**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.14 (April 26, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto GAELIC GURU: Brendan Kehoe +++++ +++++ +++++ +++++ +++++ CONTENTS THIS ISSUE: File 1; Moderators' Corner File 2; Comments on your comments on Len Rose File 3; Moving toward Common Ground? Reply to Gene Spafford File 4; CERT Advisory - Social Engineering File 5; And Fox is after the Hollywood Hacker? File 6; MONDO -- GREAT NEW 'ZINE! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132); (2) cudarch@chsun1.uchicago.edu; (3) dagon.acc.stolaf.edu (130.71.192.18). E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Moderators' Corner Date: 26 April, 1991 ******************************************************************** *** CuD #3.14: File 1 of 6: Moderators Corner *** ******************************************************************** ++++++++++++++++++++ Mail and Corrupted Issues ++++++++++++++++++++ We received a number of notes asking about the resend of CuD 3.13. Our system is an IBM clone, and the mailer is patched in. When we have mail problems, we are not able to determine the status of any mail we send out because of the limited capabilities of the patch. On occasion, especially during net-jams, this leads to some readers receiving duplicate files. If a number of files are corrupted, as sometimes happens when the nets are jammed or a gateway is not operating properly, it is sometimes necessary to resend a file or, in the case 3.13, the entire list. Optimal size is about 40K, and the last issue ran well over that. To facilitate mailing, we deleted the single file that brought us to the 40 K file size and re-sent. If people are experiencing problems receiving CuD, drop us a note. We have also received on 23 April a horde of email posts dated between 30 March-2 April. The bulk of it seemed to originate from the west and southwest. We generally reply to posts on the same day they are received, so if you do not receive a reply, let us know. ++++++++++++ LET US KNOW IF YOUR ACCOUNT EXPIRES ++++++++++++ If your account is about to expire, please drop a note simply saying "unsub," and be sure to include at the bottom your account number. ++++++++++++++++ Information on subversive software wanted ++++++++++++++++ Gordon is in the beginning stages of research for a technical paper on 'subversive' software. The article will discuss software that has been written for unusual purposes and circumstances, not all of which may be legal. Examples in this "genre" would be 'Fuckin' Hacker', 'Code Thief', and 'Receipt Writer'. It would be helpful to gather as many examples as possible, from many different computer platforms. He is *not* seeking executable copies, but just the name and description of the program. Any additional historical information, such as author name, date, innovative features, etc would be a bonus. If you can recall having seen, used, or heard of any unusual software that you feel fits in this category He would appreciate it if you'd drop me a line. The article has not, as of yet, been slated for publication, but he will supply a finished copy to anyone who responds or requests one. The finished work may also appear in a future issue of CuD. Thanks for your time and assistance! Gordon Meyer 72307.1502@Compuserve.com GRMEYER (GEnie and Delphi) or via CuD at tk0jut2@niu.bitnet +++++++++++++++++++++ PhD Seeks info on Computer Security +++++++++++++++++++++ Paul Taylor, a PhD candidate in England, sent the following note along. He is doing some interesting research, and is trying to obtain additional data. +++++++ From: P.A.Taylor@EDINBURGH.AC.UK Subject: PhD Seeks Info on Computer Security Date: 18 Apr 91 14:17:16 bst I'm into the second year of a PhD looking at the rise of the computer security industry and the concomitant rise of cracking/browsing and viruses, here at the University of Edinburgh. Part of my research involves e-mail interviews and questionnaires. If you would be willing to take part in it, then please get in touch. I'll send you a yes/no type questionnaire and after that if you are willing, a set of questions designed more to start a dialogue about some of the issues surrounding computer security, which could form the basis of an on-going e-mail interview to be acknowledged or kept anonymous in my final thesis, depending on the wishes of the respondent. ALL MY WORK IS FOR PURELY ACADEMIC PURPOSES AND TOTAL CONFIDENTIALITY IS GUARANTEED. IF IN DOUBT AS TO MY ACADEMIC STATUS PLEASE CONTACT ME AND INDEPENDENT VERIFICATION CAN BE SUPPLIED. Thank you in advance, Paul A. Taylor, Depts of Economics and Politics, Edinburgh University. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Gene Spafford Subject: Comments on your comments on Len Rose Date: Sat, 30 Mar 91 14:41:02 EST ******************************************************************** *** CuD #3.14: File 2 of 6: Comments on Len Rose Articles *** ******************************************************************** %Moderators' comment: Spaf just sent his latest book, PRACTICAL UNIX SECURITY, co-authored with Simson Garfinkel to the publishers (O'Reilly and Associates ((the Nutshell Handbook people). It's approximately 475 pages and will available in mid-May. From our reading of the table of contents, and from preview comments ("definitive," destined to be the "standard reference"), it looks like something well-worth the $29.95 investment.% There is little doubt that law enforcement has sometimes been overzealous or based on ignorance. That is especially true as concerns computer-related crimes, although it is not unique to that arena. Reporting of some of these incidents has also been incorrect. Obviously, we all wish to act to prevent future such abuses, especially as they apply to computers. However, that being the case does not mean that everyone accused under the law is really innocent and the target of "political" persecution. That is certainly not reality; in some cases the individuals charged are clearly at fault. By representing all of them as innocents and victims, you further alienate the moderates who would otherwise be sympathetic to the underlying problems. By trying to represent every individual charged with computer abuse as an innocent victim, you are guilty of the same thing you condemn law enforcement of when they paint all "hackers" as criminals. In particular, you portray Len Rose as an innocent whose life has been ruined through no fault of his own, and who did nothing to warrant Federal prosecution. That is clearly not the case. Len has acknowledged that he was in possession of, and trafficing in, source code he knew was proprietary. He even put multiple comments in the code he modified stating that, and warning others not to get caught with it. The patch he made would surreptitiously collect passwords and store them in a hidden file in a public directory for later use. The argument that this patch could be used for system security is obviously bogus; a system admin would log these passwords to a protected, private file, not a hidden file in a public directory. Further, your comments about having root access are not appropriate, either, for a number of reasons -- sometimes, root access can be gained temporarily without the password, so a quick backdoor is all that can be planted. Usually, crackers like to find other ways on that aren't as likely to be monitored as "root", so getting many user passwords is a good idea. Finally, if passwords got changed, this change would still allow them to find new ways in, as long as the trojan wasn't found. The login changes were the source of the fraud charge. It is certainly security-related, and the application of the law appears to be appropriate. By the comments Len made in the code, he certainly knew what he was doing, and he knew how the code was likely to be used: certainly not as a security aid. As somebody with claimed expertise in Unix as a consultant, he surely knew the consequences of distributing this patched code. An obvious claim when trying to portray accused individuals as victims is that their guilty pleas are made under duress to avoid further difficulties for their family or some other third party. You made that claim about Len in your posting. However, a different explanation is just as valid -- Len and his lawyers realized that he was guilty and the evidence was too substantial, and it would be more beneficial to Len to plead guilty to one charge than take a chance against five in court. I am inclined to believe that both views are true in this case. Your comments about Len's family and career are true enough, but they don't mean anything about his guilt or innocence, do they? Are bank robbers or arsonists innocent because they are the sole means of support for their family? Should we conclude they are "political" victims because of their targets? Just because the arena of the offenses involves computers does not automatically mean the accused is innocent of the charges. Just because the accused has a family which is inconvenienced by the accused serving a possible jail term does not mean the sentence should be suspended. Consider that Len was under Federal indictment for the login.c stuff, then got the job in Illinois and knowingly downloaded more source code he was not authorized to access (so he has confessed). Does this sound like someone who is using good judgement to look out for his family and himself? It is a pity that Len's family is likely to suffer because of Len's actions. However, I think it inappropriate to try and paint Len as a victim of the system. He is a victim of his own poor judgement. Unfortunately, his family has been victimized by Len, too. I share a concern of many computer professionals about the application of law to computing, and the possible erosion of our freedoms. However, I also have a concern about the people who are attempting to abuse the electronic frontier and who are contributing to the decline in our freedoms. Trying to defend the abusers is likely to result in a loss of sympathy for the calls to protect the innocent, too. I believe that one reason the EFF is still viewed by some people as a "hacker defense fund" is because little publicity has been given to the statements about appropriate laws punishing computer abusers; instead, all the publicity has been given to their statements about defending the accused "hackers." In the long term, the only way we will get the overall support we need to protect innocent pursuits is to also be sure that we don't condone or encourage clearly illegal activities. Groups and causes are judged by their icons, and attempts to lionize everyone accused of computer abuse is not a good way to build credibility -- especially if those people are clearly guilty of those abuses. The Neidorf case is probably going to be a rallying point in the future. The Steve Jackson Games case might be, once the case is completed (if it ever is). However, I certainly do not want to ask people to rally around the cases of Robert Morris or Len Rose as examples of government excess, because I don't think they were, and neither would a significant number of reasonable people who examine the cases. I agree that free speech should not be criminalized. However, I also think we should not hide criminal and unethical behavior behind the cry of "free speech." Promoting freedoms without equal promotion of the responsibility behind those freedoms does not lead to a greater good. If you cry "wolf" too often, people ignore you when the wolf is really there. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators (Jim Thomas) Subject: Moving toward Common Ground? Reply to Gene Spafford Date: April 26, 1991 ******************************************************************** *** CuD #3.14: File 3 of 6: Moving toward Common Ground? *** ******************************************************************** Gene Spafford's comments raise a number of issues, and my guess is that he and other "moderates" are not that far apart from those of us considered "extremists." His post was sent in March, but we received it on April 24, so some of his comments about Len Rose have already received sufficient response (see Mike Godwin in CuD 3.13). We are more concerned with the potential points of converenge on which "moderates" and "radicals" might agree. Gene raises several issues: 1) The tone of some critics of recent "hacker" cases tends to be divisive and inhibits coming together on common ground; 2) There exists a danger in "crying wolf" in that cases in which legitimate abuses may have occured or that directly raise important issues about civil liberties will be ignored because of excessive concern with cases that are perceived as less meritorious or in which the defendants may not seem sympathetic; c) An aggressive social response is required to reverse the apparent trend in computer abuse. We disagree with none of these issues. There is, however, room for legitimate disagreement on how these issues should be addressed, and there is room for conciliation and compromise. Although many cases of law enforcement response to alleged computer abuse have been reported, only a few have generated any significant attention. These cases have not generally centered around issues of guilt or innocence, but on broader concerns. Other than general reporting of cases, CuDs own attention has been limited to: STEVE JACKSON GAMES: Few, if any, think the search of Steve Jackson's company and seizure of his equipment was acceptable. The seizure affidavit indicated that the justification for the raid was grossly exaggerated and its implementation extreme. There have been no arrests resulting from that raid, but the questions it raised have not yet been resolved. LEN ROSE: Whatever one thinks of Len Rose's behavior, the actions of AT&T and law enforcement raise too many issues to be ignored whatever Len's own culpability (or lack of it). The initial indictments, press releases, and prosecutor media comments connected Len to E911, the Legion of Doom, and computer security when the case was actually about possesion of unlicensed proprietary software. We have never denied the importance of either issue. Our concern continues to be the misconceptions about the nature of the case, what we see as an extreme response to a relatively minor incident, and the way the laws were used to inflate charges. These are all debatable issues, but the nets were buzzing with claims of Len's guilt, the need to "send a message to hackers," and other claims that reinforced the legitimacy of charges and sanctions that still seem inappropriate. The fact that some still see it as a security case, others as a piracy case, others as justice-run-amok, and still others as a signal to examine the limits of criminalization illustrates the significance of the events: If we can't agree on the issues involved without yelling at each other, then how can we even begin to address the issues? CRAIG NEIDORF/PHRACK: When the prosecution dropped the case against Craig Neidorf for publishing alleged proprietary information valued at nearly $80,000 when it was found that the information was available to the public for under $14, most people thought it was a victory. However, the logic that impelled prosecution did not stop with Craig, and our concern continues to be over the apparent unwillingness of some law enforcement agents to recognize that this was not just a prosecutorial "mistake," but part of a pattern in which excessive claims are made to justify raids, indictments, or prosecution. THE HOLLYWOOD HACKER: Again, this is not a case of guilt or innocence, but one in which existing laws are sufficiently vague to over-criminalize relatively minor alleged acts. The apparent philosophy of prosecutors to "send a message" to "hackers" in a case that is not a hacker case but the sting of an investigative journalist seems another use of over-prosecution. There is also the possibility of a vindictive set-up by Fox of a freelance reporter who is alleged to have done what may be a common practice at Fox (see the post, this issue, citing Murray Povich). RIPCO: Dr. Ripco's equipment was seized and his BBS shut down, but no charges have been filed against him. He remains in limbo, his equipment has not been returned, and he still does not know why. Here, the issue of sysop liability, the reliability of informants, and the legal status of private e-mail are raised. THE "ATLANTA THREE:" The Riggs, Darden, and Grant case became an issue after the guilty verdict. We can think of no instance of anybody ever defending their actions for which they were indicted or in proclaiming them innocent after (or even before) their plea. At state in the debates was not that of guilt or a defense of intrusions, but of sentencing and the manner in which it was done. OPERATION SUN DEVIL: Operation Sun Devil, according to those participating in it, began in response to complaints of fraudulent credit card use and other forms of theft. The "hacking community" especially has been adamant in its opposition to "carding" and rip-off. Here, the issue was the intrusive nature of searches and seizures and the initial hyperbole of law enforcement in highly visible press releases in their initial euphoria following the raids. In an investigation that began "nearly two years" prior to the May 8, 1990 raids, and in the subsequent 12 months of "analysis of evidence," only two indictments have been issued. Both of those were relegated to state court, and the charges are, in the scheme of white collar crime, are relatively minor. There have also been questions raised about whether the evidence for prosecution might not have either already existed prior to Sun Devil or that it could have readily been obtained without Sun Devil. The key to the indictment seems to be a ubiquitous informant who was paid to dig out dirt on folks. For some, Sun Devil raises the issue of use of informants, over-zealousness of prosecutors, and lack of accountability in seizures. We fully agree that if there is evidence of felonious activity, there should be a response. The question, however, is how such evidence is obtained and at what social and other costs. Many may disagree with our perspective on these cases, but several points remain: 1) Each of them raises significant issues about the methods of the criminal justice system in a new area of law; 2) Each of them serves as an icon for specific problems (privacy, evidence, ethics, language of law, media images, sysop liability to name just a few); and 3) In each of them, whatever the culpable status of the suspects, there exists an avenue to debate the broader issue of the distinction between criminal and simply unethical behavior. Among the issues that, if discussed and debated, would move the level of discussion from personalities to common concerns are: 1. Overzealous law enforcement action: Prosecutors are faced with the difficult task of enforcing laws that are outstripped by technological change. Barriers to this enforcement include lack of resources and technical expertise, ambiguity of definitions, and vague laws that allow some groups (such as AT&T) who seem to have a history of themselves attempting to use their formidable economic and corporate power to jockey for legal privilege. Legal definitions of and responses to perceived inappropriate behavior today will shape how cyberspace is controlled in the coming decades. Questionable actions set bad precedents. That is why we refer to specific cases as ICONS that symbolize the dangers of over-control and the problems accompanying it. 2. Media distortions: This will be addressed in more detail in a future CuD, because it is a critically important factor in the perpetuation of public and law enforcements' misconceptions about the CU. However, concern for distortion should be expanded to include how we all (CuD included) portray images of events, groups, and individuals. Some law enforcers have complained about irresponsible media accuracy when the alleged inaccuracies have in fact come from law enforcement sources. But, media (and other) distortions of CU news is not simply a matter of "getting the facts straight." It also requires that we all reflect on how we ourselves create images that reinforce erroneous stereotypes and myths that in turn perpetuate the "facts" by recursive rounds of citing the errors rather than the reality. CuD AS PRO HACKER: The CuD moderators are seen by some as defending cybercrime of all kinds, and as opposing *any* prosecution of "computer criminals. Why must we constantly repeat that a) we have *never* said that computer intrusion is acceptable, and b) we fully believe that laws protecting the public against computer abuse are necessary. This, so I am told, "turns many people off." We have been clear about our position. There are occasions when discussion can reflect a variety of rhetorical strategies, ranging from reason to hyperbole. As long as the issues remain forefront, there seems nothing wrong with expressing outrage as a legitimate response to outrageous acts. 4. Crime and ethics in the cyber-frontier: These issues, although separate, raise the same question. Which behaviors should be sanctioned by criminal or civil penalties, and which sanctioned by collective norms and peer pressure? Unwise acts are not necessarily criminal acts, and adducing one's lack of wisdom as "proof" of criminality, and therefore sanctionable, is equally unwise. There are degrees of abuse, some of which require criminal penalties, others of which do not. The CU has changed largely because the number of computer users has dramatically increased make the "bozo factor" (the point at which critical mass of abusing bozos has been reached making them a group unto themselves) has a significant impact on others. There are also more opportunities not only to abuse, but to identify and apprehend abusers, which increases the visibility of the bozos. We can, as we did with the problems of crime, poverty, drugs, and other ills, declare a "war" on it (which most certainly means that we've lost before we've begun). Or, we can peruse a more proactive course and push for equitable laws and just responses to computer abuse while simultaneously emphasizing ethics. We fully agree that netethics should occur in schools, on the nets, in articles, and every other place where cybernauts obtain models and images of their new world. But, just as we should identify and work toward ethical behavior within the CU, we must also demand that others, such as AT&T, some law enforcement agents, BellSouth, et. al., do the same. It is hardly ethical to claim that a commodity valued at under $14 is worth over $79,000, and it is hardly ethical to compare possession of proprietary software with index crimes such as theft, arson, or embezzlement. Whether our own perspective is correct or not, the point is that what does or does not count as ethical behavior can no longer be assumed, but requires a level of debate the extends beyond netlynchings of individual suspects. Gene Spafford, like many others who share his view, is a productive and competent computer specialist who sees the dark side of computer abuse because he defends against it. I, like many others who share my view, see the dark side of law enforcement because, as a criminologist, I have been immersed in the abuses and fight against them. Our different experiences give us different demons to fight, an occasional windmill or two with which to joust, and a dissimilar arsenal that we use in our battles. Nonetheless, even though there is not total agreement on precisely which is a windmill and which a monster, Gene suggests that there is shared agreement on a minimal common reality and some common goals for making it more manageable. I fully, absolutely, and unequivocally agree with Gene: I agree that free speech should not be criminalized. However, I also think we should not hide criminal and unethical behavior behind the cry of "free speech. Promoting freedoms without equal promotion of the responsibility behind those freedoms does not lead to a greater good. If you cry "wolf" too often, people ignore you when the wolf is really there. I would only respond that his observation be taken to heart by all sides. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: Thu, 18 Apr 91 16:57:35 EDT From: CERT Advisory Subject: CERT Advisory - Social Engineering ******************************************************************** *** CuD #3.14: File 4 of 6: CERT Advisory *** ******************************************************************** CA-91:04 CERT Advisory April 18, 1991 Social Engineering DESCRIPTION: The Computer Emergency Response Team/Coordination Center (CERT/CC) has received several incident reports concerning users receiving requests to take an action that results in the capturing of their password. The request could come in the form of an e-mail message, a broadcast, or a telephone call. The latest ploy instructs the user to run a "test" program, previously installed by the intruder, which will prompt the user for his or her password. When the user executes the program, the user's name and password are e-mailed to a remote site. We are including an example message at the end of this advisory. These messages can appear to be from a site administrator or root. In reality, they may have been sent by an individual at a remote site, who is trying to gain access or additional access to the local machine via the user's account. While this advisory may seem very trivial to some experienced users, the fact remains that MANY users have fallen for these tricks (refer to CERT Advisory CA-91:03). IMPACT: An intruder can gain access to a system through the unauthorized use of the (possibly privileged) accounts whose passwords have been compromised. This problem could affect all systems, not just UNIX systems or systems on the Internet. SOLUTION: The CERT/CC recommends the following actions: 1) Any users receiving such a request should verify its authenticity with their system administrator before acting on the instructions within the message. If a user has received this type of request and actually entered a password, he/she should immediately change his/her password to a new one and alert the system administrator. 2) System administrators should check with their user communities to ensure that no user has followed the instructions in such a message. Further, the system should be carefully examined for damage or changes that the intruder may have caused. We also ask that you contact the CERT/CC. 3) The CERT/CC urges system administrators to educate their users so that they will not fall prey to such tricks. SAMPLE MESSAGE as received by the CERT (including spelling errors, etc.) OmniCore is experimenting in online - high resolution graphics display on the UNIX BSD 4.3 system and it's derivatives [sic]. But, we need you're help in testing our new product - TurboTetris. So, if you are not to busy, please try out the ttetris game in your machine's /tmp directory. just type: /tmp/ttetris Because of the graphics handling and screen-reinitialization [sic], you will be prompted to log on again. Please do so, and use your real password. Thanks you for your support. You'll be hearing from us soon! OmniCore END OF SAMPLE MESSAGE If you believe that your system has been compromised, contact CERT/CC via telephone or e-mail. Computer Emergency Response Team/Coordination Center (CERT/CC), Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213-3890 412-268-7090 24-hour hotline: CERT/CC personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies during other hours. E-mail: cert@cert.sei.cmu.edu Past advisories and other computer security related information are available for anonymous ftp from the cert.sei.cmu.edu (128.237.253.5) system. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Anonymous M> Subject: And Fox is after the Hollywood Hacker? Date: 23 Apr 91 05:12:22 CDT ******************************************************************** *** CuD #3.14: File 5 of 6: Fox and the Hollywood Hacker *** ******************************************************************** Fox's assault on the Hollywood Hacker gets even more bizarre. First one of their camera people is busted with a weapon by the Secret Service when they found him near President Bush, and now Murray Povich has come out with his book that makes us wonder what goes on inside the corporate board rooms, bedrooms, and computer rooms. If what Povich says is true, it seems that some of these tabloid tv types routinely bustle around spying and snooping, but when somebody turns the tables the scream and yell. Consider this from "Current Affairs: A Life on the Edge" by Maury Povich with Ken Gross. Published 1991 by GP Putnam's Sons. Chapter 14, pgss 207-208. "The launch date for 'Inside Edition' was January of 1989 and we went shopping around the satellites, trying to find out what stories they were going to do. That's how shows worked--they fiddled around with frequencies and latched onto the communications channels and listened in on the shop talk. It was spying. We all did it, switching around the dials, trying to pick up their satellite, pointing the transponders to find their bird so we could listen to their teleconferences and their stations, trying to winkle out what stories they were after. They were also doing the same thing to us, because they knew how we worked and it was part of the game. Young and Tomlin were not there for nothing. I knew 'Inside Edition' was into our computer because that's the way it is. Maybe it's illegal, but that's the 'Front Page' mentality." Throughout the entire book, Povich brags about the many and sundry ploys, devious tactics, and outright lies used by Current Affair staffers to get material (tapes and/or interviews) for their show. He constantly puts down the stuffed-shirt/establishment news types and makes he and his minions out to be heroic characters-- pioneers of a newer, braver school of journalism. "Killer journalists of the nineties," he calls them. Their battle cry: "Maybe it's not ethical, mate, but it's legal." (pg 254). I thought that maybe inquiring minds would want to know. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: MONDO -- GREAT NEW 'ZINE! Date: 10 Apr 91 01:24:08 EDT ******************************************************************** *** CuD #3.14: File 6 of 6: MONDO -- Great new 'Zine! *** ******************************************************************** After hearing many good things about a magazine called "Mondo 2000" we were pleased to finally locate a copy on a SF Bay area newsstand. In the interest of helping to spread the word about this very interesting publication we pres-ent a brief overview of the Winter 1991 issue. "Mondo 2000" (issue 3), from Fun City MegaMedia, is a sort of cyper-punk/PoMo/Discordian publication covering diverse (and fascinating) topics such as designer drugs, a Congressional assault on the Constitution, growth hormones, cybernetic jewelry, House Music, computer graphics, Frank Zappa's political ambitions, interviews with Debbie Harry, Tina Weymouth & Chris Franz, and cracking Macintosh software. There is a lot of material here (about 175 pages all total) and there is sure to be something to interest most anyone. The "reader mail" column indicates that past issues have covered vir-tual reality, UFO's, and The Church of the Sub-Genius. In addition the above topics, issue three also contains a number of articles of direct relevance to CuD. Namely, articles on the LoD, EFF, and the CU in general. [How's that for a plethora of acronyms in one sentence?! -GRM] In the "Hackers and Crackers" section we find the following selections: * "Do G-Men Dream of Electric Sheep?" by R.U. Sirius and George Gleason (pp 40-43) This article essentially presents a time line of CU related events beginning with Hackers' 4.0 misrepresentation by CBS, thru the Internet worm, NuPrometheus, Operation Sun Devil, and Zod's bust. In all, 22 of some of the most significant events are chronicled and the article serve as a handy, and disturbing, summary of the last couple of years. * "Civilizing the Electronic Frontier: an interview with Mitch Kapor and John Barlow of the Electronic Frontier Foundation" by David Gans and R.U. Sirius (pp45-49) Kapor and Barlow discuss the FBI's investigation of the NuPrometheus League, the origin of the EFF, and the future of the law and cyberspace. * "Synergy Speaks: Goodbye Banks, Goodbye Telephones, Goodbye Welfare Checks" by Michael Synergy (pp 51-54) A self-professed cyberpunk offers brief comments on a variety of topics such as viruses, blackmail, the EFF, modern justice, criminal evidence, and many more. Synergy's comments aren't in depth, but present views on a wide enough selection of topics for someone un-familiar with the movement to get an idea of the cyberpunk philosophy. * "Freaked by Phrack: an interview with Craig Neidorf" by John Perry Barlow (pp 55-56) An extract from on online interview with Neidorf, former publisher of Phrack, Inc. Neidorf discusses the nature of Phrack, his trial, and effect it has had on his life. * "A Message to You From Legion of Doom Member 'The Mentor'" by The Mentor (p 58) An edited version of "The Conscience of a Hacker" or "Hacker Manifesto" as widely published in Phrack, CuD, Thrasher, and a number of other places. * "On the Road to Chaos in East Berlin" by Morgan Russell (pp 60-63) A gonzo-esque account of the Chaos Computer Club Kongress in East Berlin. Also mentions the squatters' movement and The Foundation for the Advancement of Il-legal Knowledge (AKILKNO). * "The Worlds Oldest Secret Conspiracy: Fronted by Steve Jackson Games, Inc." by Gareth Branwyn (pp 64-67) An interview with Steve Jackson, concern-ing his business and Secret Service raids brought about by _GURPS Cyberpunk_. An excerpt from the book is included. * "Guess Work: an interview with August Bequai" by Gareth Branwyn (pp 70-71) This is a particularly enlightening interview with Bequai, a well-published expert of computer crime. Although brief, Bequai has some 'inter-esting' things to say. Here are some excerpts, in the same question/answer format found in the original article: Mondo: ...what do you think about the criticism that, with Operation Sun Devil, they've [the feds] unconstitutionally confiscated equipment such as public bulletin boards? This sort of thing has struck fear in the hearts of many systems operators. The seizure of the Steve Jackson Games BBS is a case in point. They were, by the admission of the Secret Service, not the target of the investigation. And yet their BBS was confiscated. Bequai: Then they have the option to go to court and challenge it. We have laws and legal system, and they work! Mondo: If you have the resources! Bequai: You don't necessarily need a lot of resources. It doesn't take a heck of a lot of money to go to court and challenge some of these things. Mondo: You're telling me it doesn't take a lot of time and money to challenge the US Secret Service!? Bequai: No sir, it does not. If you hire a small firm, no. [...] Mondo: What sort of groups do you lecture to: Bequai: Computer professionals, security professionals, executive-types, management-types, supervisors, lawyers, government officials. Mondo: In a recent speech, you stated that "Millions of Americans find themselves the victims of computer crimes" and "The public is called upon to pick up the tab for billions of dollars in annual losses...at the hands of computer criminals, hackers, and pranksters." [...] Where did you get those figures? Bequai: Oh, that's just guess work. White collar crime runs in excess of a hundred billion dollars. My sympathy goes to the public. I'm not so in-terested in technophiles who think they have an inherent right to do whatever they feel. I'm concerned for the average Joe Blow American. Bequai is an oft-quoted expert when anti-CU types discuss the hacker underground. This article was particularly insightful, and in many ways makes the pursuit of MONDO 2000 worthwhile in and of itself. * "Phreaks R Us: an interview with hacker publishers Emmanuel Goldstein of 2600 and Rop Gonggrijp of Hack-Tic" by R.U. Sirius and George Gleason (pp 74-76) Goldstein and Gonggrijp discuss their journals, the CU movement, and freedom of information. In conclusion, MONDO 2000 (issue 3) is worth searching out. It is a more than worthy successor to Reality Hackers, and offers many articles of interest. It is one of the most fascinating and refreshing publications to hit the stands, and will be very enjoyable to any CU-attentive individual. Mondo 2000 (published quarterly) (subscriptions) Fun City MegaMedia PO Box 10171 Berkeley, CA 94709-5171 USA (correspondence) PO Box 40271 Berkeley, CA 94704 Fax: 415.649.9630 MCI Mail: MONDO2000 $24.00 (US) for 5 issues ******************************************************************** ------------------------------ **END OF CuD #3.14** ********************************************************************