Computer underground Digest Tue July 8, 1997 Volume 9 : Issue 54 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.54 (Tue, July 8, 1997) File 1--CyberPromo/Wallace meet the Hormel Spammers (fwd) File 2--(Fwd) Spam Lawsuit File 3--Solid Oak's response to "G-17 error" File 4-- Re: CYBERsitter problems File 5--Islands in the Clickstream File 6--HIGH CONCEPT VIRUS FILM IN PRODUCTION File 7--book on hacker cult/underground. File 8--Underground extract: System X File 9--Cu Digest Header Info (unchanged since 7 May, 1997) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 6 Jul 1997 23:18:31 -0400 (EDT) From: editor@TELECOM-DIGEST.ORG Subject: File 1--CyberPromo/Wallace meet the Hormel Spammers (fwd) Source - TELECOM Digest, Sun, 6 Jul 97 - Volume 17 : Issue 173 ((MODERATORS' NOTE: For those not familiar with Pat Townson's TELECOM DIGEST, it's a an exceptional resource. From the header of TcD: "TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and America On Line. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. Subscriptions are available to qualified organizations and individual readers. Write and tell us how you qualify: * ptownson@massis.lcs.mit.edu * ======" )) Date--Sun, 06 Jul 1997 17:08:30 -0400 From--The Old Bear Subject--Hormel Takes Action Against Spammer The ultimate irony ... ON THE INTERNET, NO ONE KNOWS THAT SPAM COMES IN CANS To Internet users, "spamming" means wholesale distribution of junk e-mail, but to the Hormel Foods Corporation, Spam is a scrumptious and nutritious pressed meat that they sell in a can. So Hormel has demanded that junk e-mail distributor Cyber Promotions Inc. stop using the name Spam and also stop using a picture of a can of Span on its Internet site. "We want them to recognize that Spam has been a widely known Hormel Foods trademark for 60 years and they are not authorized to use that trademark for their commercial use." [as summarized from 'USA Today' (July 3, 1997) by Edupage] ------------------------------ Subject--Hormel Objects to Use of Name "Spam" Date--Sun, 6 Jul 1997 00:00:37 PDT From--tad@ssc.com (Tad Cook) Hormel Foods Warns Junk E-mailer to Drop Use of `Spam' Trademark BY REID KANALEY, THE PHILADELPHIA INQUIRER Knight-Ridder/Tribune Business News PHILADELPHIA--Jul. 3--They kept a lid on their feelings for the last few years, but the people who can Spam are finally opening up. They hate ... "spam." At least, they hate to see their beloved product associated with junk e-mail. Hormel Foods Corp. has put the Internet's self-proclaimed Spam King, Philadelphian Sanford "Spamford" Wallace, on notice: It considers his adoption of the famous luncheon meat's name in connection with Cyber Promotions Inc., his junk e-mail business, an unauthorized use of the Spam trademark. In the online world, the term "spam" is a common and disparaging reference to unsolicited mass e-mailings that promote everything from fad diets to get-rich-quick schemes and porn sites on the World Wide Web. Wallace said he decided to use "spam" in his name after his most enraged critics began doing it to him. "I thought it would be catchy," he said yesterday. Three months ago, he registered the e-mail domain names "spamford.net" and "spamford.com." He is often pictured with cans of Spam. "The irony here is that we're actually promoting the name Spam. Hormel is probably getting a benefit from it," contended Wallace. Hormel thinks otherwise. Wallace is blurring the distinctiveness of the trademark, company lawyers told him in a stern letter last week: "Nor does Hormel Foods wish to be affiliated with your company, your bulk e-mail business, or the usage you have made of Hormel Foods' trademark, which we view as tarnishing its image." The letter demands that Wallace drop "spam." The official response, a letter Wednesday from Wallace's attorney Ralph Jacobs, was just as emphatic: "If all your client wants is for Mr. Wallace to agree not to pose next to a can of Spam ... we can probably work something out. If your client objects to the use of the word `spam' to refer to my client's business, it's far too late to change the vocabulary of 25 million Internet users." ------------------------------ From--Ed Ellers Subject--Spamford Blows Off Hormel Date--6 Jul 1997 01:46:29 GMT Organization: AT&T WorldNet Services This is a press release that Cyber Promotions issued on Wednesday after Hormel demanded that the term "spam" no longer be used to describe unsolicited messages. -------------------------------- SPAM I'm Not Cyber Promotions says "NO" to Cease & Desist from Spam distributor, Hormel Foods. For Immediate Release: Philadelphia 7-2-97 --- Cyber Promotions, Inc., the country's best known Internet mass e-mail firm, announced today that it had rebuffed threats by Hormel Foods Corporation over the use of the word SPAM in connection with unsolicited Internet e-mail. Cyber Promotions received a cease and desist letter from lawyers for Hormel, distributors of the Spam meat product, complaining that Cyber had disparaged Hormel's trademark. Cyber Promotions rejection of Hormel came in a letter from Cyber's counsel, Ralph A. Jacobs, Esq., of the law firm of Hoyle, Morris & Kerr in Philadelphia. In the letter, Jacobs reminded Hormel that there was no likely confusion because in cyberspace, spam refers to an e-mail practice, not to a food product, and he quoted a recent {Wall Street Journal} article in which Hormel's general counsel acknowledged as much. Mr. Jacob's letter also reminded Hormel's lawyers that a federal court in New York had rejected Hormel's trademark infringement case against Jim Henson over a Muppet named Spa'am. Sanford Wallace, a.k.a. SPAMford, president of Cyber Promotions, commented: "We had no thought of Hormel when we registered www.spamford.com. On the Net, when people say spam they think of us, not a processed meat product. Try searching for spam on the Internet and you'll find that's true. Our business is e-mail, not canned meat. It's far too late to change the vocabulary of 25 million Internet users." [TELECOM Digest Editor's Note: None the less I hope Hormel sues him vigorously and forces him to discontinue *his* use of the term to describe his practices. Anyone who wishes to sue Spamford and cause him to have obscene legal bills is my friend. Anyone who wants to cause him as much grief as possible should be saluted, and that most definitly includes the various hackers who are trying hard to put him out of business. Perhaps Hormel should start a web page which has various recipies involving their meat product and then proceed with their suit against him. Does anyone know what his current 800 number is? Netters who want to contact him by phone are asking. PAT] ------------------------------ Date: Sat, 31 May 1997 11:48:13 -0500 From: David Smith Subject: File 2--(Fwd) Spam Lawsuit Here is our foray into the world of fighting spam. Our target : forged return e-mail addresses to systems the spammers don't have permission to use. I can send a copy of the actual lawsuit, upon request. ------- Forwarded Message Follows ------- FOR IMMEDIATE RELEASE TEXANS SUE TO RECOVER DAMAGES FOR INTERNET "SPAM" CLAIMING ELECTRONIC TRESPASS AND NUISANCE Austin, Texas, May 28, 1997: Several Internet leaders in Austin, Texas filed a lawsuit yesterday afternoon against a company and an individual believed to be responsible for the mass distribution of junk mail over the Internet, also called "spam." The suit claims that C.N. Enterprises and Craig Nowak of San Diego, California, sent thousands of electronic messages selling information on "Free Cash Grants" for $19.95. The ad's content was not only misleading, the lawsuit claims, but the company's e-mail used a false return address, causing the electronic mail boxes of several Austin residents to overflow with returned copies of the junk mail. According to the lawsuit, by using a false return address, those who send junk mail over the Internet can avoid the anger that results from this controversial practice. They can also avoid dealing with the thousands of "bounce" messages that result from sending e-mail to invalid or outdated addresses. "In effect," the lawsuit alleges, "C.N. Enterprises deliberately dumped tons of its electronic garbage and pollution" into the Austin residents' mailboxes. The lawsuit claims that the use of false return addresses on junk e-mail, and the resulting fallout on those who own the addresses used, is illegal under the traditional common law causes of action of nuisance, trespass and conversion. The lead plaintiff is Tracy LaQuey Parker, a leading Internet author, who owns the Internet domain name used by C.N. Enterprises without her permission. Said Ms. Parker, "As a long-time Internet advocate, I am saddened that the goodwill spirit of the Internet is being spoiled by irresponsible individuals who forge their identity in order to make a quick buck. There are plenty of examples of legitimate commercial uses of the Internet. This isn't one of them." Joining Ms. Parker in the lawsuit are her husband Patrick Parker and Peter Rauch, both Ms. Parker's business partners. Also joining the suit are Zilker Internet Park, Ms. Parker's Internet service provider, which had to deal with the flood of messages stemming from the "spam," and two active Texas Internet groups, the Texas Internet Service Providers Association (TISPA), a group of commercial Internet service providers, and EFF-Austin, a local Internet civil liberties organization. (more) Page Two -- Texans Sue to Recover Damages for Internet "Spam" John Quarterman, an owner of Zilker Internet Park, stated, "'Spam' is a large and rapidly growing problem which has cost Zilker Internet Park and many other ISPs and Internet users much time and money. We have put many technical blocks in place to limit it. With this lawsuit, we are taking the next step to help stop this abuse of the Internet." TISPA and EFF-Austin joined the lawsuit in an effort to broaden the legal precedent beyond Ms. Parker's single Internet domain name, according to Gene Crick, TISPA's president. "Increasingly, 'spammers' are using false return addresses to avoid taking full responsibility for the harm caused by their unsolicited commercial e-mail," Crick said. "These forgeries dump huge volumes of unwanted junk mail onto Internet companies and their customers. TISPA would like to see the court grant a broad and clear injunction prohibiting this practice." The lawsuit was filed on behalf of LaQuey and the others by Pete Kennedy and Roger Williams of George, Donaldson & Ford, L.L.P. of Austin. Among its other Internet related cases, the law firm has been involved in lawsuits against the United States Secret Service and Simon Leis, the Hamilton County (Ohio) Sheriff, over the seizure of private e-mail. # # # For more information, contact: Plaintiffs: Tracy LaQuey Parker and Patrick Parker, 512-454-7748 John Quarterman, MIDS 512-451-7620 Gene Crick, Texas Internet Service Providers Association (TISPA), 512-303-1021 Jon Lebkowsky, EFF-Austin, 512-444-5175 Law Firm: Peter Kennedy or Roger Williams George, Donaldson & Ford, L.L.P., 512-495-1400 Media Contact: Peggy Hubble or Sondra Williams, MEM/Hubble Communications, 512-480-8961 David Smith bladex@bga.com 512-304-6308 ------------------------------ Date: Sun, 06 Jul 1997 19:01:26 -0500 (CDT) From: Bennett Haselton Subject: File 3--Solid Oak's response to "G-17 error" Source - fight-censorship@vorlon.mit.edu This is the letter that Solid Oak Software sent out to one person who wrote to them reporting a "G-17" error (the fake error that the installer gives if it detects that you have visited the Peacefire web site). He was told that he had to pay for the full version. This puts a new spin on what Milburn said in the PC World article (http://www.pcworld.com/cgi-bin/database/body.pl?ID=970702181157) when he admitted that the installer scans the user's hard drive: ""We reserve the right to say who gets to install our software for free." But even people who have visited Peacefire can install the software, as long as they pay? He also said in the article: "If Bennett Haselton is alleging that we get some kind of information sent to us, I mean that's ridiculous. If the program fails to install, I don't see how any way shape or form that would be an invasion of privacy." But judging by the response from Solid Oak tech support, if you tell them that you got the error, they discern that you have visited Peacefire and tell you something that isn't true (you can't use the program) in order to get you to pay them money. Hence, the error results in information being sent to them that you would probably rather keep private. I deleted the address of the sender and the text of his original message to avoid tipping off Solid Oak who the person actually was. From: Technical Support To: [name and address deleted -Bennett] Date: June 5, 1997 6:38 pm Subject: File 4-- Re: CYBERsitter problems I am sorry, but you will not be able to run the trial version of CYBERsitter. The retail version _will_ install properly, but the trial version will not install on your computer. On 06/05/97 6:20pm you wrote... [a message reporting the G-17 error, text deleted -Bennett] bennett@peacefire.org http://www.peacefire.org (901) 366-1452 (home) after 6 PM central time and all day on weekends (901) 922-6930 (work) ------------------------------ Date: Fri, 20 Jun 1997 22:34:10 From: Richard Thieme Subject: File 5--Islands in the Clickstream Islands in the Clickstream: The Power of Projection, the Power of Digital Presence Welcome to the blank screen. A computer monitor glowing in the dark. Pixels constellated as an image of printed text. The belief that behind those images is a human intelligence, whose energy and presence you sometimes swear you can "feel." Once that belief becomes our shared or consensus reality, you believe that "I" am talking to "you." Believing is seeing. Believing is the precondition of a possibility. So ... here I am again. Twenty years ago, I moved to Mutton Hollow, a rural area of northern Utah. Since I had lived only in Chicago, London, and Madrid previously, this took some getting used to. The pleasures of a big city were far, far away. We were high against the Wasatch Front, and the winter skies were magnificent. I bought a telescope with a long barrel. Since the seeing was best at the top of the sky where the air was clearest, I often lay a tarp on the frozen snow so I could lie on my back and look straight up. I moved slowly through the star fields, pausing at a cluster or the Great Nebula in Orion before losing myself in the three- dimensional darkness among the blue, white, yellow, and blood-red stars. The stars and the vast spaces between them became my companions. I still can't identify most constellations, however. A constellation is an arbitrary pattern imposed on a random scattering of stars. I guess I can see it's a bull, but it might as well be a bear or a crawling baby. The images our forebears used to connect the dots were projected from within their own psyches. Once there was a consensus reality about what they were, the projections became "real." It really was a herdsman or a bear "out there." The computer monitor at which we are both looking right now is a powerful invitation to project a pattern onto what we are seeing. Haven't you read an email or an IRC communication when your emotion was running high, and you could swear you felt the presence of the sender in the room? As if they were right there in the words you were reading? Hasn't it sometimes seemed beyond coincidence when you went on-line with someone on your mind and bingo! there they were! Or there their words were. But were they in the words you read? And did the words mean what you thought they meant? It is a perpetual dilemma of the human condition that we can not easily distinguish our projections from genuine perceptions. Carl Jung said the soul or psyche projects its contents onto archetypal symbols that invite them. You can tell there's projection, he said, when there's secrecy, fascination, and high energy. A speech I have given for portfolio managers and others interested in the psychology of investment is called "The Stock Market, UFOs, and Religious Experience." What do those three things have in common? All three domains invite powerful projections, and we think we see "out there" in the economy or the markets, in the night sky, or in the universe itself that which we have projected onto it. Something is out there, something elicited the projection, but we can't see what it is until we withdraw our projections and integrate them once again into our selves. Then we can see where we end and someone else begins. Confusion of boundaries bedevils online relationships as well as those in the flesh. All religious and spiritual traditions have tools designed to help us integrate our projections into our selves. We call the process "getting it together," the end result "integrity." We say we "feel centered," when we take back the power we have projected onto another or given away. The pixels on your monitor invite projection. Secrecy, fascination, and high energy. How about it? Have they characterized any of your online exchanges or adventures? If there is a context for a personal or business relationship before email is exchanged, the online exchange is anchored. Face-time and telephone-time too ground the exchange. When people connect online and do not mitigate their encounter with a context that grounds it, the projections -- and the sparks -- can fly. The greater your intention to crate a context that grounds your email, the greater the likelihood you will not be misunderstood. That requires imagination, an ability to see different interpretations for your words. You may think the words you sent were crystal clear, but the person on the other end, returning to their cubicle in a dour mood, may receive them like a boxing-glove coming out of a closet. The fewer words you provide, the greater the invitation to project. The stars can be a bull or a bear or a crawling baby. In business as well as personal online communication, we are responsible for creating a context that enables our words to vibrate with obvious meaning. The digital image at which you are looking is a simulation of printed text, which simulated written words, which simulated spoken words. Reading silently to ourselves is a relatively late practice. T. S. Eliot may have thought that his "words echo thus in your mind," but only a few generations ago, schoolchildren read aloud, all together, so the schoolmaster would know they weren't shirking. The only real words were spoken words. Some think spoken words are a specialized kind of gesture. Gestures are feelings felt so strongly they make the whole body vibrate like a violin. When I intend to communicate to you in this medium, all I have is my intention to focus energy and information so you "get it." We human beings are nothing but organized systems of energy and information. That's what computers are too. The words on your screen are merely the echo of a gesture, feelings felt so strongly they show up and glow through the words. It isn't words alone, though, it's the energy or the shape of the energy seen and felt through the words that you "get." A spirit making the electrons coalesce by sheer force of will so you see, and sometimes feel, my presence in the room, in your life, in your head and heart. Believing is seeing. So ... as I said ... here I am again. ********************************************************************** Islands in the Clickstream is a weekly column written by Richard Thieme exploring social and cultural dimensions of computer technology. Comments are welcome. Feel free to pass along columns for personal use, retaining this signature file. If interested in (1) publishing columns online or in print, (2) giving a free subscription as a gift, or (3) distributing Islands to employees or over a network, email for details. To subscribe to Islands in the Clickstream, send email to rthieme@thiemeworks.com with the words "subscribe islands" in the body of the message. To unsubscribe, email with "unsubscribe islands" in the body of the message. Richard Thieme is a professional speaker, consultant, and writer focused on the impact of computer technology on individuals and organizations. Islands in the Clickstream (c) Richard Thieme, 1997. All rights reserved. ThiemeWorks P. O. Box 17737 Milwaukee WI 53217-0737 414.351.2321 ------------------------------ Date: Thu, 26 Jun 1997 13:44:54 -0500 (CDT) From: Crypt Newsletter Subject: File 6--HIGH CONCEPT VIRUS FILM IN PRODUCTION Source - CRYPT NEWSLETTER 43 June -- July 1997 HIGH CONCEPT VIRUS FILM IN PRODUCTION While visiting the East Coast in June, Crypt Newsletter ran across the filming of a computer virus movie in Hampton Roads, Virginia. Starring Jamie Lee Curtis and William Baldwin, the movie is based on a old comic book series entitled "Virus." Alert readers may remember Crypt News covering it -- tongue in cheek -- way back in 1993. For those who don't, here's the scoop. Originally published by a company called Dark Horse, "Virus" was the very essence of high concept: non-stop action, nonsensical pseudo-science, absence of plot, and gruesome mutilations with a somewhat pretty-looking woman heroine thrown in for punctuation. Dark Horse made its name peddling an endless flood of such titles, most devoted to squeezing the last drop of greenish ichor from movies like "Alien" and "Predator." That philosophy ensured just about anything it printed was a big hit, selling out immediately in the kinds of comic stores run by tubercular-looking men with an intense dislike for patrons who don't reserve at least ten new titles each month. That said, the first issue of "Virus" was almost OK. But almost only counts in quoits and horseshoes. "Virus featured fair art, tiresome dialogue and a story that revolved around an abandoned Chinese radar and telemetry ship that comes under the power of some inter-cosmic computer virus that has been beamed down from the aether through a radio antenna connected to the ship's mainframe computer. The original crew of Chinamen is, of course, dispensed with through a spasm of casual mechanized butchery, necessitating the trapping of some ocean-wandering riff-raff who think they're going to appropriate the vessel's equipment for lots of cash money. Apparently, this is where Jamie Lee Curtis comes in. Anyway, "Virus" -- the villain -- nixes this plan at once by ripping the breast-bone out of one of the looter/scientists with the aid of a computer-controlled winch. E-mail Risks Digest and report this to Peter Neuman at once! "Aaaiiieeee!" screech the trapped sailors. They want out, but not before being attacked by something that looks like a cross between a kite and a flying pipe-wrench made from sails and human integument. While perhaps potentially interesting to infowar shamans at the National Defense University, Crypt News suspects the movie adaptation will be as numbingly contrived and psychotically bloody as the original. Look for it next summer. Postscript: Rumors that John Buchanan is serving as technical advisor on the "Virus" set are scurrilous lies! ((CRYPT Newsletter is published once a month. For subscription or other information, contact the editor: Editor: Urnst Kouch (George Smith, Ph.D.) Contributing Editors: Stephen Poole, Rob Rosenberger INTERNET: 70743.1711@compuserve.com crypt@sun.soci.niu.edu Mail to: Crypt Newsletter 1635 Wagner St. Pasadena, CA 91106 ph: 818-568-1748 ------------------------------ Date: Mon, 23 Jun 1997 06:02:58 -0700 (PDT) From: Darren Reed Subject: File 7--book on hacker cult/underground. Most of us are used to reading stories about hacking by the people who did the catching of the hackers...this one is an ongoing story of the local hacker scene...with not so local contacts and exploits. Some of the important things to note are just how well they do work together, as well as competing with each other and what they do when they get pissed off with each other. Meanwhile most of the white hats are too busy trying to hoard information from the other white hats... Having been on the "victim" side in the past, it is quite frustrating when someone you've worked to have arrested gets off with a fine. Most of us would agree that they should be locked up somewhere, but accoriding to what's in the book, most of them are suffering from either problems at home or other mental disorders (including one claim in court to being addicted to hacking). Anyone for a "Hackers Anonymous Association" for help in drying out from this nefarious activity ? At least in one case documented within the perpetrators get sentenced to time behind bars. It's somewhat comforting to read that people have actually broken into the machines which belong to security experts such as Gene Spafford and Matt Biship, although I'd have prefered to have not read how they successfully broke into the NIC :-/ Don't know about you, but I don't care what motives they have, I'd prefer for them to not be getting inside machines which provide integral services for the Internet. For all of you who like to hide behind firewalls, in one instance a hacker comes in through X.25 and out onto the Internet. Nice and easy 'cause we don't need to firewall our X.25 connection do we ? :-) Oh, and just for all those VMS weenies who like to say "We're secure, we run VMS not Unix" - the first chapter of the book is on a VMS worm called "WANK" that came close to taking the NASA VMS network completely off air. I wonder how long it will take for an NT equivalent to surface... All in all, a pretty good read (one from which I'm sure hackers will learn just as much from as the rest of us). The book's details are: Title: UNDERGROUND - Tales of Hacking, madness and obsession on the Electronic Frontier ISBN 1-86330-595-5 Author: Suelette Dreyfus Publisher: Random House Publisher's address: 20 Alfred St, Milsons Point, NSW 2061, Australia Price: AUS$19.95 before I forget, the best URL for the book I've found is: http://www.underground.org/book or http://www.underground.-book.com (the publisher's one is rather lame) ------------------------------ Date: Tue, 24 Jun 1997 19:07:08 -0700 (PDT) From: proff@IQ.ORG Subject: File 8--Underground extract: System X Anyone read this book? Apparently the first in-depth investigation into the international computer underground to come out of the Southern-Hemisphere - or so I'm told ;) - J.A Extracts from Underground - The true nature of System X Extracted from Chapter 10 - "Anthrax - The Outsider" Note: System X's name has been changed for legal reasons. Sometimes the time just slipped away, hacking all night. When the first hint of dawn snuck up on him, he was invariably in the middle of some exciting journey. But duty was duty, and it had to be done. So Anthrax pressed control S to freeze his screen, unfurled the prayer mat with its built-in compass, faced Mecca, knelt down and did two sets of prayers before sunrise. Ten minutes later he rolled the prayer mat up, slid back into his chair, typed control Q to release the pause on his computer and picked up where he left off. This company's computer system seemed to confirm what he had begun to suspect. System X was the first stage of a project, the rest of which was under development. He found a number of tables and reports in System X's files. The reports carried headers like 'Traffic Analysis', 'calls in' and 'calls out', 'failure rate'. It all began to make sense to Anthrax. System X called up each of the military telephone exchanges in that list. It logged in using the computer-generated name and password. Once inside, a program in System X polled the exchange for important statistics, such as the number of calls coming in and out of the base. This information was then stored on System X. Whenever someone wanted a report on something, for example, the military sites with the most incoming calls over the past 24 hours, he or she would simply ask System X to compile the information. All of this was done automatically. Anthrax had read some email suggesting that changes to an exchange, such as adding new telephone lines on the base, had been handled manually, but this job was soon to be done automatically by System X. It made sense. The maintenance time spent by humans would be cut dramatically. A machine which gathers statistics and services phone exchanges remotely doesn't sound very sexy on the face of it, until you begin to consider what you could do with something like that. You could sell it to a foreign power interested in the level of activity at a certain base at a particular time. And that is just the beginning. You could tap any unencrypted line going in or out of any of the 100 or so exchanges and listen in to sensitive military discussions. Just a few commands makes you a fly on the wall of a general's conversation to the head of a base in the Philippines. Anti-government rebels in that country might pay a pretty penny for getting intelligence on the US forces. All of those options paled next to the most striking power wielded by a hacker who had unlimited access to System X and the 100 or so telephone exchanges. He could take down that US military voice communications system almost overnight, and he could do it automatically. The potential for havoc creation was breathtaking. It would be a small matter for a skilled programmer to alter the automated program used by System X. Instead of using its dozen or more modems to dial all the exchanges overnight and poll them for statistics, System X could be instructed to call them overnight and reprogram the exchanges. --- No-one would be able to reach one another. An important part of the US military machine would be in utter disarray. Now, what if all this happened in the first few days of a war? People trying to contact each other with vital information wouldn't be able to use the telephone exchanges reprogrammed by System X. THAT was power. It wasn't like Anthrax screaming at his father until his voice turned to a whisper, all for nothing. He could make people sit up and take notice with this sort of power. Hacking a system gave him a sense of control. Getting root on a system always gave him an adrenalin rush for just that reason. It meant the system was his, he could do whatever he wanted, he could run whatever processes or programs he desired, he could remove other users he didn't want using his system. He thought, I own the system. The word 'own' anchored the phrase which circled through his thoughts again and again when he successfully hacked a system. The sense of ownership was almost passionate, rippled with streaks of obsession and jealousy. At any given moment, Anthrax had a list of systems he owned and that had captured his interest for that moment. Anthrax hated seeing a system administrator logging onto one of those systems. It was an invasion. It was as though Anthrax had just got this woman he had been after for some time alone in a room with the door closed. Then, just as he was getting to know her, this other guy had barged in, sat down on the couch and started talking to her. It was never enough to look at a system from a distance and know he could hack it if he wanted to. Anthrax had to actually hack the system. He had to own it. He needed to see what was inside the system, to know exactly what it was he owned. The worst thing admins could do was to fiddle with system security. That made Anthrax burn with anger. If Anthrax was on-line, silently observing the adminsU activities, he would feel a sudden urge to log them off. He wanted to punish them. Wanted them to know he was into their system. And yet, at the same time, he didnUt want them to know. Logging them off would draw attention to himself, but the two desires pulled at him from opposite directions. What Anthrax really wanted was for the admins to know he controlled their system, but for them not to be able to do anything about it. He wanted them to be helpless. Anthrax decided to keep undercover. But he contemplated the power of having System X's list of telephone exchange dial-ups and their username - password combinations. Normally, it would take days for a single hacker with his lone modem to have much impact on the US military's communications network. Sure, he could take down a few exchanges before the military wised up and started protecting themselves. It was like hacking a military computer. You could take out a machine here, a system there. But the essence of the power of System X was being able to use its own resources to orchestrate widespread pandemonium quickly and quietly. Anthrax defines power as the potential for real world impact. At that moment of discovery and realisation, the real world impact of hacking System X looked good. The telecommunications company computer seemed like a good place to hang up a sniffer, so he plugged one into the machine and decided to return in a little while. Then he logged out and went to bed. When he revisited the sniffer a day or so later, Anthrax received a rude shock. Scrolling through the sniffer file, he did a double take on one of the entries. Someone had logged into the company's system using his special login patch password. He tried to stay calm. He thought hard. When was the last time he had logged into the system using that special password? Could his sniffer have logged himself on an earlier hacking session? It did happen occasionally. Hackers sometimes gave themselves quite a fright. In the seamless days and nights of hacking dozens of systems, it was easy to forget the last time you logged into a particular system using the special password. The more he thought, the more he was absolutely sure. He hadn't logged into the system again. Which left the obvious question. Who had? ___________________________________________________ [This extract may be reposted non-commercially and without charge only] Underground; Tales of Hacking, Madness and Obsession on the Electronic Frontier, by Suelette Dreyfus; published by Mandarin (Random House Australia); (P) 475 pages with bib. http://www.underground-book.com/ or http://underground.org/book ------------------------------ Date: Thu, 7 May 1997 22:51:01 CST From: CuD Moderators Subject: File 9--Cu Digest Header Info (unchanged since 7 May, 1997) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. In ITALY: ZERO! BBS: +39-11-6507540 UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.54 ************************************