💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0925.txt captured on 2022-06-12 at 11:04:48.
-=-=-=-=-=-=-
Computer underground Digest Thu Mar 27, 1997 Volume 9 : Issue 25
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #9.25 (Thu, Mar 27, 1997)
File 1--A Country goes Offline (Austria) (fwd)
File 2--The creation of gov.* is NOT a cause for worry
File 3--Re: Coup-d-etat on the Internet (CuD 9.24)
File 4--WEBPOSSE ROUNDS UP PORN OUTLAWS
File 5--Researchers crack cell phone cipher
File 6--end of the road for PK encryption in the UK? (fwd)
File 7--Who will control the Net? Problems with RSACi
File 8--Cambodia receives Internet connectivity
File 9--Network Solutions hit with suit from C/Net
File 10--Cu Digest Header Info (unchanged since 13 Dec, 1996)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Tue, 25 Mar 1997 08:49:36 EST
From: Martin Kaminer <iguana@MIT.EDU
Subject: File 1--A Country goes Offline (Austria) (fwd)
------- Forwarded Message
Date--Mon, 24 Mar 1997 17:03:31 -0500
From--John Curran <jcurran@bbnplanet.com
FYI... Austria ISP's will be offline in protest
for two hours tomorrow morning. Our customers may
note notice, but it would be good to be informed if
anyone calls in.
Thanks!
/John
===
Date--Mon, 24 Mar 1997 15:57:08 -0500
From--Per Gregers Bilse <pgb@eu.net
Tomorrow afternoon European time, Austria will blackhole itself for
two hours in protest at a raid by Austrian police on a small service
provider. Updated information can be found at http://www.internet.at/
[Note that Munich is in Germany, and that Austria is another country.]
Press-Information
For immediate Release, 24 March 97
A Country goes Offline
Vienna, Tuesday, 24 March 97.
On Thursday, 20 March 97 at 10:45, the Austrian Internet Service
Provider ViP was raided by seven Austrian law enforcement officers of
the Vienna Wirtschaftspolizei (Commerce Branch of the Police) and two
surveyors. In the course of the action, a number of computers that
are essential to the existence of the organization, were confiscated
and most of the services of ViP were disabled. The trigger for this
action were charges against "unknown" that were filed at the Munich
Prosecution in March 96 (!) because a client of the Internet Service
Provider had released material in the Internet that is not conform
with the paragraph 207a StGB (child pornography).
The alarmingly incompetent behavior of the police, who acted only
after more than a year, even though electronic messages are typically
deleted after a few days, must make all Internet users in Austria
concerned. Even though there was no imminent danger, the sender was
known to the office of public prosecution at the time and ViP was not
accused in the process, all computers with hard disks were
confiscated - even those not connected to any network.
What can the Internet Service Provider control?
Internet Service Provider look after the interconnection of computers
that are connected to the global Internet and the transport of data
among these computers. Since not all users are permanently connected
to the Internet, their data are temporarely stored - often for a very
short period of time - on the computers of the providers. The amount
of data that accumulates in this fashion is enormous: the more than
27,000 available news groups alone and the temporarily stored
www-pages take up more than 40 gigabyte of storage room at the
largest providers. This is equivalent to more than 20 million
standard letter pages per provider.
Hence, content control of such information quantities by the Internet
service provider is not reasonable nor is it possible. The editorial
responsibility resides solely with the originator of the
information. The Internet has come to be an integral component in
the daily routine of many companies and private citizens. Its
availability directly affects the competitiveness of a country.
Confiscation and Austrian Jurisdiction
The legal framework for Internet Service Provider is mostly undefined
in Austria.
According to the interpretation of the Ministry of Justice, the
provider s direct liability for content that is not law-conform is
based on the fact, that by offering access to the net, the provider
gives access to the net that holds sources of danger. They are
responsible for content control and legal concordance. Hence,
providers are directly liable and culpable if they omit content
control.
This interpretation is contestable. Non-contestable is the legal
situation in case of confiscation.
Austrian law (P.142 Ch.1 StPO [criminal prosecution act]) regulates
confiscations, disallowing any unnecessary attraction of attention or
any unnecessary disturbance to those affected. Reputation and
privacy of the affected are to be protected as much as possible.
Moreover, it is stated that only items that can be of importance in
the case can be confiscated. A confiscation can only be made if a
previous questioning of the suspect neither produced evidence nor
eliminated the suspicion, or in the case of imminent danger.
In the present case, no employee at ViP was questioned. There was no
imminent danger since the contents in question had not been present
on the provider's computers, or in fact the whole Internet, for a
year. The "due care" advocated by the law was not afforded either,
since police forced the abrupt turning off of the equipment, which
can lead to damage and data corruption.
A Country goes Offline
Because of this situation, the Austrian Internet Service Provider
want to alert the public, politicians, and officials that it is
impossible to maintain the Internet services under the current
jurisdiction. To clearly demonstrate the consequences of the present
legal interpretation of Internet service operation, all Austrian
Internet services will be shut down on Tuesday, 25 March 97, from
4:00 to 6:00 p.m. This means that Austria will not be reachable via
the Internet worldwide.
Propositions for Solutions and Cooperations
The Austrian Internet Service Provider condemn the distribution of
illegal content in the Internet and will cooperate with the
investigating officials - as they have already in the past. The ISPs
believe that the individual originator is responsible for the
contents he is disseminating. This is clearly stated in the terms of
the ISP's General Business Terms. Blocking of contents must be
mandated by a sufficiently authorized legal institution, such as a
judge.
Extending their existing level of cooperation with the authorities,
the ISPs offer to connect the responsible judicial authority to the
Internet at no cost and to educate their officials in the use and the
nature of the Internet. Moreover, the ISPs offer their assistance in
the formation of an Experts' Commission.
The Association of Austrian Internet Providers, currently being
established, plans to create an Internet Coordination Office that
would accept alerts of illegal contents and would cooperate with the
authorities in addition to coordinating these issues among the
providers.
------------------------------
Subject: File 2--The creation of gov.* is NOT a cause for worry
From: Mark Atwood <zot@AMPERSAND.COM>
Date: 26 Mar 1997 10:51:43 -0500
Paul Kneisel <tallpaul@nyct.net> writes:
> ... am
> I the only one to see in the sudden creation of <gov.*> a slippery slope of
> globally massive dimensions whereby the U.S. and inferentially other
> governments just launched a info-war coup-d-etat on UseNet in particular
> and the Internet in general?
What I'm seeing here is a fundamental lack of knowledge on how the
creation of a new hierarchy has to work. There is a fundamental
difference between creating a single newsgroup, and creating a new top
level hierarchy. There is no formal RFD/CFV process for doing
it. There can't be. It can't be "forced" into being, it has to be
"begged" into existence.
We are all familiar with the "Big 8" hierarchies, The thing that makes
this part of net-news "special" the formalized group creation process
that unfolds in <URL:news:news.groups>, with the RFD, CFV, RESULTs,
and Dave Lawrence's PGP signed control messages.
But there are other hierarchies.
Such as alt, where the "default" rule is that almost anyone can create
a newsgroup, but only a few people can rmgroup one. There is not a
formal RFD/CFV/voting procedure for alt, just a continuing discussion
in <URL:news:alt.config>. And neither was there a formal process for
creating the entire hierarchy. People just were convinced that it was
a good enough idea and modified their news server configuration files
to permit it to exist.
There are now many top level hierarchies beyond the "Big 8" and alt,
each with their own social mechanisms for group management and topic
enforcement. You can grab the latest INN from the Internet Software
Consortium <URL:http://www.isc.org/> and read the recommended
control.ctl file to see a list of most of the better known ones.
If you want to create your own top level hierarchy on your own
machine, that's easy. But getting that hierarchy to also appear on
other machines is the trick. There is not a standard automated way to
do that. Instead you have to convince other news admins to
"manually" modify their own configurations.
Since this process requires the cultivation of "good will" from the
community of (overworked) news admins, the creation of the gov.* cannot
possibly be interpreted as an "invasion" or an attempt at a "info-war
coup-d-etat" in your words.
I suspect instead that this is the pet project of a news admin inside
the government somewhere, who truly believes that USENET would be a
good way to distribute government information "to the masses". I think
he may be right. He seems to have done his legwork, and seems to have
tale's blessing, which is good enough for me. I'm carrying it on my
spools, and asking my main upstream feeder to carry it so I don't need
a special feed to get it.
------------------------------
Date: Wed, 26 Mar 97 10:26:51 MST
From: Ken Arromdee <karromde@nyx.net>
Subject: File 3--Re: Coup-d-etat on the Internet (CuD 9.24)
>I certainly could have missed such RFDs and CFVs.
>But, assuming that I did not miss them because neither was ever issued, am
>I the only one to see in the sudden creation of <gov.*> a slippery slope of
>globally massive dimensions whereby the U.S. and inferentially other
>governments just launched a info-war coup-d-etat on UseNet in particular
>and the Internet in general?
No, he's just paranoid.
Only groups in the Big 8 hierarchies require a RFD and CFV. The reason why
his group requires a RFD and CFV and gov.* doesn't is not because of some
sinister government conspiracy against him, but because gov.* is not a
Big 8 group.
------------------------------
Date: Thu, 20 Mar 1997 10:46:28 -0800 (PST)
From: jc <pixotna@INTERMIND.NET>
Subject: File 4--WEBPOSSE ROUNDS UP PORN OUTLAWS
PIXOTNA PRODUCTIONS
Las Vegas, Nevada
MEDIA CONTACT: Jan Kepler 303/674-7879
keplerj@netone.com
FOR IMMEDIATE
RELEASE
WEBPOSSE ROUNDS UP INTERNET PORN OUTLAWS
ATLANTA, LAS VEGAS, ST. PETERSBURG, FL =96 March 10, 1997
-- Web outlaws are brazenly downloading thousands of high quality
photos and video clips from legitimate websites and selling them
illegally on the net, reported Steve Easton, founder of The
WebPosse. Easton and Jerry Taylor, creator of the newly formed
Association for the Protection of Internet Copyrights (APIC), are
hot on the trail of internet outlaws in an effort to protect all
intellectual property rights on the net.
According to Easton and Taylor, their initial focus is on
adult-oriented websites because they are the most profitable and,
thus, the primary targets of the outlaws. They estimate that 95%
of the adult material on the internet is stolen from legitimate
sources. Taylor warns that, "as soon as other types of sites
become profitable, the outlaws will branch out and victimize them
as well. Our goals are to protect all types of websites from
copyright infringement, educate the naive thieves, and close down
the bad guys."
Easton, Taylor and John Copeland, all website owners and friendly
competitors, have been hit hard by theft. "Legitimate website
owners like us are wondering if "www" really stands for "wild,
wild web" instead=
of "world wide web,"" jokes Copeland, an internationally
published photographer who has sold hundreds of sets to
Penthouse, Playboy and dozens of other well-known men"s
magazines. He is also the owner of Pixotna Productions, an
adult-oriented website.
"Our initial WebPosse members are mostly mainstream
adult-oriented magazine photographers who keep accurate records,
have fully signed releases from their adult models, and use only
legal materials on their sites," says Easton. "These legitimate
businesses are being hit hard in the pocket book and their
integrity is being compromised by the outlaws."
Copeland claims that it is not just the loss of revenue that
motivates the photographers to fight back: "Some stolen images
have shown up in phone sex ads, on websites that also sell
illegal child pornography, scenes of bestiality, abuse, etc.
These illegal usages often violate the releases that we have with
our models, and are insulting and demeaning to the women," he
added. "Some people think that all nude pictures are
pornography, but there are laws and standards within the industry
with which the legitimate photographers and producers abide."
Some outlaws have developed a myth of "public domain" as it
relates to copyrighted images, and Copeland complains "they
conduct business under the theory that it is easier to get
forgiveness than permission. Other internet outlaws, however,
are just hard core thieves making a bundle before we shut "em
down."
While no shoot-outs have been reported, Easton and other WebPosse
members are receiving threats of physical violence and terrorist
attacks (e-mail bombs, etc.) on their websites from the hard core
outlaws. Copeland has been the target of many such thefts and
some veiled terrorist threats. He recently contacted a two month
old website, the owners of which claim they unwittingly received
hundreds of Copeland"s stolen images to sell on their site. Last
month alone, this one site made more than $20,000 selling illegal
images. They even included Copeland"s copyrighted material in
their logo, on their home page, and throughout the site. He gave
them 7 days to remove his material.
Taylor says that copyright infringement is only one of the
violations facing the outlaws. There are often images posted on
these illegal sites that are not exempt from the requirements of
Federal statutes: Section 18 U.S.C. 2257 and the regulations of
Section 75 C.F.R. 75. To be in compliance with these regulations
"every image on display for which there is no release of
copyright, or documentation of copyright ownership, model
releases and model identification with age verification on file,
that is of sexual content, cannot be published, and must be
removed under penalty of law."
"It"s not only the professional photographers and models who are
vulnerable to illegal internet activity," says Taylor. "The
latest scam is called Amateur Models. Without documentation,
snapshots of nude women are posted anonymously on the newsgroups.
The photographers are often men looking for revenge against their
unsuspecting ex-wives and ex-girlfriends. While policing
anonymous newsgroup posts is impossible, when those illegal
photos are re-posted on websites, they spell big trouble for the
website owners."
WebPosse and APIC are planning legal action against the illegal
sites, whose owners are either unwilling to shut down voluntarily
or become legitimate. Taming the "wild, wild, web" will not be
easy admits Easton and Taylor, but with the backing of other
legitimate website owners, they anticipate making a significant
dent in illegal activities in 1997.
For more information about efforts to protect websites
from copyright infringement, contact Steven Easton at
954-983-6611 or by e-mail at sheriff@webposse.com; Jerry Taylor
at 770-300-0998 or by e-mail at JT@netcommand.com., and John
Copeland at 702-247-9830 or by e-mail at pixotna@intermind.net.
------------------------------
Date: Thu, 20 Mar 1997 09:14:29 -0800 (PST)
From: Declan McCullagh <declan@well.com>
Subject: File 5--Researchers crack cell phone cipher
Source - fight-censorship@vorlon.mit.edu
Attached below is John Markoff's front-page article in today's NYT on how
Bruce Schneier's team "cracked a key part of the electronic code meant to
protect the privacy of calls made with the new, digital generation of
cellular telephones."
I talked to Schneier about his successful codebreaking yesterday, but was
too exhausted from the Supreme Court arguments to write about it and do
him justice. When we spoke, he stressed that cracking this cipher was
anything but difficult: "It wasn't that hard. This isn't a subtle thing.
This is a major flaw."
He said: "For the second time we as a country had a chance to make
cellular phone conversations private and we blew it. We didn't make analog
conversations private and now, when we move to digital, we had the chance
to put in good encryption algorithms. We didn't."
How long does it take to crack? A forthcoming paper the group wrote says:
"Our (unoptimized) implementation uses minutes to hours of computation
time on a Pentium; it can be easily parallelized for further speed... The
attack described in this paper is practical, and can be used against
existing cellphones that use [this algorithm] for security."
The success of the codebreaking team -- which also included David Wagner
and John Kelsey -- underscores why it's dangerous to develop algorithms in
secret. The only reliable way to learn about weaknesses in a algorithm is
to expose it to public scrutiny. (Anyone want a Clipper Chip?) David Brin
at CFP last week echoed this idea, saying "public criticism" is the best
societal means of learning the truth. Schneier takes this concept so
seriously that his essay on "Why Cryptography is Harder than it Looks" is
required reading for all employees.
-Declan
---------- Forwarded message ----------
Date--Thu, 20 Mar 1997 07:12:21 -0500
From--John Young <jya@pipeline.com>
For details of the crack see the cryptographers' press release at:
http://www.counterpane.com/cmea.html
The New York Times, March 20, 1997, pp. A1, D2.
Code Set Up to Shield Privacy Of Cellular Calls Is Breached
By John Markoff
San Francisco, March 19 -- A team of well-known computer
security experts will announce on Thursday that they have
cracked a key part of the electronic code meant to protect the
privacy of calls made with the new, digital generation of
cellular telephones.
The announcement, intended as a public warning, means that --
despite their greater potential for privacy protection -- the
new cellular telephones, which transmit streams of digital
information in code similar to computer data, may in practice
be little more secure from eavesdropping than the analog
cellular phones, which send voice as electronic patterns
mimicking sound waves, that have been in use the last 15
years.
<snip>
------------------------------
Date: Mon, 24 Mar 1997 13:30:17 +0000 (GMT)
From: Stefan Magdalinski <stefan@IANDI.DEMON.CO.UK>
Subject: File 6--end of the road for PK encryption in the UK? (fwd)
I don't have time to investigate this, or write anything up. I
just found it in another mailing list I'm on, and thought you'd be
interested.
stef...
============
<excerpt>Subject-- UK Government to ban PGP - now official!
From-- rja14@cl.cam.ac.uk (Ross Anderson)
Date-- 1997/03/21
Newsgroups-- alt.security.pgp,alt.security,sci.crypt
The British government's Department of Trade and Industry has sneaked out
proposals on licensing encryption services. Their effect will be to ban
PGP and much more besides.
I have put a copy on http://www.cl.cam.ac.uk/users/rja14/dti.html as
their own web server appears to be conveniently down.
Licensing will be mandatory:
We intend that it will be a criminal offence for a body to
offer or provide licensable encryption services to the UK
public without a valid licence
The scope of licensing is broad:
Public will be defined to cover any natural or legal person
in the UK.
Encryption services is meant to encompass any service, whether
provided free or not, which involves any or all of the following
cryptographic functionality - key management, key recovery, key
certification, key storage, message integrity (through the use of
digital signatures) key generation, time stamping, or key
revocation services (whether for integrity or confidentiality),
which are offered in a manner which allows a client to determine
a choice of cryptographic key or allows the client a choice of
recipient/s.
Total official discretion is retained: The legislation will
provide that bodies wishing to offer or provide encryption
services to the public in the UK will be required to obtain a
licence. The legislation will give the Secretary of State
discretion to determine appropriate licence conditions. The
licence conditions imply that only large organisations will be
able to get licences: small organisations will have to use large
ones to manage their keys (this was the policy outlined last June
by a DTI spokesman). The main licence condition is of course
that keys must be escrowed, and delivered on demand to a central
repository within one hour. The mere delivery of decrypted
plaintext is not acceptable except perhaps from TTPs ovberseas
under international agreements.
The effect of all this appears to be:
1. PGP servers will be outlawed; it will be an offence for me
to sign your pgp key, for you to sign mine, and for anybody to
put my existing signed PGP key in a foreign (unlicensed)
directory
2. Countries that won't escrow, such as Holland and Denmark, will be
cut out of the Superhighway economy. You won't even be able to
send signed medical records back and forth (let alone encrypted
ones)
3. You can forget about building distributed secure systems, as even
relatively primitive products such as Kerberos would need to have
their keys managed by a licensed TTP. This is clearly
impractical.
(The paper does say that purely intra-company key management is OK
but licensing is required whenever there is any interaction with
the outside world, which presumably catches systems with mail, web
or whatever) There are let-outs for banks and Rupert Murdoch:
Encryption services as an integral part of another service (such
as in the scrambling of pay TV programmes or the authentication of
credit cards) are also excluded from this legislation. However,
there are no let-outs for services providing only authenticity and
nonrepudiation (as opposed to confidentiality) services. This is a
point that has been raised repeatedly by doctors, lawyers and
others - giving a police officer the power to inspect my medical
records might just conceivably help him build a case against me,
but giving him the power to forge prescriptions and legal
contracts appears a recipe for disaster. The scope for fraud and
corruption will be immense.
Yet the government continues to insist on control of, and access
to, signing keys as well as decryption keys. This shows that the
real concern is not really law enforcement at all, but national
intelligence. Finally, there's an opportunity to write in and
protest: The Government invites comments on this paper until 30
May 1997 Though if the recent `consultation' about the recent
`government.direct' programme is anything to go by, negative
comments will simply be ignored. Meanwhile, GCHQ is pressing
ahead with the implementation of an escrow protocol (see
http://www.cs.berkeley.edu/~daw/GCHQ/casm.htm) that is broken (see
http://www.cl.cam.ac.uk/ftp/users/rja14/euroclipper.ps.gz).
In Grey's words, ``All over Europe, the lights are going out''
Ross
</excerpt><<<<<<<<
------------------------------
Date: Wed, 19 Mar 1997 18:21:52 -0500
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: File 7--Who will control the Net? Problems with RSACi