Computer Underground Digest Volume 1, Issue #1.05 (April 22, 1990)
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.05 (April 22, 1990) **
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0JUT2@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
In This Issue:
File 1: Moderators' Corner (news and notes)
File 2: From the Mailbag
File 3: Freedom of Information / FBI Surveillance of BBSs
File 4: An Awkward conversation with S.P.A
File 5: "ERRATA" (Go placidly amongst the BBS world....hi-camp!)
*** Computer Underground Digest Issue #1.05 / File 1 of 5 ***
In this file:
-- Mail problems
-- Legion of Doom Update
-- Policy on Anonymous postings
-- Call for articles
We are not getting thru all the gateways, so if you know of anybody who has
requested back issues but hasn't heard from us, let us know, or have them
send several addresses we can try. Do not rely on the header has an address,
because it doesn't always work. "@ORION" has been a special problem.
We're still trying to work out a site to make archives of text files
available. Our own system software can't provide one. A few volunteers have
come forth, but if anybody else can set something up, it might speed things
Current holdings are still sparce. They include:
a) PHRACK, PIRATE, ATI, LoD/H, P/Hun, and several hundred
miscellaneous small files.
b) A Master's thesis and several academic papers
c) A variety of news clippings, most of which are probably
copyright protected and cannot be published
WE *STRONGLY* urge anybody who comes across any research papers, news
articles, or other "hard copy" info related to computer underground activity
to send it along so we can build the archives.
We have found it difficult to honor all requests for arhives at once. So, to
get copies of something, for example ATIs, just send periodic requests and
we'll send a few out at a time, and keep sending requests until you have
what you originally wanted.
**LEGION OF DOOM UPDATE (Indictment news)**:
Many have asked how the LoD/Phrack E911 case(s) is coming. Well,
unfortunately very little news has reached us regarding the status of the
charges against The Prophet. Anyone with factual news in this regard is
welcome to submit it... The case against Knight Lightning has a pre-trial
motion pending in the next week or so (late April, '90). The defense has
asked that the indictment be withdrawn and re-submitted in a form that
eliminates the prejudicial and un-proven allegations presented as fact that
it presently contains.
The actual trial date was once set for early June, but the Government asked
that the pre-trail motion be rescheduled from it's original date of a couple
of weeks ago so I would assume the trial date will also be pushed back
As more facts become known and appropriate to share, we will keep you
**ANONYMOUS POSTING POLICY**:
We have been asked our policy on anonymous postings. We have previously
defended the use of pseudonyms as necessary, and are willing to post
questions, general information, or articles of a reasonable nature either
with a handle or anonymously. However, we cannot reproduce flames or
articles for which attribution might be required. Our rationale for allowing
anonymous postings is based on the respect for privacy of those who feel
they have something to say, but who may be afraid of repercussions from
employers or colleagues for speaking in public. Not everybody realizes that
we still have a first amendment, and speaking in public is not always wise
if one values their job. Unfortunately, the "chilling effect" has real
sources. Just ask Steve Jackson.
**CALL FOR ARTICLES:**
We need some people to contribute a few more stories, comments, or articles.
We can try to keep news coming, but were hoping for some lively debate and a
bit more news from various regions. We know that lots of subscribers are
down on computer underground activity, and we don't want this to be a
one-sided forum. The purpose here is to break down barriers so the two sides
have a better appreciation of the other.
+ END THIS FILE +
*** Computer Underground Digest Issue #1.05 / File 3 of 5 ***
THE SOFTWARE PUBLISHERS ASSOCIATION: DON'T CALL US, WE'LL CALL YOU.
NOTE!! Several attempts have been made to obtain information from the SPA
regarding their programs, charter, and membership information. Despite
multiple promises I have not yet received any information that I have
requested. Therefore what is stated about the organization, it's purpose,
and history is based on independent piece-meal research and has not been
supplied by the SPA.
The Software Publisher's Association is an industry organization composed
of small, medium, and large software publishing firms. One of their chief
activities in the past has been to wage a public relations battle against
"software piracy". This campaign, largely through print ads in major
computer magazines, has emphasized the illegality of trading software
programs with coworkers and friends. To my knowledge they have not
directed their attention to the CU realm of the pirate, and in fact, up
until recently, have largely avoided using the label "pirate" at all.
One of the newest "weapons" the SPA has unleashed against software trading
is something called a "corporate audit". My knowledge of this is hazy (see
above notation) but from what I can gather it is a process that
corporations submit to voluntarily. The SPA will conduct an audit of
magnetic media (hard drives, etc) used on a corporation's computers to
assist them in complying with copyright laws and license agreements. Again
the thrust of the program is directed to the corporate world, not the
However the SPA has taken some steps to curb the CU trading of "warez".
One of these techniques has been to open a toll-free "snitch line" where
people could call and report BBS systems that have copyrighted programs in
their download areas. This "snitch line" (my term, I don't know what they
call it...again, see above notation.) differs from an SPA program of a few
years ago when they offered a $100.00 dollar reward for turning in Pirate
bulletin board systems. At that time the caller had to supply a list of
downloadable files, the number of the board, the name and address of the
sysop, and a valid sign on and password to the board in question. To the
best of my knowledge the current program does not offer a monetary reward,
and they extent of the information they are requesting may have changed.
I recently called the "snitch line" as a participant observational
experiment in turning in a Pirate bulletin board. My intent was to
determine the information collected by the SPA and the conceptualization of
"piracy" and "warez" that was being used. Below
is an account and transcript of that conversation.
Software Publisher's Association Monday 2/19/90
I dialed the SPA "turn in a pirate board" number that I had picked up
somewhere in my bbs travels. 1-800-388-PIRS...cute, but not cute enough to be
considered bagging the whole warez scene.
The phone was ringing... "Hello, Warren (or something that sounded
like Warren) Travel", a male voice said.
"Errrr, I think I've reached a wrong number, who is this?"
"Warren Travel, are you trying to get a hold of that software place?"
I told him that I was.
"They published our number by accident. Sorry."
I apologized to him and hung up. I should have asked him how many calls
he had been getting...would be some indication of how much activity a
snitch hotline could generate. I wonder if the SPA is paying for this
guys phone bill? Toll free calls cost about fifty cents...
I then tried toll free information, and asked for the Software Publishers
Association. No listing. Hmmmm, have they given up the "report a pirate
I called information for the District of Columbia and got the office
number for the SPA. After about 10 rings (yes, ten..this was not at
lunch time) a guy answered...
"Software Publishers Association".
"Hi, I was wondering what kind of mechanisms you have in place for
people who want to report a pirate bulletin board."
"Give me the number." (curtly)
"That's it? That's your mechanism?"
(about 4 seconds of silence)
"What have you got?"
"A pirate bbs, 100 megs, pirated software for IBM, Atari, and Amiga."
(about 3 seconds of silence)
"Where did you get the number?"
"Off a list a bbs somewhere, I don't know for sure."
"What did it say?"
"The listing? It's a list of BBS's...it said the name of the board and
gave the phone number."
"No, _this_ number." (sounding frustrated or hurried)
"Your number? I called information and asked for the SPA!"
"Can you give us a lot of information on this board? Who's the sysop?
What's his address?"
"I don't know that. All I have is the number and it's a pirate board.
First time callers get full access to all the downloads and you can see
the files right there."
"oh. Well, give me the phone number."
"Okay, 708/555-5555" (I gave him the phone number for the local
(about 3 seconds of silence)
"We'll look into it."
"What are you going to do?"
"We'll look into it."
"I see, and what's your name please?"
(again, some silent hesitation)
"Okay, Ken. Bye."
>click< (Ken hung up w/out saying anything else)
end of transcript. Total time for call, approx 3 minutes.
I believe the transcript portrays the uninterested, slightly rude manner in
which my call was taken. The fact that Ken was suspicious of where I had
gotten the number to his office, and failed to query me as to the
contents, location, etc of the board I was supposedly reporting indicates
to me that either I reached an individual that was not accustomed to
answering the phone for these calls (as may be indicated by the excessive
number of rings he took to answer, maybe the secretary was ill that day)
or, perhaps, a lack of seriousness on the part of the SPA in dealing with
The Software Publishers Association is a leading source of unverified (and
un-verifiable) information regarding the expense and extent of "piracy".
Here we have seen just how interested they appear to be when presented with
an opportunity to squelch what may have been, for all they knew, a "major
supplier of pirated software".
Postscript: I have since learned that the correct number for the "snitch
line" is 800/388-PIR8. As of yet I have not repeated my experiment. Others
are welcome to do so and I'd appreciate hearing
+ END THIS FILE +
*** Computer Underground Digest Issue #1.05 / File 4 of 5 ***
Date: Sun, 8 Apr 90 12:13:27 -0700
Subject: FBI BBS Surveillance (CPSR FOIA Request)
On August 18, 1989 CPSR submitted a Freedom of Information Act request to the
FBI asking for information about BBS surveillance. After four follow-up
letters, a series of phone calls, and Congressional testimony that discussed
the CPSR request, the FBI has failed to respond to our request. (The statutory
time limit for the FOIA is ten days).
If any one has information about possible FBI surveillance of bulletin boards
or networks, please send it to me. Specific dates, locations, BBSs are
important. (You can send information to me
anonymously by land mail, if you need to protect your identity).
Thanks for your assistance,
Marc Rotenberg, Director
CPSR Washington Office
1025 Connecticut Ave., NW, Suite 1015
Washington, DC 20036
1. CPSR FOIA Request to the FBI Regarding BBS Surveillance
2. CPSR letter to Congressman Don Edwards regarding FOIA request
3. Chronology of events
[CPSR FOIA Request to the FBI Regarding BBS Surveillance]
CPSR Washington Office
1025 Connecticut Avenue, NW
Washington, DC 20036
202 775-1941 (fax)
August 18, 1989
9th St. & Penn. Ave., NW
Washington, DC 20535
Dear FOIA Officer,
This is a request under the Freedom of Information Act, 5 U.S.C. 552.
I write to request a copy of all materials relating to the FBI's collection of
information from computer networks and bulletin boards, such as PeaceNet (San
Francisco CA) or The Well (Berkeley CA), that are used frequently by political
or advocacy organizations. In particular, I would like any records which would
indicate whether the Bureau is intercepting, collecting, reviewing, or
"downloading" computer transmissions from any of the following networks and
conferences: Action Southern Africa, AIDS Coalition Network, The American Peace
Test, Amnesty International, Association for Progressive Communications, Beyond
Containment, Center for Innovative Diplomacy, Central America Resource Center,
Central America Resource Network (CARNet), The Christic Institute, Citizen
Diplomacy, Community Data Processing, EcoNet, Friends of the Earth, Friends
Committee on National Legislation, HandsNet, Institute for Peace and
International Security, Media Alliance, Meiklejohn Civil Liberties Institute,
National Execution Alert Network, Palo Alto Friends Peace and Social Action
Committee, PeaceNet. Quaker Electronic Project, Web, The Well.
This request includes public communications that take place through a computer
bulletin board. For example, this would include both transmissions that are
available for public perusal, a "conference" or "posting," as well as
transmissions that are directed from one party to one or more other specific
parties and intended as private, "electronic mail."
I also request any records that would indicate whether the FBI, or anyone
acting at the behest or direction of the FBI, has any computer accounts on any
computer bulletin boards operated by an advocacy or political organization,
and, if so, the names of the bulletin boards, and whether the Bureau has
indicated the actual organizational affiliation of the account holders to the
I also request any records that would indicate whether the Bureau has ever
operated, is currently operating, is involved in the operation of, or is
planning to operate, a computer bulletin board that is intended for public
I would also like any records which would indicate the circumstances under
which it would be appropriate for an agent or authorized representative, asset,
informant, or source of the Bureau to intercept, collect, review, or "download"
the contents of computer bulletin boards.
I would like any records relating to the FBI's development, research, or
assessment of computer systems for automated review of information stored in an
electronic format, obtained from a computer bulletin board or network.
Finally, I request any records that would indicate whether the FBI has
developed, or is planning to develop, a system that could automatically review
the contents of a computer file, scan the file for key terms or phrases, and
then recommend the initiation of an investigation based upon this review.
I ask that you check with your regional offices in San Francisco, San Jose,
Austin, Phoenix, Los Angeles, and New York, in addition to the files that are
available in Washington, DC. I also ask that you consult with those agents
involved in the investigation of computer crime to determine whether they might
be aware of the existence of such records. You should also check any documents
relating to John Maxfield, who was employed by the Bureau to investigate
computer bulletin boards.
Under the Freedom of Information Act, you may withhold all properly exempted
materials. However, you must disclose all non-exempt portions that are
reasonably segregable. I reserve the right to appeal the withholding or
deletion of any information.
Under the Freedom of Information Act, CPSR is entitled to a waiver of all fees
for this request because the "disclosure of this information is likely to
contribute significantly to the public understanding of the operations or
activities of the government and is not primarily in the commercial interest of
the requester." CPSR is a non-profit, educational organization of computer
scientists. Our work has been cited in scholarly journals, trade publications,
and the national media. CPSR has particular expertise on the use of computer
technology by the FBI, having prepared an extensive report on the proposed
expansion of the NCIC at the request of Congressman Don Edwards. For these
reasons, CPSR is entitled to a waiver of all fees.
If you have any questions regarding this request, please telephone me at the
above number. I will make all reasonable efforts to narrow the request if you
determine that it has been too broadly framed.
As provided in the Freedom of Information Act, I will expect to receive a
response within ten working days.
Marc Rotenberg, Director
for Social Responsibility
[CPSR letter to Congressman Don Edwards regarding FOIA request]
February 27, 1990
Representative Don Edwards
Subcommittee on Civil and
House Judiciary Committee
806 House Annex 1
Washington, DC 20515
Dear Chairman Edwards:
I am writing to you about a particular FOIA request that CPSR
has pursued since August of last year. We asked the FBI for
information about the monitoring of computer networks and bulletin
boards. We initiated this request because of the obvious civil
liberties interests -- speech, associational, and privacy -- that
would be endangered if the FBI's examination of the contents of
computer systems failed to satisfy appropriate procedural
After six months of delay, five certified letters to the
Bureau's FOIA/Privacy Act office, and many phone calls with the
FBI's FOIA officers, we have not received even a partial response to
On September 20, 1989 a FOIA officer at the FBI assured us
that information would be forthcoming "in a couple of weeks." A
letter from the FBI FOIA/PA office on December 22 indicated that
information responsive to our request "has been located and will be
assigned for processing soon." But when I spoke with a FBI FOIA
Officer on February 15, less than two weeks ago, I was told that
they "haven't even started" to process the request and that the FBI
couldn't say when we would receive a response. (Please see
enclosed chronology and attachments).
The need for this information is truly urgent. Further delay
will constitute a denial. Congress is now considering several
computer crime bills, such as H.R. 55 and H.R. 287, that could
broaden the authority of federal agents to examine the contents of
computer systems across the country. There is a good chance that a
bill will pass before the end of this session.
Before opening the door to new forms of criminal
investigation, Congress and the public should have a complete
picture of the FBI's current practices. Computer communications are
particularly vulnerable to surveillance and routine monitoring.
Computer mail unrelated to a particularized investigation could be
swept up in the government's electronic dragnet if the law is not
carefully tailored to a well defined purpose. Without a clear
understanding of the civil liberties problems associated with the
investigation of computer crime, Congress may be exacerbating a
problem it does not yet fully know about.
CPSR's Freedom of Information Act request could provide
answers to these questions. The FOIA establishes a presumption
that the activities of government should be open to public review
and that agency records should be disclosed upon request. But the
Bureau failed to comply with the statutory requirements of the FOIA
and frustrated our effort to obtain information that should be
disclosed. Without this information computer users, the public, and
the Congress, may be unable to assess whether the Bureau's current
activities conform to appropriate procedural safeguards.
Computer crime is a serious problem in the United States. One
auditing firm places the annual loss between $3 billion and $5
billion. Nonetheless, it is necessary to ensure that new criminal
law does not undermine the civil liberties of computer users across
the country. We requested information from the FBI under the FOIA
to help assess the adequacy of current safeguards. The Bureau failed
to respond. The result is that the public is left in the dark at a time
when significant legislation is pending.
We would appreciate whatever assistance with this request
you might be able to provide.
Marc Rotenberg, Director
CPSR Washington Office
Chronology of CPSR's FOIA Request regarding
FBI Monitoring of Computer Networks with attachments
cc: Representative Charles Schumer
Representative Wally Herger
FBI FOIA/PA Office
[Chronology of events]
Chronology of events
CPSR FOIA Request
FBI Monitoring of Computer Networks
Aug. 18, 1989
CPSR sends FOIA request to FBI seeking agency
records regarding the FBI's monitoring of computer
networks and computer bulletin boards used by
political and advocacy organizations. The FOIA
request seeks information about:
% the FBI's surveillance of computer bulletin
boards and networks used by political
% the FBI's creation of clandestine accounts on
computer bulletin boards and networks operated
by political organizations;
% the FBI's creation of secret accounts on public
% the FBI's procedures regarding the downloading
of information contained on a computer bulletin
% the FBI's research on the automated review of
the contents of information contained on
computer bulletin board and networks; and
% the FBI's research on the automation of the
decision to initiate a criminal investigation,
based on the contents of a computer
The letter requests a fee waiver based on the
public interest standard. The letter indicates that
CPSR has particular expertise in the evaluation of
the civil liberties implications of law enforcement
computer systems, having completed an extensive
report for the House Judiciary Committee on the
proposed expansion of the FBI's computer system,
the NCIC. The letter further states that CPSR
would work with the FOIA/PA office to facilitate
the processing of the request.
Aug. 31, 1989
FBI response #1. FBI sends a letter to CPSR
acknowledging receipt of the FOIA request and
designating the request "FBI's Computer Networks
and Bulletin Board Collection," request no. 319512.
Sept. 20, 1989
CPSR speaks with FOIA Officer Keith Gehle
regarding status of request. Mr. Gehle states that
he can not send a response "until he receives
responses from various agencies." It is "difficult
to go to computing indices." He says that he
expects to have information "in a couple of
weeks,"and will have a response "by October 5, at
Oct. 16, 1990
CPSR Follow-up letter #1. CPSR confirms
conversation with Mr. Gehle regarding Oct. 5 target
date and asks FOIA Officer to call to indicate the
status of the FBI's response to the request.
Oct. 26, 1989
CPSR speaks with Mr. Gehle. He says, "we are
working on your request." "We should have
something soon. Hate to give a specific date, but
should have a letter for you within two weeks."
Nov. 22, 1989
CPSR follow-up letter #2. CPSR writes to Mr.
Gehle, notes that Mr. Gehle said he was working on
the request, and the that response should have been
sent by Nov. 9. CPSR requests that FOIA officer
call CPSR by Dec. 1 to indicate the status of the
Dec. 22, 1989
FBI response #2. FBI sends letter,
acknowledging receipt of Oct. 16 and Nov. 22
letters. The letter states that "[i]nformation which
may be responsive to your request has been located
and will be assigned for processing soon." The
letter indicates that the FOIA/PA office receives a
large number of requests and that delays are likely.
Jan. 9 , 1990
CPSR follow-up letter #3. CPSR writes to Mr.
Moschella, chief of the FOIA/PA office at the FBI,
acknowledges Dec. 22 letter and location of
responsive information. Requests that records be
sent by Feb 18, 1990.
Jan. 19, 1990
FBI response #3. FBI sends letter stating that
the Bureau has allocated many agents to FOIA
processing, that a large number of requests are
received. The letter further states that "a delay of
several months or more may be anticipated before
your request is handled in turn."
Feb. 2, 1990
CPSR follow-up letter #4. CPSR writes to Mr.
Moschella, acknowledges Jan. 19, expresses
concern about delay. Letter notes that CPSR was
assured by a FOIA officer in the fall that "request
would be answered within 'a couple of weeks.'"
Feb. 15, 1990
CPSR receives call from Mr. Boutwell. According to
Mr. Boutwell, FBI can't say when request will be
processed. "Haven't even started. Backlogs and lay-
offs during past year . . ." CPSR: FOIA Officer
indicated information had been located. FBI: Too
optimistic. "Request not yet assigned to an analyst
. . working now on 1988 requests . . . Litigation is
taking up time . . . analyst is taking time away
from document review for litigation . . . increased
requests, fewer personnel, lots of other factors.
Would expedite for life and death or due process,
pursuant to agency regulations." CPSR: so when do
we receive a response? FBI: "Can't say."
<< END >>
+ END THIS FILE +
*** Computer Underground Digest Issue #1.05 / File 5 of 5 ***
GO PLACIDLY among the line noise and baud rates, and remember, what boredom
there was before BBSing. As far as possible, do not COVET your neighbors
HST. Answer your Email CLEARLY and with out typos, even to the NERDS that
PESTER you, for they have SOMETHING to say even if you can't FIGURE out
what it is. Avoid FEMALE impersonators in CHAT, for they are DANGEROUS to
your ego. If you compare yourself with OTHERS, you may consider SUICIDE;
for there is always someone more PROFICIENT in ZMODEM than yourself. Label
Keep interested in your own CAREER, however humble; even after
staying up ALL night downloading. Exercise caution in your BUSINESS
affairs; because YOU need the MONEY to pay your compu-Serve bill. But
let this not BLIND you to what enjoyment there is on your LOCAL bbs;many
persons strive for the MOST recent shareware and UPLOADS get you more
TIME on line. Be yourself Especially, do not LIE about your AGE or
LOOKS when responding to "Sexlady". Do not post messages in CAPS. Neither
be cynical about DONATIONS to the SYSOP; for in the face of all REALITY,
he needs the MONEY for the PHONE lines. BEWARE of VIRUSES. Take kindly the
councel of Phil Katz and Chuck Forsberg, gracefully ADMITTING that they
KNOW more than you will ever LEARN. Nuture strength of spirit to shield
you from SUDDEN hard disk crashs. But do not DISTRESS yourself with
NEEDLESS worry. Many FEARS are born of FATIQUE from being connected ALL
night to ExecPC. Register your shareware. You are a CHILD of the
universe, you have a RIGHT to buy a 9600 V-Series US ROBOTIC Modem. And
wether or not it is CLEAR to you, the communication program IS
understandable. READ THE DOCS. Therefore be at PEACE with the SYSOP, no
matter what a JERK he is, and what ever your BBS plans may be, take
your WIFE out to dinner occasionally. With all its BAD documentation,
HIGH registration fees and aborted downloads, it is still better than
PAYING for commercial software. Be CHEERFUL. Strive to PAY your phone
Written by Tom Scott
Published in telecomputing Magazine.
Copied by John Wilson Sysop of SER/MAX!! BBS
+ ** END CuD #1.05 ** +
E-Mail Fredric L. Rice / The Skeptic Tank