💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0518.txt captured on 2022-06-12 at 10:50:43.
-=-=-=-=-=-=-
Computer underground Digest Sun Mar 7 1993 Volume 5 : Issue 18
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Editor: Etaion Shrdlu, Seniur
CONTENTS, #5.18 (Mar 7 1993)
File 1--PKZIP Bankruptcy Rumor is a *HOAX*
File 2--Hackers in the News (Orange County Register Reprint)
File 3--GPO ACCESS - WINDO UPDATE
File 4--London Times Educational Supplement Article
File 5--FWD: The White House Communication Project
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
on the PC-EXEC BBS at (414) 789-4210;
in Europe from the ComNet in Luxembourg BBS (++352) 466893;
ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
red.css.itd.umich.edu (141.211.182.91) in /cud
halcyon.com( 192.135.191.2) in /pub/mirror/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 03 Mar 1993 16:22:19
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--PKZIP Bankruptcy Rumor is a *HOAX*
A recent "press release" indicated that PKWARE, producers of PKZIP and
other popular software has filed for bankruptcy under Chapter 11.
THE PRESS RELEASE IS A HOAX! PKWARE's Mike Stanton indicated that the
PKWARE is in sound financial shape and that there is no basis
whatsoever to the release. "It's probably somebody's idea of an early
April Fool's joke," said Stanton.
The release contained a number of factual errors that prompted us call
PKWARE, and they confirmed what we suspected.
The original press release read:
FYI
FOR IMMEDIATE RELEASE
FRIDAY, FEBRUARY 26, 1993 5:00PM CST
===============================================================
PKware Inc., citing overwhelming advertising, administrative and
development expenses with the recent problem-plagued release of
their new PKZIP product, filed for chapter 11 bankruptcy today in
the Milwaukie County District Court.
"PKWARE will continue to operate normally, and will provide, as
always, the high-quality data compression products and services
which have made us the leader in the data compression market,"
Mark Gresbach, press-relations manager of PKWARE, said.
In business since 1987, PKWARE Inc. produces high-performance
data compression software, which makes computer program and data
files smaller, for faster transmission over telephone lines or to
take up less disk space. Fortune 500 companies such as Borland
Inc., of Scotts Valley, CA and government agencies such as the US
Air Force are major customers of PKWARE.
Any questions or concerns may be directed to PKWARE at any of the
following telephone numbers:
Phone (414) 354-8699
FAX (414) 354-8599
BBS (414) 356-8670.
+++
The errors include:
1) Inaccurate phone numbers
2) A non-existent spokesperson position at PKWARE
3) An improper court of jurisdiction: There is no "Milwaukee County
*District* Court; Chapter 11 is filed under federal statutes, not
"County"/State statutes
4) Unusual wording
PKWARE's latest release of PKZip (2.04g) has been released and has
been so well received that the Katz folk are barely able to keep up
with the orders. It is faster, tighter, and provides more options than
earlier releases.
------------------------------
Date: 04 Mar 1993 11:29:00 -0800
From: lynn.dimick@PCB.BATPAD.LGB.CA.US(Lynn Dimick)
Subject: File 2--Hackers in the News (Orange County Register Reprint)
I have received permission from Catherine A, Boesche of the Orange
County register to reprint this story ONE TIME. They would like to
receive the following credit:
Reprinted with permission of The Orange County Register, copyright 1993.
This originally appeared on February 17, 1993
Jeffrey Cushing knew his teenage son was a "computer freak,"
spending hours hunched over a bedroom keyboard playing games and
tapping out messages to friends.
It seemed like wholesome, hightech fun -- until Cushing was sued
last April by a Garden Grove telephone company that accused his son of
hacking into the firms' long distance lines.
The tab: $80,000
"I was in shock," said Cushing, 51, an advertising executive from
Huntington Beach. "all of a sudden this guy knocks on the door at 9
p.m. and serves me with this humungous suit."
The war against hackers who steal long-distance telephone time
has left a trail of slack-jawed parents throughout the state. Hit with
lawsuits throughout the state. Hit with lawsuits, search warrants and
demands for damages many parents are gulping hard and paying the toll
for telephone fraud.
Although no record is kept, some industry analysts estimate that
telephone fraud drains as much as $5 billion a year from companies
nationwide.
"Fraud on the (telephone) network is still one of the most
devastating things to long-distance companies, especially the smaller
ones," said Jim smith, vice president of the 34-member California
Association of Long Distance Telephone Companies.
The culprits often are juveniles, whose parents know little about
computers and less about what their children are doing with them.
At the forefront in pursuing the dial-tone desperadoes is Garden
Grove's Thrifty Tel Inc. -- which in 1990 became the first telephone
company to impose a tariff on hackers.
The idea was copied by several other small phone companies in
California, although Thrifty's tariff remains the highest at $2,880
per day, per line.
As part of every settlement, Thrifty also confiscates the
offending computer.
"This is designed to spank 'em hard. It can (financially) wipe
out a family," said Dale L. Herring, Thrifty's director of security.
"I sympathize, to some extent, but why should our company absorb the
loss? Giving their kids a computer and a modem is like giving them a
loaded gun."
Thrifty estimates its hacker losses at $22,000 a month.
Over the past three years the company has recovered nearly $1
million and has nabbed 125 alleged hackers -- the vast majority of
them juveniles. About 24 cases were prosecuted, with nearly all the
defendants pleading guilty.
Early the month, Thrifty said, it busted, a 10-member ring of
teenage hackers stretching from La Habra to Mission Viejo.
Criminal charges are pending against one of the suspects, a 19
year-old Irvine man who allegedly called Thrifty's computer system
6,435 times in 24 days. More than 1,000 calls came on Christmas.
The bill from Thrifty: $75,000.
The teen-ager allegedly used a simple scam employed by dozens of
hackers to break into long-distance carriers:
Using a modem and a home computer programed for hacking the thief
telephones the company's switching system. From there, the hacker's
computer generates ran-dom digits until it hits the access codes
--similar to calling-card numbers - - given to customers.
Those special codes are then used by the hacker to make
long-distance calls that will be billed to unsuspecting customers.
Many times, egotistical hackers post the codes on computer bulletin
boards for others to use, much like a victorious matador throwing a
rose to a pretty lady.
It can take several hours -- and several hundred calls to the
phone company -- to identify a handful of codes. But the hackers
simply set their computers to run night and day, calling three to four
times a minute.
For the novice, hacking programs with names such as "Code Thief
Deluxe" are widely available and can be downloaded without charge from
computer bulletin boards.
"It's becoming a subculture. Just as kids were sucked into
%Dungeons and Dragons,' they're being sucked into hacking," said
Thrifty's Herring.
Often teen-age hackers are highly intelligent loners, addicted to
the worldwide computer bulletin boards that allow them to communicate
with others of their ilk.
"But they run up $300 to $400 in monthly phone bills, their
parents go ballistic, so they turn to hacking," Herring said.
Unknown to the young hackers, some calls can be traced. Digging
through stacks of computer printouts. Herring and other experts at
Thrifty have followed the electronic trail over the past three years
to:
* An Escondido boy whose parents were ordered by an Orange Count
judge recently to pay Thrifty $33,000 in damages.
* A Foothill High School student in Santa Ana who was blamed for
more than $250,000 in losses to Thrifty and two other long-distance
companies in 1991. The boy pleaded guilty to telephone fraud.
* A six-member ring of San Diego high school students who raided
system in March. Their families are paying more than $100,000 in
damages.
Herring said the response from parents is always the same.
"Their first reaction is they want to kill their kids. Then, 24
hours later, they want to kill us," Herring said.
Last year, a 63-year-old father from San Diego responded to
Thrifty's demands for $16,000 by filing a harassment suit. The man
contended that he suffered from a nervous condition and had warned by
his doctor to avoid emotional shock.
And what could be more shocking then being hit with Thrifty's
$2,880-a-day tariff, approved by the Public Utilities Commission in
1990?
The tariff is meant to recover the costs of investigation hacker
paying attorneys and losing customers who've been victimized.
While the fee has been upheld in court, some parents complain th
it is unfair and inflated. The actual cost of the pirated phone call
amounts to only a small part of the huge damages sought by Thrifty.
Part of Thrifty's aggression in civil court comes from its growiin
inability to get the hackers into criminal court.
Thrifty has had a tough time persuading law authorities to spend
their limited resources on telephone hacking.
Garden Grove police recently notified Thrifty that the department
will no longer investigate hacking calls that do not originate in th
city. Since then, Herring said, the company keeps getting passed fro
one police agency to another, each claiming not to have jurisdiction
"I have to fight tooth and nail to get them interested," said
Herring, who last month persuaded the Orange County District Attorney
Office to prosecute at least one alleged member of the recently bus
Orange County hacking ring.
Garden Grove Lt. Bill Dalton said his department couldn't keep u
with the expense of investigating Thrifty's hacker problem. Dalton a
that Thrifty could make its telephone system more secure by putting
digits in the access codes, making them harder to discover.
That strategy literally saved Com-Systems of Westlake Village, w
was losing $250,000 a month to hackers before it overhauled its security
system in 1990. The move cost $1 million.
"Now we don't lose $250,000 in a whole year," said senior
investigator John Elerick. "We were getting killed."
About 15 of the small long-distance carriers in California have
reconfigured their access codes. But Thrifty has resisted, because t
change would inconvenience customers by making them wait a few seconds
more for their calls to go through, Herring said.
While Thrifty wrestles with its security dilemma, Huntington Be
dad Cushing found and easy way to protect himself from ever again be
sued for hacking: He disconnected the phone line in his son's bedroom.
"Now, he can only games, do homework, and that's about it."
++++++End of article++++++
* RM 1.0 B0008 * lynn.dimick@pcb.batpad.lgb.ca.us (Lynn Dimick)
////// This article originated at The Batchelor Pad PCBoard BBS ///////
/ Long Beach, CA ///// 1200-14,400 V.32bis+HST ///// +1 310 494 8084 //
------------------------------
Date: Wed, 3 Mar 1993 14:26:58 EDT
From: LOVE@TEMPLEVM.BITNET
Subject: File 3--GPO ACCESS - WINDO UPDATE
Taxpayer Assets Project
Information Policy Note
February 28, 1993
UPDATE ON WINDO/GATEWAY LEGISLATION
Note: the WINDO/GATEWAY bills from last Congress (HR 2772;
S. 2813) would have provided one-stop-shopping online access
to federal databases and information systems through the
Government Printing Office (GPO), priced at the incremental
cost of dissemination for use in homes and offices, and free
to 1,400 federal depository libraries).
Both the House and Senate are soon expected to introduce legislation
that would replace the GPO WINDO/GATEWAY bills that were considered in
the last Congress. According to Congressional staff members, the bill
will be called "GPO Access." The new name (which may change again)
was only one of many substantive and symbolic changes to the
legislation.
Since the bill is still undergoing revisions, may be possible (in the
next day or so) to provide comments to members of Congress before the
legislation is introduced.
The most important changes to the legislation concern the scope and
ambition of the program. While we had expected Congressional
democrats to ask for an even broader public access bill than were
represented by the WINDO (hr 2772) and Gateway (S. 2813) bills, the
opposite has happened. Despite the fact that the legislation is no
longer facing the threat of a Bush veto or an end of session
filibuster (which killed the bills last year), key supporters have
decided to opt for a decidedly scaled down bill, based upon last
year's HR 5983, which was largely written by the House republican
minority (with considerable input from the commercial data vendors,
through the Information Industry Association (IIA)).
The politics of the bill are complex and surprising. The decision to
go with the scaled down version of the bill was cemented early this
year when representatives of the Washington Office of the American
Library Association (including ALA lobbyist Tom Sussman) meet with
Senator Ford and Representative Rose's staff to express their support
for a strategy based upon last year's HR 5983, the republican
minority's version of the bill that passed the House (but died in the
Senate) at the end of last year's session. ALA's actions, which were
taken without consultation with other citizen groups supporting the
WINDO/GATEWAY legislation, immediately set a low standard for the
scope of this year's bill.
We were totally surprised by ALA's actions, as were many other groups,
since ALA had been a vigorous and effective proponent of the original
WINDO/GATEWAY bills. ALA representatives are privately telling people
that while they still hope for broader access legislation, they are
backing the "compromise bill," which was publicly backed (but
privately opposed) last year by IIA, as necessary, to avoid a more
lengthy fight over the legislation. If the negotiations with the
House and Senate republicans hold up, the new bill will be backed by
ranking Republicans on the Senate Rules and House Administration
Committees, and passed by Congress on fast track consent calendars.
We only obtained a draft of the legislation last week, and it is still
a "work in progress." All changes must be approved by key Republican
members of Senate Rules and House Administration.
Gone from the WINDO/GATEWAY versions of the bill were any funding (S.
2813 would have provided $13 million over two years) to implement the
legislation, and any findings which set out the Congressional intent
regarding the need to provide citizens with broad access to most
federal information systems. Also missing are any references to
making the online system available through the Internet or the NREN.
WHAT THE GPO ACCESS BILL WILL DO (subject to further changes)
1. Require the Government Printing Office (GPO) to provide
public online access to:
- the Federal Register
- the Congressional Record
- an electronic directory of Federal public information
stored electronically,
- other appropriate publications distributed by the
Superintendent of Documents, and
- information under the control of other federal
departments or agencies, when requested by the
department or agency.
2. Most users will pay user fees equal to the "incremental cost of
dissemination of the information." This is a very important
feature that was included in the WINDO/GATEWAY legislation. At
present many federal agencies, including the National Technical
Information Services (NTIS), make profits on electronic
information products and services. Given the current federal
government fiscal crisis, this strong limit on online prices is
very welcome.
3. The 1,400 member federal Depository Library Program will have
free access to the system, just as they presently have free
access to thousands of federal publications in paper and
microfiche formats. Issues to be resolved later are who will pay
for Depository Library Program telecommunications costs, and
whether or not GPO will use the online system to replace
information products now provided in paper or microfiche formats.
WHAT THE GPO ACCESS BILL DOESN'T DO
- Provide any start-up or operational funding
- Require GPO to provide online access through the Internet
- The Gateway/WINDO bills would have given GPO broad authority to
publish federal information online, but the new bill would
restrict such authority to documents published by the
Superintendent of Documents (A small subset of federal
information stored electronically), or situations where the
agency itself asked GPO to disseminate information stored in
electronic formats. This change gives agencies more discretion
in deciding whether or not to allow GPO to provide online access
to their databases, including those cases where agencies want to
maintain control over databases for financial reasons (to make
profits).
- Language that would have explicitly allowed GPO to reimburse
agencies for their costs in providing public access was
eliminated in the new bill. This is a potentially important
issue, since many federal agencies will not work with GPO to
provide public access to their own information systems, unless
they are reimbursed for costs that they incur.
- S. 2813 and HR 2772 would have required GPO to publish an annual
report on the operation of the Gateway/WINDO and accept and
consider *annual* comments from users on a wide range of issues.
The new bill only makes a general requirement that GPO "consult"
with users and data vendors. The annual notice requirement that
was eliminated was designed to give citizens more say in how the
service evolves, by creating a dynamic public record of citizen
views on topics such as the product line, prices, standards and
the quality of the service. Given the poor record of many
federal agencies in dealing with rapidly changing technologies
and addressing user concerns, this is an important omission.
- The WINDO/GATEWAY bills would have required GPO to address
standards issues, in order to simplify public access. The new
bill doesn't raise the issue of standards.
OTHER POLITICAL CONSIDERATIONS
Supporters of a quick passage of the scaled down GPO Access
legislation are concerned about a number of budget, turf and
organizational issues. Examples are:
- Congress is considering the elimination of the Joint Committee on
Printing, which now has oversight of GPO.
- There are proposals to break-up GPO or to transfer the entire
agency to the Executive Branch, which would slow down action on
the online program, and may reduce the federal support for the
Federal Depository Library Program, or lead to a different (and
higher) pricing policy.
- The National Technical Information Service (NTIS) opposes an
important role by GPO in the delivery of online services, since
NTIS wants to provide these services at unconstrained prices.
It does not appear as though the Clinton/Gore Administration has had
much input on the GPO Access legislation, which is surprising since
Vice President Gore was the prime sponsor of the GPO Gateway to
Government (S. 2813) bill last year. (Michael Nelson will reportedly
be moving from the Senate Commerce Committee to the White House to be
working on these and related information policy issues.)
Even the scaled down GPO Access bill will face opposition. According
to House republicans, despite IIA's low key public pronouncements, the
vendor trade group "hates" the bill. Opposition from NTIS is also
anticipated.
TAXPAYER ASSETS PROJECT VIEW
We were baffled and disappointed the decision of ALA and Congress to
proceed with a scaled down version of last year's bills. We had hoped
that the election of the Clinton/Gore administration and the growing
grass roots awareness of public access issues would lead to a
stronger, rather than a weaker, bill. In our view, public
expectations are rapidly rising, and the burden is now on Congress and
the Administration to break with the past and take public access
seriously. The GPO Access legislation provides incremental benefits
over the status quo, but less than might seem.
- The statutory mandate to provide online services is useful, but
public access proponents have always argued that GPO already has
the authority to create the WINDO/GATEWAY under the current
statutes. In fact, GPO now offers hundreds of CD-ROM titles and
the online GPO Federal Bulletin Board, a service that could (and
should) be greatly expanded.
- The three products that the GPO Access bill refers to are already
online or under development GPO. GPO is now working on the
development of a locator system and an online version of the
Federal Register, and the Congressional Record is already online
in the Congressional LEGIS system -- a system that is presently
closed to the public, and which is not mentioned in the GPO
Access bill.
- The "incremental cost of dissemination" provision of the new bill
is welcome, but GPO is already limited to prices that are 150
percent of dissemination costs.
Several suggestions to strengthen last year's bills were ignored.
Among them:
- Expand the initial core products to include other online
information systems that are already under the control of
congress, such as the Federal Elections Commission (FEC) online
database of campaign contributions, the House LEGIS system which
provides online access to the full text of all bills before
Congress, or the Library of Congress Scorpio system.
- Create a special office of electronic dissemination in GPO. At
present, GPO's electronic products and services are managed by
Judy Russell, who is capable, but who is also responsible for
managing the primarily paper and microfiche based federal
Depository Library Program, a time consuming and complicated job.
We believe that GPO's electronic dissemination program is
important enough to warrant its own director, whose career would
depend upon the success of the electronic dissemination program.
The GPO Access bills will be considered by the following
Congressional Committees:
Senate Committee on Rules and Administration 202/224-6352
Chair, Senator Wendell Ford
Ranking Minority, Senator Ted Stevens
House Committee on House Administration 202/225-225-2061
Chair, Representative Charlie Rose
Ranking Minority, Representative Bill Thomas
------------------------------
Date: Tue, 2 Mar 1993 20:26:36 EST
From: Arnie Kahn <FAC_ASKAHN@VAX1.ACS.JMU.EDU>
Subject: File 4--London Times Educational Supplement Article