws. 2. The re-evaluation of what encompasses computer crime by legislature, by Computists, and by other legal counsel to provide legal statutes that strictly outline progressive guidelines to the crime and their respective punishments. 3. Full disclosure by Business of the powers they have kept hidden from the public, so that all may know the possibilities that exist today for Business to invade the privacy of the society. 4. Extensive training for all federal and local law enforcement officials who will be assigned to investigate computer-related crime so that they will be skillful enough in their duties to properly execute this task. 5. Computer education classes to be required of all children enrolled in schools, public or otherwise, to begin as early as the first year enrolled, and to continue up through the completion of the end of their secondary education. 6. Continuing education classes in computer instruction to be provided free-of-charge to any willing adult through local educational facilities. 7. Government published documents on all conceivable aspects of computing to be provided free-of-charge through the General Services Administration via the Consumer Information Catalog. III. COMPUTIST LITERATURE In the past most Computist literature has been left as underground newspapers, and selectively mailed electronic digests. These were the first to attempt to expose the untruths and to surface the hidden powers of Business. This media, although provided at little or no cost, has always received limited distribution due to Business-induced governmental intrusions. There have also been countless texts produced covering the operations of softwares and of operating systems. These texts have always had the potential to reach a great many persons, but have been provided at a cost that may have deterred the average person from their purchase. Government publications have the potential to reach every member of society, and can provide all people with current, correct, and understandable information. This type of distribution would greatly increase society's knowledge of computers and reduce the tensions felt towards the subject. With increased knowledge of computers, society as a whole would prosper, allowing all members the potential to move technology forward towards a better and more productive future. IV. POSITION OF THE COMPUTIST STRUGGLE IN RELATION TO THE VARIOUS EXISTING OPPOSITION PARTIES The struggle of the Computist against Big Business is a microcosm of society as a whole. This struggle should be the struggle of every man and woman in this country. We are all being oppressed and suppressed by the powers of Big Business influencing our government, making it work against the needs of society. To end this atrocity that we have allowed to imbed itself in our nation we must all work together. PEOPLE OF THE NATION, UNITE! ----------------------------------------------------------------------------- / / / NIA 072 / File 4 / / / / `Foiling the Cracker' / / A Survey of, and Improvements to, Password Security / / This work was sponsored in part by the U.S. Department of Defense. / / / / Killing Joke / / / Daniel V. Klein Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15217 dvk@sei.cmu.edu +1 412 268 7791 With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance. High speed inter-machine communication and even higher speed computational processors have made the threats of system ``crackers,'' data theft, data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a proactive password checker, is proposed. Introduction The security of accounts and passwords has always been a concern for the developers and users of Unix. When Unix was younger, the password encryption algorithm was a simulation of the M-209 cipher machine used by the U.S. Army during World War II. %A Robert T. Morris %A Ken Thompson %T Password Security: A Case History %J Communications of the ACM %V 22 %N 11 %P 594-597 %D November 1979 %L Morris1979 This was a fair encryption mechanism in that it was difficult to invert under the proper circumstances, but suffered in that it was too fast an algorithm. On a PDP-11/70, each encryption took approximately 1.25ms, so that it was possible to check roughly 800 passwords/second. Armed with a dictionary of 250,000 words, a cracker could compare their encryptions with those all stored in the password file in a little more than five minutes. Clearly, this was a security hole worth filling. In later (post-1976) versions of Unix, the DES algorithm %T Proposed Federal Information Processing Data Encryption Standard %J Federal Register (40FR12134) %D March 17, 1975 %L DES1975 was used to encrypt passwords. The user's password is used as the DES key, and the algorithm is used to encrypt a constant. The algorithm is iterated 25 times, with the result being an 11 character string plus a 2-character ``salt.'' This method is similarly difficult to decrypt (further complicated through the introduction of one of 4096 possible salt values) and had the added advantage of being slow. On a (VAX-II (a machine substantially faster than a PDP-11/70), a single encryption takes on the order of 280ms, so that a determined cracker can only check approximately 3.6 encryptions a second. Checking this same dictionary of 250,000 words would now take over 19 hours of CPU time. Although this is still not very much time to break a single account, there is no guarantee that this account will use one of these words as a password. Checking the passwords on a system with 50 accounts would take on average 40 CPU days (since the random selection of salt values practically guarantees that each user's password will be encrypted with a different salt), with no guarantee of success. If this new, slow algorithm was combined with the user education needed to prevent the selection of obvious passwords, the problem seemed solved. Regrettably, two recent developments and the recurrence of an old one have brought the problem of password security back to the fore. CPU speeds have gotten increasingly faster since 1976, so much so that processors that are 25-40 times faster than the PDP-11/70 (e.g., the DECstation 3100 used in this research) are readily available as desktop workstations. With inter-networking, many sites have hundreds of the individual workstations connected together, and enterprising crackers are discovering that the ``divide and conquer'' algorithm can be extended to multiple processors, especially at night when those processors are not otherwise being used. Literally thousands of times the computational power of 10 years ago can be used to break passwords. New implementations of the DES encryption algorithm have been developed, so that the time it takes to encrypt a password and compare the encryption against the value stored in the password file has dropped below the 1ms mark. %A Matt Bishop %T An Application of a Fast Data Encryption Standard Implementation %J Computing Systems %V 1 %N 3 %P 221-254 %D Summer 1988 %L Bishop1988 %A David C. Feldmeier %A Philip R. Karn %T UNIX Password Security - Ten Years Later %J CRYPTO Proceedings %D Summer 1989 %L Feldmeier1989 On a single workstation, the dictionary of 250,000 words can once again be cracked in under five minutes. By dividing the work across multiple workstations, the time required to encrypt these words against all 4096 salt values could be no more than an hour or so. With a recently described hardware implementation of the DES algorithm, the time for each encryption can be reduced to approximately 6ms. %A Philip Leong %A Chris Tham %T UNIX Password Encryption Considered Insecure %J USENIX Winter Conference Proceedings %D January 1991 %L Leong1991 This means that this same dictionary can be be cracked in only 1.5 seconds. Users are rarely, if ever, educated as to what are wise choices for passwords. If a password is in a dictionary, it is extremely vulnerable to being cracked, and users are simply not coached as to ``safe'' choices for passwords. Of those users who are so educated, many think that simply because their password is not in /usr/dict/words, it is safe from detection. Many users also say that because they do not have any private files on-line, they are not concerned with the security of their account, little realizing that by providing an entry point to the system they allow damage to be wrought on their entire system by a malicious cracker. Because the entirety of the password file is readable by all users, the encrypted passwords are vulnerable to cracking, both on-site and off-site. Many sites have responded to this threat with a reactive solution - they scan their own password files and advise those users whose passwords they are able to crack. The problem with this solution is that while the local site is testing its security, the password file is still vulnerable from the outside. The other problems, of course, are that the testing is very time consuming and only reports on those passwords it is able to crack. It does nothing to address user passwords which fall outside of the specific test cases (e.g., it is possible for a user to use as a password the letters ``qwerty'' - if this combination is not in the in-house test dictionary, it will not be detected, but there is nothing to stop an outside cracker from having a more sophisticated dictionary!). Clearly, one solution to this is to either make /etc/passwd unreadable, or to make the encrypted password portion of the file unreadable. Splitting the file into two pieces - a readable /etc/passwd with all but the encrypted password present, and a ``shadow password'' file that is only readable by Broot is the solution proposed by Sun Microsystems (and others) that appears to be gaining popularity. It seems, however, that this solution will not reach the majority of non-Sun systems for quite a while, nor even, in fact, many Sun systems, due to many sites' reluctance to install new releases of software. The problem of lack of password security is not just endemic to Unix. A recent Vax/VMS worm had great success by simply trying the username as the password. Even though the VMS user authorization file is inaccessible to ordinary users, the cracker simply tried a number of ``obvious'' password choices - and easily gained access. What I propose, therefore, is a publicly available proactive password checker, which will enable users to change their passwords, and to check a priori whether the new password is ``safe.'' The criteria for safety should be tunable on a per-site basis, depending on the degree of security desired. For example, it should be possible to specify a minimum length password, a restriction that only lower case letters are not allowed, that a password that looks like a license plate be illegal, and so on. Because this proactive checker will deal with the pre-encrypted passwords, it will be able to perform more sophisticated pattern matching on the password, and will be able to test the safety without having to go through the effort of cracking the encrypted version. Because the checking will be done automatically, the process of education can be transferred to the machine, which will instruct the user why a particular choice of password is bad. Password Vulnerability It has long been known that all a cracker need do to acquire access to a Unix machine is to follow two simple steps, namely: Acquire a copy of that site's /etc/passwd file, either through an unprotected uucp link, well known holes in sendmail, or via ftp or tftp. Apply the standard (or a sped-up) version of the password encryption algorithm to a collection of words, typically /usr/dict/words plus some permutations on account and user names, and compare the encrypted results to those found in the purloined /etc/passwd file. If a match is found (and often at least one will be found), the cracker has access to the targeted machine. Certainly, this mode of attack has been known for some time, %A Eugene H. Spafford %T The Internet Worm Program: An Analysis %R Purdue Technical Report CSD-TR-823 %I Purdue University %D November 29, 1988 %L Spafford1988 and the defenses against this attack have also long been known. What is lacking from the literature is an accounting of just how vulnerable sites are to this mode of attack. In short, many people kno w that there is a problem, but few people believe it applies to them. ``There is a fine line between helping administrators protect their systems and providing a cookbook for bad guys.'' %A F. Grampp %A R. Morris %T Unix Operating System Security %J AT&T Bell Labs Technical Journal %V 63 %N 8 %P 1649-1672 %D October 1984 %L Grampp1984 The problem here, therefore, is how to divulge useful information on the vulnerability of systems, without providing too much information, since almost certainly this information could be used by a cracker to break into some as-yet unviolated system. Most of the work that I did was of a general nature - I did not focus on a particular user or a particular system, and I did not use any personal information that might be at the disposal of a dedicated ``bad guy.'' Thus any results which I have been able to garner indicate only general trends in password usage, and cannot be used to great advantage when breaking into a particular system. This generality notwithstanding, I am sure that any self-respecting cracker would already have these techniques at their disposal, and so I am not bringing to light any great secret. Rather, I hope to provide a basis for protection for systems that can guard against future attempts at system invasion. The Survey and Initial Results In October and again in December of 1989, I asked a number of friends and acquaintances around the United States and Great Britain to participate in a survey. Essentially what I asked them to do was to mail me a copy of their /etc/passwd file, and I would try to crack their passwords (and as a side benefit, I would send them a report of the vulnerability of their system, although at no time would I reveal individual passwords nor even of their sites participation in this study). Not surprisingly, due to the sensitive nature of this type of disclosure, I only received a small fraction of the replies I hoped to get, but was nonetheless able to acquire a database of nearly 15,000 account entries. This, I hoped, would provide a representative cross section of the passwords used by users in the community. Each of the account entries was tested by a number of intrusion strategies, which will be covered in greater detail in the following section. The possible passwords that were tried were based on the user's name or account number, taken from numerous dictionaries (including some containing foreign words, phrases, patterns of keys on the keyboard, and enumerations), and from permutations and combinations of words in those dictionaries. All in all, after nearly 12 CPU months of rather exhaustive testing, approximately 25% of the passwords had been guessed. So that you do not develop a false sense of security too early, I add that 21% (nearly 3,000 passwords) were guessed in the first week, and that in the first 15 minutes of testing, 368 passwords (or 2.7%) had been cracked using what experience has shown would be the most fruitful line of attack (i.e., using the user or account names as passwords). These statistics are frightening, and well they should be. On an average system with 50 accounts in the /etc/passwd file, one could expect the first account to be cracked in under 2 minutes, with 5-15 accounts being cracked by the end of the first day. Even though the Broot account may not be cracked, all it takes is one account being compromised for a cracker to establish a toehold in a system. Once that is done, any of a number of other well-known security loopholes (many of which have been published on the network) can be used to access or destroy any information on the machine. It should be noted that the results of this testing do not give us any indication as to what the uncracked passwords are. Rather, it only tells us what was essentially already known - that users are likely to use words that are familiar to them as their passwords. %A Bruce L. Riddle %A Murray S. Miron %A Judith A. Semo %T Passwords in Use in a University Timesharing Environment %J Computers & Security %V 8 %N 7 %P 569-579 %D November 1989 %L Riddle1989 What new information it did provide, however, was the degree of vulnerability of the systems in question, as well as providing a basis for developing a proactive password changer - a system which pre-checks a password before it is entered into the system, to determine whether that password will be vulnerable to this type of attack. Passwords which can be derived from a dictionary are clearly a bad idea, %A Ana Marie De Alvare %A E. Eugene Schultz, Jr. %T A Framework for Password Selection %J USENIX UNIX Security Workshop Proceedings %D August 1988 %L Alvare1988 and users should be prevented from using them. Of course, as part of this censoring process, users should also be told why their proposed password is not good, and what a good class of password would be. As to those passwords which remain unbroken, I can only conclude that these are much more secure and ``safe'' than those to be found in my dictionaries. One such class of passwords is word pairs, where a password consists of two short words, separated by a punctuation character. Even if only words of 3 to 5 lower case characters are considered, /usr/dict/words provides 3000 words for pairing. When a single intermediary punctuation character is introduced, the sample size of 90,000,000 possible passwords is rather daunting. On a DECstation 3100, testing each of these passwords against that of a single user would require over 25 CPU hours - and even then, no guarantee exists that this is the type of password the user chose. Introducing one or two upper case characters into the password raises the search set size to such magnitude as to make cracking untenable. Another ``safe'' password is one constructed from the initial letters of an easily remembered, but not too common phrase. For example, the phrase ``Unix is a trademark of Bell Laboratories'' could give rise to the password ``UiatoBL.'' This essentially creates a password which is a random string of upper and lower case letters. Exhaustively searching this list at 1000 tests per second with only 6 character passwords would take nearly 230 CPU days. Increasing the phrase size to 7 character passwords makes the testing time over 32 CPU years - a Herculean task that even the most dedicated cracker with huge computational resources would shy away from. Thus, although I don't know what passwords were chosen by those users I was unable to crack, I can say with some surety that it is doubtful that anyone else could crack them in a reasonable amount of time, either. Method of Attack A number of techniques were used on the accounts in order to determine if the passwords used for them were able to be compromised. To speed up testing, all passwords with the same salt value were grouped together. This way, one encryption per password per salt value could be performed, with multiple string comparisons to test for matches. Rather than considering 15,000 accounts, the problem was reduced to 4,000 salt values. The password tests were as follows: Try using the user's name, initials, account name, and other relevant personal information as a possible password. All in all, up to 130 different passwords were tried based on this information. For an account name Bklone with a user named ``Daniel V. Klein,'' some of the passwords that would be tried were: klone, klone0, klone1, klone123, dvk, dvkdvk, dklein, DKlein, leinad, nielk, dvklein, danielk, DvkkvD, DANIEL-KLEIN, (klone), KleinD, etc. Try using words from various dictionaries. These included lists of men's and women's names (some 16,000 in all); places (including permutations so that ``spain,'' ``spanish,'' and ``spaniard'' would all be considered); names of famous people; cartoons and cartoon characters; titles, characters, and locations from films and science fiction stories; mythical creatures (garnered from Bulfinch's mythology and dictionaries of mythical beasts); sports (including team names, nicknames, and specialized terms); numbers (both as numerals - ``2001,'' and written out - ``twelve''); strings of letters and numbers ( ``a,'' ``aa,'' ``aaa,'' ``aaaa,'' etc.); Chinese syllables (from the Pinyin Romanization of Chinese, a international standard system of writing Chinese on an English keyboard); the King James Bible; biological terms; common and vulgar phrases (such as ``fuckyou,'' ``ibmsux,'' and ``deadhead''); keyboard patterns (such as ``qwerty,'' ``asdf,'' and ``zxcvbn''); abbreviations (such as ``roygbiv'' - the colors in the rainbow, and ``ooottafagvah'' - a mnemonic for remembering the 12 cranial nerves); machine names (acquired from /etc/hosts); characters, plays, and locations from Shakespeare; common Yiddish words; the names of asteroids; and a collection of words from various technical papers I had previously published. All told, more than 60,000 separate words were considered per user (with any inter- and intra-dictionary duplicates being discarded). Try various permutations on the words from step 2. This included making the first letter upper case or a control character, making the entire word upper case, reversing the word (with and without the aforementioned capitalization), changing the letter `o' to the digit `0' (so that the word ``scholar'' would also be checked as ``sch0lar''), changing the letter `l' to the digit `1' (so that ``scholar'' would also be checked as ``scho1ar,'' and also as ``sch01ar''), and performing similar manipulations to change the letter `z' into the digit `2', and the letter `s' into the digit `5'. Another test was to make the word into a plural (irrespective of whether the word was actually a noun), with enough intelligence built in so that ``dress'' became ``dresses,'' ``house'' became ``houses,'' and ``daisy'' became ``daisies.'' We did not consider pluralization rules exhaustively, though, so that ``datum'' forgivably became ``datums'' (not ``data''), while ``sphynx'' became ``sphynxs'' (and not ``sphynges''). Similarly, the suffixes ``-ed,'' ``-er,'' and ``-ing'' were added to transform words like ``phase'' into ``phased,'' ``phaser,'' and ``phasing.'' These 14 to 17 additional tests per word added another 1,000,000 words to the list of possible passwords that were tested for each user. Try various capitalization permutations on the words from step 2 that were not considered in step 3. This included all single letter capitalization permutations (so that ``michael'' would also be checked as ``mIchael,'' ``miChael,'' ``micHael,'' ``michAel,'' etc.), double letter capitalization permutations (``MIchael,'' ``MiChael,'' ``MicHael,'' ... , ``mIChael,'' ``mIcHael,'' etc.), triple letter permutations, and so on. The single letter permutations added roughly another 400,000 words to be checked per user, while the double letter permutations added another 1,500,000 words. Three letter permutations would have added at least another 3,000,000 words per user had there been enough time to complete the tests. Tests of 4, 5, and 6 letter permutations were deemed to be impracticable without much more computational horsepower to carry them out. Try foreign language words on foreign users. The specific test that was performed was to try Chinese language passwords on users with Chinese names. The Pinyin Romanization of Chinese syllables was used, combining syllables together into one, two, and three syllable words. Because no tests were done to determine whether the words actually made sense, an exhaustive search was initiated. Since there are 398 Chinese syllables in the Pinyin system, there are 158,404 two syllable words, and slightly more than 16,000,000 three syllable words. The astute reader will notice that 398\s-2\u3\d\s+2 is in fact 63,044,972. Since Unix passwords are truncated after 8 characters, however, the number of unique polysyllabic Chinese passwords is only around 16,000,000. Even this reduced set was too large to complete under the imposed time constraints. A similar mode of attack could as easily be used with English, using rules for building pronounceable nonsense words. Try word pairs. The magnitude of an exhaustive test of this nature is staggering. To simplify this test, only words of 3 or 4 characters in length from /usr/dict/words were used. Even so, the number of word pairs is BOR(10\s-3\u7\d\s+3) (multiplied by 4096 possible salt values), and as of this writing, the test is only 10% complete. For this study, I had access to four DECstation 3100's, each of which was capable of checking approximately 750 passwords per second. Even with this total peak processing horsepower of 3,000 tests per second (some machines were only intermittently available), testing the BOR(10\s-3\u10\d\s+3) password/salt pairs for the first four tests required on the order of 12 CPU months of computations. The remaining two tests are still ongoing after an additional 18 CPU months of computation. Although for research purposes this is well within acceptable ranges, it is a bit out of line for any but the most dedicated and resource-rich cracker. Summary of Results The problem with using passwords that are derived directly from obvious words is that when a user thinks ``Hah, no one will guess this permutation,'' they are almost invariably wrong. Who would ever suspect that I would find their passwords when they chose ``fylgjas'' (guardian creatures from Norse mythology), or the Chinese word for ``hen-pecked husband''? No matter what words or permutations thereon are chosen for a password, if they exist in some dictionary, they are susceptible to directed cracking. The following table give an overview of the types of passwords which were found through this research. A note on the table is in order. The number of matches given from a particular dictionary is the total number of matches, irrespective of the permutations that a user may have applied to it. Thus, if the word ``wombat'' were a particularly popular password from the biology dictionary, the following table will not indicate whether it was entered as ``wombat,'' ``Wombat,'' ``TABMOW,'' ``w0mbat,'' or any of the other 71 possible differences that this research checked. In this way, detailed information can be divulged without providing much knowledge to potential ``bad guys.'' Additionally, in order to reduce the total search time that was needed for this research, the checking program eliminated both inter- and intra-dictionary duplicate words. The dictionaries are listed in the order tested, and the total size of the dictionary is given in addition to the number of words that were eliminated due to duplication. For example, the word ``georgia'' is both a female name and a place, and is only considered once. A password which is identified as being found in the common names dictionary might very well appear in other dictionaries. Additionally, although ``duplicate,'' ``duplicated,'' ``duplicating'' and ``duplicative'' are all distinct words, only the first eight characters of a password are used in Unix, so all but the first word are discarded as redundant. Passwords cracked from a sample set of 13,797 accounts _ Type of:Size of:Duplicates:Search:# of:Pct.:Cost/Benefit Password:Dictionary:Eliminated:Size:Matches:of Total:Ratio\s-2\u*\d\s+2 = User/account name:130\s-3\u\(dg\d\s+3:\-:130:368:2.7%:2.830 Character sequences:866:0:866:22:0.2%:0.025 Numbers:450:23:427:9:0.1%:0.021 Chinese:398:6:392:56:0.4%\s-3\u\(dd\d\s+3:0.143 Place names:665:37:628:82:0.6%:0.131 Common names:2268:29:2239:548:4.0%:0.245 Female names:4955:675:4280:161:1.2%:0.038 Male names:3901:1035:2866:140:1.0%:0.049 Uncommon names:5559:604:4955:130:0.9%:0.026 Myths & legends:1357:111:1246:66:0.5%:0.053 Shakespearean:650:177:473:11:0.1%:0.023 Sports terms:247:9:238:32:0.2%:0.134 Science fiction:772:81:691:59:0.4%:0.085 Movies and actors:118:19:99:12:0.1%:0.121 Cartoons:133:41:92:9:0.1%:0.098 Famous people:509:219:290:55:0.4%:0.190 Phrases and patterns:998:65:933:253:1.8%:0.271 Surnames:160:127:33:9:0.1%:0.273 Biology:59:1:58:1:0.0%:0.017 /usr/dict/words:24474:4791:19683:1027:7.4%:0.052 Machine names:12983:3965:9018:132:1.0%:0.015 Mnemonics:14:0:14:2:0.0%:0.143 King James bible:13062:5537:7525:83:0.6%:0.011 Miscellaneous words:8146:4934:3212:54:0.4%:0.017 Yiddish words:69:13:56:0:0.0%:0.000 Asteroids:3459:1052:2407:19:0.1%:0.007 _ Total:86280:23553:62727:B3340:B24.2%:0.053 In all cases, the cost/benefit ratio is the number of matches divided by the search size. The more words that needed to be tested for a match, the lower the cost/benefit ratio. The dictionary used for user/account name checks naturally changed for each user. Up to 130 different permutations were tried for each. While monosyllablic Chinese passwords were tried for all users (with 12 matches), polysyllabic Chinese passwords were tried only for users with Chinese names. The percentage of matches for this subset of users is 8% - a greater hit ratio than any other method. Because the dictionary size is over 16\(mu10\s-2\u6\d\s+2, though, the cost/benefit ratio is infinitesimal. The results are quite disheartening. The total size of the dictionary was only 62,727 words (not counting various permutations). This is much smaller than the 250,000 word dictionary postulated at the beginning of this paper, yet armed even with this small dictionary, nearly 25% of the passwords were cracked! Length of Cracked Passwords _ Length:Count:Percentage = 1 character:4:0.1% 2 characters:5:0.2% 3 characters:66:2.0% 4 characters:188:5.7% 5 characters:317:9.5% 6 characters:1160:34.7% 7 characters:813:24.4% 8 characters:780:23.4% The results of the word-pair tests are not included in either of the two tables. However, at the time of this writing, the test was approximately 10% completed, having found an additional 0.4% of the passwords in the sample set. It is probably reasonable to guess that a total of 4% of the passwords would be cracked by using word pairs. Action, Reaction, and Proaction What then, are we to do with the results presented in this paper? Clearly, something needs to be done to safeguard the security of our systems from attack. It was with intention of enhancing security that this study was undertaken. By knowing what kind of passwords users use, we are able to prevent them from using those that are easily guessable (and thus thwart the cracker). One approach to eliminating easy-to-guess passwords is to periodically run a password checker - a program which scans /etc/passwd and tries to break the passwords in it. %A T. Raleigh %A R. Underwood %T CRACK: A Distributed Password Advisor %J USENIX UNIX Security Workshop Proceedings %D August 1988 %L Raleigh1988 This approach has two major drawbacks. The first is that the checking is very time consuming. Even a system with only 100 accounts can take over a month to diligently check. A halfhearted check is almost as bad as no check at all, since users will find it easy to circumvent the easy checks and still have vulnerable passwords. The second drawback is that it is very resource consuming. The machine which is being used for password checking is not likely to be very useful for much else, since a fast password checker is also extremely CPU intensive. Another popular approach to eradicating easy-to-guess passwords is to force users to change their passwords with some frequency. In theory, while this does not actually eliminate any easy-to-guess passwords, it prevents the cracker from dissecting /etc/passwd ``at leisure,'' since once an account is broken, it is likely that that account will have had it's password changed. This is of course, only theory. The biggest disadvantage is that there is usually nothing to prevent a user from changing their password from ``Daniel'' to ``Victor'' to ``Klein'' and back again (to use myself as an example) each time the system demands a new password. Experience has shown that even when this type of password cycling is precluded, users are easily able to circumvent simple tests by using easily remembered (and easily guessed) passwords such as ``dvkJanuary,'' ``dvkFebruary,'' etc. %A Dr. Brian K Reid %D 1989 %I DEC Western Research Laboratory %O Personal communication. %L Reid1989 A good password is one that is easily remembered, yet difficult to guess. When confronted with a choice between remembering a password or creating one that is hard to guess, users will almost always opt for the easy way out, and throw security to the wind. Which brings us to the third popular option, namely that of assigned passwords. These are often words from a dictionary, pronounceable nonsense words, or random strings of characters. The problems here are numerous and manifest. Words from a dictionary are easily guessed, as we have seen. Pronounceable nonsense words (such as ``trobacar'' or ``myclepate'') are often difficult to remember, and random strings of characters (such as ``h3rT+aQz'') are even harder to commit to memory. Because these passwords have no personal mnemonic association to the users, they will often write them down to aid in their recollection. This immediately discards any security that might exist, because now the password is visibly associated with the system in question. It is akin to leaving the key under the door mat, or writing the combination to a safe behind the picture that hides it. A fourth method is the use of ``smart cards.'' These credit card sized devices contain some form of encryption firmware which will ``respond'' to an electronic ``challenge'' issued by the system onto which the user is attempting to gain acccess. Without the smart card, the user (or cracker) is unable to respond to the challenge, and is denied access to the system. The problems with smart cards have nothing to do with security, for in fact they are very good warders for your system. The drawbacks are that they can be expensive and must be carried at all times that access to the system is desired. They are also a bit of overkill for research or educational systems, or systems with a high degree of user turnover. Clearly, then, since all of these systems have drawbacks in some environments, an additional way must be found to aid in password security. A Proactive Password Checker The best solution to the problem of having easily guessed passwords on a system is to prevent them from getting on the system in the first place. If a program such as a password checker reacts by detecting guessable passwords already in place, then although the security hole is found, the hole existed for as long as it took the program to detect it (and for the user to again change the password). If, however, the program which changes user's passwords (i.e., /bin/passwd) checks for the safety and guessability before that password is associated with the user's account, then the security hole is never put in place. In an ideal world, the proactive password changer would require eight character passwords which are not in any dictionary, with at least one control character or punctuation character, and mixed upper and lower case letters. Such a degree of security (and of accompanying inconvenience to the users) might be too much for some sites, though. Therefore, the proactive checker should be tuneable on a per-site basis. This tuning could be accomplished either through recompilation of the passwd program, or more preferably, through a site configuration file. As distributed, the behavior of the proactive checker should be that of attaining maximum password security - with the system administrator being able to turn off certain checks. It would be desireable to be able to test for and reject all password permutations that were detected in this research (and others), including: Passwords based on the user's account name Passwords based on the user's initials or given name Passwords which exactly match a word in a dictionary (not just /usr/dict/words) Passwords which match a word in the dictionary with some or all letters capitalized Passwords which match a reversed word in the dictionary Passwords which match a reversed word in the dictionary with some or all letters capitalized Passwords which match a word in a dictionary with an arbitrary letter turned into a control character Passwords which match a dictionary word with the numbers `0', `1', `2', and `5' substituted for the letters `o', 'l', 'z', and 's' Passwords which are simple conjugations of a dictionary word (i.e., plurals, adding ``ing'' or ``ed'' to the end of the word, etc.) Passwords which are patterns from the keyboard (i.e., ``aaaaaa'' or ``qwerty'') Passwords which are shorter than a specific length (i.e., nothing shorter than six characters) Passwords which consist solely of numeric characters (i.e., Social Security numbers, telephone numbers, house addresses or office numbers) Passwords which do not contain mixed upper and lower case, or mixed letters and numbers, or mixed letters and punctuation Passwords which look like a state-issued license plate number The configuration file which specifies the level of checking need not be readable by users. In fact, making this file unreadable by users (and by potential crackers) enhances system security by hiding a valuable guide to what passwords are acceptable (and conversely, which kind of passwords simply cannot be found). Of course, to make this proactive checker more effective, it woule be necessary to provide the dictionaries that were used in this research (perhaps augmented on a per-site basis). Even more importantly, in addition to rejecting passwords which could be easily guessed, the proactive password changer would also have to tell the user why a particular password was unacceptable, and give the user suggestions as to what an acceptable password looks like. Conclusion (and Sermon) It has often been said that ``good fences make good neighbors.'' On a Unix system, many users also say that ``I don't care who reads my files, so I don't need a good password.'' Regrettably, leaving an account vulnerable to attack is not the same thing as leaving files unprotected. In the latter case, all that is at risk is the data contained in the unprotected files, while in the former, the whole system is at risk. Leaving the front door to your house open, or even putting a flimsy lock on it, is an invitation to the unfortunately ubiquitous people with poor morals. The same holds true for an account that is vulnerable to attack by password cracking techniques. While it may not be actually true that good fences make good neighbors, a good fence at least helps keep out the bad neighbors. Good passwords are equivalent to those good fences, and a proactive checker is one way to ensure that those fences are in place before a breakin problem occurs. ----------------------------------------------------------------------------- / / / NIA 072 / File 5 / / / / JONAS & ERICKSON / / PRIME EXL-316 / / / / Terminal_Erection / / / Differences between the C.T. & Prime EXL - You Can't log in as root anywhere except the console. (But you can log in as mars and then use the su command). - The console port prompt is Console Login: and everyone else is the standard login: - You will not have to re-configure the kernel anymore. Three kernels are provided by corporate services on a separate tape. - The /etc/rc file is now /etc/rc2. - There is a system administrator command that allows you to add users, assign passwords, install additional hardware and a lot more. - On-line help facility call 'help', for most unix commands. - No /etc/issue file, must use /etc/motd. - No 'more' command, must use 'pg'. - The key is now the key. - You may not backspace while logging in. (The system will ask for a password, press to get the login prompt back.) - To see the directories in column format you must use the ls -C command. - In the /etc/gettydefs file all the labels have an 'h' in front except the 9600 label (eg. 1200 is now h1200, 300 is now h300) - The Prime Exl does not support parallel printers. - The STOP button on the front of the EXL is equal to the shutdown command. - All formatting and partitioning of the disks is done automatically. (Explained later). - tty device names are different. (eg. /dev/tty01, /dev/console, /etc/ttyax) - Tape device name is /dev/rct/c0d5. (Not /dev/rmt0). - Configurable kernel is an extra cost add-on. Since we didn't want to add the cost to every system, we obtained Prime's permission to send out pre-configured kernels from corporate services. Unfortunately this means you cannot reconfigure the kernel in the field. CHECKLIST Page Check Description 4 _____ 1. Connect console terminal 5 _____ 2. Install operating system 6 _____ 3. Initial system setup 8 _____ 4. Restoring the kernel 9 _____ 5. Configuring terminals and ports 11 _____ 6. Edit /etc/gettydefs 12 _____ 7. Edit /etc/rc2 13 _____ 8. Edit /etc/profile 13 _____ 9. Create directories 14 _____10. Install Thoroughbred Basic 15 _____11. Install J & E programs 15 _____12. Edit IPLINPUT 16 _____13. Adjust terminal types 17 _____14. Add appropriate /mars /backup /fullback and /printbu shell scripts. 18 _____15. Edit /etc/passwd to add mars login code and a set of login codes specific to the client. 20 _____16. Create /etc/motd file for J&E welcome message at login. 20 _____17. Reboot system, test client login. 21 _____18. Define all J&E data files as per client file sizing. 21 _____19. Test as much as you can. 21 _____20. Label special ports at the rear of the system, take a full backup, and repack it for shipping. 21 _____21. Disable / Enable lock. 22 Simplified System Administration. 23 Prime EXL-316 Cabling Information. DETAILED DESCRIPTIONS These instructions have been written by a programmer, to a programmer. If you are not a programmer and you can't fake it, then you really should go and get one. In many instances, we have given very exacting detail, but things can go wrong. Also, the instructions are given in a way that each step could be performed separately. However, generally, you can get a lot of overlap in by combining steps and not rebooting the system until you have to in order to test something. Below is a diagram showing you the port layout on the EXL. Please note that the EXL ports are numbered in the octal number system. Prime EXL-316 ------------------- | | Where: | ( REAR VIEW ) | | | A=ttyax | | C=console | | V=Voltage selector | | | V | Number=tty ports | | | A | | C 00 10 20 | | 01 11 21 | | 02 12 22 | | | | 03 13 23 | | 04 14 24 | | 05 15 25 | | 06 16 26 | | 07 17 27 | | | -------------------- FIGURE 1-1 Caution: Before doing anything set the voltage selector switch to 115V on the rear on the EXL. Step 1. (Getting the EXL ready) Unpack the computer using the instruction in the Prime installation and operation guide. Check the following list before doing anything to make sure you have all the tools you require to do the install. _____ Delivery of Prime EXL & terminals. _____ Jonas & Erickson software tape, (From Corporate Services). _____ Jonas & Erickson kernels tape, (From Corporate Services). _____ Prime EXL Operating Systems tape. _____ Prime EXL Extended Diagnostic tape. _____ Thoroughbred Basic tape. _____ Thoroughbred Basic manual _____ Thoroughbred Basic passport security device (small box). _____ Prime terminal cables. ( RJ45 to RS232 ) _____ Prime EXL-316 power cable. _____ Small Standard Screwdriver & 3/16" nut driver. Five manuals supplied by Prime. They are: _____ 1. Systems Administrator Reference Manual. _____ 2. Systems Administrator Guide. _____ 3. Users guide. _____ 4. Users Reference Manual. _____ 5. Installation and Operation Guide. INSTRUCTIONS: - Unpack and place the inserts for the Prime manuals in the correct sequence. - If you have not done so, set the voltage selector switch to 115 volts on the rear of the computer. - Remove the shipping insert that should be in the tape drive. - Connect the power cord & plug it in the wall. - Unpack the terminal & plug it in to the wall. - Connect the communications cable from the console port, (see diagram 1-1) to the fixed female connection on the passport. Notice that the cable has a removable sex-changer that must be removed & connected separately using a 3/16" nut driver. Connect the ribbon cable from the passport, (small box) to the main port on the terminal. - Set your terminal as follows: Terminal settings Baud rate : 9600 Data bits : 8 Stop bits : 1 Parity : none Handshake : XON/XOFF Communications : Full Duplex Emulation : TVI925 - Press the power on switch at the rear on the computer. (0 = Off, 1 = On) - Make sure the control panel key is set to ENABLE. Step 2. (Installing the Prime EXL UNIX operating system.) - Insert the tape marked "PRIME EXL tm Operating System" supplied by PRIME, into the tape drive. Make sure the indicator is in the safe position. (Insert opening in the tape to the left, metal plate face down.) - Press the START switch. The EXL will do some diagnostics, play some music, display some messages and after a few minutes will come up to the # prompt. - At the # prompt, enter: # install (CR) The system may display a date and time and ask if you wish to change the time zone plus the date & time. You should reply no since this is described later on. Change the time zone? [y,n,?,q] n(CR) Change the date and time? [y,n,?,q] n(CR) Formatting will start and will take approximately 10 minutes. You will see: Formatting.... . . . Partitioning the disk... Creating empty root file system on /dev/dsk/c0d0s0. Creating empty usr file system on /dev/dsk/c0d0s1.. Installing root file system on /dev/dsk/c0d0s1... Installing usr file system on /dev/dsk/c0d0s1... Rewinding tape... Writing boot block... When the installation is complete you will see: The PRIME EXL Operating System is now installed. Remove the cartridge tape and press STOP. - Do what it said. (The STOP key in on the front of the EXL.) Let the EXL power down completely. The operating system has been installed and two partitions have been installed. They are /root and /usr. - Press the START key. This should now boot the operating system off the disk. - At the Console Login: prompt type Console Login: root (CR) - Insert the "PRIME EXL tm Extended Diagnostics Monitor" tape provided by Prime. (Make sure the indicator is set to safe) - At the # prompt type: # cd /dedgmon (CR) then type: (Note: The next command is in upper case) # INSTALL (CR) You will be prompted to "install" tape and press key when ready. Do so. This will install the extended diagnostic on to the Prime EXL's operating system. (Takes about 1 minute) - Once you see "edmon installation complete" remove the tape from the tape drive and put it back in the plastic cover. Step 3 (Initial system setup) At the # prompt type: # cd / (CR) # sysadm setup (CR) You will be prompted to: 1. Set the time zone. 2. System date & time. 3. First user on the system. (mars) 4. To enter a root password 5. Naming the computer Note: sysadm is a utility that allows you to do most of the administrative work you would normally have to do by editing files. eg. Add users, delete user, add tty ports, change passwords etc (See page 19 of this manual for further details) For sysadm procedure most responses are: y=Yes, n=No, ?=Display more info, q=Quit Date and Time: Current time and zone is : 15:55 EDT Change the time zone? [y,n,?,q] If the time zone is not correct then type y (CR) You will be prompted to choose between 10 time zones. Enter (1-10) This will edit the /etc/TIMEZONE file. Does your time zone use Daylight Savings Time during the year? Answer y or n. (CR) Change the date and time [y,n,q,?] If you answer y (CR) then you will be prompted to enter the hour and minute etc. Setting up the first login: You will prompted: Enter user's full name [?,q]: mars (CR) Enter user's login ID [?,q]: mars (CR) Enter user ID number (default 100) [?,q]: (CR) Enter group ID number or group name (default 1) [?,q]: (CR) Enter the user's login (home) directory name. (default '/usr/mars') [?,q]: (CR) This is the information for the new login: User's name: mars login ID: mars user ID: 100 group ID: 1 home directory: /usr/mars Do you want to install,edit, or skip this entry [i,e,s,q]? i (CR) Login installed. Do you want to give the user a password? [y,n] n (CR) Do you want to add another login? [y,n,q] n (CR) Assigning a password to root Do you want to give passwords to administrative logins [y,n,?,q] n (CR) Do you want to give password to system logins? [y,n,q,?] n (CR) Naming the machine This machine is currently called "exl". Do you want to change it? [y,n,q,?] n (CR) Step 4. ( Restoring J & E kernels ) Restoring J & E kernels The commands are as follows: -put in the J&E EXL kernel tape into the tape drive. # cd / (CR) # cpio -icvdumaB < /dev/rct/c0d5 (CR) ... (restores the file ... When complete remove the tape & return it to its plastic covering (Note: Should restore three files) You now have four versions of unix on the system disk, the system that was distributed, as well as three new versions. They are: /unix (Distributed version) /je.unix.8 (Eight user version) /je.unix.16 (Sixteen user version) /je.unix.24 (Twenty-four user version) /je.DOC (A copy of this manual) Future use ---> /je.create.t1 (Makes nodes for tty20-tty27) Future use ---> /je.create.t2 (Makes nodes for tty30-tty57) Start by making a backup of the current kernel. cp /unix /unix.save(CR) If you have a 8 user system you simply copy /je.unix.8 to /unix. If you have a 16 user system you copy /je.unix.16 to /unix etc. In this example we are assuming you have a 24 user system, so we would type: Warning: If you don't have a 24 user system do not use the bigger shell. There are memory restrictions. mv /je.unix.24 /unix (CR) Now sync the disks by typing: sync;sync;sync (CR) Now, press the STOP button (on the front of the machine). Ignore warning messages which may appear. They appear because the current "/unix" is not the same as the one which was booted. Once the system is powered down completely, press the START button. The new kernel you just installed is now being booted. Step 5. ( Configuring terminals and printers ) The file /etc/inittab configures the terminal ports on the system. Please note that this controls login terminals only. Ports to be used for serial printers will have to be turned off here and configured in /etc/rc2. Other ports that you would want turned off would include transport ports, and ports for any serial devices which are not login terminals such as point-of- sale devices. Modems count as login terminals. Our first task here is to determine the correspondence between the physical port labels, and the unix terminal device names (tty numbers). On EXL-316s Port tty00 is the port on the first communications board labelled channel 1 (the first communications board is the left most when viewed from the rear, labelled 1 to 8). It is important to know the ports are numbered in octal. They go 0 to 7, 10 to 17, 20 to 27 etc. Also there are two ports that Prime has installed that are called ttyax and console. The ttyax will be used for the modem and console is the system console. (See diagram 1-1). Port tty00 is the port labeled channel 1. Ports tty00 through tty07 are on the first RS232 expansion board. The second RS232 expansion board is further right consisting of ports tty10 through tty17, and so on (Remember the ports are numbered in octal). The RS232 expanders come in 8 port version. All versions use 8-pin RJ45 connectors. (Big telephone jacks). What we have to do, is determine which ports will physically be connected to a login terminal, and make sure that the corresponding lines in /etc/inittab are enabled. Take some time at this point to decide which equipment you will be plugging into which port. After you have determined which ports can physically have terminals it is necessary to edit /etc/inittab to tell the system what's what. J&E's standard is to always connect the support modem to ttyax, and to assign ports to non-terminal devices (such as printers) starting at the end and working back. The format of a line in /etc/inittab is as follows: nn:X:Y:/etc/getty T Z where-nn is the port number (co=console, ta=ttyax, ##=number of tty port, in octal.) -X is the word off if the port is to be turned off. If the port is to be turned on, then X will be a number which must contain the digit 2. -Y should be the word respawn. If it is the word off, then the port is again turned off (Note: This is the preferred way of turning off a port). -T is the tty number -Z is a label corresponding to an entry in the file /etc/gettydefs. IT IS NOT the baud rate, although the labels used usually correspond to a baud rate for convenience. The usual values for Z are either 9600, h1200, or h300 (for modems). You should only need to change this to set modem ports. There are three ways to turn a port off. The preferred way is to change the word Y from respawn to off. The second way is to change the number X to the word OFF. The third way is to place a colon as the first character of the line making the entire line a comment. You should ensure that all the ports that the machine physically will have login terminals connected to are turned on. Do not turn on any ports that will not have a terminal connected, even if the client will be adding terminals in a little while, as this will slow down the system. If you turn on a port that the machine does not physically have then T0 (console) will get periodic error messages, messing up the screen displays. After making changes to /etc/inittab, they will automatically go into effect in about 5-10 minutes, or following a reboot. You can also put them into effect immediately by the root command: # telinit q(CR) # On a typical new system, only console will be turned on. If you are not familiar with any Unix editor, then the following is intended as a key by key guide for someone setting up /etc/inittab for the first time, but this would be a good time to learn the ed editor as its multi-line replacement will save you some time. Console Login: root(CR) # ed /etc/inittab(CR) <-- invoke line editor 1227 <-- system responds with the # of chars (May differ) /nn(CR) <--finds the definition line for ttynn nn:X:Y:/etc/getty tttttt Z <--note X, Y and Z will have some value that we will check <-- make sure that X is 2 - if it isn't then change it by s/3/2(CR) <-- eg. X was "3" but we wanted "2" <-- make sure that Y is respawn - if it isn't then change it s/off/respawn(CR) <-- eg. Y was "off" but we wanted "respawn" <-- make sure that Z is correct for the login device you are using as follows: 9600 for normal 9600 baud login terminal, h1200 for 1200 baud modem, h300 for 300 baud modem <-- if Z is incorrect, then change it by s/9600/h1200(CR) <-- eg. Z was 9600 but we wanted h1200 <-- after each "s" for substitute command above, the system will respond by echoing back the new line Repeat the above sequence for each login port until all the ones that you are going to use are turned on. Also, make sure that any ports that you will use for special equipment such as serial printers, cash registers, transport ports, etc. (anything that is not a login terminal) are left turned off (ie. off instead of respawn). When you are done editing, exit the editor as follows: w <-- rewrite the file 1397 <-- responds with the new number of chars (May differ) q <-- to quit the editor On the EXL's we've seen so far, only the console port is turned on by default. Also, you will probably want to change the baud rate on the ttyax post to be h1200 (or h300). Step 6. (Editing gettydefs) You should change /etc/gettydefs on all EXL-316s. Basically, this file contains the initial stty options for terminals 'respawn'ed by 'getty' as per 'inittab' (remember inittab?). Each line in gettydefs starts with a label used in inittab, and ends with another label to use if the user hits the break key while logging in. This is how variable baud rates are handled on a single port as the labels, by convention, correspond to baud rates. The trouble with this is that autobaud detect modems get confused, so its better to disable this. Caution: as the file /etc/gettydefs contains lines that are more than 200 characters long, we recommend that you do not use vi to make the changes. The steps below, effect the change using the ed editor. Console Login: root(CR) # ed /etc/gettydefs(CR) <-- invoke line editor 1002 <-- response is # of chars (May differ) /B300(CR) <-- find the 300 baud label ... s/9600/300(CR) <-- change it to loop to itself ... /B1200(CR) <-- find the 1200 baud label ... s/300/1200(CR) <-- change it to loop to itself ... /B2400(CR) <-- find 2400 baud label ... s/1200/2400(CR) <-- change it to loop to itself ... <-- response is new login line w(CR) <-- rewrite the file 1002 <-- response is new # of chars (May differ) q(CR) <-- quit to Unix # The new parameters will go into effect following the next shutdown and reboot. Step 7. (Editing rc2) The file /etc/rc2 is a Unix shell script that runs every time the system is rebooted. There are two things that we have had occasion to change in this file. These are as follows: a. Define communications parameters for serial printers. Basically this involves getting a "sleep" command going on the port and using "stty" to set the baud rate, etc. The following key by key example adds the commands necessary to define a printer on tty17 with 8-bits, no parity and x-on/x-off flow control (our standard for serial printers on CT's). Console Login: root(CR) # ed /etc/rc2(CR) <-- invoke the line editor 1290 <-- system response is # of chars (May differ) $a(CR) <-- editor command to append at the bottom (there is no prompt in response) sleep 2000000 > /dev/tty17 &(CR) <-- add sleep command stty 9600 cs8 -parenb ixon ixoff ixany -echo < /dev/tty17 &(CR) .(CR) <-- editor command to get out of append mode w(CR) <-- to rewrite the file 1379 <-- system response, is # of chars. (May differ) q(CR) <-- to quit the editor # <-- shutdown and reboot to get new stty parameters set Note the ampersand (&) at the end of the sleep and stty commands. It is critically important as the /etc/rc2 script file will never finish executing if the cable is ever pulled out, and consequently, the system will never finish booting! If this happens, call for help. You'll need to boot from tape to get the system going again (or plug the cable back in). b. Start spooler if necessary. Since you should only do this under very special circumstances the Unix spooler is not covered here. Please refer to the separate document in the System Administrator Reference manual and/or call for help. Step 8. (Editing profile) The file /etc/profile is executed for each terminal that logs in to Unix in a standard manner. Please note that the way we set up basic users does not pass through this, so it's not very useful to J&E. You may have occasion to use it if you are setting up logins for other Unix applications or using the help command in unix. The file /.profile is executed each time you login as root. The default file sets the file creation parameters so that if root creates a file, other login's cannot use it. We recommend changing this in case any Basic work is ever done from root. Console Login: root (CR) # cd /etc(CR) # ed profile(CR) ... <-- system response in number of chars /umask(CR) <-- find umask line umask 022 <-- response is current setting s/22/00(CR) <-- change 022 to 000 umask 000 <-- response is changed line /pt200 <-- find pt200 line s/pt200/tvi925 <-- change terminal type to TVI925 export TERM; TERM=tvi925 #default terminal type <-- response w(CR) <-- rewrite the file 887 <-- new number of chars (May differ) q(CR) <-- quit the editor Step 9. (Creating directories) For Thoroughbred Basic (formerly SMC Basic), the J&E standard is to set up a directory called "JE" on each file system on the machine. This allows us to distinguish our stuff from other Unix stuff, while still permitting Basic to get at all of the available disk space. Before you create the directories, get started with the following commands. They set the default permissions on the files so that any user can have full access. Console Login: root(CR) # umask 0(CR) <-- set default full permissions # The next step is to get a list of the file systems on the machine. Type in: # df -t(CR) <-- "disk free" command lists file systems Each file system has a two line description. The first part is the part which we need - the full pathname of the mount point (directory) of the file system. Also, make note of the number of free blocks (of 1024 bytes each) on each file system. On a typical EXL-316 with one 258Mb drive, you will have the following file systems; / and /usr, with /usr having the most free space. (About 200 mb). Create an JE directory on each file system except the root file system (/) with the mkdir command. (In this case we would create a "JE" directory on /usr only.) It is a bad idea to allow JE to create files on the root file system. There's typically not a lot of space there and you could create problems if a large file gets accidently created on this file system and fills the root directory. For this reason, the following installation procedure does NOT create a /JE directory. In effect, your client's machine will have some "spare" disk space that you could make available in the future if the system gets close to being full. (on a 258 mb drive this is on 7 mb) Using the EXL-316 example, the command would be: # mkdir /usr/JE(CR) Within the JE directory, we must now create sub-directories for various uses by basic. There will be one "main working directory" for basic where all the programs, all the work files and the Thoroughbred Basic interpreter itself reside. The remaining data files may be spread around as desired to make best use of the available disk space. To create the sub-directories for the main JE directory use: # mkdir /usr/JE/WORK /usr/JE/DATA0 /usr/JE/PGM(CR) (Note that the UTILS directory for the Basic utilities will be created automatically when we install the interpreter). Please number your data directories in order of preference of using up space. Generally, number them in order from most available space to least. In a later step, we will configure Basic to assign a "logical disk" number to each JE sub-directory (in IPLINPUT). Step 10.(Installing Thoroughbred) The installation steps are as follows: - put the Thoroughbred tape in the drive (Openings in tape to left, metal plate face down. Make sure safe indicator is to safe position). Console Login: root(CR) # cd /usr/JE(CR) <-- change to the main directory for Basic # cpio -icvdumaB < /dev/rct/c0d5(CR) <-- to restore tape ...... <-- will list the files as they're loaded nn blocks # (Note: This takes about 1 minute to restore) - When completed Remove the tape from the tape drive. Step 11. (Installing J & E programs) J&E's convention for programs is to install all programs on the main working directory for Basic (/usr/JE always) under the subdirectory PGM. If the systems that you require came on more than one tape, then repeat these steps for each tape. - put the tape in the drive (Openings in tape to left, metal plate face down.) Console Login: root(CR) # cd /usr/JE/PGM(CR) <-- change to the main directory for Basic - subdirectory PGM for programs # cpio -icvdumaB < /dev/rct/c0d5(CR) <-- to restore tape tape will list the files as they're (and overwrite any previous programs with the same name. nn blocks # (Note: This takes about 2-5 minutes, depending on the number of programs being restored). - When completed Remove the tape from the tape drive. Step 12. (Editing IPLINPUT) The file IPLINPUT in the main working directory for Basic is the interface configuration file between Basic and the unix operating system. It is used to associate the names of system devices and disk directories between what unix uses, and what Basic uses. The IPLINPUT file as released requires at least the addition of one or two disk directories. In addition, you would have to change IPLINPUT for the following: - serial printers - transport ports - foreign devices (eg. POS cash registers) - a spooled printer (Note: The EXL-316 does not support parallel printers) It is possible to have several completely separate IPLINPUT files on the same machine, thereby setting up individual working environments that have no overlap (or even that do have some overlap). While this is good for an in-house development environment, we strongly advise against it on a client system. The IPLINPUT file as released with the Thoroughbred Basic tape contains the following: CNF 1,5,1,18,CUTERR <-- 5 must match the # of DEV statements PTN 1,60000 DEV D0,1,,,,,,UTILS DEV D2,1,,,,,,WORK DEV T0,1,,,,,,tty DEV LP,4,,136,,,,lp DEV P7,4,,,,,,null IPL 1,2,T0,*JPSD END By now, you should be fairly familiar with the workings of the editor, so the following descriptions will not give the key-by- key commands to make changes to IPLINPUT. Change IPLINPUT to look like the following: CNF 1,6,1,18,CUTERR <-- Notice 6 matches number of DEV PTN 1,60000 DEV D0,1,,,,,,UTILS DEV D1,1,,,,,,WORK DEV D2,1,,,,,,PGM DEV D3,1,,,,,,DATA0 DEV T0,7,,,,,,tty DEV LP,4,,136,,,,tty17 IPL 1,2,T0,GO <-- starts program GO on initial login END UPDATE: for all of these devices to be accessible to Basic users, you will need to change the default permissions on the device special files in the /dev directory. For example, for the above mentioned device, the commands would be: # chmod a+rwx /dev/tty17(CR) <-- for serial printing Step 13.(Adding terminals to "TERMINAL" / Adjust terminal types) There is a file called "TERMINAL" in the /usr/JE directory. This file should contain one entry called console. TERMINAL is the file that contains all the valid terminal that can access Thoroughbred basic. So, you must add all the terminals that will be used by Thoroughbred Basic. An example of what the file should contain is listed below. Remember the terminal numbers are using the octal number system. Also Thoroughbred has a limit to the number of entries that can be in this file. The label on the passport device will tell you how many terminals you can configure. Example of 16 user system: console ttyax tty00 tty01 tty02 tty03 tty04 tty05 tty06 tty07 tty10 tty11 tty12 tty13 tty14 tty15 The TCONFIG file defines for Basic exactly what the characteristics are of each terminal on the system. The TCONFIG file can be modified using the *NPSD utility. The terminal names are in the Basic format Tx. Run the utility program *NPSD to change the terminal model codes to TVI950. If you have any old MAI terminals on the system, you will have to use *NPSD to change their model code to B4 7250 (Note the space in the name). To access *NPSD directly type: Console Login: root(CR) cd /usr/JE(CR) ./b ./IPLINPUT.term(CR) Note: The terminal numbering system starts at T0 thru T9 then TA, TB, TC etc. Warning: Do not use this method of getting into BASIC after the system is in production as you always get T0 reguardless of which terminal you really are. Step 14. (Adding J & E utilities) To each EXL machine, we add four utility shell scripts. Three of these (/mars, /fullback and /printbu) are identical on every system. The fourth and most important (/backup) depends on the disk structure used in configuring the system. The contents of the shell scripts and a description of their functions follows. As you should be familiar with the operation of one of the editors by now, the detail has been left out. /mars shell script - this script is simply used by J&E staff to get into Thoroughbred Basic if we have logged in as root instead of the normal customer login. The contents are as follows: echo '... and AWAY we go ...' cd /usr/JE ./b /fullback shell script - this script is used for performing a full backup on the system. This will include everything on every disk on the machine. The contents are as follows: cd / find . -print | cpio -ovcB > /dev/rct/c0d5 /printbu shell script - this script is used for listing the contents of a backup tape on the parallel line printer. The contents are as follows: cpio -icvdumtaB < /dev/rct/c0d5 > /dev/tty17 Note:(/dev/tty17 is an example only.) The fourth and final (and most important) shell script is the /backup script. This is the script that the client will use for their critical nightly backups. It is vitally important that you get this one right, and that you carefully test it before installing the machine. An example follows: cd / find usr/JE -print > /bulist find u/JE -print >> /bulist (Note: only if /u exists) cpio -ovcB < /bulist > /dev/rct/c0d5 Basically, this procedure is building up a list of all of the files and sub-directories in all of the Basic disk directories. This list is then passed as input to the cpio backup routine. The differences between this example, and what you require for your system would be only in the number of find commands. Note the use of the Unix redirection symbols > and >> for sending the output of the find command into the file /bulist. The first find command in the script file has only one > which means to replace any old /bulist file with the new list. The remaining find commands have two >> which means to APPEND the output from the find command to the target file /bulist. To test the procedure, run the backup as documented in the user startup/shutdown/backup procedures, and run a /printbu on the tape. Carefully check the output and make sure that all JE directories and files were backed up. When a file is created by the ed or vi editors, the default permissions exclude execute permission. Therefore, before these four script files can be run, you need to use the chmod (change mode) command to add execute permissions as follows: # chmod a+rwx /mars /backup /fullback /printbu(CR) Step 15. ( Adding users ) Change is required to the /usr/JE/.profile file so when a user logs in, it will automatically take them to BASIC. Console Login: root(CR) cd /usr/JE(CR) ed .profile(CR) <-- edit .profile file 1i(CR) <-- insert to top of file stty -lcase(CR) <-- Set terminal to lower case .(CR) <-- end append mode w(CR) <-- write changes to file 21 <-- Displays number of char. in file q(CR) <-- quit editor The above file should now contain: stty -lcase ./b exit The file /etc/passwd defines all the legal user's to the system and (optionally) associates a password with each. Our purpose here is to simply define several logins that automatically run Basic on login, and automatically log-out when you RELEASE from Basic. This protects the client from having to learn anything about Unix. Please note that passwords are not covered here. If your customer is concerned about security, and wants passwords on the user logins, then you should refer them to the administrators manual (sysadm modusr command. covered later in this document). Suppose the client's company name is RCH Construction, and you decide to pick the letters rch as the client login (must be lower case), then you would add the following lines to /etc/passwd. The first number is the 'user number' and must be different for each login, so you should first look at the last line in /etc/passwd and find the highest used number. Suppose its 105, then the logins to add are: mars::106:1:mars:/usr/JE: rch::107:1:mars:/usr/JE: rch1::108:1:mars:/usr/JE: ... rch10::117:1:mars:/usr/JE: Please note in step 3 you added a user called mars. The "sysadm adduser" command will only let you create a home directory if it does not exist. Therefore a directory was created which is /usr/mars. In order to make mars working directory correct you must change the user mars working directory from /usr/mars to /usr/JE IMPORTANT: Encourage the client to use a different login on each terminal as some unix tables are maintained by the user name instead of by terminal. There are 6 fields in each line of the /etc/passwd file. They are separated by colons (:) and are described as follows: 1) user name - this is what you type in response to the login: prompt 2) password - always leave blank - passwords are added by logging in and using the passwd command. 3) user number - just use the next available number in the file. 4) group number - always use 1 - groups may go away in a future version of unix. 5) comment - memo field only, we usually put in the word mars. 6) home directory - this should be the main working directory for Basic. (ie. /usr/JE). If you'd like to be really friendly, you can setup logins to match the names of the departments or people within the client's organization. Step 16. (Editing motd) The file /etc/motd is printed on every screen during the login process. If you wish, you can add a line similar to the following: Welcome to Jonas & Erickson Software Systems Step 17. (Reboot) The system reboot puts our changes (/etc/inittab, /etc/rc2, etc, etc, etc) into effect. Be sure to do a proper shutdown first. Refer to the user startup/shutdown/backup procedures documentation for instructions on setting the system date and time with the unix date command. These instructions should be part of the client's J & E Primer. At the # prompt type: # shutdown(CR) or Press the STOP button on the front of the Prime EXL. Step 18. (define J & E files) The first time you run Basic, mars will create a login password J&E with only the security system defined. There may also exist programs for automatically creating all of the data files for each of the systems you are installing. At the time of this writing, the initialization programs are being sent out with the machines, but there is no documentation as yet. If there is no initialization program for some of your systems, you will have to create the files yourself from the file layouts. NOTE: the initial login password may be mars instead of J&E. Step 19. (Test) Test as much as you can think of. When testing printers, its a good idea to make sure they work from unix first, before trying to access them from Basic. An easy way to do this is to use the calendar command and redirect the output to the device special file. For example, testing a serial printer on tty17: # cal > /dev/tty17(CR) With serial printers, be sure to test for proper handling of xon/xoff flow control by letting a large listing start, taking the printer off-line, waiting long enough 'till you're sure the buffer has filled, putting the printer back on-line, and making sure the report is OK. Step 20. (Label ports) Label any ports that you have specially defined so that your hardware installer knows where to plug things in. According to Murphy's law, it is practically guaranteed that you will have a hard disk crash during final shipping of the system to the customer, unless you take a full backup at this point. For EXL you should find a blank tape with the machine which you could use for this backup. Step 21. (Enable / Lock) The switch on the front of the Prime EXL marked ENABLE/LOCK is used for safety purposes. If the switch is in the LOCK position then this disables all three buttons on the front. Therefore we suggest that for normal day to day operations this switch should be set to the LOCK position. This will prevent any accidental shutdown of the machine. Simplified System Administration Within the Prime's EXL-316 operating system there is built in commands to simplify operating functions, such as: * Assigning passwords to administrative logins * Assigning passwords to system logins * Adding users to the system * Performing system backups * Installing optional add-on hardware * Creating file systems The sysadm command uses interactive software programs with menus, subcommands, instructions, questions, and user input. As you enter you responses, sysadm guides you step by step through a system administration task. After you become familiar with sysadm, you can bypass the menus and enter the subcommands directly. eg. sysadm modtty (Will allow you to modify port settings) Below is a list of sysadm commands which we believe to be of help to you. Refer to Prime EXL 316 Installation and Operation Guide for a complete listing. Description Command Add a user adduser Add user group addgroup Assign root password admpasswd Change root password admpasswd Change port settings modtty Change user information moduser Change users password moduser Delete a user deluser List larger files filesize List older files fileage List users lsuser Modify ports modtty Modify users information moduser Set date and time datetime Shutdown powerdown Note: adduser is of little use for adding basic users as it cannot set the home directory to /usr/JE. There is also a on-line help command to assist you with UNIX commands. To start it up type: help(CR) For further information see Operating System Users Guide. Cabling Information The cable connection at the back of the EXL-316 use an RJ45 connection which is like a big modular telephone jack. Since this is a none standard type of connection, we are including with every order a 12 foot "adapter cables" which will convert from the RJ45 connector to the standard DB25 connector. Note, however, that these adapter cables end up "crossing pins 2 & 3". Therfore, the pin specification for cables to terminals and printers is as follows: DB25 Male DB25 Male 1 - - - - - - - - - -1 2--------------------2 3--------------------3 4-| |-4 5-| |-5 6-| |-6 7--------------------7 8-| |-8 20-| |-20 Below is the cabling specs. of the cable supplied by Prime : Pin positions for RJ45 |XX| |XX| <------ Cable |XX| |XX| ------------------------- | | | FRONT VIEW | | | -+--+--+--+--+--+--+--+--- 1 2 3 4 5 6 7 8 RJ45 Connector DB25 Connector Signal Name | | 1 | 6 --> -| TO | Data Set Ready 2 | 5 --> | EXL | Clear To Send 3 | 3 --> -| 316 | Receive Data 4 | 7 | Ground 5 | 7 | Ground 6 | 2 <-- -| FROM | Send Data 7 | 4 <-- | EXL | Request to Send 8 | 20 <-- -| 316 | Data Terminal Ready ----------------------------------------------------------------------------- / / / NIA072 / File 6 / / / / NETWORK MISCELLANY / / / / File1: FEDIX by P.H.R.A.C.K. / / File2: Toll-Codes by David Leibold / / / --- ________________________________________________________ | | | :-) FEDIX | | On-Line Information Service | | | | Written by the people at FEDIX | | | | Submitted to NIA by | | | | Progressive Hegemony of Radical Activist Computer Kids | | | | "Supporting the Concept of Freedom of Information" | |________________________________________________________| What is FEDIX? FEDIX is an on-line information service that links the higher education community and the federal government to facilitate research, education, and services. The system provides accurate and timely federal agency information to colleges, universities, and other research organizations. There are NO REGISTRATION FEES and NO ACCESS CHARGES for using FEDIX. The only cost is for the phone call. FEDIX provides daily information updates on: - Federal EDUCATION and RESEARCH PROGRAMS (including descriptions, eligibility, funding, deadlines). - SCHOLARSHIPS, FELLOWSHIPS, and GRANTS - Available used government RESEARCH EQUIPMENT - New funding for specific research and education activities from the COMMERCE BUSINESS DAILY, FEDERAL REGISTER, and other sources. - MINORITY ASSISTANCE research and education programs - NEWS & CURRENT EVENTS within participating agencies - GENERAL INFORMATION such as agency history, budget, organizational structure, mission statement, etc. PARTICIPATING AGENCIES Currently FEDIX provides information on 7 federal agencies broken down into 2 general categories: 1. Comprehensive Education and Research Related Agency Information - The Department of Energy (DOE) - Office of Naval Research (ONR) - National Aeronautics and Space Administration (NASA) - Federal Aviation Administration (FAA) 2. Minority Assistance Information - National Science Foundation (NSF) - Department of Housing and Urban Development (HUD) - Department of Commerce (DOC) Additional government agencies are expected to join FEDIX in the future. REQUIRED HARDWARE AND SOFTWARE Any microcomputer with communications software (or a dumb terminal) and a modem operating at 1200 or 2400 baud can access the system. HOURS OF OPERATION The system operates 24 hours a day, 7 days a week. The only exceptions are for periodic system updating or maintenance. TELEPHONE NUMBERS * Computer (data line): 301-258-0953 or 1-800-232-4879 * HELPLINE (technical assistance): 301-975-0103. The HELPLINE (for problems or comments) is open Monday-Friday 8:30 AM-4:30 PM Eastern Daylight Time, except on federal holidays. SYSTEM FEATURES Although FEDIX provides a broad range of features for searching, scanning, and downloading, the system is easy to use. The following features will permit quick and easy access to agency databases: Menus -- Information in the system is organized under a series of branching menus. By selecting appropriate menu options (using either the OPTION NUMBER or the two-character MENU CODE), you may begin at the FEDIX Main Menu and work your way through various intermediate menus to a desired sub-menu. However, if you already know the menu code of a desired menu, you may bypass the intermediate menus and proceed directly to that menu by typing the menu code at the prompt. Help screens are available for key menus and can be viewed by typing '?' at the prompt. Capturing Data -- If you are using a microcomputer with communications software, it is likely that your system is capable of storing or "capturing" information as it comes across your screen. If you "turn capture on", you will be able to view information from the databases and store it in a file on your system to be printed later. This may be desirable at times when downloading is not appropriate. Refer to your communications software documentation for instructions on how to activate the capture feature. Downloading -- Throughout the system, options are available which allow you to search, list, and/or download files containing information on specific topics. The download feature can be used to deliver text files (ASCII) or compressed, self-extracting ASCII files to your system very quickly for later use at your convenience. Text files in ASCII format, tagged with a ".MAC" extension, are downloadable by Macintosh users. Compressed ASCII files, tagged with an ".EXE" extension, may be downloaded by users of IBM compatible computers. However, your system must be capable of file transfers. (See the documentation on your communication software). Mail -- An electronic bulletin board feature allows you to send and receive messages to and from the SYSTEM OPERATOR ONLY. This feature will NOT send messages between users. It can be used to inquire about operating the system, receive helpful suggestions from the systems operator, etc. Utility Menu -- The Utility Menu, selected from the FEDIX Main Menu, enables you to modify user information, prioritize agencies for viewing, search and download agency information, set a default calling menu, and set the file transfer protocol for downloading files. INDEX OF KEY INFORMATION ON FEDIX Key information for each agency is listed below with the code for the menu from which the information can be accessed. Please be advised that this list is not comprehensive and that a significant amount of information is available on FEDIX in addition to what is listed here. AGENCY/DATABASE MENU CODE DEPARTMENT OF ENERGY (DOE)/DOEINFO Available Used Research Equipment :EG: Research Program Information :IX: Education Program Information :GA: Search/List/Download Program Information :IX: Research and Training Reactors Information :RT: Procurement Notices :MM: Current Events :DN: NATIONAL AERONAUTICS AND SPACE ADMINISTRATION/NASINFO Research Program Information :RP: Education Program Information :EA: Search/List/Download Program Information :NN: Description/Activities of Space Centers :SC: Procurement Notices :EV: Proposal/Award Guidelines :NA: OFFICE OF NAVAL RESEARCH/ONRINFO Research Program Information :RY:,:AR: Special Programs (Special Research and Education Initiatives) :ON: Search/List/Download Program Information :NR: Description/Activities of Laboratories and other ONR Facilities :LB: Procurement Notices (Broad Agency Announcements, Requests for -- Proposals, etc. :NE: Information on the Preparation and Administration of Contracts, -- Grants, Proposals :AD: FEDERAL AVIATION ADMINISTRATION/FAAINFO Education Program Information - Pre-College :FE: Mio rity Aviation Education Programs :FY: Search/List/Download Program Information :FF: Aviation Education Resources (Newsletters, Films/Videos, -- Publications) :FR: Aviation Education Contacts (Government, Industry, Academic, -- Associations) :FO: College-Level Airway Science Curriculum Information :FC: Procurement Notice :FP: Planned Competitive and Noncompetitive Procurements for the -- Current Fiscal Year :F1: Employment Information :FN: Current Events :FV: MINORITY/MININFO U. S. Department of Commerce Research/Education Minority Assistance Programs :CP: Procurement Notices (ALL Notices for Agency) :M1: Current Events :M1: Minority Contacts :M1: Department of Energy Research/Education Minority Assistance Programs :EP: Procurement Notices (ALL Notices for Agency) :M2: Current Events :M2: Minority Contacts :M2: U.S. Department of Housing and Urban Development Research/Education Minority Assistance Programs :HP: Procurement Notices (ALL Notices for Agency) :M3: Current Events :M3: Minority Contacts :M3: National Aeronautics and Space Administration Research/Education Minority Assistance Programs :NP: Procurement Notices (ALL Notices for Agency) :M4: Current Events :M4: Minority Contacts :M4: National Science Foundation Research/Education Minority AssisdaXce Programs :SP: Procurement Notices (ALL Notices for Agency) :M5: Budget Information :SB: NSF Bulletin :M5: Minority Contacts :M5: _______________________________________________________________________________ --- [Here is the first edition of the toll-free/tolled codes list; thanks to all who participated ... any followups, clarifications, etc would be appreciated.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Toll-free, local rated and specialty toll services 26 July 1991 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following indicates access codes and numbers used within various countries for toll-free and special paid services. The dialing codes shown represent how they would be dialed within the country involved. Generally, it is not possible to access another country's domestic toll-free or specialty network directly. Where an international access is available, it is normally done by using the domestic services which then forward the call to the destination country. Where possible, the number of digits has been indicated with 'n' (a number from 2 to 8) or 'x' (any number). An ellipsis (...) indicates that there are a variable number of extra digits, or possibly a conflict in the reports of numbers of digits used. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Toll-free or equivalent local charge services =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ================= A u s t r a l i a ================= 008 xxx xxx (that is how Telecom recomends it be written to differentiate it from STD area codes which are written with area codes (0x) thru (0xxx) and numbers n xxxx through nxx xxxx. 0014 ttt xxx xxx International Toll free access from Australia (ttt is reported as "800" or other toll-free access code; or, ttt may not be present at all) Brendan Jones: "... I have dialled international toll free to the USA (Fred Pryor Seminars) and I dialled verbatim: 0014 800 125 385." (Canada Direct uses 0014 881 150 - djcl) ============= B e l g i u m ============= 11 xxxx ============= D e n m a r k ============= 800 xxxxx 8001 xxxx (charged as local call) ============= F i n l a n d ============= 9800 xxxxx (...) PTT as local service provider 0800 xxxxx (...) Private phone company as local service provider Kauto Huopio: "(I _think_ that 0800 numbers are only for the local calling area." haa: "...but many service givers have more [digits than 5] in theis mnemonics)." (haa also mentions 9800 costs the same as a local call (dialable from all areas in Finland) while 0800 are truly toll-free and dialable from all private telco areas) =========== F r a n c e =========== 05 xxxxxx (Numero Vert) [note: this is outside area code 1, so from Paris 16 05...] 05 19 xx xx these numbers terminate outside France 36 63 xx xx Local call rate (Numero Azur) Allan G. Schrum: "`11' is computer directory information (Minitel) `12' is voice directory information (equivalent to 411)" =========================== G e r m a n y ( w e s t ) =========================== 0130 xxxx (...xx) Mickey Ferguson: "I was over in Germany for three months, and the number is 0130-... To use ATT, it is 0130-0010, and U.S. Sprint is 0130-0013 (easy to remember :) For general toll-free number listings, pick up a copy of the International Herald newspaper (I think it is available in the US as well as most places internationally) and in the sports section is usually an ATT add for dialing the US from various countries. Of course, chop off the exchange and only use the "area code" number." ============= I r e l a n d ============= 1800 xxxxxx 1850 xxxxxx (local rate) ========= I t a l y ========= 167 xxxxx (digits length?) Colum Mylod: "I'm not 100% sure about the length of digits for Italy. One way to check these is to get a copy of an *international* edition of the weekly magazines like TIME, all ads and little contents. But they do goof up regularly, like printing Paris numbers as (01) xxxxxxxx when they mean (1) xxxxxxxx." =========== M e x i c o =========== 91 800 xxxxx.... ===================== N e t h e r l a n d s ===================== 06-0xxx 06-0xxxxxx 06-4xx(x) Ralph Moonen: "06-0229111 = AT&T USA direct And also Sprint & MCI have operator services on 06-022xxxx Side note: It used to be possible to call 06-022xxxx to Denmark, and then use the CCITT no. 4 signalling system to phreak calls to anywhere in the world." Peter Knoppers: "06-11 This is the Dutch equivalent of 911, it is free when dialled from a phone company operated payphone, otherwise the charge is one unit, DFL 0.15, about US $ 0.08. There were discussions about making such calls free from any phone, but I haven't followed them recently. Calling a toll-free number from a payphone requires a deposit of one coin, which is returned after the call. The total length of the numbers varies from 4 to 10 digits. The dash indicates the secondary dial tone. It is not possible to reach 06 prefixed numbers from abroad." ===================== N e w Z e a l a n d ===================== 0800 xxx xxx clear@cavebbs.gen.nz: "That is through the state telco, Telecom New Zealand. Clear Communications, the recently started alternative LD carrier, does not offer a toll-free service as yet." When Clear offer one, it will more than likely be to the subscribers existing number (eg Dial toll free 050-04-654-3210) as they are not in control of number issue. 0800 is strictly Telecom at this stage." ========================= N o r t h A m e r i c a ========================= 1 800 nxx xxxx Access to toll free numbers can vary according to region, state or country ie. not all 800 numbers are accessible to all regions The nxx prefix portion of the 800 number presently determines which long distance carrier or 800 service company will handle the call (and in some cases determine the geographical region) ========= S p a i n ========= 900 xxxxxx Michael Klein, BellSouth Telephone Operations: "(N.B. The number for ATT direct in Spain is 900-99-00-11. The payphones are all push-button but generate pulses. It takes forever to get connected.)" =========== S w e d e n =========== 020 xxxxxx (without dialtone after '020'). ===================== S w i t z e r l a n d ===================== 04605 xxxx (not toll-free but metered at lowest rate) 155 xx xx ("green number") [also a new one something like 122...] Jim Smithson: "Here in Switzerland there is nothing exactly equivalent to US 800 service. I see the PTT is now encouraging the use of "green numbers" beginning with 155. The direct marketing ads on TV often give the order number for Switzerland as a number such as 155 XX XX. The access number for MCI Call USA is for example 155 02 22. But there are two problems with this that I don't think MCI was aware of when they asked the PTT for "a toll free" number. 1. When calling from a model AZ44(older model) payphone All numbers which begin with a "1" are treated as "service" numbers and the payphone begins to sound a "cuckoo clock noise" once the 155 is entered. The "cuckoo clock noise" is to alert operators on the "service numbers" that the caller is using a payphone(fraud protection). This noise is quite a distraction when calling someone in the USA using MCI Call USA. This is one reason(not the biggest one) I cancelled my MCI Card. 2. The newer style TelcaStar phones are programmed to block the keypad after 3 digits are dialed of a "service number". It used to be that the only numbers beginning with "1" were "service numbers" and all "service numbers" were 3 digits. The PTT is aware of this problem and are said to be considering what instructions to give the manufacturer of the payphones. AT&T USA Direct has an access number of 046 05 00 11 This is not a free call, but the time is metered at the lowest rate. This number does not suffer the "cuckoo clock noise" problem." (Canada Direct uses 046 05 83 30 - djcl) =========================== U n i t e d K i n g d o m =========================== 0800 xxx xxx Toll-free 0345 xxx xxx Local rate =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Tolled/Specialty Pay services =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ================= A u s t r a l i a ================= 0055 x yxxx where y=0-4,8 means the number is Australia wide (and costs more), y=5 means the number is only state wide, y=6,7,9 means the number is for the capital city only. ============= F i n l a n d ============= 9700 xxxxx PTT-operated 0700 xxxxx Private telco-operated haa: "cost ranging from about 0.5 USD to 5 USD per minute." =========== F r a n c e =========== 36 65 xx xx (5 message units each call for up to 140 seconds) Olivier Giffard: "These are for various information services as well as chat lines and so on." ===================== N e t h e r l a n d s ===================== 06-9 xx... 06-321 xx... 06-8 xx... (3 to 40ct/min) Peter Knoppers: "Other codes (such as 06-9) precede special tariff calls (similar to 900 in the US). The highest special rate is (currently) DFL 0.50 / minute." ========================= N o r t h A m e r i c a ========================= 1 900 nxx xxxx (various rates, depending on provider) 1 (npa) 976 xxxx (in many area codes, connected through regional telco; in some areas, the call requires the area code where depending on the intra-area dialing used) (other exchange prefixes within area codes such as 540, 720 or 915 are used for other pay services such as group chat, other types of recorded messages, etc. These vary depending on the area code within North America, and not all regions in North America have these.) =========== S w e d e n =========== 071 x xxxxx Dan Sahlin: "The "900"-numbers in Sweden all start with 071. The charges are related to the next digit, as follows. code SEK/minute 0712xxxxx 3,65 0713xxxxx 4,90 0714xxxxx 6,90 0715xxxxx 9,90 0716xxxxx 12,50 0717xxxxx 15,30 0719xx varying fees, cannot be dialled directly but needs operator Numbers starting with 0713-0717 can only be dialled from phones connected to AXE exchanges. At present about half of all phones in Sweden are connected to such exchanges. Another special toll number is domestic number information: 07975 (6,90 SEK/minute)." =========================== U n i t e d K i n g d o m =========================== 0836 xxx xxx 0898 xxx xxx J. Philip Miller: "Rate seems to be uniform as 34p per minute cheap rate, 45p at all other times." ------------------------------------------------------------------------------ / / / NIA072 / File 7 / / CyberTimes (Vox Populi) / / Judge Dredd / / / The following 4 files of CyberTimes (Vox Populi) is telecom news since 01JAN91 to 01AUG91. #O GRID News #I Vol. 2, No. 6 #D February 22, 1991 #T Michigan to Overhaul Telecom Rules #A Michael E. Marotta On February 19 and 20, companion bills were introduced into the state house and state senate of Michigan. "The Michigan Telecommunications Act" is House Bill 4343 and Senate Bill 124. The two versions are identical. HB4343 was introduced by Alma G. Stallworth (D-Detroit), chair of the House Public Utilities committee. SB124 was introduced by Mat J. Dunaskiss (R-Lake Orion), chair of the newly-created Senate Technology and Energy Committee. If passed by October 1, 1991, the bills become law on that date and have sunset limits of four years, expiring on September 30, 1995. The Michigan Telecommunications Act would, if passed into law, accomplish the following: (*) establish a new regulator, the Michigan Telecommunications Commission, removing telephone from the Public Service Commission and bringing cable television under the new agency's scope. (*) de-regulate local exchange providers, allowing them monopoly status and the right to sell other services, including long distance, cable television and information. (*) freeze local rates at the current level, allowing no increase beyond the maximum rate as of Nov. 1, 1990. (*) require 911 service to be provided to any county that wants it. In fact, there are 48 separate provisions for 911 service, significantly more than any other section of the act. (Mandatory service for the hearing impaired runs a mere 42 lines.) (*) Outlaw unsolicited advertising via fax. (This provision, like many of the 911 rules, is already in place. It was created in 1990 as an amendment to the Telephone Act of 1913 and is being carried over.) The Michigan Telecommunications Act specifically seeks to overturn the "Modified Final Judgement." Its goal is to allow Michigan telecom providers the freedom to develop products and services. Whether and to what extent it meets those goals will be determined in part by what happens to the bills in committees and on the floors. #O NewsBytes #D March 4, 1991 MIDDLE ISLAND, NEW YORK, U.S.A., 1991 MAR 4(NB) -- Emmanuel Goldstein, editor and publisher of 2600: The Hacker Quarterly, has told Newsbytes that The Texas Department of Criminal Justice has prohibited delivery delivery of the fall 1990 issue of 2600 to a subscriber incarcerated in a Texas prison. The official "Publication Denial Notification" form, dated January 9, 1991, was received by Goldstein and published in the Winter 1990-91 issue that was released on March 1st. The form indicates that the denial was instituted because "Publication contains material on the setting up and operation of criminal schemes or how to avoid detection of criminal schemes by lawful authority charged with the responsibility for detected such illegal activity." The specific reasons for determining the basis for the ruling are listed as "Pages 18, 19, 20, 21, 29, 42 and 43 contain information on misusing telephone equipment to make telephone calls illegally and to obtain cash and credit cards illegally." Goldstein, commenting on the ban to Newsbytes, said "Inside of prison, there is not much freedom so I guess it's not surprising that they do things like this. What is surprising is that the article which they were most concerned with was written by the Fraud Division of the U.S. Secret Service and was clearly indicated to have been so authored." Newsbytes examined the Fall issue of 2600 and found that the Secret Service technical synopsis is contained on pages 18-21 while page 29 is part of the letters from readers section and contains a letter from a prisoner in an unnamed prison explaining how he or she makes unpaid telephone calls. Pages 42 and 43 contain an article by "Crazed Luddite & Murdering Thug", "An Algorithm For Credit Cards", which explains the checksum verification of credit card numbers. Also contained in the same issue is an interview with security expert Dr. Dorothy Denning, an explanation of caller-id and an article by Goldstein on alleged BellSouth plans for monitoring telephone lines. A supervisor at the Texas Department of Criminal Justice, Institutional Division told Newsbytes that "Inmates may subscribe to any publication they choose but they understand that the magazines are subject to review for appropriateness. If they contain any material that does not meet or standards, either the articles in question or the entire magazine will be rejected." The supervisor, who could not speak for attribution, explained that, if the objectionable passages were 5 pages or less, they would have been removed and the remainder of the magazine delivered. She also said that both the inmate and the publication have the right to appeal the decision. #O Associated Press Wire [herby refered to as APwire] BALTIMORE (AP) -- A computer hacker pleaded guilty Friday to stealing information from American Telephone & Telegraph and its subsidiary Bell Laboratories. Under an agreement with prosecutors, Leonard Rose pleaded guilty in U.S. District Court to one count of sending AT&T source codes via computer to Richard Andrews, an Illinois hacker, and a similar wire fraud charge involving a Chicago hacker. Prosecutors said they will ask that Rose be sentenced to two concurrent one-year terms. Rose is expected to be sentenced in May. Neither Rose nor his attorney could be immediately reached for comment late Friday. "Other computer hackers who choose to use their talents to interfere with the security and privacy of computer systems can expect to be prosecuted and to face similar penalties," said U.S. Attorney Breckinridge L. Willcox. "The sentence contemplated in the plea agreement reflects the serious nature of this new form of theft," Willcox said. Rose, 32, was charged in May 1990 in a five-count indictment following an investigation by the Secret Service and the U.S. Attorney's offices in Baltimore and Chicago. He also had been charged with distributing "trojan horse" programs, designed to gain unauthorized access to computer systems, to other hackers. Prosecutors said Rose and other hackers entered into a scheme to steal computer source codes from AT&T's UNIX computer system. The plea agreement stipulates that after he serves his sentence, Rose must disclose his past conduct to potential employers that have computers with similar source codes. #O Washington Post #I n/a #D March 23, 1991 [pp A1, A10] #T 'Hacker' Pleads Guilty in AT&T CASE: Sentence Urged for Md. Man Among Stiffest Yet for Computer Crime #A Mark Potts/Washington Post Staff Writer BALTIMORE, March 22--A computer "hacker" who was trying to help others steal electronic passwords guarding large corporate computer systems around the country today pleaded guilty to wire fraud in a continuing government crackdown on computer crime. Federal prosecutors recommended that Leonard Rose Jr., 32, of Middletown, Md., be sent to prison for one year and one day, which would be one of the stiffest sentences imposed to date for computer crime. Sentencing is scheduled for May before U.S. District Judge J. Frederick Motz. Cases such as those of Rose and a Cornell University graduate student who was convicted last year of crippling a nationwide computer network have shown that the formerly innocent pastime of hacking has potentially extreme economic ramifications. Prosecutors, industry officials and even some veteran hackers now question the once popular and widely accepted practice of breaking into computer systems and networks in search of information that can be shared with others. "It's just like any other form of theft, except that it's more subtle and it's more sophisticated," said Geoffrey R. Garinther, the assistant U.S. attorney who prosecuted the Rose case. Rose--once part of a group of maverick hackers who called themselves the Legion of Doom--and his attorneys were not available for comment after the guilty plea today. The single fraud count replaced a five-count indictment of the computer programmer that was issued last May after a raid on his home by Secret Service agents. According to prosecutors, Rose illegally obtained information that would permit him to secretly modify a widely used American Telephone & (See HACKER, A10, Col 1) Telegraph Co. Unix software program--the complex instructions that tell computers what to do. The two former AT&T software employees who provided these information "codes" have not yet been prosecuted. Rose altered the AT&T software by inserting a "Trojan horse" program that would allow a hacker to secretly gain access to the computer systems using the AT&T Unix software and gather passwords used on the system. The passwords could then be distributed to other hackers, permitting them to use the system without the knowledge of its rightful operators, prosecutors said. Rose's modifications made corporate purchasers of the $77,000 AT&T Unix program vulnerable to electronic break-ins and the theft of such services as toll-free 800 numbers and other computer-based telecommunications services. After changing the software, Rose sent it to three other computer hackers, including one in Chicago, where authorities learned of the scheme through a Secret Service computer crime investigation called Operation Sun Devil. Officials say they do not believe the hackers ever broke into computer systems. At the same time he pleaded guilty here, Rose pleaded guilty to a similar charge in Chicago; the sentences are to be served concurrently, and he will be eligible for parole after 10 months. Rose and his associates in the Legion of Doom, whose nickname was taken from a gang of comic-book villains, used names like Acid Phreak Terminus--Rose's nickname--as their computer IDs. They connected their computers by telephone to corporate and government computer networks, outwitted security screens and passwords to sign onto the systems and rummaged through the information files they found, prosecutors said. Members of the group were constantly testing the boundaries of the "hacker ethic," a code of conduct dating back to the early 1960s that operates on the belief that computers and the information on them should be free for everyone to share, and that such freedom would accelerate the spread of computer technology, to society's benefit. Corporate and government computer information managers and many law enforcement officials have a different view of the hackers. To them, the hackers are committing theft and computer fraud. After the first federal law aimed at computer fraud was enacted in 1986, the Secret Service began the Operation Sun Devil investigation, which has since swept up many members of the Legion of Doom, including Rose. The investigation has resulted in the arrest and prosecution of several hackers and led to the confiscation of dozens of computers, thousands of computer disks and related items. "We're authorized to enforce the computer fraud act, and we're doing it to the best of our ability," Garry Jenkins, assistant director of investigations for the Secret Service, said last summer. "We're not interested in cases that are at the lowest threshold of violating the law...They have to be major criminal violations before we get involved." The Secret Service crackdown closely followed the prosecution of the most celebrated hacker case to date, that of Robert Tappan Morris Cornell University computer science graduate student and son of a computer sicentist at the National Security Agency. Morris was convicted early last year of infecting a vast nationwide computer network in 1988 with a hugely disruptive computer "virus," or rogue instructions. Although he could have gone to jail for five years, Mo $10,000, given three years probation and ordered to do 400 hours of community service work. Through Operation Sun Devil and the Morris case, law enforcement authorities have begun to define the boundaries of computer law. Officials are grappling with how best to punish hackers and how to differentiate between mere computer pranks and serious computer espionage. "We're all trying to get a handle for what is appropriate behavior in this new age, where we have computers and computer networks linked together," said Lance Hoffman, a computer science professor at George Washington University. "There clearly are a bunch of people feeling their way in various respects," said David R. Johnson, an attorney at Wilmer, Cutler & Pickering and an expert on computer law. However, he said, "Things are getting a lot clearer. It used to be a reasonably respectable argument that people gaining unauthorized access to computer systems and causing problems were just rambunctious youth." Now, however, the feeling is that "operating in unauthorized computing spaces can be an antisocial act," he said. Although this view is increasingly shared by industry leaders, some see the risk of the crackdown on hackers going to far. Among those concerned is Mitch Kapor, the inventor of Lotus 1-2-3, the best-selling computer "spreadsheet" program for carrying out mathematical and accounting analysis. Kapor and several other computer pioneers last year contributed several hundred thousands dollars to set up the Electron Freedom Foundation, a defense fund for computer hackers. EFF has funded much of Rose's defense and filed a friend-of-the-court brief protesting Rose's indictment. From: The Washington Post, Tuesday March 26, 1991, Page A3. CORRECTION [to Saturday March 23, 1991 article] "Leonard Rose, Jr., the Maryland computer hacker who pleaded guilty last week to two counts of wire fraud involving his illegal possession of an American Telephone & Telegraph Co. computer program, was not a member of the "Legion of Doom" computer hacker group, as was reported Saturday, and did not participate in the group's alleged activities of breaking into and rummaging through corporate and government computer systems." #O NewsBytes #D April 1, 1991 PHOENIX, ARIZONA, U.S.A., 1991 APR 1(NB) -- The Maricopa County Arizona County Attorney's Office has announced the arrest of Baron Majette, 19, also known as "Doc Savage", for alleged crimes uncovered in the joint federal / state "SunDevil" investigation in progress for over a year. Majette is charged with a number of felony crimes including the use of a telephone lineman's handset in March 1990 to tap into a Toys 'R Us telephone line to set up two conference calls between 15 participants. According to the charges, each call lasted approximately 10 hours and cost $4,000. A spokesperson for the County Attorney's office told Newsbytes that a Tucson resident, Anthony Nusall, has previously pleaded guilty to being a participant in the conference Majette is also accused of illegally accessing TRW's credit data base to obtain personal credit information and account numbers of persons in the TRW database. He is alleged to have then used the information obtained to divert existing account mailings to mail drops and post office boxes set up for this purpose. He is also alleged to have additional credit cards issued based on the information obtained from the database. He is further alleged to have obtained cash, goods and services, such as airline tickets, in excess of $50,000 by using cards and account information obtained through entry into the TRW database. It is further alleged that Majette stole credit cars from U.S. Mail boxes and used them to obtain approximately $10,000 worth of cash, goods and services.The allegations state that Majette acted either alone or as part of a group to perform these actions. A County Attorney spokesperson told Newsbytes that further arrests may be expected as result of the ongoing investigation. While bail was set on these charges at $4,900. Majette is being held on a second warrant for probation violation and cannot be released on bail until the probation hearing has been held. Gail H. Thackeray, former Assistant Attorney General for the State of Arizona, currently working with Maricopa County on the SunDevil cases, told Newsbytes "The SunDevil project was started in response to a high level of complaint of communications crimes, credit card fraud and other incidents relating to large financial losses. These were not cases of persons accessing computers 'just to look around' or even cases like the Atlanta 'Legion of Doom' one in which the individuals admitted obtaining information through illegal access. They are rather cases in which the accused alleged used computers to facilitate theft of substantial goods and services." #O Newsweek Magazine #T Cyberpunks and the Constitution The fast-changing technologies of the late 20th century pose a challenge to American laws and principles of ages past #A Phillip Elmer-Dewitt Armed with guns and search warrants, 150 Secret Service agents staged surprise raids in 14 American cities one morning last May, seizing 42 computers and tens of thousands of floppy disks. Their target: a loose-knit group of youthful computer enthusiasts suspected of trafficking in stolen credit-card numbers, telephone access codes and other contraband of the information age. The authorities intended to send a sharp message to would-be digital desperadoes that computer crime does not pay. But in their zeal, they sent a very different message - one that chilled civil libertarians. By attempting to crack down on telephone fraud, they shut down dozens of computer bulletin boards that may be as fully protected by the U.S. Constitution as the words on this page. Do electronic bulletin boards that may list stolen access codes enjoy protection under the First Amendment? That was one of the thorny questions raised last week at an unusual gathering of computer hackers, law-enforcement officials and legal scholars sponsored by Computer Professionals for Social Responsibility. For four days in California's Silicon Valley, 400 experts struggled to sort out the implications of applying late-18th century laws and legal principles to the fast-changing technologies of the late 20th century. While the gathering was short on answers, it was long on tantalizing questions. How can privacy be ensured when computers record every phone call, cash withdrawal and credit-card transaction? What "property rights" can be protected in digital electronic systems that can create copies that are indistinguishable from the real thing? What is a "place" in cyberspace, the universe occupied by audio and video signals traveling across state and national borders at nearly the speed of light? Or as Harvard law professor Laurence Tribe aptly summarized, "When the lines along which our Constitution is drawn warp or vanish, what happens to the Constitution itself?" Tribe suggested that the Supreme Court may be incapable of keeping up with the pace of technological change. He proposed what many will consider a radical solution: a 27th Amendment that would make the information-related freedoms guaranteed in the Bill of Rights fully applicable "no matter what the technological method or medium" by which that information is generated, stored or transmitted. While such a proposal is unlikely to pass into law, the fact that one of the country's leading constitutional scholars put it forward may persuade the judiciary to focus on the issues it raises. In recent months, several conflicts involving computer-related privacy and free speech have surfaced: -- When subscribers to Prodigy, a 700,000-member information system owned by Sears and IBM, began posting messages protesting a rate hike, Prodigy officials banned discussion of the topic in public forums on the system. After protesters began sending private mail messages to other members - and to advertisers - they were summarily kicked off the network. -- When Lotus Development Corp. of Cambridge, Mass., announced a joint venture with Equifax, one of the country's largest credit-rating bureaus, to sell a personal-computer product that would contain information on the shopping habits of 120 million U.S. households, it received 30,000 calls and letters from individuals asking that their names be removed from the data base. The project was quietly canceled in January. -- When regional telephone companies began offering Caller ID, a device that displays the phone numbers - including unlisted ones - of incoming calls, many people viewed it as an invasion of privacy. Several states have since passed laws requiring phone companies to offer callers a "blocking" option so that they can choose whether or not to disclose their numbers. Pennsylvania has banned the service. But the hacker dragnets generated the most heat. Ten months after the Secret Service shut down the bulletin boards, the government still has not produced any indictments. And several similar cases that have come before courts have been badly flawed. One Austin-based game publisher whose bulletin-board system was seized last March is expected soon to sue the government for violating his civil liberties. There is certainly plenty of computer crime around. The Secret Service claims that U.S. phone companies are losing $1.2 billion a year anc credit-card providers another $1 billion, largely through fraudulent use of stolen passwords and access codes. It is not clear, however, that the cyberpunks rounded up in dragnets like last May's are the ones committing the worst offenses. Those arrested were mostly teenagers more intent on showing off their computer skills than padding their bank accounts. One 14-year-old from New York City, for instance, apparently specialized in taking over the operation of remote computer systems and turning them into bulletin boards - for his friends to play on. Among his targets, say police, was a Pentagon computer belonging to the Secretary of the Air Force. "I regard unauthorized entry into computer systems as wrong and deserving of punishment," says Mitch Kapor, the former president of Lotus. And yet Kapor has emerged as a leading watchdog for freedom in the information age. He views the tiny bulletin-board systems as the forerunners of a public computer network that will eventually connect households across the country. Kapor is worried that legal precedents set today may haunt all Americans in the 21st century. Thus he is providing funds to fight for civil liberties in cyberspace the best way he knows how - one case at a time. #O Financial Post & Financial Times of London #T Canada is Accused of Using Stolen Software #A Eric Reguly & Alan Friedman NEW YORK -- Government agencies in Canada and other countries are using computer software that was stolen from a Washington-based company by the U.S. Department of Justice, according to affidavits filed in a U.S. court case. In a complex case, several nations, as well as some well-known Washington insiders - including the national security advisor to former President Ronald Reagan, Robert McFarlane - are named as allegedly playing a role. The affidavits were filed in recent weeks in support of a Washington-based computer company called Inslaw Inc., which claims that its case-tracking software, known as Promis, was stolen by the U.S. Department of Justice and eventually ended up in the hands of the governments of Israel, Canada and Iraq. NEW MOTION Yesterday, lawyers for Inslaw filed a new motion in federal bankruptcy court in Washington demanding the power to subpoena information from the Canadian government on how Ottawa came to acquire Promis software. The motion states, "The evidence continues to mount that Inslaw's proprietary software is in Canada." The affidavits allege that Promis - designed to keep track of cases and criminals by government agencies - is in use by the RCMP and the Canadian Security Intelligence Service. The Canadian Department of Communications is referring calls on the subject to the department's lawyer, John Lovell in Ottawa, while a CSIS spokesman will not confirm or deny whether the agency uses the software. "No one is aware of the program's existence here," Corporal DEnis Deveau, Ottawa-based spokesman for the RCMP, said yesterday. The case of Inslaw, which won a court victory against the Justice Department in 1987, at first glance appears to be an obscure lawsuit by a small business that was forced into bankruptcy because of the loss of its proprietary software. But several members of the Washington establishment are suggesting Inslaw may have implications for U.S. foreign policy in the Middle East. The Case already has some unusual aspects. At least one judge has refused to handle it because of potential conflicts of interest, and a key lawyer representing Inslaw is Elliot Richardson, a former U.S. attorney general and ambassador to Britain who is remembered for his role in standing up to Richard Nixon during the Watergate scandal. Richardson yesterday told the Financial Times of London and The Financial Post that: "Evidence of the widespread ramifications of the Inslaw case comes from many sources and keeps accumulating." A curious development in the Inslaw case is that the Department of Justice has refused to provide documents relating to Inslaw to Jack Brook, chairman of the Judiciary Committee of the House of Representatives. Richardson said, "It remains inexplicable why the Justice Department consistently refuses to pursue this evidence and resists co-operation with the Judiciary Committee of the House of Representatives." The Inslaw case began in 1982 when the company accepted a US $10-million contract to install its Promis case management software at the Department of Justice. In 1983 the government agency stopped paying Inslaw and the firm went into Chapter 11 bankruptcy proceedings. Inslaw sued Justice in 1986 and the trial took place a year later. The result of the trial in 1987 was a ruling by a federal bankruptcy court in Inslaw's favor. The ruling said that the Justice Department "took, converted, stole" Promis software through "trickery, fraud and deceit" and then conspired to drive Inslaw out of business. That ruling, which received little publicity at the time, was upheld by the U.S. District Court in Washington in 1989, but Justice lodged an appeal last year in an attempt to overturn the judgement that it must pay Inslaw US $6.1 million (C $7.1 million) in damages and US $1.2 million in legal fees. The affidavits filed in recent weeks relate to an imminent move by Richardson on behalf of Inslaw to obtain subpoena power in order to demand copies of the Promis software that the company alleges are being used by the Central Intelligence Agency and other U.S. intelligence services that did not purchase the technology from Inslaw. In the affidavit relating to McFarlane that was filed on March 21, Ari Ben-Menashe, a former Israeli intelligence officer, claims that McFarlane had a "special" relationship with Israeli intelligence officials. Ben-Menashe alleges that in a 1982 meeting in Tel Aviv, he was told that Israeli intelligence received the software from McFarlane. FLORIDA COMPANY McFarlane has stated that he is "very puzzled" by the allegations that he passed any of the software to Israel. He has termed the claims "absolutely false". Another strange development is the status of Michael Riconosciuto, a potential witness for Inslaw who once worked with a Florida company that sought to develop weapons, including fuel-air explosives and chemical agents. Riconosciuto claimed in his affidavit that in February he was called by a former Justice Department official who warned him against co-op with the House Judiciary Committee's investigation into Inslaw. Riconosciuto was arrested last weekend on drug charges, but claimed he had been "set up". In his March 21 affidavit, Riconosciuto says he modified Promis software for law enforcement and intelligence agencies. "Some of the modifications that I made were specifically designed to facilitate the implementation of Promis within two agencies of the government of Canada... The propriety (sic) version of Promis, as modified by me, was, in fact, implemented in both the RCMP and the CSIS in Canada." On Monday, Richardson and other lawyers for Inslaw will file a motion in court seeking the power to subpoena copies of the Promis software from U.S. Intelligence agencies. #O NewsByetes #D April 3, 1991 SAN LUIS OBISPO, CALIFORNIA, U.S.A., 1991 APR 3 (NB) --Ron Hopson got a call at work from his neighbor who informed him police broke down his front door, and were confiscating his computer equipment. The report, in the San Luis Obispo (SLO) Telegram-Tribune, quoted Hopson as saying, "They took my stuff, they rummaged through my house, and all the time I was trying to figure out what I did, what this was about. I didn't have any idea." According to the Telegram-Tribune, Hopson and three others were accused by police of attempting to break into the bulletin board system (BBS) containing patient records of SLO dermatologists Longabaugh and Herton. District Attorney Stephen Brown told Newsbytes that even though the suspects (two of which are Cal Poly students) did not know each other, search warrants were issued after their phone numbers were traced by police as numbers attempting access to the dermatologists' system by modem "more than three times in a single day." Brown told Newsbytes the police wouldn't have been as concerned if it had been the BBS of a non-medical related company, but faced with people trying to obtaining illegal narcotics by calling pharmacies with fraudulent information... What the suspects had in common was the dermatologists' BBS phone number programmed into their telecommunications software as the Cygnus XI BBS. According to John Ewing, secretary of the SLO Personal Computer Users Group (SLO PC UG), the Cygnus XI BBS was a public BBS that operated in SLO, but the system operator (sysop) moved less than a year ago and discontinued the board. It appears the dermatologists inherited the number. John Ewing, SLO PCUG editor, commented in the SLO PC UG newsletter, "My personal opinion is that the phone number [for the Cygnus XI BBS] is still listed in personal dialing directories as Cygnus XI, and people are innocently calling to exchange information and download files. These so-called hackers know that the password they used worked in the past and attempt to connect several times. The password may even be recorded as a script file [an automatic log-on file]. If this is the case, my sympathies go out to those who have had their hardware and software confiscated." Bob Ward, secretary of the SLO PC UG, told Newsbytes, "The number [for Cygnus XI] could have been passed around the world. And, as a new user, it would be easy to make three mistaken calls. The board has no opening screen, it just asks for a password. So, you call once with your password, once more trying the word NEW, and again to try GUEST." #O California Computer News #D April 1991 [p26] #T Modem Mania: More Households Go Online Every Day #A Dennis B. Collins Get your scissors. Here come some statistics you'll want to save. I've been doing a lot of research lately regarding computer bulletin board systems (BBSs). Prodigy's research and development department said that 30 percent of American homes have some sort of PC. Of these homes, 20 percent have a modem. This means that six percent of all homes have the capability to obtain computer data via phone line! The Information Age is now in its infancy - it is here and it is real. It is also growing at a rate of 400 percent a year. CompuServe and Prodigy both claim 750,000 paying customers. Prodigy stresses that their figures reflect modems at home only. They have no count of businesses. Local system operators tell me a significant number of calls originate from offices - their "guesstimate" is that office use may increase the figures by another 20 percent. (...) The question keeps coming up: How many BBSs are there? Nobody knows. In Sacramento, the best guess is about 200. Worldwide, the number is quickly growing. About two years ago I obtained a list of BBS members of FidoNet. At the time there were about 6,000 member systems. The January 1991 Node lists over 11,000 BBSs worldwide! It is important to note that there are several large networks, of which FidoNet is only one. U.S. Robotics claims to have a list of 12,000 BBSs that use their modems in this country alone. It is clear that millions of individuals are using PC telecommunications and the numbers are getting larger. #O LAN Times #D March 18, 1991 [pp75-76] #T Software Piracy Now Costs Industry Billions: But software authentication devices can protect your investment from thieves #A Charles P. Koontz About a zillion years ago when I first read _Swiss Family Robinson_, I always wondered why the Robinson family was so fearful of Malaysian pirates. After all, I was accustomed to the proper civilized pirates in all the Errol Flynn movies. But it turns out the Malaysian variety were much worse. The same is true of the pirates that prey on the modern software industry. In the software industry, the civilized pirates are the ones who copy an occasionally program from a friend without paying for it.. Most of us at lest know someone who's done it. I've heard of places where none of the software in an office is legal. Civilized pirates are still thieves and they break the law, but they have a better attitude. They should look into shareware as an alternative source. It's almost as cheap and often every bit as good. In the software industry, the crook who makes a living by making and selling copied software is the modern equivalent of a Malaysian pirate. The fact that a lot of them are located in the orient where piracy may not be illegal helps the analogy. It seems however that the practice is spreading to more local climates. The process is fairly simple and requires only a small investment to get started. At the simplest level, all the pirate needs is a copy of a popular program, a PC, and a place to duplicate the distribution diskettes. More sophisticated pirates have factories employing dozens of workers running high-speed disk duplicators and copy machines so they can include the manual in their shrink-wrapped counterfeit package. Some even copy the silk screening on the manual covers. They then find a legitimate outlet for the software. The customer only finds out that the company is bogus when he calls for technical support, if the real manufacturer tracks serial numbers. Software piracy has become a part of the cost of doing business for major software manufacturers. The Software Publishers Association (SPA) estimates that piracy costs the software industry between 1.5 and 2 billion dollars annually in the USA alone. Worldwide estimates range from 4 to 5 billion dollars. The legitimate domestic software market accounts for only 3 billion dollars annually. The SPA estimates that for every copy of legal software package, there is at least one illegal copy. If you think this is an exaggeration, just consider all the illegal copies you know about. [rest of article discusses hardware anti-piracy devices] #O New York Times #D April 21, 1991 #T Dutch break into U.S. computers from 'hacker haven' #A John Markoff Beyond the reach of American law, a group of Dutch computer intruders has been openly defying United States military, space and intelligence authorities for almost six months. Recently the intruders broke into a U.S. military computer while being filmed by a Dutch television crew. The intruders, working over local telephone lines that enable them to tap American computer networks at almost no cost, have not done serious damage and haven't penetrated the most secure government computer systems, federal investigators say. The group, however, has entered a wide range of computer systems with unclassified information, including those at the Kennedy Space Center, the Pentagon's Pacific Fleet Command, the Lawrence Livermore National Laboratory and Stanford University. U.S. government officials said they had been tracking the interlopers, but no arrests have been made because there are no legal restrictions in the Netherlands on unauthorized computer access. "This has been a terrible problem," said Gail Thackeray, a former Arizona assistant attorney general who has prosecuted computer crimes. "Until recently there have been few countries that have computer crime laws. These countries are acting as hacker havens." American law-enforcement officials said they believed there were three or four members of the Dutch group, but would not release any names. A Dutch television news report in February showed a member of the group at the University of Utrecht reading information off a computer screen showing what he said was missile test information taken from a U.S. military computer. His back was to the camera, and he was not identified. Because there are no computer crime laws in the Netherlands, American investigators said the Dutch group boasts that it can enter computers via international data networks with impunity. One computer expert who has watched the electronic recordings made of the group's activities said the intruders do not demonstrate any particularly unusual computer skills, but instead appear to have access to documents that contain recipes for breaking computer security on many U.S. systems. These documents have been widely circulated on underground systems. The computer expert said he had seen several recordings of the break-in sessions and that one of the members of the group used an account named "Adrian" to break into computers at the Kennedy Space Center and the Pentagon's commander in chief of the Pacific. #O GRID News #I vol. 2, No. 11x&12x #D April 28, 1991 #T Libertarian Party Candidate Says Yes! to Hackers #T Telecom Bills Move Forward, Meet Opposition According to LP presidential hopeful, Andre Marrou, 35% of the dues-paying members of his party are computer programmers. Despite the fact that Marrou had never heard of Craig Neidorf or Operation Sundevil, he had strong opinions on the issues. "A computer is a printing press. You can churn out stuff on the printer." He did not move away from the paradigms print gave him but at least he was at a loss to understand how anyone could not see something so obvious, that a computer is a printing press. Then he defended a special kind of hacking. "If you mean hacking to get into government computers to get the information, there is nothing wrong with that. There is too much secrecy in government. There is a principle that the information belongs to the people. 99% of the classified material is not really important. With hackers most of the stuff they want to get into should be public in the first place. Anything the government owns belongs to all of us. Like in real estate you can get information from the county and I'd extend that rule of thumb. It would be a good thing if they could get into the IRS data files." In line with mainstream libertarian thought, both Andre Marrou his campaign manager, Jim Lewis (also a former LP veep candidate), said that they support the idea of government-granted patents. Marrou said he had never heard of patents being granted for software but knew that software can be copyrighted. Andre Marrou graduated from MIT. (2) Telecom Bills Move Forward, Meet Opposition "Competition and innovation will be stifled and consumers will pay more for telephone service if the Legislature approves the telecommunication legislation now before Senate and House committees," said 15 lobbyists speaking through the Marketing Resource Group. Representatives from the AARP, AT&T, MCI, Michigan Cable Television Association, and the Michigan Association of Realtors all agreed that it would be wrong to let the local exchange carriers sell cable television, long distance and information services and manufacture equipment. The AARP has opposed this legislation because they do not see a limit on the cost of phone service. According to the bill BASIC phone rates would be frozen forever at their November 1990 level. However, there is no limit on charges for "enhanced services." There is also no DEFINITION of "enhanced service" but most people involved in the bill have cited call forwarding, call waiting, fax and computer. Other provisions of the proposed law would regulate all "information providers." Further, those who provide information from computers via the telephone would receive their service "at cost." This provision takes on new colors in light of a Wall Street Journal story from Jan. 9, 1991, issued along with press release materials from Marketing Resources. That story outlines how NYNEX inflated its cost figures selling itself services far in excess of the market rate. Interestingly enough, increased competition is one of the goals cited by the bill's key sponsor, Senate Mat Dunaskiss. #O Telegram-Tribune Newspaper #D March 23, 1991 #T Amature Hackers Tripped Up #A Danna Dykstra Coy San Luis Obispo police have cracked a case of computer hacking. Now they've got to work out the bugs. Officers were still interviewing suspects late Friday linked to a rare case of computer tampering that involved at least four people, two of them computer science majors from Cal Poly. The hackers were obvious amateurs, according to police. They were caught unknowingly tapping into the computer system in the office of two local dermatologists. The only information they would have obtained, had they cracked the system's entry code, was patient billing records. Police declined to name names because the investigation is on-going. They don't expect any arrests, though technically, they say a crime has been committed. Police believe the tampering was all in fun, though at the expense of the skin doctors who spent money and time fixing glitches caused by the electronic intrusion. "Maybe it was a game for the suspects, but you have to look at the bigger picture," said the officer assigned to the case, Gary Nemeth. "The fact they were knowingly attempting to access a computer system without permission is a crime." Because the case is rare in this county, police are learning as they go along. "We will definitely file complaints with the District Attorney's Office," said Nemeth. "They can decide whether we've got enough of a case to go to trial." Earlier this month San Luis dermatologists James Longabaugh and Jeffrey Herten told police they suspected somebody was trying to access the computer in the office they share at 15 Santa Rosa St. The system, which contains patient records and billing information, continually shut down. The doctors were unable to access their patients' records, said Nemeth, and paid a computer technician at least $1,500 to re-program their modem. The modem is a device that allows computers to communicate through telephone lines. It can only be accessed when an operator "dials" its designated number by punching the numbers on a computer keyboard. The "calling" computer then asks the operator to punch in a password to enter the system. If the operator fails to type in the correct password, the system may ask the caller to try again or simply hang up. Because the doctors' modem has a built-in security system, (cont' NIA072 File 8) / / / NIA072 / File 8 / / CyberTimes (Vox Populi) / / Judge Dredd / / / (cont' NIA072 / File 7) several failed attempts causes the system to shut down completely. The technician who suspected the problems were more than mechanical, advised the doctors to call the police. "We ordered a telephone tap on the line, which showed in one day alone 200 calls were made to that number," said Nemeth. "It was obvious someone was making a game of trying to crack the code to enter the system." The tap showed four residences that placed more than three calls a day to the doctors' computer number. Three of the callers were from San Luis Obispo and one was from Santa Margarita. From there police went to work. "A lot of times I think police just tell somebody in a situation like that to get a new phone number," said Nemeth, "and their problem is resolved. But these doctors were really worried. They were afraid someone really wanted to know what they had in their files. They wondered if it was happening to them, maybe it was happening to others. I was intrigued." Nemeth, whose training is in police work and not computer crimes, was soon breaking new ground for the department. "Here we had the addresses, but no proper search warrant. We didn't know what to name in a search warrant for a computer tampering case." A security investigator for Pacific Bell gave Nemeth the information he needed: disks, computer equipment, stereos and telephones, anything that could be used in a computer crime. Search warrants were served at the San Luis Obispo houses Thursday and Friday. Residents at the Santa Margarita house have yet to be served. But police are certain they've already cracked the case. At all three residences that were searched police found a disk that incorrectly gave the doctors' phone number as the key to a program called "Cygnus XI". "It was a fluke," said Nemeth. "These people didn't know each other, and yet they all had this same program". Apparently when the suspects failed to gain access, they made a game of trying to crack the password, he said. "They didn't know whose computer was hooked up to the phone number the program gave them," said Nemeth. "So they tried to find out." Police confiscated hundreds of disks containing illegally obtained copies of software at a residence where two Cal Poly students lived, which will be turned over to a federal law enforcement agency, said Nemeth. Police Chief Jim Gardner said he doesn't expect this type of case to be the department's last, given modern technology. "What got to be a little strange is when I heard my officers talk in briefings this week. It was like I need more information for the database'." "To think 20 years ago when cops sat around and talked all you heard about was 211' cases and dope dealers." #O Telegram-Tribune Newspaper #D March 29, 1991 #T Computer Case Takes A Twist #A Danna Dykstra Coy A suspected computer hacker says San Luis Obispo police overreacted when they broke into his house and confiscated thousands of dollars of equipment. "I feel violated and I'm angry" said 34-year-old engineer Ron Hopson. All of Hopson's computer equipment was seized last week by police who believed he may have illegally tried to "hack" his way into an office computer belonging to two San Luis Obispo dermatologists. Police also confiscated equipment belonging to three others. "If police had known more about what they were doing, I don't think it would have gone this far," Hopson said. "They've treated me like a criminal, and I was never aware I was doing anything wrong. It's like a nightmare." Hopson, who has not been arrested in the case, was at work last week when a neighbor called to tell him there were three patrol cars and two detective cars at his house. Police broke into the locked front door of his residence, said Officer Gary Nemeth, and broke down a locked door to his study where he keeps his computer. "They took my stuff, they rummaged through my house, and all the time I was trying to figure out what I did, what this was about. I didn't have any idea." A police phone tap showed three calls were made from Hopson's residence this month to a computer at an office shared by doctors James Longabaugh and Jeffrey Herten. The doctors told police they suspected somebody was trying to access the computer in their office at 15 Santa Rosa St. Their system, which contains patient records and billing information, kept shutting down. The doctors were unable to access their patients' records, said Nemeth. They had to pay a computer technician at least $1,500 to re-program their modem, a device that allows computers to communicate through telephone lines. Hopson said there is an easy explanation for the foul-up. He said he was trying to log-on to a public bulletin board that incorrectly gave the doctors number as the key to a system called "Cygnus XI". Cygnus XI enabled people to send electronic messages to one another, but the Cygnus XI system was apparently outdated. The person who started it up moved from the San Luis Obispo area last year, and the phone company gave the dermatologists his former number, according to Officer Nemeth. Hopson said he learned about Cygnus XI through a local computer club, the SLO-BYTES User Group. "Any of the group's 250 members could have been trying to tap into the same system", said Robert Ward, SLO-BYTES club secretary and computer technician at Cal Poly. In addition, he suspects members gave the phone number to fellow computer buffs and could have been passed around the world through the computer Bulletin-Board system. "I myself might have tried to access it three or four times if I was a new user," he said. "I'd say if somebody tried 50 times, fine, they should be checked out, but not just for trying a couple of times." Police said some 200 calls were made to the doctors modem during the 10 days the phone was tapped. "They say, therefore, its obvious somebody is trying to make a game of trying to crack the computer code", said Hopson. "The only thing obvious to me is a lot of people have that published number. Nobody's trying to crack a code to gain illegal access to a system. I only tried it three times and gave up, figuring the phone was no longer in service." Hopson said he tried to explain the situation to the police. "But they took me to an interrogation room and said I was lying. They treated me like a big-time criminal, and now they won't give me back my stuff." Hopson admitted he owned several illegally obtained copies of software confiscated by police. "But so does everybody," he said, "and the police have ever right to keep them, but I want the rest of my stuff." Nemeth, whose training is in police work and not computer crimes, said this is the first such case for the department and he learning as he goes along. He said the matter has been turned over to the District Attorney's Office, which will decide whether to bring charges against Hopson and one other suspect. The seized belongings could be sold to pay restitution to the doctors who paid to re-program their system. Nemeth said the police are waiting for a printout to show how many times the suspects tried to gain access to the doctors' modem. "You can try to gain access as many times as you want on one phone call. The fact a suspect only called three times doesn't mean he only tried to gain access three times." Nemeth said he is aware of the bulletin board theory. "The problem is we believe somebody out there intentionally got into the doctors' system and shut it down so nobody could gain access, based on evidence from the doctors' computer technician," said Nemeth. "I don't think we have that person, because the guy would need a very sophisticated system to shut somebody else's system down." At the same time, he said, Hopson and the other suspects should have known to give up after the first failed attempt. "The laws are funny. You don't have to prove malicious intent when you're talking about computer tampering. The first attempt you might say was an honest mistake. More than once, you have to wonder." Police this week filled reports with the District Attorney's Office regarding their investigation of Hopson and another San Luis Obispo man suspected of computer tampering. Police are waiting for Stephen Brown, a deputy district attorney, to decide whether there is enough evidence against the two to take court action. If so, Nemeth said he will file reports involving two other suspects, both computer science majors from Cal Poly. All computers, telephones, computer instruction manuals, and program disks were seized from three houses in police searches last week. Hundreds of disks containing about $5,000 worth of illegally obtained software were also taken from the suspects' residences. Police and the District Attorney's Office are not naming the suspects because the case is still under investigation. However, police confirmed Hopson was one of the suspects in the case after he called the Telegram-Tribune to give his side of the story. #O Telegram-Tribune Newspaper #D April 12, 1991 #T Hackers' Off Hook, Property Returned #A Danna Dykstra Coy Two San Luis Obispo men suspected of computer tampering will not be charged with any crime. They will get back the computer equipment that was seized from their homes, according to Stephen Brown, a deputy district attorney who handled the case. "It appears to have been a case of inadvertent access to a modem with no criminal intent," said Brown. San Luis Obispo police were waiting on Brown's response to decide whether to pursue an investigation that started last month. They said they would drop the matter if Brown didn't file a case. The officer heading the case, Gary Nemeth, admitted police were learning as they went along because they rarely deal with computer crimes. Brown said he doesn't believe police overreacted in their investigation. "They had a legitimate concern." In early March two dermatologists called police when the computer system containing patient billing records in their San Luis Obispo office kept shutting down. They paid a computer technician about $1,500 to re-program their modem, a device that allows computers to communicate through the telephone lines. The technician told the doctors it appeared someone was trying to tap into their system. The computer's security system caused the shutdown after several attempts to gain access failed. Police ordered a 10-day phone tap on the modem's line and, after obtaining search warrants, searched four residences where calls were made to the skin doctors' modem at least three times. One suspect, Ron Hopson, said last week his calls were legitimate and claimed police overreacted when they seized his computer, telephone, and computer manuals. Hopson could not reached Thursday for comment. Brown's investigation revealed Hopson, like the other suspects, was trying to log-on to a computerized "bulletin-board" that incorrectly gave the doctors' number as the key to a system called "Cygnus XI". Cygnus XI enabled computer users to electronically send messages to one another. Brown said while this may not be the county's first computer crime, it was the first time the District Attorney's Office authorized search warrants in a case of suspected computer fraud using telephone lines. Police will not be returning several illegally obtained copies of software also seized during the raids, he said. #O Contingency Journal #D May/June 1991 #T Restitution Ordered For Bell South Hackers #D Michael H. Agranoff, Attorney The law is beginning to respond effectively to the problem of computer hacking. In September 1988, three young men began implementing a scheme to steal proprietary data from Bell South Telephone Co. computers. They illegally gained access to Bell South from a home computer, downloaded the data and tried to disguise the fraud by using the IDs of legitimate users. The stolen data was transferred on an interstate computer network and stored on a bulletin board system. It was made known to others in a hacker's newsletter published by one of the schemers. If the fraud had continued, it could have disrupted telecommunication channels throughout the country, according to government prosecutors. The hackers were in a position to retrieve and modify credit information, eavesdrop on telephone conversations and worse. Various charges of fraud, theft and conspiracy were lodged against the trio. They attempted to get the charges dismissed on technical grounds, were unsuccessful and pleaded guilty to a smaller number of charges. A federal judge in Georgia imposed sentences last November. One hacker was given 21 months in prison and two years supervised probation. The other two hackers were each given 14 months in prison. Seven of those months were to be served in a half-way house, where they must assist colleges and businesses in computer work. Following release, the hackers must each complete three years community service, to include 120 hours each year of computer-related work, during which time they may not own or access a computer, except for employment, without supervision approved by the court. Each of the three hackers was also ordered to pay restitution to Bell South amounting to $233,880 per hacker. Readers may reflect upon this sentence. In trying to protect the public interest and yet not be vindictive, the judge rendered (in this writer's opinion) a wise and thoughtful decision. Will it send the appropriate message to potential hackers throughout the country? Let us see. #O Unix Today #D April 29, 1991 #T Internet Break-Ins #A Dutch Cracker Easily Accessed U.S. Computers Allegations that Dutch crackers have been operating with impunity for months against U.S. computers has stirred a debate whether systems administrators have been negligent in failing to close easy, obvious security holes that have been well-known for years. Dutch crackers have, since September, been using the Internet to access computers, most of them Unix machines, at the Kennedy Space Center, the Pentagon's Pacific meet Command, the Lawrence Livermore National laboratories and Stanford University. The techniques they've used have been simple, well-known and uncreative, and they've found the job an easy one, say sources. "These are not skilled computer geniuses like Robert Morris," said Cliff Stoll, author of The Cuckoo's Egg, who said he's been in contact with some Dutch crackers who may have committed the break-ins. "These are more like the kind of hacker I caught, sort of plodding, boring people." Stoll's 1989 book concerned his pursuit of a cracker. Techniques include guessing at commonly used passwords, default passwords that ship with Unix systems and that some users don't bother to change, and using guest accounts, said Stoll. The crackers managed to obtain superuser privileges at a system at Stanford University, said Bill Bauridel, information security officer at Stanford University Data Center. They used a bug in sendmail - the same program exploited by Robert Morris to loose a worm on the Internet in 1988, though Bauridel said the crackers did not use the sendmail feature that Morris exploited. The Lawrence Livermore Laboratories computers were only used as a gateway to other systems, said Bob Borchers, associate director for computation at the labs. The crackers have been able to access only non-classified material, such as routine memos say authorities. So far, no evidence has been found that they did anything malicious once they broke into a U.S. site. The lack of laws governing computer crime in Holland allows crackers to operate with relative impunity, said Martin de Lange, managing director of ACE, and Amsterdam-based Unix systems software company. The impunity combines with an anti-authoritarian atmosphere in Holland to make cracking a thriving practice, said Stoll. "There's a national sense of thumbing one's nose at the Establishment that's promoted and appreciated in the Netherlands," he said. "Walk down the streets of Amsterdam and you'll find a thriving population that delights in finding ways around the Establishment's walls and barriers." The break-ins became a subject of notoriety after a Dutch television show called After the News ran film Feb. 2 purporting to be of an actual cracker break-in, said Henk Bekket, a network manager at Utrecht University. Utrecht University in Holland was reported to be the first site broken into. Bekker said he was able to detect two break-ins, one in October and one again in January. The crackers apparently dialed into a campus terminal network that operates without a password, accessed the campus TCP/IP backbone, and then accessed another machine on campus-a VAX 11/75-that hooks up to SURFnet, a national X.25 network in Holland. >From SURFnet, they were presumably able to crack into an Inter-net computer somewhere, and from there access the computers in the United States, said Bekker. The dial-in to SURFnet gateway has been canceled since the January attempt, he said. (Presumably, the break-in footage aired Feb. 2 was either through another channel, or filmed earlier.) Bekker said he manages a network consisting of a DECsystem 5500 server and 40 to 50 Sun and VAX VMS workstations. He noted a break-in to another machine on campus Jan. 16, and into a machine at the University of Leyden in October. A cracker was searching DECnet I password files for accounts with no password. The cracker was also breaking into machines over DECnet, said Bekker. The cracker had a rough idea of the pattern of DECnet node addresses in Holland, and was trying to guess machine addresses from there. Node addresses begin with the numerals 28, said Bekker, and he found log files of the cracker searching for machines at 28.1, 28.2, 28.3 and so on. But the cracker did not know that the actual sequence goes 28.100, 28.110, and so on. "Hackers are organized to get together, discuss technologies, and they openly demonstrate where there are installations prone to break-in," de Lange said. Computer crime in Holland can be prosecuted under laws covering theft of resources, wiretapping and wire fraud, said Piet Beertema, of the European Unix User Group, and network manager of the Center for Mathematics and Computer Science in Amsterdam. And finding someone to investigate can also be a problem, said Bekker. "You cannot go to the police and say, 'Hey, someone has broken into my computer.' They can't do anything about it," he said. Stoll, the American author, said crackers appear firmly rooted in Dutch soil. "There is a history going back more than five years of people getting together and breaking into computers over there," he said. "Hacker clubs have been active there since 1985 or 1986." But he said it's more than lack of law that has made cracking so popular. Most industrialized nations have no cracking laws, and those that have them find prosecution extremely difficult, he said. Dutch citizens also have an anti-authoritarian spirit, he added. But Stoll condemmed the crackers. "This is the sort of behavior that wrecks the community, spreads paranoia and mistrust," he said. "It brings a sense of paranoia to a community which is founded on trust." Because no classified data was accessed, Mike Godwin, attorney for the Electronic Frontiers Foundation (EFF), cautioned against making too much of the incidents. "What did these people do" he said. "There's no sense that they vandalized systems or got ahold of any classified information." The itself as an organization fighting to see civil rights guarantees extended to information systems. The Cambridge, Mass., organization has been involved in a number of cracker defenses. The fact that the systems were breached means the data's integrity is compromised, said Netunann. just because the data isn't classified doesn't mean it isn't important, he noted. 'Just because you can't get into classified systems doesn't mean you can't get sensitive information," he said. #O Network World #D April 29, 1991 #T Long-haul carriers may offer toll-fraud monitoring: Services would help shield customers from hackers #A Anita Taff, Washington Bureau Chief WASHINGTON D.C. -- Long-distance carriers are considering offering services that would shield customers from toll fraud by monitoring network activity for suspicious traffic patterns and tipping off users before huge costs would be run up, Network World has learned. Hackers are defrauding corporations by dialing into their private branch exchanges and using stolen authorization codes to dial out of the switches to remote destinations, sticking the switch owners with charges ranging from several thousand to, in one case, a million dollars. Users have been loathe to report toll fraud because they are embarrassed about the security breaches or because they have entered into private settlements with carriers that cannot be disclosed. But earlier this year, Pacific Mutual Life Insurance Co., exasperated by $200,000 in fraudulent charges run up during one weekend and lack of progress in settling the issue with AT&T, turned to the Federal Communications Commission for help. The insurance company asked the FCC to open a proceeding in order to establish guidelines that fairly distribute liability for toll fraud among users, long distance carriers and customer premises equipment manufacturers. The company questioned the validity of AT&T's claims that its tarriffs place the liability for fraud on users' shoulders. Both AT&T and MCI Communications Corp. oppose Pacific Mutual's position. But it is clear something has to be done. Customers lose $500 million annually to toll fraud, according to the Communications Fraud Control Association. "There are two kinds of customers: those who have been victims of toll fraud and those who are about to [become victims]," said Jim Snyder, staff member of the systems integrity department at MCI. According to Snyder, about 80% of the calls placed by hackers go to one of three places: Columbia, Pakistan and area code 809, which covers Caribbean countries including the Dominican Republic and Jamaica. Often, the calls are placed at night or during weekends. It is this thumbprint that would enable carriers to set up monitoring services to identify unusual activity. He said MCI is considering such a service but has not yet decided whether to offer it. AT&T would also be interested in rolling out such a monitoring service if customer demand exists, a spokesman said. Henry Levine, a telecommunications attorney in Washington, D.C. who helps customers put together Tariff 12 deals, said he knows of several users that have requested toll-fraud monitoring from AT&T. He said AT&T is currently beta-testing technology that gives users real-time access to call detail data, a necessary capability for real-time monitoring. US Sprint Communications Co. offers a monitoring service for its 800, UltraWATS, Virtual Private Network, SprintNet and voice mail customers free of charge, but it is not a daily, around-the-clock monitoring service, and the typical lag time until user are notified of problems is 24 hours. In a filing on behalf of the Securities Industry Association, Visa USA, Inc., the New York Clearinghouse Association and Pacific Mutual, Levine urged the agency to require carriers to offer monitoring services. Network equipment could monitor traffic according to preset parameters for call volume, off-hour calling and suspicious area or country codes, he said. If an anomaly is detected, Levine's proposal suggests that carriers notify users within 30 minutes. Therefore, users would be held liable for only a nominal amount of fraudulent charges. #O Houston Chronicle #T Lawsuit alleges rights violations in computer crime crackdown #A Joe Abernathy An Austin game publisher has sued the U.S. Secret Service for alleged civil rights violations in connection with a nationwide crackdown on computer crime. Steve Jackson Games, whose case has become a cause celebre in the computer network community, alleges in the lawsuit that a raid conducted during OperationSun Devil violated the rights of the company and its customers to free speech, free association, and a free press. The lawsuit in federal district court in Austin further claims the raid was a violation of the protection against unreasonable search and seizure, and violated the law restricting the government from searching the office of publishers for work products and other documents. It seeks unspecified damages. "This is a lawsuit brought to establish the statutory rights of businesses and individuals who use computers," said Jackson's attorney, Sharon Beckman of Boston. "It's about the First Amendment, it's about the right to privacy, and it's about unreasonable government intrusion." Defendants include the Secret Service; Assistant United States Attorney William J. Cook in Chicago; Secret Service agents Timothy M. Foley and Barbara Golden; and Henry M. Kluepfel of Bellcore, a telephone company research consortium which assisted the agency in its investigation. Earl Devaney, special agent in charge of the Secret Service fraud division, said that his agency was barred from responding to the allegations contained in the lawsuit. "Our side of the story can't be told because we're compelled by the laws that govern us to remain mute," he said. "We'll have to let the future indictments, if there are any, and the future trials speak for themselves." Devaney said the agency recently completed its review of evidence seized during Operation Sun Devil and has sent it to federal prosecutors. He couldn't predict how many indictments will result. The Electronic Frontier Foundation, founded by computer industry activists after questions arose regarding the legality of several Sun Devil raids, is paying Jackson's legal fees. James R. George, an Austin attorney with expertise in constitutional law, represents Jackson in Texas. Contending that civil rights normally taken for granted are often denied to users of computer networks and bulletin boards, the EFF attorneys designed Jackson's case as a test of how courts will treat these issues. "What happened was so clearly wrong," Beckman said. "Here we have a completely innocent businessman, a publisher no less, whose publications are seized, whose computers are seized, whose private electronic mail is seized, and all for no good reason." Jackson's firm was raided on March 1, 1990, along with 27 other homes and businesses across the nation. The Secret Service confiscated dozens of computers and tens of thousands of computer data disks in the raids. After several months passed with no charges being filed, the agency came under increasing fire for Sun Devil. "They raided the office with no cause, confiscated equipment and data, and seriously delayed the publication of one big book by confiscating every current copy," Jackson said. "It very nearly put us out of business, and we are still extremely shaky." Seven months after the raid on Jackson's firm, the search warrant was unsealed, revealing that the firm was not even suspected of wrongdoing. An employee was suspected of using a company bulletin board system to distribute a document stolen from the telephone company. Bulletin board systems, called BBSs in computer jargon, allow people with common interests to share information using computers linked by telephone. Jackson's bulletin board, Illuminati, was used to provide product support for his games - which are played with dice, not computers. Beckman said the search warrant affidavit indicates investigators thought the phone company document was stored on a bulletin board at the employee's home, and therefore agents had no reason to search the business. "Computers or no computers, the government had no justification to walk through that door," she said. Beckman said that by seizing the BBS at Steve Jackson Games, the Secret Service had denied customers the right to association. "This board was not only a forum for discussion, it was a forum for a virtual community of people with a common interest in the gaming field," she said. "Especially for some people who live in a remote location, this forum was particularly important, and the Secret Service shut that down." Jackson was joined in the lawsuit by three New Hampshire residents, Elizabeth McCoy, Walter Milliken and Steffan O'Sullivan, who used the Illuminati BBS. "Another right is privacy," Beckman said. "When the government seized the Illuminati board, they also seized all of the private electronic mail that (callers) had stored. There is nothing in the warrant to suggest there was reason to think there was evidence of criminal activity in the electronic mail - the warrant doesn't even state that there was e-mail." "That, we allege, is a gross violation of the Electronic Communications Privacy Act," Beckman said. Mitchell D. Kapor, creator of the popular Lotus spreadsheet program and co-founder of the Electronic Frontier Foundation, said: "The EFF believes that it is vital that government, private entities, and individuals who have violated the Constitutional rights of individuals be held accountable for their actions. We also hope this case will help demystify the world of computer users to the general public and inform them about the potential of computer communities." #O Computerworld #D Gary H. Anthes #T Court Tosses Inslaw Appeal #A Gary H. Anthes Washington, D.C.- A three-judge panel of the US Court of Appeals throw out two lower court rulings last week that said the US Department of Justice had stolen software from Inslaw, Inc. and had conspired to drive the firm out of business. The Court of Appeals for the Washington, D.C., circuit did not consider the validity of the lower court findings but said the bankruptcy court that first upheld Inslaw's charges had exceeded its authority. This is a serious setback for Inslaw, which said it has spent five years and $6 million in legal fees on the matter, but the company vowed to fight on. It may ask the full court to reconsider, it may appeal to the US Supreme Court, or it may go to more specialized tribunals set up by the government to hear disputes over contracts, trade secrets, and copyrights, Inslaw President William Hamilton said. "Not many firms could have lasted this long, and now to have this happen is just unbelievable. But there's no way in hell we will put up with it," an obviously embittered Hamilton said. It may cost the tiny firm "millions more" to reach the next major legal milestone, he said. Double Trouble Since the bankruptcy court trial in 1987, Inslaw has learned of additional alleged wrongdoings by the Justice Department. "The new evidence indicates that the motive of the [software theft] was to put Inslaw's software in the hands of private sector friends of the Reagan/Bush administration and then to award lucrative government contracts to those political supporters," Hamiliton said. He said that other evidence suggests that the software was illegally sold to foreign intelligence agencies. #O Computerworld #D May 13, 1991 #T Systems Security Tips Go On-Line #A Michael Alexander Farifax, Va.-- Information systems security managers, electronic data processing auditors and others involved in systems protection know that it can often be difficult to keep on top of security technology and fast-breaking news. This week, National Security Associates, Inc., will officially kick off an on-line service dedicated solely to computer security. The repository contains databases of such articles on computer security that have appeared in 260 publications, computer security incident reports and vendor security products. One database is devoted to activity in the computer underground and to techniques used to compromise systems security. "This is a tough industry to keep up with," said Dennis Flanders, a communications engineer with computer security responsibilities at Boing Co. Flanders has been an alpha tester of National Security Associates' systems for about six months. "Security information is now being done piecemeal, and you have to go to many sources for information. The appealing thing about this is [that] all of the information is in one place." The service costs $12.50 per hour. There is a onetime sign-up charge of $30, which includes $15 worth of access time. #O The LA Times #D May 29, 1991 [p. B-3] #T Writer Gets Probation in Sting at Fox #A John Kendall Free-lance writer Stuart Goldman pleaded no contest Tuesday to three felony charges of illegally entering Fox Televisions computer system and stealing story ideas planted by Los Angeles police in a sting operation. In a plea bargain presented by prosecutors and approved by Superior Court Judge Richard Neidorf, the 45-year-old self-proclaimed muckraker was placed on five years' probation and ordered to pay $90,000 in restitution, reduced to $12,000 with Fox's approval. The judge ordered Goldman to serve 120 days in County Jail but stayed the sentence. Deputy Dist. Atty. Richard Lowenstein moved for dismissal of four additional counts of entry of a computer illegally. Goldman's no-contest pleas were tantamount to admitting guilt, the prosecutor said. Despite the pleas, Goldman continued to insist outside the courtroom Tuesday that Hollywood-based Fox had attempted to silence him. "There's been an effort by Fox Television to silence me and, as far as I'm concerned, that's what this case was all about," Goldman told reporters. Attorney James E. Hornstein, representing Fox Television, denied Goldman's charge. He said his client had agreed to reduce the court-ordered restitution from $90,000 to $12,000 on Goldman's "plea and statement that he is indigent." "Throughout these proceedings, Mr. Goldman has tried to argue that someone was out to get him," Hornstein said. "The only victims in these proceedings were the computers of "A Current Affair which Mr. Goldman has admitted by the plea he accessed illegally." Goldman was arrested at his Studio City apartment in March of last year by Secret Service agents and Los Angeles police who confiscated a personal computer, floppy disks, Rolodexes and a loaded .38 caliber handgun. Prosecutors accused Goldman of using a password apparently gained when the journalist worked briefly for "A Current Affair" to enter the Fox production's computer system. They charged that Goldman stole bogus tips, including one involving "Ronald Reagan Jr.'s Lover," and attempted to sell the items to a national tabloid magazine. In an interview with The Times last year Goldman explained that he was engaged in a free-lance undercover inquiry of gossip news-papers and TV shows, and he claimed that his arrest was a setup to get him. "These people will look very foolish when they get into court," Goldman insisted at the time. "I'm a good guy, and I'm going to prove it. This is going to be the biggest soap opera you ever saw." After his arrest, Goldman said he was writing a book about his experience as a former gossip media insider who once attacked feminists, gays and other targets in vitriolic columns in the National Review. After Tuesday's court session, Goldman vowed to publish his completed book, "Snitch," as soon as possible. Neidorf ordered authorities to return Goldman's computer. "I'm sure you know now that computers will get you in trouble," the judge said. "If you don't, I'll see you back in her again." #O NewsBytes #D June 12, 1991 #T Len Rose Sentenced To 1 Year #A n/a BALTIMORE, MARYLAND, U.S.A., 1991 JUNE 12 (NB) -- Leonard Rose, Jr., a computer consultant also known as "Terminus", was sentenced to a year and a day in prison for charges relating to unauthorized sending of AT&T UNIX source code via telephone to another party. Rose is scheduled to begin serving his sentence on July 10th. The original indictment against Rose was for interstate transportation of stolen property and violations of the Computer Fraud and Abuse Act but those charges were dropped and replaced by a single charge of wire fraud under a plea agreement entered into in March. The charges involving the violation of the Computer Fraud and Abuse Act had been challenged in a friend of the court brief filed in January by the Electronic Frontier Foundation (EFF) who challenged the statute as "unconstitutionally vague and overbroad and in violation of the First Amendment guarantees of freedom of speech and association." The issues raised by EFF were not resolved as the charges to which they objected were dropped as part of the plea agreement. In his plea, Rose admitted to receiving misappropriated UNIX source code and modifying it to introduce a trojan horse into the login procedures; the trojan horse would allow its developer to collect passwords from unsuspecting persons logging on to a system containing this code. Rose admitted that he transmitted the modified code via telephone lines to a computer operator in Lockport, IL and a student account at the University of Missouri. He also admitted putting warnings in the transmitted code saying "Warning: This is AT&T proprietary source code. DO NOT get caught with it." U.S. District Judge J. Frederick Motz, in sentencing Rose, ordered him to sell his computer equipment and to inform potential employers of his conviction. Assistant United States Attorney Geoffrey Garinther, who prosecuted Rose, explained these portions of the sentence to Newsbytes, saying "The equipment was seized as evidence during the investigation and was only returned to him as part of the agreement when it became evident that he had no means of supporting his wife and two children. It was returned to him for the sole purpose of selling the equipment for this purpose and, although he has not yet sold it, he has shown evidence of efforts to do so. The judge just formalized the earlier agreement in his sentence. The duty to inform potential employers puts the burden of proof on him to insure that he is not granted "Root" privileges on a system without the employer's knowledge." Garinther added "I don't have knowledge of the outcome of all the cases of this type in the country but I'm told that this is one of the stiffest sentences a computer hacker has received. I'm satisfied about the outcome." Jane Macht, attorney for Rose, commenting to Newsbytes on the sentence, said "The notification of potential employers was a negotiated settlement to allow Len to work during the three years of his supervised release while satisfying the government's concern that employers be protected." Macht also pointed out that many reports of the case had glossed over an important point,"This is not a computer intrusion or security case; it was rather a case involving corporate computer software property rights. There were no allegations that Len broke into anyone's system. Further, there are no reported cases of anyone installing his modified code on any system. It should be understood that it would require a system manager or someone else with 'superuser' status to install this routine into the UNIX login procedure. The publishing of the routine did not, as has been reported, open the door to a marked increase in unauthorized computer access." Macht said that she believed that Rose had reached an agreement to sell the computer equipment. He had been offering it through the Internet for $6,000, the amount required to prepay his rent for the length of his prison sentence. Because of his financial circumstances, which Macht referred to as a "negative net worth", the judge did not order any restitution payments from Rose to AT&T. #O NewsRelease #D May 31, 1991 #T Search Warrants Served in Computer "Hacking" Scheme INDIANAPOLIS -- The Indianapolis Police Department, the Federal Bureau of Investigation, and the United States Secret Service served search warrants at five Indianapolis locations on Wednesday, May 29, 1991, for computer-related equipment. The warrants were served by five teams of law enforcement officials forming a group known as the Special Computerized Attack Team (SCAT). SCAT is a cooperative effort between the Indianapolis Police Department the FBI, the Secret Service and other federal, state and local law enforcement agencies aimed at tracking computer "hackers" who illicitly enter the computer systems of companies in an attempt to gain sensitive information, money, or company secrets. The White Collar Crime Unit of IPD obtained information from the FBI and Secret Service concerning illegal computer access to the PBX system of an Indianapolis company. Armed with search warrants, SCAT members confiscated computer equipment from fie Indianapolis residences which linked several juveniles to the crime. The Indianapolis company has experienced losses which approach $300,000. A search warrant was served simultaneously by FBI agents, the Secret Service and Michigan State Police in West Bloomfield, Michigan, in this same case. Information gained from the search warrants has led police to continue the investigation in other cities as well. Suspects in the case are all juveniles and the investigation is continuing to determine if the evidence collected will support arrests. The SCAT unit is currently investigating other computer-related crimes and hopes to send a strong message to computer "hakers" that their illegal actions are being monitored closely bylaw enforcement officials. For further information, please contact Special Agent in Charge Roy Yonkus, U.S. Secret Service (Indiana) at 317/ 639-3301; or John M. Britt, Assistant to the Special Agent in Charge, U.S. Secret Service (Detroit Office) at 313/ 226-6400. #O NewsBytes #D June 21, 1991 #T Norman & Thackeray Form Security Firm DALLAS, TEXAS U.S.A., 1991 JUNE 21 (NB) -- Neal Norman, a veteran of 34 years with AT&T, has announced the formation of GateKeeper Telecommunications Systems, Inc. The new firm will introduce a product which it says "provides an airtight defenses against unauthorized computer access." Norman told Newsbytes "we think we have a product that will revolutionize telecommunications by stopping unauthorized access to computer systems." Norman said that the system, which is scheduled to become available in the early fall, will provide protection for terminals, mainframes, and PBXs. Norman also told Newsbytes that Gail Thackeray, ex-Arizona assistant attorney general known for her activities in the investigation of computer crime, will be a vice president of the new firm. "I am extremely happy to have someone of Gail's ability and presence involved in this endeavor right from the beginning. Additionally," Norman said, "we have enlisted some of the industry's most well known persons to serve on a board of advisors to our new company. These respected individuals will provide guidance for us as we bring our system to market. Among those who have agreed to serve in this group are Donn Parker of SRI; Bill Murray, formerly of IBM; and Bob Snyder, Chief Computer Crime Investigator for the Columbus, Ohio, police. Synder told Newsbytes "I am excited about working with such bright people on something of real importance and I hope to contribute to an improvement in computer security." #O The Wall Street Journal #D June 6, 1991 [pp A-1, A-7] #T Dialing For Free #A John J. Keller Robert Dewayne Sutton wants to help stop the tide of fraud sweeping the cellular telephone industry. The 35-year old clearly knows plenty about (cont' NIA072 / File 9) / / / NIA072 / File 9 / / CyberTimes (Vox Populi) / / Judge Dredd / / / (cont' NIA072 / File 8) fraud. After all, he helped spark the crime wave in the first place. Mr. Sutton is a computer hacker, a technical whiz who used an acquaintance's home-grown computer chip to tap into the local cellular phone network and dial for free. Mr. Sutton went into business selling the chips, authorities say, and soon fraudulent cellular phone calls were soaring nationwide. In February, 1989, police finally nabbed Mr. Sutton in his pick-up truck at a small Van Nuys, Calif., gas station. He was about to sell five more of the custom chips to a middleman. But by then it was too late. The wave of fraud Mr. Sutton helped launch was rolling on without him. ((stuff deleted explaining that industry currently loosing about $200 million a year, "more than 4% of annual U.S. revenue" to cellular phone fraud, and could rise to %600 million annually. Celluar system first cracked in 1987, by Kenneth Steven Bailey an acquaintance of Sutton from Laguna Niguel, Calif. Bailey used his PC to rewrite the software in the phone's memory chi to change the electronic serial number. By replacing the company chip with his own, Bailey could gain free access to the phone system.)) ((More stuff deleted, explaining how drug dealers use the phones, and small businesses sprung up selling free calls to anyplace in the world for a few dollars. Sutton denied selling the chips, but apparently sold his program for a few hundred dollars, and anybody with a copy could duplicate it. This is, according to the story, an international problem.)) When the dust settled in U.S. District Court in Los Angeles this April, Mr. Sutton pleaded guilty to production of counterfeit access devices and, after agreeing to cooperate with investigators, was sentenced to three years' probation and a $2,500 fine. ((stuff deleted)) But in adversity there is opportunity, or so believes Mr. Sutton. He says he's got a marketable expertise--his knowledge of weaknesses in cellular phone security systems--and he wants to help phone companies crack down on phone fraud. He'll do that, of course, for a fee. #O Newsweek #D June 3, 1991 #T How Did They Get My Name? #A John Schwartz When Pam Douglas dropped by Michelle Materres's apartment, Michelle was on the phone--but Pam knew that already. She and her son, Brian, had been playing with his new walkie-talkie and noticed the toy was picking up Michelle's cordless-phone conversation next door. They had come over to warn her that her conversation was anything but private. Materres was stunned. It was as if her neighbors could peek through a window into her bedroom-except that Michelle hadn't known that this window was there. "It's like Nineteen Eighty-four ;" she says. Well, not quite. In Orwell's oppressive world, Big Brother-the police state-was watching. "We don't have to worry about Big Brother anymore," says Evan Hendricks, publisher of the Washington-based Privacy Times. "We have to worry about little brother." Until recently, most privacy fears focused on the direct mail industry; now people are finding plenty of other snoops. Today's little brothers are our neighbors, bosses and merchants, and technology and modern marketing techniques have given each a window into our lives. Suddenly privacy is a very public issue. A 1990 Harris poll, conducted for consumer-data giant Equifax, showed that 79 percent of respondents were concerned with threats to their personal privacy-up from 47 percent in 1977. Privacy scare stories are becoming a staple of local TV news; New York City's ABC affiliate showed journalist Jeffrey Rothfeder poking into Vice President Dan Quayle's on-line credit records-a trick he had performed a year before for a story he wrote for Business Week. Now Congress is scrambling to bring some order to the hodgepodge of privacy and technology laws, and the U.S. Office of Consumer Affairs has targeted privacy as one of its prime concerns. Advocacy groups like the Consumer Federation of America and the American Civil Liberties Union are turning to privacy as one of the hot-button issues for the '90s . "There's a tremendous groundswell of support out there," says Janlori Goldman, who heads the ACLU Privacy Project. Snooping boss: Concern is on the rise because, like Materres, consumers are finding that their lives are an open book. Workers who use networked computers can be monitored by their bosses, who in some cases can read electronic mail and could conceivably keep track of every keystroke to check productivity. Alana Shoars, a former e-mail administrator at Epson America, says she was fired after trying to make her boss stop reading co-workers' e-mail. The company says Shoars got the ax for in subordination; Shoars counters that the evidence used against her was in her own e-mail--and was misinterpreted. Other new technologies also pose threats: cordless and cellular phones are fair game for anyone with the right receiver, be it a $1,000 scanner or a baby monitor. Modern digital-telephone networks allow tapping without ever placing a physical bug; talented "phone phreaks" can monitor calls through phone companies or corporate switchboards. Such invasions may sound spooky, but privacy activists warn that the bigger threat comes from business. Information given freely by consumers to get credit or insurance is commonly sold for other uses without the individual's knowledge or consent; the result is a flood of junk mail and more. Banks study personal financial data to target potential credit-card customers. Data sellers market lists of people who have filed Worker Compensation claims or medical-malpractice suits; such databases can be used to blackball prospective employees or patients. Citicorp and other data merchants are even pilot testing systems in supermarkets that will record your every purchase; folks who buy Mennen's Speed Stick could get pitches and discount coupons to buy Secret instead. "Everything we do, every transaction we engage in goes into somebody's computer, " says Gary Culnan, a Georgetown University associate professor of business administration. How much others know about you can be unsettling. Architect David Harrison got an evening call from a local cemetery offering him a deal on a plot. The sales rep mentioned Harrison's profession, family size and how long he had lived in Chappaqua, N.Y. Harrison gets several sales calls a week, but rarely with so much detail: "This one was a little bizarre." High tech is not the only culprit. As databases grow in the '80s, the controls were melting away, says Hendricks. "Reagan came in and said, 'We're going to get government off the backs of the American people.' What he really meant was, 'We're going to get government regulators off the i backs of business.' That sent signals to the private sector that 'you can use people's personal information any way you want'"' The advent of powerful PCs means that the field is primed for another boom. Today companies can buy the results of the entire 1990 census linked to a street-by-street map of the United States on several CD-ROM disks. Defenders of the direct-marketing industry point out that in most cases companies are simply, trying to reach consumers efficiently-and that well targeted mail is not "junk" to the recipient. Says Equifax spokesman John Ford: "People like the kinds of mail they want to receive." Targeting is now crucial, says Columbia University professor Alan Westin: "If you can't recognize the people who are your better prospects, you can't stay in business." Ronald Plesser, a lawyer who represents the Direct Marketing Association, says activists could end up hurting groups they support: "It's not just marketers. It's nonprofit communication, it's political parties. It's environmental groups. " E-mail protest: Consumers are beginning to fight back. The watershed event was a fight over a marketing aid with data on 80 million households, Lotus MarketPlace: Households, proposed by the Cambridge, Mass.- based Lotus Development Corp. Such information had been readily available to large corporations for years, but MarketPlace would have let anyone with the right PC tap in. Lotus received some 30,000 requests to be taken off the households list. Saying the product was misunderstood, Lotus killed MarketPlace earlier this year. New York Telephone got nearly 800,000 "opt out" requests when it wanted to peddle its customer list; the plan was shelved. With the MarketPlace revolt, a growing right-to-privacy underground surfaced for the first time. Privacy has become one of the most passionately argued issues on computer networks like the massive Internet, which links thousands of academic, business nd military computers. Protests against MarketPlace were broadcast on the Internet and the WELL (an on-line service that has become a favorite electronic hangout for privacy advocates and techie journalists), and many anti-MarketPlace letters to Lotus were relayed by e-mail. Consumers are also taking new steps to safeguard their own privacy often by contacting the Direct Marketing Association, which can remove names from many mailing lists. But compliance is voluntary, and relief is slow. In one chilling case, an unknown enemy began flooding business manager Michael Shapiro's Sherman Oaks, Calif., home with hundreds of pieces of hate junk mail. Suddenly Shapiro, who is Jewish, was receiving mail addressed to "Auschwitz Gene Research" and "Belsen Fumigation Labs." Shapiro appealed to the DMA and the mailing companies directly but got no responses to most of his calls and letters. "They ignore you, throw your letter away and sell your name to another generation of people with computers," he complains. Finally one marketing executive publicized Shapiro's plight within the DM industry. Eight months after the onslaught began, the letters have slowed-though some companies still have not removed him from their lists. How else can privacy be protected? It doesn't have to mean living like a hermit and only paying cash, but it does mean not saying anything over cellular and cordless phones that you wouldn't want others to overhear. Culnan of Georgetown uses her American Express card exclusively, because while the company collects voluminous data on its cardholders, it shares relatively little of it with other companies. Some privacy activists look hopefully, across the Atlantic Ocean. The European Community is pushing tough new data rules to take effect after 1992. The Privacy Directive relies on consumer consent; companies would have to notify consumers each time they intend to pass along personal information. The direct-marketing industry claims the regulations would be prohibitively expensive. The rules may be softened but could still put pressure on U.S. marketers who do business abroad. U.S. firms might find another incentive to change. Companies don't want to alienate privacy-minded customers. "We're in the relationship business," says James Tobin, vice president for consumer affairs at American Express. "We don't want to do anything to jeopardize that relationship." Citicorp's supermarket plan makes privacy advocates nervous; but Citicorp rewards customers for giving up their privacy with incentives like discount coupons, and it reports that no consumers have complained. Eventually, strong privacy-protection policies could make companies more attractive to consumers, says Columbia's Westin-and may even provide a competitive edge. Then consumers might get some of their privacy back-not necessarily because it's the law, or even because it's right, but because it's good business. #O Newsweek #D June 3, 1991 #T Would New Laws Fix the Privacy Mess? #A Annetta Miller & John Schwartz w/Michael Rogers Congress is scrambling to catch up with its constituents in the battle over privacy. It has a daunting task ahead: to make sense of the jumble of laws that have been passed-or are currently under consideration-to regulate privacy. Why, for example, is it legal to listen in on someone's cordless phone conversation but illegal to listen to a cellular call? Why are video-rental records protected but records of health-insurance claims largely unprotected? (That one has to do with an impertinent reporter revealing the video-renting habits of Supreme Court nominee Robert Bork.) The present foundations of privacy law have their roots in the U.S. Constitution. Although the word "privacy" does not appear in the document, the Supreme Court has interpreted the Constitution to grant individuals a right of privacy based on the First, Fourth, Fifth, Ninth and Fourteenth amendments. Since the mid-1960s, Congress has enacted no fewer than 10 privacy laws-including the landmark 1974 Privacy Act. And yet a national right to privacy is far from firmly established. On its face, for example, the Fair Credit Reporting Act limits access to credit reports. But it also grants an exception to anyone with a "legitimate business need." The Right to Financial Privacy Act of 1978 severely restricts the federal government's ability to snoop through bank-account records; but it exempts state agencies, including law-enforcement agencies, and private employers. "It's easy to preach about the glories of privacy," says Jim Warren, who organized a recent "Computers, Freedom & Privacy" conference. But it's hard to implement policies without messing things up." That hasn't stopped people from trying. James Rule, a State University of New York sociology professor, says that new legislation is warranted "on the grounds that enough is enough . . . [Privacy infringement] produces a world that almost nobody likes the look of." Data board: The newest efforts to regulate privacy range from simple fixes to a full-fledged constitutional amendment. Last week a Senate task force recommended extending privacy laws to cover cordless tele-phones. One bill, proposed by Rep. Robert Wise of West Virginia, would create a federal "data-protection board" to oversee business and gov-ernmental use of electronic information. Another, being prepared by Sen. Patrick Leahy of Vermont, would apply the Freedom of Informa-tion Act to electronic files as well as to paper. Rep. Andy Jacobs of Indiana has held hearings on the misuse of social-security numbers to link computerized information. And several bills have been introduced to stop credit reporters from selling personal data to junk mailers. Possibly the most sweeping proposal for change comes from Harvard University law professor Laurence Tribe. In March, Tribe proposed a constitutional amendment that would, among other things protect individuals from having their private data collected and shared without approval. "Constitutional principles should not vary with accidents of technology," Tribe said at the "Computers, Freedom & Privacy" conference earlier this spring. He said an amendment is needed because the letter of the Constitution can seem, at the very least, "impossible to take seriously in the world as reconstituted by the microchip." But some experts argue that well-meaning reform could do more harm than good. Requiring marketers to get permission every time they want to add a name to a mailing list would make almost any kind of mass mailing hopelessly expensive. "It's nice to talk about affirmative consent, but it really will kill the industry," warns Ronald Plesser, who represents the Direct Marketing Association. "And then people who live out in the country won't have access to the L.L. Bean catalog and the services they like." In this technological age, how much privacy Americans enjoy will depend partly on how high a price they are willing to pay to keep it. #O NewsBytes #D April 30, 1991 #T Secret Service: "No Comment" on Reported Siezure TOLEDO, OHIO, U.S.A., 1991 APR 30 (NB) -- Anthony J. Carmona, United States Secret Service Agent-in-Charge of the Toledo, Ohio office, responding to Newsbytes questions, said that "there has been no recent computer or credit card crime arrests by his office." Newsbytes contacted Carmona after receiving two independent notifications that the Secret Service agents from the Toledo office have recently seized computer equipment from an individual pursuant to a credit card fraud case. Carmona told Newsbytes that his office "could no comment on any seizures or other incidents that may be part of an on-going investigation. We can only speak of items that are part of the public record." MIke Godwin, staff counsel of the Electronic Frontier Foundation (EFF), told Newsbytes that an unidentified individual had called his office purporting to be a "friend" of the subject of a Secret Service investigation and equipment seizure in the Toledo area. Godwin said that the called asked for advice for his friend and "I told him to consult an attorney." Godwin said the caller hung up without leaving his name. Gail Thackeray, former Arizona Assistant AttorneyGeneral, who has worked for over a year with the Secret Service in the on-going "Sundevil" credit card fraud case told Newsbytes "I don't know whether there was any arrest or seizure in Ohio but, if there was, it is not related to "Sundevil". Thackeray, now working with the Maricopa Country Attorney's office to complete the Sundevil cases, has recently brought the first two indictments related to the investigation. In the most recent, Baron Majette, 19, also known as "Doc Savage", was arrested and charged with a number of felony crimes relating to computer system break-ins and misuse of credit cards. Newsbytes will continue to attempt to verify whether or not a seizure of computer equipment actually occurred. #O NewsBytes #D July 2, 1991 #T Law Panel Recommends Computer Search Procedures WASHINGTON, D.C., U.S.A., 1991 JULY 2 (NB) -- A panel of lawyers and civil libertarians, meeting at the Computer Professionals for Social Responsibility (CPSR) Washington roundtable, "Civilizing Cyberspace", have proposed procedures for police searches and seizures which they feel will both allow adequate investigations and protect the constitutional rights of the subject of the investigation. The panel, composed of Mike Godwin, staff counsel of Electronic Frontier Foundation; Sharon Beckman attorney with Silverglate & Good; David Sobel of CPSR, Jane Macht, attorney with Catterton, Kemp and Mason; and Anne Branscomb of Harvard University, based its proposals on the assumption that a person, in his use of computer equipment, has protection under both the Fourth Amendment and the free speech and association provisions of the first amendment. The panel first addressed the requirements for a specific warrant authorizing the search and recommended that the following guidelines be observed: 1. The warrant must contain facts establishing probable cause to believe that evidence of a particular crime or crimes will be found in the computers or disks sought to be searched. 2. The warrant must describe with particularity both the data to be seized and the place where it is to be found ("with particularity" is underlined). 3. The search warrant must be executed so as to minimize the intrusion of privacy, speech and association. 4. Officers may search for and seize only the data, software, and equipment specified in the warrant. 5. The search should be conducted on-site. 6. Officers must employ available technology to minimize the intrusive of data searches. The panel then recommended limitations on the ability of officials to actually seize equipment by recommending that "Officers may not seize hardware unless there is probable cause to believe that the computer is used primarily as an instrumentality of a crime or is the fruit of a crime; or the hardware is unique and required to read the data; or examination of hardware is otherwise required." The panel further recommended that, in the event hardware or an original and only copy of data has been seized, an adversary post-seizure hearing be held before a judge within 72 hours of the seizure. Panel member Sharon Beckman commented to Newsbytes on the recommendations, saying "It is important that we move now to the implementation of these guidelines. They may be implemented either by the agencies themselves through self-regulation or through case law or legislation. It would be a good thing for the agencies t o take the initiative." The panels recommendations come at a time in which procedures used in computer investigations have come under criticism from computer and civil liberties groups. The seizure of equipment by the United Secret Service from Steve Jackson Games has become the subject of litigation while the holding of equipment belonging to New York hacker "Phiber Optic" for more than a year before his indictment has prompted calls from law enforcement personnel as well as civil liberties for better procedures and technologies. #O Chicago Tribune #D June 27, 1991 [Sec 2, p2] #T Ex-Employee Guilty of Erasing Data #A Joseph Sjostrom A computer technician pleaded guilty Wednesday in Du Page County Court to erasing portions of his former employer's database last November in anger over the firing of his girlfriend. Robert J. Stone, 30, of 505 W. Front St., Wheaton, entered the plea on a charge of computer fraud to Associate Judge Ronald Mehling. In exchange for the guilty plea, prosecutors dismissed a burglary charge. Mehling scheduled sentencing for Aug. 8. Defense lawyer Craig Randall said after the hearing that Stone still has a 30-day appeal period during which he can seek to withdraw the guilty plea. "I don't think he erased anything as alleged, and I don't think the {prosecution} would be able to prove that he did," Randall said. Stone was indicted last January for one count of burglary and one count of computer fraud for entering the office of his former employer, RJN Environmental, 202 W. Front St., Wheaton, and deleting eight programs from the company computer. Assistant Du Page County State's Atty. David Bayer, who prosecuted the case along with Assistant State's Atty. Brian Ruxton, said the progams were part of a company project for the state of Florida in which RJN was, in effect, redrawing maps in digital form and storing them in a computer. Bayer said Stone had left the company the previous April and that his girlfriend, who was not identified, worked there too but was fired in November. Bayer said Stone entered the firm's office last Nov. 24, a Saturday when nobody else was there. Employees who came to work on Sunday discovered that data had been erased and a quantity of data storage disks were missing. Bayer said the disks contained several months' worth of work, but were recovered. It took about a week to restore the rest of the missing computer information, Bayer said. Bayer said Wheaton police Detective Kenneth Watt interviewed Stone the following Monday, and said Stone admitted to erasing data and taking the disks. Bayer said Stone told the detective where to find the disks, which he had left under a stairwell at RJN. #O Wall Street Journal #D April 25, 1991 #T Soon, ATMs May Take Your Photograph Too #A Paul B. Carroll *Smile* when you use that automated teller machine. Miniature cameras may soon become widespread in ATMs and elsewhere. At Edinburgh University in Scotland, researchers have produced a single computer chip that incorporates all the circuitry needed for a video camera. Even with a lens that fits right on top of the chip, it's still just the size of a thumbnail. When they become available in a year or so, such cameras may carry as little as a $40 price tag. NCR thinks these tiny cameras could find their way into lots of ATMs in the next few years. The computer maker already sells ATMs that include cameras, allowing banks to doublecheck on people who contend their account was debited even though they didn't use an ATM that day. But those cameras are expensive, especially because the big box with the electronics has to be so far back in the ATM that it requires a long, elaborate lens. The lens also gives away to potential cheats the fact that the camera is there, whereas the new tiny cameras will just need a pinhole to peep through. "We see this as a breakthrough," says Greg Scott, an engineer with NCR in Dunfermline, Scotland. The Scottish Development Agency, which supplied some of the initial research funds, says the tiny cameras may also find their way into baby monitors, picture telephones, bar-code readers and robotic vision systems. #O NewsBytes #D July 1, 1991 #T Arrests In "Multi-Million" Cellular Phone Fraud ALBANY, NEW YORK U.S.A., 1991 JUL 1 (NB) -- The New York State Attorney General's office has announced the arrest and arraignment of four individuals for allegedly illegally utilizing Metro One's cellular service for calls totalling in excess of $1 million per month. According to the charges, the arrested individuals duplicated a Metro One customer's electronic serial number (ESN) -- the serial number that facilitates customer billing -- and installed the chip in a number of cellular phones. Th defendants then allegedly installed the phones in cars which they parked in a location near a Metro One cell site in the Elmhurst section of Queens in New York City. >From these cars, the defendants allegedly sold long distance service to individuals, typically charging $10 for a 20 minute call. Metro One told investigators that many of the calls were made to South American locations an that its records indicate that more than $1 million worth of calls were made in this manner in May 1991. The arrests were made by a joint law enforcement force composed of investigators from The New York State Police, New York City Police Special Frauds Squad, United States Service, and New York State Attorney General's office. The arrests were made after undercover officers, posing as customers, made phone calls from the cellular phones to out-of-state locations. The arrests were, according to a release from the Attorney General's office, the culmination of an investigation begun in September 1990 as the result of complaints from Metro One. The defendants, Carlos Portilla, 29, of Woodside, NY; Wilson Villfane, 33, of Jackson Heights, NY; Jaime Renjio-Alvarez, 29, of Jackson Heights, NY and Carlos Cardona, 40, of Jackson Heights, NY, were charged with computer tampering in the first degree and falsifying business records in the first degree, both Class E felonies,- and theft of services, a Class A misdemeanor. Additionally, Portilla and Villfane were charged were possession of burglar tools, also a Class A misdemeanor. At the arraignment, Portilla and Renjio-Alvarez pleaded guilty to computer tampering and the additional charges against those individuals were dropped. New York State Police Senior Investigator Donald Delaney, commenting on the case to Newsbytes, said "This arrest is but the tip of the iceberg. There is an on-going investigation in the area of cellular phone fraud and we are looking for those that are organizing this type of criminal activity." #O NewsBytes #D July 17, 1991 #T Sundevil Defendant "DOC SAVAGE" Sentenced 7/17/91 PHOENIX, ARIZONA, U.S.A., 1991 JUL 17(NB) -- The Maricopa County Arizona County Attorney's Office has announced the sentencing Baron Majette, 20 , also known as "Doc Savage", for computer-related crimes uncovered in the joint federal / state investigation known as "Sundevil". Majette was arrested on March 27th of this year and charged with a number of felony charges relating to unauthorized use of telephone facilities of Toys 'R Us to make calls worth approximately $8,000, illegal access of TRW's credit data base and use of information obtained therein to obtain in excess of $50,000 in cash, goods, and services, and stealing of credit cards from U.S. Mail boxes and use of the cards to obtain approximately $10,000 in cash, goods and services. If convicted of the charges, Majette faced a possible jail sentence of 15 years and the requirement to make restitution for the full amount of the alleged losses endured by the firms and individuals. In late May, Majette pleaded guilty to an amended charge of a single count of computer fraud, felony third degree. The reduced charge was a result of an agreement between Mark Berardoni, the public defender assigned to Majette; Janet Black, Majette's probation officer and the Maricopa County Arizona County Attorney's Office. Under the reduced charges, Majette's maximum term of incarceration was reduced from the aforementioned 15 years to 5. On July 16th, when the actual sentence was to be imposed, a further agreement between the prosecution, defense and parole service was presented to the presiding judge, Justice Gottsfield, and, after discussion, became the actual sentence. The court decision imposed the following: -- Majette will remain in jail for up to two months while he awaits placement in a "Shock Incarceration" program (Majette has been in jail since his March 27th arrest because of parole violation related to an earlier crime). Assistant County Attorney Gail Thackeray told Newsbytes that Shock Incarceration is a 120 day program which "provides both intensive counseling and military-like discipline and exercise." -- Upon his release from Shock Incarceration, Majette will enter a 5 year period of "intensive probation". Under Arizona procedures, the subject must provide the probation officer, on a weekly basis, a schedule for the next week's activities. In the event that the schedule has to be modified in any way, the probation office must be called before the new schedule is acted on. -- During the time of intensive probation, the probation officer may visit or call the subject at any time of day or night to insure compliance with the schedule. -- If, at some point after a year of intensive probation, the probation officer feels that the subject has followed the rules and shown that intensive procedure is no longer warranted, the subject and probation officer may recommend to the sentencing judge that the subject be transferred to normal probation. In normal probation, the subject advises the officer weekly of progress and problems. There is not the hovering presence felt in intensive probation, according to Thackeray. Additionally, the subject may be released from any form of probation at the petition of the probation office and subject and approval, after hearing, of the sentencing judge. -- If, on the other hand, Majette violates the terms of his probation, he is liable for incarceration in prison for the remainder of his probationary period. -- Majette was also ordered to make restitution to the parties victimized by his activities by paying a sum of $19,774.03 to those involved. The sum is to be paid on a monthly basis over the course of his sentence. Additionally, he was ordered to make payments to help defray the cost of his probationary supervision. Under the terms of his probation, Majette is subject to the following conditions said by Thackeray to be unique to his type of offense: -- He may not use any computer connected to a modem or communications network without the prior permission of his probation officer. In the event that he takes a job that brings him into contact with computer activities, he must notify someone in the employer's office of the restrictions on his computer use and must discuss the planned activities with his probation officer. -- He is not to communicate or associate with "members of the computer underground" (defined as persons such as those known to have or reasonably believed to have been involved in theft of communications services, computer fraud or related activities). In the event that any such individuals contact him, he must report the contact to his probation officer (According to Thackeray, this stipulation is intended for Majette' s protection -- "In the event that the contacting party is investigated or arrested and phone records show a call to Majette, his notification to his probation officer of the call will stand as proof that he was not involved in any conspiracy with the other individual. His notification responsibility in no way requires him to cooperate with authorities in the location or apprehension of another individual and such cooperation is neither expected nor desired."). Transcripts of the sentencing hearing reportedly show that it was the intention of Judge Gottsfield to sentence Majette to a straight five years in prison but was dissuaded by the combined recommendations of the prosecution, defense and probation office. Thackeray explained to Newsbytes the rationale of the prosecution in recommending a lighter sentence -- "Usually computer hackers who get into trouble for activities of this nature are kids or young adults who are not the type to be in trouble for any other criminal activities. The point of sentencing in these cases should be rehabilitation. If we can break the pattern of illegal behavior, society will benefit from Majette's participation. If we simply locked him up for 5 years, neither he nor society would benefit." #O The Times (London) #D July 1, 1991 #T Victin of computer hackers fights BT over \pounds 8,000 bill A director of video films is embroiled in a dispute with British Telecom over an \pounds 8,000 bill after becoming a victim of hackers -- people who steal computer passwords to break into international data bases and use services illegally. George Snow says the bill will ruin him. Experts say the case highlights increasing concern over one of Britain's most under-reported crimes. For several years, Mr Snow has kept abreast of developments in 3-D computer graphics by using access to an American information service called Compuserve. To cut costs, he became a customer of BT's Dial Plus service, which allows customers to connect their office or home computers to international data bases for the price of a local rather than an international call. Mr Snow, who has directed programmes for Channel 4 and the Arts Council, and whose pop video credits include Howard Jones, had found the service useful and inexpensive until recently. "My quarterly bill would be around \pounds 30," said the director whose company, WKBC TV, is based in west London. Mr Snow, aged 42, now faces a big unscheduled bill for calls he never made. It appears that hackers illegally obtained Mr Snow's password and BT agrees. The dispute is about who pays the \pounds 5,500 and \pounds 2,500 bills which have been run-up in recent months. BT says that Mr Snow chose a password that hackers could easily borrow [sic]. He says that the company has a responsibility to ensure its networks are secure. "To clock up \pounds 8,000 worth of bills you have to be talking about someone using the service 24 hours-a-day day in day out," he said. To break into a data base, hackers will generally first try obvious passwords such as Christian names. They also use programmes that run randomly through words in a dictionary until one opens a data base. Customers with Dial Plus have to sign a disclaimer stating that they will not use obvious passwords otherwise they might be liable for hackers' bills. A BT spokesman admitted, however, that Mr Snow had joined the service before the agreement came into force. Mr Snow also says that it was BT which approved Superman, the password stolen by the hackers. The company says that Mr Snow was warned that his account was running up huge bills in early February but that it was sometime later that the password was changed. Mr Snow says that it was changed within days and that by the time BT contacted him the damage had been done with most of the bill having been run up. He believes that he, and possibly others, are being forced to pay the price for the company's poor security and has called in the Computer Crime Unit at Scotland Yard to investigate. David Frost, a computer security expert with accountants Price Waterhouse, said yesterday that the amount of hacking taking place in Britain was being seriously undeerplayed by companies. BT rejects suggestions that it is cavalier with security. A spokesman said the company would write to Mr Snow this week. He says that he willfight BT in court if it prosecutes him. "\pounds 8,000 is about 10 per cent of my turnover," he said. [I have a few comments, based solely on the report as printed. I do not know what truly happened. I draw attention to the BT's apparent attitude to password security. They used the term "borrow", rather than "steal" or "use illegally". They vetted the password, implying that Mr Snow was asked to reveal his password rather than keep it secret. Even so, they gave the OK to a password which is of dubious security. It is generally agreed that proper names, dictionary words, literay characters and the like are easily guessed. More generally, it is interesting how British newspapers, and _The Times_ in particular, are beginning to take an informed interest in he subject of computer security and, indeed, in computer-related risks in general. Apart from some quaint terminology ("programmes", "data bases") they seem reasonably competent at understanding the issues and reporting them clearly to a non-expert audience. #O The Atlanta Journal #D Friday, June 14,1991 #T GBI searching for byte-size evidence #A By Rob Johnson and David Pendered #B Typed for data by The Esoterrorist Computers, floppy disks taken from suspected teen hackers Four suburban Atlanta teenagers, stripped of their home computers, began a long wait Thursday for GBI agents to rummange through huge libraries of floppy disks for evidence of criminal invasion of perhaps hundreds of corporate and government computer networks. Georgia Bureau of Investigation agents confiscated 12 computers and more than 1,400 disks from the north Fulton and Gwinnett county homes of the four teens Wednesday. The youths - two 15-year-olds and two 17-year-olds - have not been charged or identified publicly. In an apparently related case six months ago, four Gwinnett County teens were linked to an international network of about 70 computer hackers who were believed to have bilked the National Aeronautics and Space Administration (NASA) of $12 million in telephone services and an undetermined amout from BellSouth Inc. "I understand that these four teens were part of that same group that we investigated last year," said Jim Steele, assistant superintendent of security for the Gwinnett County school district. "We believe that this is a result of the same investigation." Until agents analyze the digital data in the newly confiscated discs, they won't know exactly what the four teen hackers did or if charges will be brought, said GBI spokesman John Bankhead. "There is no indication yet that harm was done," he said, "but penetration took place." Emory, Tech were targets Hackers apparently penetrated networks at Emory University, Georgia Tech and WXIA-Channel 11, but BellSouth apparently was the primary target, according to investigators. In the earlier investigation, Gwinnett school officials discovered in June 1990 that hackers had penetrated a school teleconference system and launched from there into BellSouth's system. Hackers in the U.S. and six or seven other countries avoided telephone charges for their computer modems by billing them to the school district, BellSouth and NASA, the investigation revealed. School investigators stopped their probe in December and delivered their records to the GBI and BellSouth investigators, Mr. Steele said. This following glossary was included in the article. heh... ...use this as a reference for filling out those super elite bbs infoforms that you never know all the answers.... ------------------------------------------------------------------- | | | Hacking: A short glossary | | | | | | HACKER - What all computer hobbyists used to call themselves, but | | the term has come to mean someone who breaks into computers for | | fun or for profit | | | | MODEM - The device that lets computers talk over the telephone | | lines. | | | | COMPUTER NETWORK - Where several computer terminals, or computers,| | are connected so that information can be exchanged. | | | | WAR GAMES DIALER - A specialized computer program that dials | | every number in an exchange and identifies lines connected to | | modems. | | | | PASSWORD - The secret word or code, usually used in combination | | with a name, that allows an individual to have access to a | | computer's files. | | | | | ------------------------------------------------------------------- Suspected hackers targeted BellSouth By Rob Johnson and Bill Husted Phone companies offer 'interesting puzzle' Investigators said Thursday that BellSouth apparently was the primary target of suspected computer hackers being questioned by GBI agents, and experts say phone companies usually are a favorite target for young hackers wanting to cruise through a massive network. "It's the oldest computer system known," said Mike Godwin of Electronic Frontier Foundation, the Cambridge, Mass., organization that monitors the legal quandries raised by the computer age. "It's so huge and complex. That's why it's a particular interesting puzzle." BellSouth calls it a serious crime nevertheless. "It's a break-in," said Scott Ticer, the company's operations manager. "It doesn't matter whether it's grand theft auto or joyriding, you're car is still not in the driveway. Same thing here. We take it very seriously." Trespassing or burglary? Mr. Godwin agrees intrusions are a crime, but he says law enforcement agencies and the courts rarely see the difference between the curious teenager who pokes around inside a network and the hacker who maliciously manipulates a company's computer operations. "It's really like the difference between trespassing and burglary," Mr. Godwin said. Darren McKeeman, 23, who was convicted in 1988 for breaking into the Georgia World Congress Center's computers, said a GBI investigation is a terrifying experience for the hacker and the family. "It's a total surprise," he said of a GBI raid. Hackers bent on stealing information are like burglars who work (cont' NIA072 / File 10) / / / NIA072 / File 10 / / CyberTimes (Vox Populi) / / Judge Dredd / / / (cont' NIA072 / File 9) from home, say experts. Their targets are computer networks used by governments and businesses. Breaking into one is as challenging for a hacker as a well-locked door is for a burglar. Most computer networks have an electronic doorway: the telephone line used by employees to connect to the office computer from home. That door is locked with a pasword. So, for burglar and hacker alike, the problem is: How do you get in? The first step is usually the easiest. According to experts, finding the telephone number that connects the hacker to a computer is often a simple matter of who you know. A company employee is the most likely source. Maybe he tells a friend, that tells someone else, and - somewhere down the chain - the number is passed along to the hacker. Ways to get in Then, the ahcker has to convince the computer to open the door. That means finding the name and password for someone who has access to the computer system. Finding the name can be as simple as calling a company and asking for the name of a key manager ("who is your vice president of marketing?" for instance). Passwords are more difficult to find. The easy way is through a talkative employee. Failing that, things get complicated. For instance, the passwords for computers that operate with the Unix operating system are scrambled into meaningless numbers and symbols using a mathematical formula. But, if an electronic burglar can sneak into the system (some computers allow limited access to a "guest" or "visitor") the file can sometimes be located and copied. Passwords are often ridiculously simple to guess. Since people want passwords that are easy to remember, they often use the first name often use the first name of a spouse, of a child, digits from their telephone number, or vehicle license plate. That makes it easy for hackers, too. #O Philadelphia Inquirer #D July 16 [editorial page] #A Richard Pence #T The Dat the Telephone Bug Bit Those big phone outages of recent weeks have had me feeling a bit guilty over what's been happening. You see, I remember exactly how all this started. Back in 1950 I was a novice seahand aboard a cruiser based In Philadelphia, barely six months out of high school and fresh from the plains of South Dakota. One Friday night in November, we were granted shore leave at the end of a two week training cruise. Homesick and seasick,, I headed immediately for the row of pay phones that lined the dock. Depositing a carefully preserved nickel (remember?), I dialed "O." The following is a roughly verbatim account of what transpired after the Philadelphia operator answered: "I'd like to place a station to station collect call to the Bob Pence residence in Columbia, South Dakota," I said in my best telephone voice. The Philadelphia operator was sure she had heard wrong. "You mean Columbia, South Carolina, don't you?" "No, I mean Columbia, South Dakota." I had tried to call home once before, and I was ready for that one. "Certainly. What is the number, please?" I could tell she still didn't't believe me. "They don't have a number," I mumbled. I'd tried to call home before, and I knew what was coming. She was incredulous. "They don't have a number?" "I don't think so." "I can't complete the call without a number. Do you have it?" she demanded. I didn't relish seeming like even more of a bumpkin, but I was in the Navy and I knew authority when I heard it. "Well ... the only thing I know is ... two longs and a short." I think that's the first time she snorted. "Never mind. I'll get the number for you. One moment please." There followed an audible click and a long period of silence while she apparently first determined if, indeed, there was a Columbia, S D., and then if it was possible to call there. When she returned to the line, she was armed with the not-insignificant knowledge necessary complete her task. In deliberate succession, she dialed an operator in Cleveland, asked her to dial one in Chicago, asked Chicago to dial Minneapolis, and Minneapolis to dial Sioux City, Iowa. Sioux City called Sioux Falls, S.D., and the operator there dialed one in Aberdeen, S.D. At last, Aberdeen dialed the operator in Columbia. By this time, Philadelphia's patience was wearing thin, but when Columbia answered, she knew what had to be done. "The number for the Bob Pence residence, please," she said, now in control. Columbia didn't even hesitate. "Two longs and a short," she declared. Philadelphia was set back for an instant but valiantly plowed on. "I have a collect call from Philadelphia, Pennsylvania, for anyone at that number. Will you please ring?" "They're not home," said Columbia, again not missing a beat. Philadelphia digested this and decided not to press the point. Instead, she relayed the message I'd already heard. "There is no one at that number, sir. Would you like to try again in later?" Columbia quickly interrupted: "Is that you, Dick?" "Yeah, Margaret ... Where are the folks?" Philadelphia was baffled, but her instincts told her to look out for the company. "Sir, madam ... you can't ..." Margaret ignored her. "They're up at the school house at the basketball game. Want me to ring?" I knew I was pushing my luck with Philadelphia, so I said it likely would be too much trouble to get them out of the game. "No trouble at all," said Margaret. "It's halftime." Philadelphia was still in there trying to protect the company. By this time, though, she was out of words. "But ... but ... " she stammered. I caved in to Margaret, mainly because I didn't want to have to start over later. "All right." Philadelphia made one last effort. Mustering her most official tone, she insisted: "But this is a station to station collect call!" "That's all right, honey," said Columbia, "I'll just put it on Bob's bill." Philadelphia was still protesting when the phone rang and was answered at the school house. "I have a station-to-station collect call for Bob Pence," Philadelphia said, certain that Ma Bell had somehow been had. "This is he," replied my father. "Go ahead," whispered an astonished Philadelphia. I'm glad couldn't'see her face when I began my end of the conversation the way all Midwesterners do: "Hi, Dad, how's the weather?" "Jeez," said Philadelphia and clicked off. Now comes the confession. I have it on good authority it was the next Monday morning that AT&T began to automate phone service And now look where we are. [Richard Pence is a Washington, D.C., writer and editor. He wrote this for the {Washington Post}.] #O Chicago Sun-Times #D July 16, 1991 #A Maureen O'Donnell, Staff Writer #T Test In Two Wards WIll Make Public Calls Easy To Trace Brison Poindexter says he knows when a motorist using the pay phone outside his south side 7-Eleven store is up to no good. "Someone pulls up in a fancy car in the middle of the night and asks for change for $3 or $4. You don't ask for that kind of change to call mom," said the 21-year old manager of the convenience store at 1800 East 87th Street. Poindexter suspects the callers are using the payphones to conduct drug deals or other illegal activity. But as of Monday night (July 15), Illinois Bell is conducting an unusual experiment aimed at payphone drug-dealing and other called-in criminal activity in two city wards, including the one where Poindexter's 7-Eleven is located. More than 50 payphones in the 8th and 37th wards will no longer accept coins between 6 PM and 6 AM. All outgoing calls from those phones must be 'zero-plussed', meaning the caller must use a calling card, call collect, or bill the call to a third party, but quarters won't do them any good. Bell believes is is the first such experiment in the country. It will not affect free calls to 911 (emergency), 411 (inquiries) or 611 (repair bureau). "The reason they (drug dealers) like payphones is they can put in their quarter and no one knows who they are," said Illinois Bell spokesman Geoff Potter. "That's going to change with this. If they call collect, or with their calling card, they're going to leave a paper trail. And billing to a third party is also going to be difficult, since that links another person to that call. That'll discourage them. The 90-day trial has the approval of Chicago Police Superintendent LeRoy Martin and City Aldermen Lorraine L. Dixon (8th ward) and Percy Giles, (37th ward), who praised the idea from Bell. "We believe this restriction will help deter criminals from using public phones to plan drug-dealing and other illegal activities," Martin said. But the American Civil Liberties Union questions how it will affect poor people who don't have phones. Illinois Bell requires a $500 deposit from people who do not have phones before it will issue a calling card. Poor people cannot afford such a payment, according to Harvey Grossman, legal director of the Illinois chapter of the ACLU. "Basically, it will have a discriminatory effect on poor people and African-Americans, and the drug-dealers will just move to other telephones," Grossman said. "We question the appropriateness of that kind of decision by a public utility." "For people without phones, they'll have to call collect pretty much," Potter said. "Or, if it is not an emergency, wait until the next day." The phones involved in the trial are only a portion of the total Illinois Bell phones in the area. Independent payphone providers are not participating in the experiment, Potter said. Illinois Bell has received no opposition so far. Business groups, including the 87th Street/Stony Island Avenue Business Association are backing the experiment. The neighborhood around 87th and Stony Island Avenue, called Calumet Heights, is a thriving business community whose residents include Police Superintendent Martin, said Sam Neely, owner of Neely Brothers Shell Service Station, 8700 South Stony Island Avenue, and president of the local business association. The payphones outside Neely's gasoline service station are going to restrict night-time coin calls. The experiment is intended to head off trouble in a good neighborhood, Neely said. "It is preventive. We don't want things to happen," he said. "I think it is a great idea," Poindexter said. "Anything to cut down on drugs." #O APwire #A Laurie Asseo #T 'Baby Bells' Get OK to Join Electronic Information Industry WASHINGTON (AP) _ A federal judge reluctantly gave the nation's seven regional telephone companies permission Thursday to join the electronic information industry by providing such services as home shopping and stock market quotes. U.S. District Judge Harold H. Greene said he believed that letting the companies enter the information market ``would allow them quickly to dominate that market and to eliminate both competition and the independents which would make that competition possible.'' But the judge said an appellate court decision reversing his 1987 refusal to grant such permission created a higher standard _ whether the judge could be certain that letting the so-called Baby Bells into the market would lessen competition. ``The answer to that question is in the negative,'' Greene wrote. His order delayed the effect of the ruling until it can be appealed by the opponents of lifting the ban. The Justice Department joined the regional phone companies in asking Greene to allow them to use their phone lines to sell such services as ``electronic Yellow Pages,'' home shopping, stock quotes, banking and classified advertising. The seven companies were barred from selling such services as part of the 1982 consent decree, which Greene oversaw, that broke up the AT&T phone monopoly. Opponents of letting the Baby Bells into the market said at an April court hearing that the regional companies would use unfair practices to squeeze out competitors. The opponents include consumer groups, long distance carriers such as MCI Telecommunications Corp., and the American Newspaper Publishers Association. The regional companies and the Justice Department contended that letting the seven provide information services would increase competition. Greene wrote, however, that he believed ``the most probable consequences of such entry by the regional companies into the sensitive information services market will be the elimination of competition from that market and the concentration of the sources of information of the American people in just a few dominant, collaborative conglomerates, with the captive local telephone monopolies as their base. ``Such a development would be inimical to the objective of a competitive market, the purposes of the antitrust laws, and the economic well-being of the American people,'' the judge said. Greene dismissed as ``preposterous'' the regional companies' contention that their input is needed to provide better information services and said the claim that the Baby Bells' entry into the market would start a new era of sophisticated information services was ``so much hype.'' But Greene said that because of the 1990 ruling by the U.S. Court of Appeals for the District of Columbia Circuit, he was left with no choice but to remove the restriction, ``albeit with considerable reluctance.'' He said the appellate court required him to give special deference to the Justice Department's views in the case, and it required him to consider economists' present-day forecasts rather than evidence of anti-competitive behavior by local telephone companies before the AT&T breakup. Greene said he decided not to let his ruling take effect immediately because the Court of Appeals may decide he misinterpreted its decision. If the regional phone companies were allowed to enter the information market while the question is unsettled, they could wind up spending large amounts of money on services they could later be barred from providing, the judge said. Ronald F. Stowe, vice president of Washington operations for Pacific Telesis, one of the seven, said, ``This is a major step forward for American consumers, American businesses and the American economy.'' Stowe said he was disappointed that Greene had delayed implementation of the ruling and added, ``We are seriously considering asking the court to vacate the stay.'' Stowe said the ruling means PacTel and other operating companies ``can more fully meet the information services needs of our customers,'' who, he said, have requested such offerings for years. Opponents of lifting the ban contended that the Baby Bells would be able to evade regulations that bar them from subsidizing non-regulated services with money from their normal rate base. But the regional companies said there was no sign they had used such cross-subsidization in other competitive markets. Gene Kimmelman, legislative director of the Consumer Federation of America, called the decision ``terrible for consumers.'' ``This really signals a beginning of a monopoly environment, which is going to invite rate increases and inflated local telephone rates and a litany of new lawsuits very similar to the antitrust litigation that led to the breakup in the first place,'' he added. Federal Communications Commission Chairman Alfred Sikes said the FCC ``will continue to provide full and effective public interest safeguards'' if the regional Bells enter the information services business. Sikes hailed Greene's decision, saying, ``I believe the nation will greatly benefit. ...'' The AT&T breakup decree also bars the regional operating companies from offering long distance service and manufacturing telecommuncations equipment. The companies are pushing legislation in Congress to lift the manufacturing ban. The bill was passed last month by the Senate and is being considered by a House subcommittee. In a response to a request from Sen. Paul Simon, D-Ill., for his views on the bill, Greene wrote a May 29 letter in which he declined to give an (here the writing blurs........) --- * NIA * GrapeVine --- CCC Update: On Chaos Computer Club's last Congress 1990, a Dutch group and few other phreaks reported on some techniques to "travel inexpensively on international networks" (see my report in January 1991). Against their usually detailed description of the content of the respective session, CCCs electronic Congress newspaper describes the reports and discussion only in general terms; no details regarding frequencies and computer programs (which meanwhile replaced the "blue boxes" more flexibly) were given. According to a report in the ("usually well-informed") German weekly magazine Der SPIEGEL, the Dutch group HAC-TIC now published a detailed report on how to "use" special methods, dial-tunes (with frequencies and sequences of operation) and telephone numbers (in Germany: 0130) in diverse areas of the world to establish toll-free phone connections via specific programs. As the magazine reports, HAC-TIC aims with its detailed description to counterfeit some people who sell (e.g. on AMIGA) such tune-dialing programs for up to 1,000 DM (about 520$ currently). --- Electronic Frontier Foundation Tracking The Steve Jackson Case Our major case, the Steve Jackson Games case, is proceeding as expected. The next stage in our ongoing effort in that case will be the government's filing of a response to our complaint. As of the week of June 21, the government has sought a 30-day extension of the deadline for its response. Such extensions are routinely granted with the agreement of the plaintiff, and we have agreed in this case. The extended deadline will mean that the government's response will be due the first week of August. --- Computer Crime (Information Weekly, July 8, 1991, page 6) A Computer Systems Protection Act went into effect last week in Georgia. The Act provides the same punishment for computer thievery as for other types of theft crimes. The bill calls for prison terms of up to 15 years for "computer-assisted theft, trespass, invasion of privacy, and forgery." Under the Act, stealing someone's computer password in Georgia can get you a $5,000 fine or one year behind bars. --- Excerpts from an article headlined PHONE OUTAGES SHOW HAZARDS OF NEW TECHNOLOGY by Jonathan Weber in the 28 June 1991 `Los Angeles Times': "The massive telephone failures in the Los Angeles and Washington areas earlier this week stemmed from glitches in ... a specialized computer network that shuttles information about calls between telephone company switching offices.... The inherent complexity of an increasingly software-based phone system ... raises the prospect that the public telephone service may be inherently less reliable in the future than it has been in the past. Pacific Bell said Thursday that it had suspended further deployment of ... Signaling System 7 until the exact cause of the problem could be identified. It appeared ... that the [LA and Washington] problems ... were not identical, but both [were] attributed to breakdowns [in the] SS-7 equipment supplied by DSC Communications of Dallas." [Explanations of expected benefits from the SS-7, including improved efficiency, capacity, speed, security, and new service possibilities such as "the controversial Caller ID."] "The flip side of all this ... is that if the SS-7 system malfunctions, it begins sending incorrect information all over the network. Ross Ireland, general manager for network services at Pacific Bell, said Wednsday's incident was caused by a signaling system unit in downtown Los Angeles that inexplicably began sending out a flurry of wrong information about problems in the network, and ultimately shut itself down. Then there was a cascade effect, in which the other signaling system units began acting on the incorrect information. Finally, when people tried to make calls and couldn't, they kept trying, which created an abnormally high level of calling traffic and thus further exacerbated the problem. "Because a phone network is so tightly integrated -- akin to one big computer -- it's very hard to locate and fix problems...." [See also `Los Angeles Times,' John Kendall and Paul Lieberman, 27 June 1991: "By coincidence, service also was disrupted to 6.7 million telephone customers Wednesday in the District of Columbia, Maryland, Virginia, and parts of West Virginia.... [T]he trouble began in Baltimore during a routine modification of equipment procedure." [sic]] [Officials at Chesapeake and Potomac said the problems were probably unrelated. Asked if hackers could have caused the problems, Ellen Fitzgerald, a spokeswoman for Chesapeake and Potomac, said she she had been assured that the system could not be penetrated. [!!!] But, she added, ``a few days ago I would have told you that what happened yesterday wouldn't happen.'' Terry Adams, a spokesman at the DSC Communications Corp., which made both systems, said company officials also discounted any connection between the failures. {From the NY Times article, 28 Jun 91. PGN}] --- According to an AP story carried in the 18 June '91 `New York Times', Mitsubishi is suing AT&T over a pbx system that was broken into by hackers who made thousands of illegal calls worldwide. Mitsubishi contends that AT&T's System 85 Private Branch Exchange is not secure and that AT&T failed to warn Mitsubishi of the potential for unauthorized use. Mitsubishi seeks $10 million in punitive damages and a dismissal of $430,000 billed for 30,000 phone calls which Mitsubishi attributes to unauthorized users. The pbx system, installed in 1988 and disconnected last year, permitted Mitsubishi employees to make calls on the company lines no matter where they were by using a 6-digit personal password. According to Mitsubishi, AT&T failed to diagnose the problem, and it was New York Telephone which finally told Mitsubishi of the possibility of system crackers. Andrew Myers of AT&T declined to comment on the suit but said that under federal communications law, "customers are clearly responsible for both authorized and unauthorized service." --- The old sell-illegal-calls-at-a-discount scam has reemerged in Elmhurst, Queens, NY. High-tech mobile phone booths (cars) are very popular there, and draw crowds of people standing in lines to make their calls, often to Colombia or Peru. Each car has a doctored cellular phone chip containing an ID illegally set to some poor sap's valid ID. "The swindle has become so popular that legal cellular phone users in the area can rarely get access to an available phone line." Law-enforcement officials say that many of the calls are made to high-level drug dealers in Colombia. Many of the numbers dialed from Elmhurst match up with Colombian phone numbers that investigators have on file with the Federal Drug Enforcement Administration. Metro One in Paramus, N.J., one of the two cellular carriers for New York City, estimated that it has lost more than $1 million a month from illegal calls transmitted from Elmhurst. Nationwide, such fraudulent calls cost the cellular phone industry about $700 million in 1990, according to Donald Delaney, an investigator for the NY state police. Industry officials put the figure much lower, at $100 million. [Source: Cars Using Rigged Cellular Phones Sell Illegal Overseas Calls, By Donatella Lorch, N.Y. Times News Service, 28 Jun 91] --- In San Diego, the former General Dynamics Corp. computer programmer, Michael John Lauffenburger, was arrested for allegedly planting a ``logic bomb,'' a type of virus that would have destroyed vital rocket project data. Lauffenburger's goal, according to a federal indictment, was to get rehired as a high-priced consultant to fix the damage he created. He quit May 29. A fellow General Dynamics worker defused the plot by accidentally stumbling onto the logic bomb. Lauffenburger was charged with computer tampering and attempted computer fraud. If convicted, he faces up to 10 years in prison and a $500,000 fine. He pleaded innocent and was released on $10,000 bail. [Source: Article by Laura Myers, AP Business Writer, 26 June 91] --- In a 6/28 press release, US West announced they intend to make line-blocking available on a "normal" basis, for the first time, in Iowa, where it's part of a modified proposal to the Iowa PUC. The company indicated this apparent switch in policy was in response to interest expressed by some users in the Omaha and Boise trials. There's a price, though. In the Iowa proposal, $3.50/mo. for res. and $4.00 for bus. In a related item, US West's Terri Ford, in 6/26 rebuttal testimony with the Idaho PUC, also indicated USWC intended to offer line-blocking before the completion date of the Boise market trial. Although no dates or prices were mentioned in Ford's filed testimony, she did state that the feature offering would be accompanied by a waived non-recurring charge. --- "Outro" Just a quick note to say Goodbye to many friends and compatriots. I will be off the net for about a year I suppose. Many of you deserve more than just "Thanks" and some of you deserve utter contempt. Watch yourselves. It can happen to anyone. Len [Rose] --- : _ \ / STILL GOING! NOTHING OUTLASTS THE UU __ ENERGIZER! THEY KEEP GOING AND GOING... ==/ \ /\__o : :__\__/ boomp boomp boomp boomp boomp boomp boomp boomp /_ \_ [Editors Note: How'd that get in here?] --- The U.S. National Commission on Libraries and Information Science is a permanent, independent agency of the federal government charged with advising both Congress and the President on matters relating to national library and information policies and plans. The commission has approved unanimously a major federal policy document, ``Principles of Public Information,'' and urged its use by all branches of the federal government as well as state and local government, and the private sector in the development of information policies. The document was adopted by the commission at its June 29, 1990 meeting. The full text of the ``Principles of Public Information'' follows: Preamble From the birth of our nation, open and uninhibited access to public information has ensured good government and a free society. Public information helps to educate our people, stimulate our progress and solve our most complex economic, scientific and social problems. With the coming of the Information Age and its many new technologies, however, public information has expanded so quickly that basic principles regarding its creation, use and dissemination are in danger of being neglected and even forgotten. The National Commission on LIbraries and Information Science, therefore, reaffirms that the information policies of the U.S. government are based on the freedoms guaranteed by the constitution, and on the recognition of public information as a national resource to be developed and preserved in the public interest. We define ``public information'' as information created, compiled, and/or maintained by the Federal Government. We assert that public information is information owned by the people, held in trust by their government, and should be available to the people except where restricted by law. It is this spirit of public ownership and public trust that we offer the following Principles of Public Information. 1. The public has the right of access to public information. Government agencies should guarantee open, timely and uninhibited access to public information except where restricted by law. People should be able to access public information, regardless of format, without any special training or expertise. 2. The Federal Government should guarantee the integrity and preservation of public information, regardless of its format. By maintaining public information in the face of changing times and technologies, government agencies assure the government's accountability and the accessibility of the government's business to the public. 3. The Federal Government should guarantee the dissemination, reproduction, and redistribution of public information. Any restriction of dissemination or any other function dealing with public information must be strictly defined by law. 4. The federal government should safeguard the privacy of persons who use or request information, as well as persons about whom information exists in government records. 5. The Federal Government should ensure a wide diversity of sources of access, private as well as governmental, to public information. Although sources of access may change over time and because of advances in technology, government agencies have an obligation to public to encourage diversity. 6. The Federal Government should not allow cost to obstruct the people's access to public information. Costs incurred by creating, collecting, and processing information for the government's own purposes should not be passed on to people who wish to utilize public information. 7. The Federal Government should ensure that information about government information is easily available and in a single index accessible in a variety of formats. The government index of public information should be in addition to inventories of information kept within individual government agencies. 8. The Federal Government should guarantee the public's access to public information, regardless of where they live and work, through national networks like the Depository Library Program. Government agencies should periodically review such programs as well as the emerging technology to ensure that access to public information remains inexpensive and convenient to the public. Conclusion The National Commission on Libraries and Information Science offers these Principles of Public Information as a foundation for the decisions made throughout the Federal Government and the nation regarding issues of public information. We urge all branches of the Federal Government, state and local governments and the private sector to utilize these principles in the development of information policies and in the creation, use, dissemination and preservation of public information. We believe that in so acting, they will serve the best interests of the nation and the people in the Information Age. --- [Note: H. Keith Henson is the same guy who circulated that letter to AT&T and started the call for a general boycott against them.] The long running Alcor/email case against the County and City of Riverside, CA was settled out of court in April of this year. The announcement was delayed until all parties had signed off, and the check had cleared the bank :-). The Alcor Life Extension Foundation (a non-profit cryonics organization --alcor@cup.portal.com) ran a BBS for members and prospective members from early 1987 through January 12, 1988. On that day, the BBS computer was removed under a warrant to take the computer (but no mention of any contained email) in connection with the investigation into the death of 83-year-old Dora Kent. (Mrs. Kent was placed into cryonic suspension by Alcor in December of 1987. During and following the investigation, Alcor staff members were publicly accused by county officials of murder, theft, and building code violations. No charges were ever filed and the investigation was officially closed three years later.) In December of 1988 Keith Henson filed a civil suit to force an investigation of the apparent violations of the Electronic Communication Privacy Act by the FBI, but the case was dismissed by the now convicted Judge Aguilar. In early 1990, just before the statute of limitations ran out, Henson and 14 others (of the roughly 50 people who had email on the system) filed a civil action against a number of officials and the County and City of Riverside, CA under Section 2707 of the Electronic Communication Privacy Act which forbids inspecting or denying access to email without a warrant. Some time after the case was filed, the Electronic Frontier Foundation came into existence in response to law enforcement abuses involving a wide spectrum of the online community. EFF considered this case an important one, and helped the plaintiffs in the case by locating pro bono legal help. While the case was being transferred, the County and City offered a settlement which was close to the maximum damages which could have been obtained at trial. Although no precedent was set because the case did not go to trial, considerable legal research has been done, and one judgment issued in response to the Defendants' Motion to Dismiss. The legal filings and the responses they generated from the law firm representing the County/City and officials are available by email from mnemonic@eff.org or (with delay) from hkhenson@cup.portal.com. (They are also posted on Portal.) The Plaintiffs were represented by Christopher Ashworth of Garfield, Tepper, Ashworth and Epstein in Los Angeles (408-277-1981). The only significant item in the settlement agreement was the $30k payment to the plaintiffs. --- Title: TRW Accused of Exploiting Consumers Six states have sued TRW Inc., charging that its credit bureau division secretly grades consumers on their bill-paying ability -- sometimes with inaccurate information -- and sells confidential mail to junk mailers. The NY State suit also charges TRW with providing inaccurate information about consumers to banks and other credit grantors, which often results in denied credit. Texas, Alabama, Idaho, Michigan, and California have filed another suit in State District Court in Dallas TX. (Reuters report in the San Francisco Chronicle, 10Jul91, p.C1) --- Subject: Houston City Hall voice-mail prank Houston acquired an AT&T telephone system in 1986 for $28M, but configured it with no passwords required for accessing voice mail. Thus, it should not surprise any of you to hear that recently a "prankster intercepted and rerouted confidential telephone messages from voice-mail machines in City Hall, prompting officials to pull the plug on the telephone system." Messages were being delivered to nonintended recipients. [Source: San Francisco Chronicle, 20Jul91, p.A5] [Also noted by Steve Bellovin] Subject: The voice-mail shuffle at City Hall ... A few stations even played quick snippets from one message, which appeared to be a kind of verbal "love letter" left for someone. Needless to say, the intended recipient was not the actual recipient. The perpetrator evidently would somehow try to simlulate a message break tone before each misdirected message by whistling a tone on the recording. While some of the redirected messages were, in some people's opinion, harmless, others were matters of City and State affairs, and the ramifications of these messages not being received were more than trivial. Needless to say, the service was down the next day for "upgrade modification". As one newscast put it at the end of their story, "when you leave a message at City Hall, don't leave one you wouldn't want repeated in public." --- Title: "How Did They Get My Name?" [From NEWSWEEK, 6/3/91, p.40]: Consumers are growing more uneasy about threats to privacy -- and are fighting back. "We don't have to worry about Big Brother anymore," says Evan Hendricks, publisher of Privacy Times. "We have to worry about little brother." Until recently, most privacy fears focused on the direct-mail indistry; now people are finding plenty of other snoops. Suddenly privacy is a very public issue. Privacy scare stories are becoming a staple of local TV news. Now Congress is scrambling to bring some order to the hodepodge of privacy and technology laws, and the U.S. Office of Consumer Affairs has targeted privacy as one of its prime concerns. Advocacy groups like the Consumer Federation of America and the American Civil Liberties cy as one the hot-button issues for the '90s. Concern is on the rise because consumers are finding that their lives are an open book. Privacy activists warn that the bigger threat comes from business. Citicorp and other data merchants are even pilot testing systems in supermarkets that will record your every purchase. "Everything we do, every transaction we engage in goes into somebody's computer," says Mary Culnan, a Georgetown University associate professor of business administration. How much others know about you can be unsettling. In the '80s, the controls were melting away, says Hendricks. "Reagan came in and said, 'We're going to get government regulators off the backs of business.' That sent signals to the private sector that 'you can use people's personal information any way you want.'" Consumers are beginning to fight back. The watershed event was a fight over Lotus MarketPlace: Households. New York Telephone got nearly 800,000 "opt out" requests when it wanted to peddle its customer list; the plan was shelved. With the MarketPlace revolt, a growing right-to-privacy underground surfaced for the first time. Privacy has become one of the most passionately argued issues on computer networks like the massive Internet and the WELL (an on-line service that has become a favorite electronic hangout for privacy advocates and techie journalists). Some privacy activists look hopefully across the Atlantic. The European Community is pushing tough new data rules to take effect after 1992. The Privacy Directive relies on consumer consent; companies would have to notify consumers each time they intend to pass along personal information. The direct-marketing industry claims the regulations would be prohibitively expensive. U.S. firms might find another incentive to change. Companies don't want to alienate privacy-minded customers. Then consumers might get some of their privacy back--not necessarily beacuse it's the law, or even because it's right, but because it's good business. "Would New Laws Fix the Privacy Mess?" (also from Newsweek in sidebar) Since the mid-1960s, Congress has enacted no fewer than 10 privacy laws. And yet a national right to privacy is far from firmly established. "It's easy to preach about the glories of privacy," says Jim Warren, who organized a recent "Computers, Freedom & Privacy" conference. "But it's hard to implement policies without messing things up." That hasn't stopped people from trying. James Rule, a State University of New York sociology professor, says that new legislation is warranted "on the grounds that enough is enough. Privacy infringement produces a world that almost nobody likes the look of." Last week a Senate task force recommended extending privacy laws to cover cordless phones. One bill would create a federal "data-protection board" to oversee business and governmental use of electronic information. Another would apply the Freedom of Information Act to electronic files as well as paper. In this technological age, how much privacy Americans enjoy will depend partly on how high a price they are willing to pay to keep it. --- AT&T's announcement from the company's internal News Briefs describing their victory in Harold Greene's courtroom: AT&T NEWS BRIEFS [All items are today's date unless otherwise noted] Friday, July 26, 1991 FREEDOM -- Phone lines were cleared Thursday for the seven regional phone companies to provide electronic information such as stock quotes and sports scores. ... USA Today, 1A. [Judge Harold] Greene simultaneously stayed his order, however, to permit all appeals to be heard, which raised the possibility its effect could be delayed for months. His decision is expected to draw fierce opposition. ... Washington Post, A1. ... Today's ruling did not change the restrictions that bar the Bell companies from entering the long-distance telephone industry or manufacturing telephone equipment, but the appeals court ruling that prompted today's decision also recommended that Judge Greene apply more flexible legal standards in considering these restrictions. ... Herb Linnen, AT&T spokesman, said the company had never objected to the Bell companies' entry into the information services market, provided that they remained excluded from the equipment manufacturing and long-distance industries. ... New York Times, B1. ... [The] ruling also moves the regional phone companies a step closer to being able to compete for cable television customers. ... New York Newsday, p. 5. ... The 71-page opinion noted that an appeals court decision last spring left no other choice. ... Wall Street Journal, B1. Also all major newspapers. Regardless of the legal maneuvering involving the regional telephone companies, AT&T plans to offer what it calls a Smart Phone, a telephone-and-video-screen device, as soon as next summer, Ray Zardetto, a company spokesman, said yesterday. ... "You can call up stock reports, for instance," Zardetto said about one use for the Smart Phone. "Whatever part of the stock report you want will run across the screen. Or you can preprogram your pizza order from your favorite pizza parlor, push a button and it goes across the network to his Smart Phone and it'll be delivered." New York Newsday, p. 35. --- THE COMPUTER SECURITY EVENT OF THE YEAR It says, in part: The 18th Annual Computer Security Conference and National Exhibition-- the largest ever--will be held in Miami at the Fontainebleau Hilton Hotel on NOvember 11-14, 1991. With over 110 speakers, the Security Event of the Year, sponsored by the Computer Security Institute, will address the full range of issues facing computer security practitioners in business and government. ... Conference highlights include: *Tom Peltier on "Information Security Approaches the Second Millenium." *Scott Charney from the US Department of Justice with a practical look on what the Department of Justice is doing to prosecute computer crime. *Harry DeMaio from Deloitte & Touche, who will address the topic "Effective Information Protection in a Complex Environment." *Cameron Carey of Computer Security Placement Specialists, on the job market outlook for computer security professionals. *Dr. Lance Hoffman of George Washington University will address the topic "Computer Security: We're Not Just Talking To Ourselves Anymore!" Also, two of the industry's leading lights--Bill Murray of Deloitte & Touce and Donn Parker of SRI International--will debate some of the key issues in computer security. Over a thousand computer security professionals are expected to attend this premiere event, which also features the largest compiuter security products trade show in the United States. Contact is Philip Chapnick, (415)905-2267. Computer Security Institute: (415)905-2200 voice, 905-2234 fax [End of CyberTimes (Vox Populi) NIA072 01JAN91-01AUG91 Edition] ---------------------------------------------------------------------------- Greetings. Well, this completes issue number 72. Expect to see issue 73 in about 2 months or so. We do not have enough material to complete it yet, so if you would like to contribute, please contact us at nia@nuchat.sccsi.com or by getting ahold of one of our staff and/or contributors. If you would like to write to Len Rose, he can be reached at: Len Rose Federal Prison Camp Seymour Johnson AFB Caller Box 8004 Goldsboro, NC 27531-5000 We're sure Len could use the mail. He can be reached there for oh, say, the next ten months or so. Our sympathies go to him and his family. Concerning the news, Cybertimes, we are always looking for submissions. If you see an article in your local paper, please type it up and send it in. We are also accepting donations of used and/or obsolete computer equipment. We are willing to cover the cost of postage to ship it to Texas. As soon as we can get the Kludge operating, we will set up an NIA home system where all the issues will be online for downloading as well as reading. With regards to the Hacker Manifeso file, Erik Bloodaxe is no longer in the underground community. This is an old file that was dug up from the days when he was still hacking. Best of luck to you and your associates in your new endeavour, Erik. Attention Internet Subscribers: Plese tell us when you are moving or losing your account so that we may keep the maillist current. Back issues may be found at the CuD Archive Server [ftp.sc.widener.edu /pub/cud/nia] and the EFF Server [ftp.eff.org /cud/nia]. We will soon have an AE line (no shit!) running HST for those of you without InterNet access. Until next time... JD & LMcD "The New York Times is read by people who run the country. The Washington Post is read by people who think they run the country. The National Enquirer is read by people who think that Elvis is alive and running the country..." - Robert J. Woodhead [End of issue NIA072]