💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0100.txt captured on 2022-06-12 at 10:44:19.
-=-=-=-=-=-=-
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.00 (March 28, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0JUT2@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
COMPUTER UNDERGROUND DIGEST was begun with the encouragement of Pat Townson,
moderator of TELECOM DIGEST. Pat received far to many responses to the recent
Legion of Doom indictments to print, and many of the issues raised were, for
reasons beyond Pat's control, unable to be printed. This, the initial issue of
CuD (as in "stuff to ruminate over") will reprint some of the initial
responses to provide the background for those who missed the earlier
discussions.
Preliminary interest in this forum has been relatively good. We received about
50 inquiries in the first 12 hours. We anticipate initial problems in linking
bitnet with usenet and other outlets. Doug Davis (in Texas) has thoughtfully
volunteered to serve as a go between between Usenet and other links, so, by
trial and error, we'll try to contact everybody who has expressed interest.
We will set line length at 78 characters. If there are problems in reading
this, let us know and we will shorten it.
STATEMENT OF INTENT
CuD encourages opinions on all topics from all perspective. Other than
providing a context for an article if necessary, the moderators *will not* add
commentary of agreement or disagreement. We see our role as one of
facilitating debate, although we will undoubtedly take part in discussions in
separate articles.
From the inquiries, interest seems to gravitate around a number of issues
related to the "computer underground," by which we mean the social world of
phreaks, hackers, and pirates. Judging from the comments, we encourage
contributions of the following nature:
1. Reasoned and thoughtful debates about economic, ethical, legal, and other
issues related to the computer underground.
2. Verbatim printed newspaper or magazine articles containing relevant
stories. If you send a transcription of an article, be sure it contains the
source *and* the page numbers so references can be checked. Also be sure that
no copyright violations are infringed.
3. Public domain legal documents (affidavits, indictments, court records) that
pertain to relevant topics. In the next issue we will present documents from
the Alcor (California) E-mail law suit.
4. General discussion of news, problems, or other issues that contributors
feel should be aired.
5. Unpublished academic papers, "think pieces," or research results are
strongly encouraged. These would presumably be long, and we would limit the
size to about 1,500 lines. Those appropriate for distribution would be sent as
a single file and so-marked in the header.
Although we encourage debate, we stress that ad hominem attacks or personal
vituperations will not be printed. Although we encourage opinion, we suggest
that these be well-reasoned and substantiated with facts, citations, or other
"evidence" that would bolster claims.
CuD *is not* a preak/hacker forum, and it is not a replacement for PHRACK
magazine. However, our initial model for this forum is a combination of
PHRACK WORLD NEWS and CNN's Cross-Fire if moderated by Emo Phillips.
The first few issues are exploratory. If there is continued
interest, we will continue. If not, so it goes. We *strongly*
encourage suggestions and criticisms.
--------------
In this issue:
--------------
1. Moderator's Introduction
2. Background of the LoD debates
3. Use of Aliases in the BBS world
4. LoD Indictment
5. Press Release Accompanying LoD indictment
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
===================================================
=== Computer Underground Digest - File 1 of 5 ===
===================================================
Welcome to the first "issue" of Computer Underground Digest. Jim and I
thought it would appropriate if we both wrote a few words as a sort of "hello"
and introduction. I'll keep this brief for now as I believe the "good stuff"
will be found in the other inclusions. However since this is the first of
what could be several (or perhaps few) issues it is appropriate at this time
to offer some thoughts, more or less off the cuff, on the so-called "computer
underground" (CU).
Over the past few years I've often been asked to justify the use of "computer
underground" when referring to the realm of hackers, phreakers, and pirates.
Certainly the "computer" part is easy to justify, or at least accept as valid.
No, it's the "underground" that has been criticized. Now I certainly don't
claim to have invented the term, in fact it is taken from the vocabulary of
the p/hackers themselves. However "underground" does imply, at least in
common usage, some characteristics that are not necessarily accurate. Some of
these are organization, criminality (or at lest marginality), unity, and
purposiveness.
Does the CU display these characteristics? Discussing each would take much
more room than I intend to use today. My M.A. thesis of August 1989 addressed
the issues of organization and unity, from a sociological viewpoint. The
articles included in this issue of the Digest address all of the a fore
mentioned issues from another viewpoint, one formed largely by cultural
outsiders. The issue that faces us now is who gets to define what the CU is
all about? Do we rely on the Federal Justice department to identify and label
the intent, organization, and purpose of the CU as conspirical? Do we rely on
the media to define the CU as reckless and unlawful? Do we, as citizens,
trust those in power to make decisions that will forever impact the way our
societal institutions of control approach those whose application of
technology has out paced our conceptions of private property and crime?
Am I an advocate _for_ the computer underground? No, I'm not "one of them"
and I don't speak for "them". However I do think it is in the best interest
of all if the "problem" of the CU is approached from the new perspective it
deserves. If our society is to ultimately decide that CU activity is every
bit as terrible as puppy-whipping then that decision should be made, not
forced upon us by lawmakers (and others) who are assuming, from the very
beginning, that CU activity is threatening and criminal.
To this end I hope that the CU Digest can provide information and discussion
from a variety of perspectives. The assumptions and changes in definitions
are subtle but hopefully we can begin to get a handle on many aspects of the
CU.
Gordon Meyer
Internet: 72307.1502@compuserve.com
3/27/90
==============================================================================
Recent media depictions of phreaks, hackers, and pirates have created an
image of evil lads (is it *really* a male bastion?) out to wreak havoc on
society (the studies of Erdwin Pfuhl and Ray Michalowski, Dick Hollinger and
Lonn Lanza-Kaduce, and Meyer and Thomas). Hollinger and Lanza-Kaduce have
argued that one reason that Draconian anti-computer abuse laws were passed in
the past few years is because of distorted images, lack of understanding of
the computer world, and a lack of a strong constintuency to point out the
potential abuses of restrictive legislation. We see CuD as an antidote to the
current--yes, I will call them WITCH-HUNTS--of law enforcement agents and
media hysteria. There is also a perceived need of commentators with some
sympathy toward the computer underground to preface their comments with "I
don't agree with their behaviors, but. . ."! I see no need to adopt a
defensive posture. All predatory behavior is wrong, and that type of
disclaimer should be sufficient. However, it remains to be seen whether *all*
computer underground activity is as predatory as the media and law enforcement
agents would have us believe. Yes, crimes are committed with computers. But,
crimes are also committed with typewriters, cars, fountain pens and--badges.
Computer Underground digest will attempt to provide an antidote to current
beliefs by creating an open forum where they can be debated by all sides.
Our intent, as Gordon indicates, is not to serve as apologists, but rather as
gadflies. Technology is changing society faster than existing norms, values,
beliefs, or laws, can match, and by airing issues we hope to at least provide
insights into the new definitions of control, authority, privacy, and even
resistance. Data from our own studies indicate that sysops of some BBSs have
been exceedingly cautious in putting up documents that are quite legal. The
sysop of one of the world's largest legitimate BBSs has told us of the
chilling effect on freedom of speech that even a casual visit from the FBI can
produce. Our hope is to present facts, stimulate debate, and above all, to
create an awareness of the relationship between the computer underground,
which is currently a stigmatized passtime, and the rest of society. We are
not concerned with changing opinions, but we do hope to sharpen and clarify
what, to us, are highly complex issues for which there is no simple solution.
Jim Thomas
Sociology/Criminal Justice
Northern Illinois University
DeKalb, IL 60115 (TK0JUT1@NIU.bitnet)
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
===================================================
=== Computer Underground Digest - File 2 of 5 ===
===================================================
-----------------------------
The following articles are reprinted from an issue of TELECOM DIGEST
that appeared a few days ago. Because further responses could not
be reprinted, we present them again to provide the background that
spawned CuD. We have not added Professor Spafford's original comment
because Mike Godwin cites the bulk of it. If we err in not doing so,
we apoligize in advance, but are guided here by space constraints and
not malice.
-----------------------------
Inside This Issue: Moderator: Patrick A. Townson
Preface to Special Issue [TELECOM Moderator]
Re: Legion of Doom Rebuttal to Moderator [Mike Godwin]
Re: Legion of Doom Rebuttal to Moderator [Douglas Mason]
Re: Legion of Doom Rebuttal to Moderator [Scott Edward Conrad]
Re: Legion of Doom Rebuttal to Moderator [Gordon Burditt]
----------------------------------------------------------------------
Date: Sun, 25 Mar 90 11:45:32 CST
>From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Preface to Special Issue
This issue is devoted to replies to Gene Spafford about the activities
of the Legion of Doom. Like many controversial topics (Caller*ID for
one), the LoD has the potential to use great amounts of network
resources as the arguments go on. Because Mr. Spafford is a highly
respected member of the net community, the people who responded to his
article here certainly deserve the courtesy of being heard, but with
this selection of responses, we will discontinue further pros-and-cons
messages on LoD, at least until the criminal proceedings are finished.
Obviously, *new* information about LoD, government investigative
activities, etc is welcome, but let's not rehash old stuff again and
again.
Patrick Townson
------------------------------
>From: Mike Godwin <walt.cc.utexas.edu!mnemonic@cs.utexas.edu>
Subject: Re: Legion of Doom Rebuttal to Moderator
Date: 22 Mar 90 20:16:43 GMT
Reply-To: Mike Godwin <walt.cc.utexas.edu!mnemonic@cs.utexas.edu>
Organization: The University of Texas at Austin, Austin, Texas
In article <5462@accuvax.nwu.edu> Gene Spafford <spaf@cs.purdue.edu> writes:
>The information I have available from various sources indicates that the
>investigation is continuing, others are likely to be charged, and there
>MAY be some national security aspects to parts of the investigation that
>have yet to be disclosed.
The information that I have is that many innocent third parties are
being trampled by the federal agents in their investigatory zeal. The
unnecessary seizure of equipment at Steve Jackson Games in Austin,
Texas, is a notable example. In that case, the Secret Service assumed
that, since SJ Games employed a reformed computer hacker, it was
likely that their company BBS (used for feedback from role-playing
game testers nationwide) contained relevant evidence. So, the SS
seized all the company's computer equipment, including its laser
printer, all available copies of the company's new Cyberpunk game (set
in a William Gibson future involving penetration of repressive
corporate computer systems), and copies of Gordon Meyer's dangerous
academic thesis, in which the author proposed that the hacker
underground had been "criminalized" in the public mind due to images
created by a few destructive individuals and by the fairly ignorant
media.
In spite of this, they assured Jackson and his lawyer that neither
Jackson nor his company was the target of the investigation. (Jackson,
who owes his livelihood to the copyright laws, is an adamant opponent
of piracy.)
Apparently, the federal agents were angered by the Cyberpunk gaming
manual, which romanticized 21st-century computer "cowboys" like Case
in Gibson's novel NEUROMANCER. They further conjectured that the game
is a cookbook for hackers.
Jackson's business is losing, at his estimate, thousands of dollars a
month thanks to this seizure, which was far more intrusive than
necessary (why take the hardware at all?), and which seemed to
demonstrate the agents' willingness to find evildoings everywhere. The
Federal Tort Claims Act bars tort recovery based on
law-enforcement-related seizures of property, I note in passing.
>Now maybe there are one or two people on the law enforcement side who
>are a little over-zealous (but not the few I talk with on a regular
>basis).
Yeah, maybe one or two.
>For someone to be indicted requires that sufficient evidence
>be collected to convince a grand jury -- a group of 23 (24? I forget
>exactly) average people -- that the evidence shows a high probability
>that the crimes were committed.
The notion that grand juries are any kind of screening mechanism for
prosecutions, while correct in theory, has long been discredited. In
general, not even prosecutors pretend that the theory is accurate
anymore. In law school, one of the first things you're taught in
criminal-procedure courses is that grand juries are not screening
mechanisms at all. (It is so rare for a grand jury to fail to follow a
prosecutor's recommendation to indict that when it does happen the
grand jury is known as a "rogue grand jury.") The basic function of
grand juries at the federal level is INVESTIGATORY -- the grand-jury
subpoena power is used to compel suspects' and witnesses' presence and
testimony prior to actual prosecution.
>Search warrants require probable
>cause and the action of judges who will not sign imprecise and poorly
>targeted warrants.
Ha! Dream on.
>Material seized under warrant can be forced to be
>returned by legal action if the grounds for the warrant are shown to
>be false, so the people who lost things have legal remedy if they are
>innocent.
Guess who pays for pursuing the legal remedy in most cases.
(Hint: it's not the government.)
Now guess how long such proceedings can take.
>The system has a lot of checks on it, and it requires convincing a lot
>of people along the way that there is significant evidence to take the
>next step.
The system does have checks in it, but they are neither as comprehensive
nor as reliable as you seem to think.
>If these guys were alleged mafioso instead of electronic
>terrorists, would you still be claiming it was a witch hunt?
Possibly. There have been periods in this country in which it was not
very pleasant to be involved in a criminal investigation if your name
ended in a vowel.
>Conspiracy, fraud, theft, violations of the computer fraud and abuse
>act, maybe the ECPA, possesion of unauthorized access codes, et. al.
>are not to be taken lightly, and not to be dismissed as some
>"vendetta" by law enforcement.
I don't think anyone is proposing that the investigation of genuine
statutory violations is necessarily a vendetta. In fact, I don't think
this is the case even in the Jolnet sting. But lack of understanding
on the part of the federal officials involved, plus the general
expansion of federal law-enforcement officials powers in the '70s and
'80s, mean that life can be pretty miserable for you if you even KNOW
someone who MIGHT be the target of an investigation.
There are civil-rights and civil-liberties issues here that have yet
to be addressed. And they probably won't even be raised so long as
everyone acts on the assumption that all hackers are criminals and
vandals and need to be squashed, at whatever cost.
Before you jump to conclusions about my motivations in posting this,
let me point out the following:
1) I'm against computer crime and believe it should be prosecuted.
2) I'm nor now, nor have I ever been, a "hacker." (The only substantive
programming I've ever done was in dBase II, by the way.)
3) Even though (1) and (2) are true, I am disturbed, on principle, at
the conduct of at least some of the federal investigations now going
on. I know several people who've taken their systems out of public
access just because they can't risk the seizure of their equipment (as
evidence or for any other reason). If you're a Usenet site, you may
receive megabytes of new data every day, but you have no
common-carrier protection in the event that someone puts illegal
information onto the Net and thence into your system.
And (3) is only one of the issues that has yet to be addressed by
policymakers.
>Realize that the Feds involved are prohibited from disclosing elements
>of their evidence and investigation precisely to protect the rights of
>the defendants.
They're also secretive by nature. Much has been withheld that does not
implicate defendants' rights (e.g., the basis for Secret Service
jurisdiction in this case).
>If you base your perceptions of this whole mess on
>just what has been rumored and reported by those close to the
>defendants (or from potential defendants), then you are going to get a
>very biased, inaccurate picture of the situation.
Even if you screen out the self-serving stuff that defendants (and
non-defendants) have been saying, you still get a disturbing picture
of the unbridled scope of federal law-enforcement power.
In addition, we can't fall into the still-fashionable Ed Meese
mentality: "If they're innocent they don't have to worry about being
indicted." This is simply not true.
>Only after the whole mess comes to trial will we all be able to get a
>more complete picture, and then some people may be surprised at the
>scope and nature of what is involved.
Ah, just the way the Oliver North trial cleared things up?
(I know that's a bit unfair, but it expresses my feeling that we're
better off relying on the press, flawed as it is, than waiting for the
feds to tell us what it's good for us to know at the time they think
it's good for us to know it.)
In sum, the *complaint* has been this:
"Look at the way the feds are losing their cool over this! Lots of
folks are being harmed, and lots of rights are being violated!"
The *response* of those whose justifiable opposition to computer crime
has blinded them to the rights, due-process, and justice issues
involved has been something like this:
"They're the government. They wouldn't be doing this stuff if they
weren't a good reason for it."
I have no trouble with Gene Spafford's scepticism about the complaint;
please understand, however, why I insist on being sceptical about the
response.
Mike Godwin, UT Law School |"Neither am I anyone; I have dreamt the world as
mnemonic@ccwf.cc.utexas.edu | you dreamt your work, my Shakespeare, and among
mnemonic@walt.cc.utexas.edu | the forms in my dream are you, who like myself
(512) 346-4190 | are many and no one." --Borges
------------------------------
>From: Douglas Mason <douglas@ddsw1.mcs.com>
Subject: Re: Legion of Doom Rebuttal to Moderator
Reply-To: douglas@ddsw1.MCS.COM (Douglas Mason)
Organization: ddsw1.MCS.COM Contributor, Mundelein, IL
Date: Thu, 22 Mar 90 12:49:29 GMT
I don't think that there is anyone out there saying that what those
guys did was right in any way, shape or form. Granted, there are
people out there that are probably saying to themselves "These guys
were just trying to show what capitalistic pigs the government is and
now they are being stomped on for exposing ... " You get the idea.
I think (from the 60 or so messages that I received in the last few
days) that the general opinion seems to be "Yes, these guys are very
much in the wrong, BUT did their case deserve as much media hype as it
has received?"
Just the other day a group of people murdered a tax collector here.
The papers made it out to be a joke and a "get back at the government"
type of thing. I personally couldn't see the funny side of a 27 year
old getting killed. Anyways, the article was towards the back of the
paper (ie: not page one material) and was gone and forgotton
immediately after.
The infamous "LOD" busts, on the other hand, seem to be springing up
again and again.
Something else I noticed about the whole affair and LOD in general
(before the big ordeal): A large chunk of the respect and whatnot over
the group (in the hacker circles) seemed to be because LOD did very
little "broadcasting" of the information they came up with
collectively.
On the other hand, if I had been "wired for sound" by some agency in
the past, the LOD affair would have been over with much sooner, as all
members seemed to be more than willing to give out information on CBI,
Trans Union, SBDN, SCCS, ESACS, LMOS, Cosmos [insert favorite acrynom
here] when they were approached individually.
Last time I visited one of the infamous LOD people, he showed me how
he could monitor phone lines remotely. Sounds like complete BS and it
is a worn out subject as to if it can really be done, but he ran some
Bell telco software and it allowed him to enter the number of any
phone number that was serviced by his local CO (I believe) and then
enter a callback number. While I stood there not believing him, the
other phone rang, and sure enough, it was "testing for audio quality"
on another line. He told me the acronym for the name of this
software, but it slips my mind, as I no longer have any interest in
that type of stuff. Point is that these guys were pretty trusting.
If the feds wanted to get them, they could have done it long ago.
My guess is that by this point they have MORE than enough evidence to
prosecute these guys. There is absolutely no doubt in my mind about
that.
Douglas T. Mason | douglas@ddsw1.UUCP or dtmason@m-net |
------------------------------
Date: Thu, 22 Mar 90 13:20:10 CST
>From: Scott Edward Conrad <sec0770@cec2.wustl.edu>
Subject: Re: Legion of Doom Rebuttal to Moderator
Because I happened to start researching a paper on law applied
to computer hacking, I have been following the LoD bust with great
interest. Recently, someone mentioned that they didn't think these
alleged perpetrators (sp?) deserved 31 years. Where did this number
come from?
According to the Computer Fraud and Abuse Act of 1984, there
seem to be 3 areas covered: (see also Computer/Law Journal, Vol. 6,
1986)
1) It is a felony to access a computer without authorization
to obtain classified US military or foreign policy info with the
intent or reason to believe that such info will be used to harm the US
or to benefit a foreign nation.
2) It is a misdemeanor to access a computer without
authorization to obtain financial or credit info that is protected by
federal financial privacy laws.
3) It is a misdemeanor to access a federal government computer
without authorization and thereby use, modify, destroy, or disclose any
information therein.
(3) seems the most applicable. Where I am confused is whether or
not the 911 code is considered government property. If it is, does this
make Bell South, a federal government computer?
What exactly are the LoD being tried for? (or has there been
charges filed against them, or is the SS still gathering info?)
Please send any thoughts to me.
Scott Conrad
sec0770@cec2.wustl.edu
------------------------------
>From: Gordon Burditt <sneaky!gordon@uunet.uu.net>
Subject: Re: Legion of Doom Rebuttal to Moderator
Date: 24 Mar 90 10:21:24 GMT
In article <5462@accuvax.nwu.edu> Gene Spafford <spaf@cs.purdue.edu> writes:
>that the crimes were committed. Search warrants require probable
>cause and the action of judges who will not sign imprecise and poorly
>targeted warrants. Material seized under warrant can be forced to be
>returned by legal action if the grounds for the warrant are shown to
>be false, so the people who lost things have legal remedy if they are
>innocent.
I don't believe it. It certainly doesn't work that way for
non-computer crimes. Let's suppose I am a homeowner, and a burglar
rips off my TV set. I surprise him, and he shoots me with my own gun.
Later he is caught with the TV and the gun in his apartment. Can I
get my TV set back before the trial? No. How about the gun (assuming
it's legal for me to have it)? No. Does anyone seriously think I'm
guilty of stealing my own TV or shooting myself with my own gun? (I
got lucky and had a priest, two off-duty cops, and the mayor as
witnesses). No. Does anyone think the TV and gun aren't mine? (They
have my name engraved, and I have receipts.) No, but it doesn't
matter.
Do you really think that the operator of any BBS seized because it was
used by crooks to exchange long-distance access codes is going to get
his system back any time soon, even if the Feds are convinced of his
innocence and active cooperation? Even if the active cooperation
started before there were any access codes on the system, and the
crooks were deliberately led to this system as part of a sting
operation? No, it's evidence, and it will probably be released long
after anyone convicted has served his sentence, and only after the
owner has spent more in legal fees than the system is worth at the
time of its return.
I doubt also that the Feds are going to be helpful to a non-suspect
BBS operator, and give him a copy of his own data, (They took all the
backups) sanitized to remove anything illegal. Nope, all those disks
with his tax records (which had nothing to do with the BBS) on them
will have to be manually reconstructed, even if he can borrow a system
somewhere.
Gordon L. Burditt
sneaky.lonestar.org!gordon
------------------------------
End of TELECOM Digest Special: LoD Rebuttals