Computer Underground Digest Volume 1, Issue #1.05 (April 22, 1990)

Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.05 (April 22, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- In This Issue: File 1: Moderators' Corner (news and notes) File 2: From the Mailbag File 3: Freedom of Information / FBI Surveillance of BBSs File 4: An Awkward conversation with S.P.A File 5: "ERRATA" (Go placidly amongst the BBS world....hi-camp!) -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.05 / File 1 of 5 *** *************************************************************** In this file: -- Mail problems -- Archives -- Legion of Doom Update -- Policy on Anonymous postings -- Call for articles -------------------------------------------------------------- **MAIL PROBLEMS:** We are not getting thru all the gateways, so if you know of anybody who has requested back issues but hasn't heard from us, let us know, or have them send several addresses we can try. Do not rely on the header has an address, because it doesn't always work. "@ORION" has been a special problem. -------------------------------------------------------------------- **ARCHIVES**: We're still trying to work out a site to make archives of text files available. Our own system software can't provide one. A few volunteers have come forth, but if anybody else can set something up, it might speed things up. Current holdings are still sparce. They include: a) PHRACK, PIRATE, ATI, LoD/H, P/Hun, and several hundred miscellaneous small files. b) A Master's thesis and several academic papers c) A variety of news clippings, most of which are probably copyright protected and cannot be published WE *STRONGLY* urge anybody who comes across any research papers, news articles, or other "hard copy" info related to computer underground activity to send it along so we can build the archives. We have found it difficult to honor all requests for arhives at once. So, to get copies of something, for example ATIs, just send periodic requests and we'll send a few out at a time, and keep sending requests until you have what you originally wanted. -------------------------------------------------------------------- **LEGION OF DOOM UPDATE (Indictment news)**: Many have asked how the LoD/Phrack E911 case(s) is coming. Well, unfortunately very little news has reached us regarding the status of the charges against The Prophet. Anyone with factual news in this regard is welcome to submit it... The case against Knight Lightning has a pre-trial motion pending in the next week or so (late April, '90). The defense has asked that the indictment be withdrawn and re-submitted in a form that eliminates the prejudicial and un-proven allegations presented as fact that it presently contains. The actual trial date was once set for early June, but the Government asked that the pre-trail motion be rescheduled from it's original date of a couple of weeks ago so I would assume the trial date will also be pushed back accordingly. As more facts become known and appropriate to share, we will keep you updated. GRM -------------------------------------------------------------------- **ANONYMOUS POSTING POLICY**: We have been asked our policy on anonymous postings. We have previously defended the use of pseudonyms as necessary, and are willing to post questions, general information, or articles of a reasonable nature either with a handle or anonymously. However, we cannot reproduce flames or articles for which attribution might be required. Our rationale for allowing anonymous postings is based on the respect for privacy of those who feel they have something to say, but who may be afraid of repercussions from employers or colleagues for speaking in public. Not everybody realizes that we still have a first amendment, and speaking in public is not always wise if one values their job. Unfortunately, the "chilling effect" has real sources. Just ask Steve Jackson. -------------------------------------------------------------------- **CALL FOR ARTICLES:** We need some people to contribute a few more stories, comments, or articles. We can try to keep news coming, but were hoping for some lively debate and a bit more news from various regions. We know that lots of subscribers are down on computer underground activity, and we don't want this to be a one-sided forum. The purpose here is to break down barriers so the two sides have a better appreciation of the other. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.05 / File 3 of 5 *** *************************************************************** THE SOFTWARE PUBLISHERS ASSOCIATION: DON'T CALL US, WE'LL CALL YOU. NOTE!! Several attempts have been made to obtain information from the SPA regarding their programs, charter, and membership information. Despite multiple promises I have not yet received any information that I have requested. Therefore what is stated about the organization, it's purpose, and history is based on independent piece-meal research and has not been supplied by the SPA. The Software Publisher's Association is an industry organization composed of small, medium, and large software publishing firms. One of their chief activities in the past has been to wage a public relations battle against "software piracy". This campaign, largely through print ads in major computer magazines, has emphasized the illegality of trading software programs with coworkers and friends. To my knowledge they have not directed their attention to the CU realm of the pirate, and in fact, up until recently, have largely avoided using the label "pirate" at all. One of the newest "weapons" the SPA has unleashed against software trading is something called a "corporate audit". My knowledge of this is hazy (see above notation) but from what I can gather it is a process that corporations submit to voluntarily. The SPA will conduct an audit of magnetic media (hard drives, etc) used on a corporation's computers to assist them in complying with copyright laws and license agreements. Again the thrust of the program is directed to the corporate world, not the Computer Underground. However the SPA has taken some steps to curb the CU trading of "warez". One of these techniques has been to open a toll-free "snitch line" where people could call and report BBS systems that have copyrighted programs in their download areas. This "snitch line" (my term, I don't know what they call it...again, see above notation.) differs from an SPA program of a few years ago when they offered a $100.00 dollar reward for turning in Pirate bulletin board systems. At that time the caller had to supply a list of downloadable files, the number of the board, the name and address of the sysop, and a valid sign on and password to the board in question. To the best of my knowledge the current program does not offer a monetary reward, and they extent of the information they are requesting may have changed. I recently called the "snitch line" as a participant observational experiment in turning in a Pirate bulletin board. My intent was to determine the information collected by the SPA and the conceptualization of "piracy" and "warez" that was being used. Below is an account and transcript of that conversation. -------------- Software Publisher's Association Monday 2/19/90 I dialed the SPA "turn in a pirate board" number that I had picked up somewhere in my bbs travels. 1-800-388-PIRS...cute, but not cute enough to be considered bagging the whole warez scene. The phone was ringing... "Hello, Warren (or something that sounded like Warren) Travel", a male voice said. "Errrr, I think I've reached a wrong number, who is this?" "Warren Travel, are you trying to get a hold of that software place?" I told him that I was. "They published our number by accident. Sorry." I apologized to him and hung up. I should have asked him how many calls he had been getting...would be some indication of how much activity a snitch hotline could generate. I wonder if the SPA is paying for this guys phone bill? Toll free calls cost about fifty cents... I then tried toll free information, and asked for the Software Publishers Association. No listing. Hmmmm, have they given up the "report a pirate line" idea? I called information for the District of Columbia and got the office number for the SPA. After about 10 rings (yes, ten..this was not at lunch time) a guy answered... "Software Publishers Association". "Hi, I was wondering what kind of mechanisms you have in place for people who want to report a pirate bulletin board." "Give me the number." (curtly) "That's it? That's your mechanism?" (about 4 seconds of silence) "What have you got?" "A pirate bbs, 100 megs, pirated software for IBM, Atari, and Amiga." (about 3 seconds of silence) "Where did you get the number?" "Off a list a bbs somewhere, I don't know for sure." "What did it say?" "The listing? It's a list of BBS' said the name of the board and gave the phone number." "No, _this_ number." (sounding frustrated or hurried) "Your number? I called information and asked for the SPA!" (silence) "Can you give us a lot of information on this board? Who's the sysop? What's his address?" "I don't know that. All I have is the number and it's a pirate board. First time callers get full access to all the downloads and you can see the files right there." "oh. Well, give me the phone number." "Okay, 708/555-5555" (I gave him the phone number for the local Telenet port.) (about 3 seconds of silence) "We'll look into it." "What are you going to do?" (more silence) "We'll look into it." "I see, and what's your name please?" (again, some silent hesitation) "Ken" "Okay, Ken. Bye." >click< (Ken hung up w/out saying anything else) end of transcript. Total time for call, approx 3 minutes. ____________________________________ I believe the transcript portrays the uninterested, slightly rude manner in which my call was taken. The fact that Ken was suspicious of where I had gotten the number to his office, and failed to query me as to the contents, location, etc of the board I was supposedly reporting indicates to me that either I reached an individual that was not accustomed to answering the phone for these calls (as may be indicated by the excessive number of rings he took to answer, maybe the secretary was ill that day) or, perhaps, a lack of seriousness on the part of the SPA in dealing with this "crime". The Software Publishers Association is a leading source of unverified (and un-verifiable) information regarding the expense and extent of "piracy". Here we have seen just how interested they appear to be when presented with an opportunity to squelch what may have been, for all they knew, a "major supplier of pirated software". Postscript: I have since learned that the correct number for the "snitch line" is 800/388-PIR8. As of yet I have not repeated my experiment. Others are welcome to do so and I'd appreciate hearing GRM =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.05 / File 4 of 5 *** *************************************************************** Date: Sun, 8 Apr 90 12:13:27 -0700 From: To: TK0JUT2 Subject: FBI BBS Surveillance (CPSR FOIA Request) On August 18, 1989 CPSR submitted a Freedom of Information Act request to the FBI asking for information about BBS surveillance. After four follow-up letters, a series of phone calls, and Congressional testimony that discussed the CPSR request, the FBI has failed to respond to our request. (The statutory time limit for the FOIA is ten days). If any one has information about possible FBI surveillance of bulletin boards or networks, please send it to me. Specific dates, locations, BBSs are important. (You can send information to me anonymously by land mail, if you need to protect your identity). Thanks for your assistance, Marc Rotenberg, Director CPSR Washington Office 1025 Connecticut Ave., NW, Suite 1015 Washington, DC 20036 202/775-1588 (voice) 202/775-1941 (Data) or cdp! Contents: 1. CPSR FOIA Request to the FBI Regarding BBS Surveillance 2. CPSR letter to Congressman Don Edwards regarding FOIA request 3. Chronology of events [CPSR FOIA Request to the FBI Regarding BBS Surveillance] CPSR Washington Office 1025 Connecticut Avenue, NW Suite 1015 Washington, DC 20036 202 775-1588 202 775-1941 (fax) Director Marc Rotenberg August 18, 1989 FOIA Officer FBI 9th St. & Penn. Ave., NW Washington, DC 20535 Dear FOIA Officer, This is a request under the Freedom of Information Act, 5 U.S.C. 552. Part I: I write to request a copy of all materials relating to the FBI's collection of information from computer networks and bulletin boards, such as PeaceNet (San Francisco CA) or The Well (Berkeley CA), that are used frequently by political or advocacy organizations. In particular, I would like any records which would indicate whether the Bureau is intercepting, collecting, reviewing, or "downloading" computer transmissions from any of the following networks and conferences: Action Southern Africa, AIDS Coalition Network, The American Peace Test, Amnesty International, Association for Progressive Communications, Beyond Containment, Center for Innovative Diplomacy, Central America Resource Center, Central America Resource Network (CARNet), The Christic Institute, Citizen Diplomacy, Community Data Processing, EcoNet, Friends of the Earth, Friends Committee on National Legislation, HandsNet, Institute for Peace and International Security, Media Alliance, Meiklejohn Civil Liberties Institute, National Execution Alert Network, Palo Alto Friends Peace and Social Action Committee, PeaceNet. Quaker Electronic Project, Web, The Well. This request includes public communications that take place through a computer bulletin board. For example, this would include both transmissions that are available for public perusal, a "conference" or "posting," as well as transmissions that are directed from one party to one or more other specific parties and intended as private, "electronic mail." Part II: I also request any records that would indicate whether the FBI, or anyone acting at the behest or direction of the FBI, has any computer accounts on any computer bulletin boards operated by an advocacy or political organization, and, if so, the names of the bulletin boards, and whether the Bureau has indicated the actual organizational affiliation of the account holders to the system operators. Part III: I also request any records that would indicate whether the Bureau has ever operated, is currently operating, is involved in the operation of, or is planning to operate, a computer bulletin board that is intended for public use. Part IV: I would also like any records which would indicate the circumstances under which it would be appropriate for an agent or authorized representative, asset, informant, or source of the Bureau to intercept, collect, review, or "download" the contents of computer bulletin boards. Part V: I would like any records relating to the FBI's development, research, or assessment of computer systems for automated review of information stored in an electronic format, obtained from a computer bulletin board or network. Part VI: Finally, I request any records that would indicate whether the FBI has developed, or is planning to develop, a system that could automatically review the contents of a computer file, scan the file for key terms or phrases, and then recommend the initiation of an investigation based upon this review. I ask that you check with your regional offices in San Francisco, San Jose, Austin, Phoenix, Los Angeles, and New York, in addition to the files that are available in Washington, DC. I also ask that you consult with those agents involved in the investigation of computer crime to determine whether they might be aware of the existence of such records. You should also check any documents relating to John Maxfield, who was employed by the Bureau to investigate computer bulletin boards. Under the Freedom of Information Act, you may withhold all properly exempted materials. However, you must disclose all non-exempt portions that are reasonably segregable. I reserve the right to appeal the withholding or deletion of any information. Under the Freedom of Information Act, CPSR is entitled to a waiver of all fees for this request because the "disclosure of this information is likely to contribute significantly to the public understanding of the operations or activities of the government and is not primarily in the commercial interest of the requester." CPSR is a non-profit, educational organization of computer scientists. Our work has been cited in scholarly journals, trade publications, and the national media. CPSR has particular expertise on the use of computer technology by the FBI, having prepared an extensive report on the proposed expansion of the NCIC at the request of Congressman Don Edwards. For these reasons, CPSR is entitled to a waiver of all fees. If you have any questions regarding this request, please telephone me at the above number. I will make all reasonable efforts to narrow the request if you determine that it has been too broadly framed. As provided in the Freedom of Information Act, I will expect to receive a response within ten working days. Sincerely yours, Marc Rotenberg, Director Washington Office, Computer Professionals for Social Responsibility [CPSR letter to Congressman Don Edwards regarding FOIA request] 1 February 27, 1990 Representative Don Edwards Subcommittee on Civil and Constitutional Rights House Judiciary Committee 806 House Annex 1 Washington, DC 20515 Dear Chairman Edwards: I am writing to you about a particular FOIA request that CPSR has pursued since August of last year. We asked the FBI for information about the monitoring of computer networks and bulletin boards. We initiated this request because of the obvious civil liberties interests -- speech, associational, and privacy -- that would be endangered if the FBI's examination of the contents of computer systems failed to satisfy appropriate procedural safeguards. After six months of delay, five certified letters to the Bureau's FOIA/Privacy Act office, and many phone calls with the FBI's FOIA officers, we have not received even a partial response to our request. On September 20, 1989 a FOIA officer at the FBI assured us that information would be forthcoming "in a couple of weeks." A letter from the FBI FOIA/PA office on December 22 indicated that information responsive to our request "has been located and will be assigned for processing soon." But when I spoke with a FBI FOIA Officer on February 15, less than two weeks ago, I was told that they "haven't even started" to process the request and that the FBI couldn't say when we would receive a response. (Please see enclosed chronology and attachments). The need for this information is truly urgent. Further delay will constitute a denial. Congress is now considering several computer crime bills, such as H.R. 55 and H.R. 287, that could broaden the authority of federal agents to examine the contents of computer systems across the country. There is a good chance that a bill will pass before the end of this session. Before opening the door to new forms of criminal investigation, Congress and the public should have a complete picture of the FBI's current practices. Computer communications are particularly vulnerable to surveillance and routine monitoring. Computer mail unrelated to a particularized investigation could be swept up in the government's electronic dragnet if the law is not carefully tailored to a well defined purpose. Without a clear understanding of the civil liberties problems associated with the investigation of computer crime, Congress may be exacerbating a problem it does not yet fully know about. CPSR's Freedom of Information Act request could provide answers to these questions. The FOIA establishes a presumption that the activities of government should be open to public review and that agency records should be disclosed upon request. But the Bureau failed to comply with the statutory requirements of the FOIA and frustrated our effort to obtain information that should be disclosed. Without this information computer users, the public, and the Congress, may be unable to assess whether the Bureau's current activities conform to appropriate procedural safeguards. Computer crime is a serious problem in the United States. One auditing firm places the annual loss between $3 billion and $5 billion. Nonetheless, it is necessary to ensure that new criminal law does not undermine the civil liberties of computer users across the country. We requested information from the FBI under the FOIA to help assess the adequacy of current safeguards. The Bureau failed to respond. The result is that the public is left in the dark at a time when significant legislation is pending. We would appreciate whatever assistance with this request you might be able to provide. Sincerely yours, Marc Rotenberg, Director CPSR Washington Office Enclosure Chronology of CPSR's FOIA Request regarding FBI Monitoring of Computer Networks with attachments cc: Representative Charles Schumer Representative Wally Herger FBI FOIA/PA Office [Chronology of events] Chronology of events 1 CPSR FOIA Request FBI Monitoring of Computer Networks CHRONOLOGY Aug. 18, 1989 CPSR sends FOIA request to FBI seeking agency records regarding the FBI's monitoring of computer networks and computer bulletin boards used by political and advocacy organizations. The FOIA request seeks information about: % the FBI's surveillance of computer bulletin boards and networks used by political organizations; % the FBI's creation of clandestine accounts on computer bulletin boards and networks operated by political organizations; % the FBI's creation of secret accounts on public bulletin boards; % the FBI's procedures regarding the downloading of information contained on a computer bulletin board; % the FBI's research on the automated review of the contents of information contained on computer bulletin board and networks; and % the FBI's research on the automation of the decision to initiate a criminal investigation, based on the contents of a computer communication. The letter requests a fee waiver based on the public interest standard. The letter indicates that CPSR has particular expertise in the evaluation of the civil liberties implications of law enforcement computer systems, having completed an extensive report for the House Judiciary Committee on the proposed expansion of the FBI's computer system, the NCIC. The letter further states that CPSR would work with the FOIA/PA office to facilitate the processing of the request. Aug. 31, 1989 FBI response #1. FBI sends a letter to CPSR acknowledging receipt of the FOIA request and designating the request "FBI's Computer Networks and Bulletin Board Collection," request no. 319512. Sept. 20, 1989 CPSR speaks with FOIA Officer Keith Gehle regarding status of request. Mr. Gehle states that he can not send a response "until he receives responses from various agencies." It is "difficult to go to computing indices." He says that he expects to have information "in a couple of weeks,"and will have a response "by October 5, at the latest." Oct. 16, 1990 CPSR Follow-up letter #1. CPSR confirms conversation with Mr. Gehle regarding Oct. 5 target date and asks FOIA Officer to call to indicate the status of the FBI's response to the request. Oct. 26, 1989 CPSR speaks with Mr. Gehle. He says, "we are working on your request." "We should have something soon. Hate to give a specific date, but should have a letter for you within two weeks." Nov. 22, 1989 CPSR follow-up letter #2. CPSR writes to Mr. Gehle, notes that Mr. Gehle said he was working on the request, and the that response should have been sent by Nov. 9. CPSR requests that FOIA officer call CPSR by Dec. 1 to indicate the status of the request. Dec. 22, 1989 FBI response #2. FBI sends letter, acknowledging receipt of Oct. 16 and Nov. 22 letters. The letter states that "[i]nformation which may be responsive to your request has been located and will be assigned for processing soon." The letter indicates that the FOIA/PA office receives a large number of requests and that delays are likely. Jan. 9 , 1990 CPSR follow-up letter #3. CPSR writes to Mr. Moschella, chief of the FOIA/PA office at the FBI, acknowledges Dec. 22 letter and location of responsive information. Requests that records be sent by Feb 18, 1990. Jan. 19, 1990 FBI response #3. FBI sends letter stating that the Bureau has allocated many agents to FOIA processing, that a large number of requests are received. The letter further states that "a delay of several months or more may be anticipated before your request is handled in turn." Feb. 2, 1990 CPSR follow-up letter #4. CPSR writes to Mr. Moschella, acknowledges Jan. 19, expresses concern about delay. Letter notes that CPSR was assured by a FOIA officer in the fall that "request would be answered within 'a couple of weeks.'" Feb. 15, 1990 CPSR receives call from Mr. Boutwell. According to Mr. Boutwell, FBI can't say when request will be processed. "Haven't even started. Backlogs and lay- offs during past year . . ." CPSR: FOIA Officer indicated information had been located. FBI: Too optimistic. "Request not yet assigned to an analyst . . working now on 1988 requests . . . Litigation is taking up time . . . analyst is taking time away from document review for litigation . . . increased requests, fewer personnel, lots of other factors. Would expedite for life and death or due process, pursuant to agency regulations." CPSR: so when do we receive a response? FBI: "Can't say." << END >> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.05 / File 5 of 5 *** *************************************************************** Modem Errata GO PLACIDLY among the line noise and baud rates, and remember, what boredom there was before BBSing. As far as possible, do not COVET your neighbors HST. Answer your Email CLEARLY and with out typos, even to the NERDS that PESTER you, for they have SOMETHING to say even if you can't FIGURE out what it is. Avoid FEMALE impersonators in CHAT, for they are DANGEROUS to your ego. If you compare yourself with OTHERS, you may consider SUICIDE; for there is always someone more PROFICIENT in ZMODEM than yourself. Label your disks. Keep interested in your own CAREER, however humble; even after staying up ALL night downloading. Exercise caution in your BUSINESS affairs; because YOU need the MONEY to pay your compu-Serve bill. But let this not BLIND you to what enjoyment there is on your LOCAL bbs;many persons strive for the MOST recent shareware and UPLOADS get you more TIME on line. Be yourself Especially, do not LIE about your AGE or LOOKS when responding to "Sexlady". Do not post messages in CAPS. Neither be cynical about DONATIONS to the SYSOP; for in the face of all REALITY, he needs the MONEY for the PHONE lines. BEWARE of VIRUSES. Take kindly the councel of Phil Katz and Chuck Forsberg, gracefully ADMITTING that they KNOW more than you will ever LEARN. Nuture strength of spirit to shield you from SUDDEN hard disk crashs. But do not DISTRESS yourself with NEEDLESS worry. Many FEARS are born of FATIQUE from being connected ALL night to ExecPC. Register your shareware. You are a CHILD of the universe, you have a RIGHT to buy a 9600 V-Series US ROBOTIC Modem. And wether or not it is CLEAR to you, the communication program IS understandable. READ THE DOCS. Therefore be at PEACE with the SYSOP, no matter what a JERK he is, and what ever your BBS plans may be, take your WIFE out to dinner occasionally. With all its BAD documentation, HIGH registration fees and aborted downloads, it is still better than PAYING for commercial software. Be CHEERFUL. Strive to PAY your phone bill. Written by Tom Scott Published in telecomputing Magazine. Copied by John Wilson Sysop of SER/MAX!! BBS Phone 602-938-0921 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + ** END CuD #1.05 ** + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


E-Mail Fredric L. Rice / The Skeptic Tank