THERE'S GOTTA BE A BETTER WAY By Glen Roberts Bill Vajk COPYRIGHT (C) 1991 BY FULL DISCLOSURE. ALL RIGHTS RESERVED. This issue of Full Disclosure is devoted to the current attempts at solving the problems of computer security through prosecution of computer crimes. It would appear from the recent activities of the federal government that one of its major attacks is trying to spread fear throughout the ``hacker'' community. Such a concept will certainly work in a limited number of cases. However, as the reading of any local newspaper will show, numerous crimes are committed everyday, criminals are not stopped by the fear of punishment. The other aspect of the government's fear program appears directed towards those who have no criminal involvement, who wish to participate in First Amendment activities by high-technology. Some have been subjected to punishment without even the allegation of criminal behavior. See related article titled ``Dr. Ripco Seizure.'' The result is a fear by some of participating in the First Amendment, not a legitimate goal of law enforcement or the government. Reprinted in this issue is a copy a sentencing memorandum filed by the Government last year in a computer crime case. It portrays the defendants as particularly ``powerful by'' means of the information they stole. Missing is the fact that the lax nature of computer security is what actually gave the defendants power. If the state of computer security been reasonable secure, the information obtained by defendants (whether legally or not) would have granted them no extraordinary power. A primary reason the government seeks incarceration as part of the sentence is not because of the criminal nature of the defendants activities, but rather to send ``the message that the hackers around the country need to hear.'' Unfortunately, the death penalty has failed to stop murder. The government appears to be more concerned with the free flow of information than the fact that criminal acts were committed; ``[f]rom the start, information was stolen and, by definition no longer safeguarded.'' Later concluding, ``in essence, stolen information equalled power, and by that definition, all three defendants were becoming frighteningly powerful.'' The concept that information is the crux of the problem is also highlighted by William Cook, Assistant United States Attorney, Chicago, Illinois in an article he wrote for the Spring 1990, COMMUNICATOR*1. He noted that hackers can ``easily keep up with industry technical developments.'' He also perceives that hackers are able to easily use prior information to form attack plans on new computers. As the Soviet Union moves toward a more open society, the United States is just as surely closing its windows of communication. The United States has always been the technological forefront in the world because of the ease of information flow. Researchers, corporations and individuals have always been free to group together and exchange information as desired. This has greatly increased the ability of the United States to make technological advances quickly. One can easily see the results by looking at the space programs administered by NASA. They have resulted in many inventions finding their way quickly into our economy, including rapid improvements in our exports. A few of the things that have resulted from NASA's openness with U.S. industry have included: new applications such as teflon coatings (frying pans and such), inhalation therapy for lung ailments, teflon coatings for asbestos fiber made into special apparel for rescue in fires, and many more too numerous to mention. The phenomenon of information exchange is exactly what William Cook describes in his article. However, because the ``hackers'' have apparently built or made use of a highly efficient communications medium they have been able to advance as quick as corporations which have failed to take devote resources to advance their informational security. The corporate security departments should make use of the same hacker communication techniques to work on their problems and see their use of the ``frightening power'' of information lead to secure computer systems. The Communications Fraud Control Association (CFCA) in its published FRAUD ALERT of June 21, 1990, is concerned that the government may not be able to stop computer crime, if several organizations promising funding for legal defense follow through. At risk is the review of several federal and state statutes for compliance with constitutional guidelines. To date, even with the presence of one such rights organization, the EFF*2, in at least two federal cases, such a review has thus far been thwarted. In short, we see the CFCA's position as allowing only two choices: 1) violate the rights of hackers in order to obtain convictions, or 2) the world will be runover by a rampage of hacking activities. Two decades ago, the same problems, but with slightly different technology was showing its ugly face. The related article in this issue ``The Death of the Blue Box'' overviews the legal difficulties the government had in prosecuting those stealing telecommunications services. Ultimately, the law enforcement efforts to stop blue boxers were by all practical means of measurement a complete failure. Only a handful of thousands of offenses were prosecuted. Those prosecutions proved to have no deterrent effect on others. Just as we will see that the few recent computer hacker prosecutions will do nothing to stem the flow of current day hacking and telecommunications fraud. Prosecution of crimes throught to be victimless does little more than to strengthen the resolve to not get caught in a very evoluntionary way. The solution today is the same as it was in the blue box solution. An upgrading of the technology will prevent the simplistic attacks that are so common. The first step towards a technological upgrade requires an increase in the communication between those experiencing compromise of their data. The CFCA's COMMUNICATOR claims in the February 1990 issue of Security Management to be the only regular journal on telecommunications crime. Apparently overlooking, CUD, 2600 and the non defunct Phrack. That is a small start towards the free flow of information needed by those who are looking for security solutions for their companies. *1 Communications Fraud Control Association (CFCA), 7921 Jones Branch Dr, #300, McLean, Virginia 22102, Phone: (703) 848-9768, Fax: (703) 356-3701. The association also operates a Consumer Hotline for anyone experiencing phone fraud. *2 EFF, The Electronic Frontier Foundation, 155 Second St, Cambridge, MA 02141, Phone: (617) 864-0665, Fax: (617) 864-0866. The above is reprinted from Full Disclosure Newspaper. Subscribe today and get interesting articles like the above, plus more... pictures, graphics, advertisement, and more articles. Full Disclosure is your source for information on the leading edge of surveillance technology. Print the following form, or supply the information on a plain piece of paper: ---- Please start my subscription to Full Disclosure for: [ ] Sample issue, $2.00 [ ] 12 issue subscription, $18.00 [ ] 24 issue subscription, $29.95 With 24 issue susbcription include free one of the following: [ ] Directory of Electronic Surveillance Equipment Suppliers [ ] Citizen's Guide on How to Use the Freedom of Info/Privacy Acts [ ] Maximizing PC Performance Also available separately: [ ] Directory of Electronic Surveillance Equipment Suppliers, $6.00 [ ] Citizen's Guide on How to Use the Freedom of Info/Privacy Acts, $5.00 [ ] Maximizing PC Performance, $6.00 Illinois residences, add 6.5% sales tax on above 3 items. Enclosed is payment in the form of: [ ] Check/Money order, [ ] Visa, [ ] Mastercard Card no:___________________________________ Exp date:_______ Signature:__________________________________________________ Phone:______________________________________________________ (required for credit card orders) My name/address: Name:_______________________________________________________ Street:_____________________________________________________ City/State/Zip:_____________________________________________ Return to: Full Disclosure, Box 903, Libertyville, Illinois 60048