Computer underground Digest Sun, Nov 10, 1991 Volume 3 : Issue 40 Moderators: Jim Thomas a
Computer underground Digest Sun, Nov 10, 1991 Volume 3 : Issue 40
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.40 ( November 10, 1991)
File 1: Rhetoric and CuD
File 2: Re: Comments on J Thomas's Ingraham post in CuD #3.38
File 3: Response to Ingraham Criticisms
File 4: Draft of BBS warnings to Law Enforcement Agents
File 5: CU Bibliography Update
File 6: Senate Bill 516 : Electronic Privacy in the Workplace
File 7: Letter from Prison (part 2 of 2)
File 8: "Password violations helped Hill hacker"
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (22.214.171.124),
chsun1.spc.uchicago.edu, and dagon.acc.stolaf.edu. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to email@example.com.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
From: Mike Godwin
Subject: File 1-- Rhetoric and CuD
Date: Thu, 7 Nov 91 9:39:58 EST
I notice (in CuD 3.38) that you call those who work with Don Ingraham
"brownshirts" and compare him to Gacy and Dahmer.
I think you are correct to be critical of Ingraham's comments about
But I'm concerned with the degradation of discourse that comparisons
to "brownshirts" and to mass murderers will cause. When you invoke
Gacy, or Dahmer, or genocidal fascists, you trivialize the deaths they
caused. You turn their real deaths into metaphorical fodder for your
own angry postings. Such metaphors suggest, whether you mean to or
not, that you have no sense of the actual horror caused by those
people. It cheapens this horror to convert it into an insult.
I know what your motive was--to express your sense of the viciousness
of Ingraham's comments--but that doesn't excuse it. The people who
were killed by Dahmer and Gacy didn't die to provide us with a handy
Date: Thu, 7 Nov 91 14:49 GMT
From: "Thomas J. Klotzbach" <0003751365@MCIMAIL.COM>
Subject: File 2-- Re: Comments on J Thomas's Ingraham post in CuD #3.38
Before I start, I just want to say that I think that the CuD is a
first-rate publication. Thanks for making it available.
That said, I was shocked by your article about how Craig Neidorf was
"massacred" by Don Ingraham on the September 30, 1991 "Geraldo" show.
I'm sure that the people in law enforcement agencies that subscribe to
the CuD were real impressed with your outbursts. What does Craig
Neidorf having yet to receive an apology from various people have to
do with squat? Do you think you will ever get an apology? Why does
it matter? The fact is it does not matter. The incidents surrounding
Craig are well engraved in the minds of people following his situation
(i.e. the government gaffed). Your dribble about no apology being
rendered just detracts from the constant, ongoing battle that the
"Computer Underground" must fight everyday for respect and
understanding by constant, consistent, and structured means.
I am equally shocked that Craig Neidorf was expecting a "legitimate
discussion" with Don Ingraham and equally shocked that you expected
that also. Are you both ignorant of what media shows like Geraldo do?
They use shock media as a tool to get the attention of the viewing
audience that is flipping through channels after a day of work. No
matter what the staff of the show said, Neidorf should have been
prepared for a rough, nasty discussion that would digress from the
real issues at hand. It would have been Craig's job to help steer the
discussion back on to HIS track. But you and Craig (and I gather many
people) feel that Craig was bushwhacked. More dribble. He was hurt
because he failed to adequately control the agenda (and before you
start to whine about he could not control the agenda, look at any
Pro-Life/Pro-choice debate on one of these shows - they are real
Your other comments gave credibility to the "Computer Underground" as
"...when Ingraham and his brownshirts try to grab suspects
"...he (Geraldo) night have toyed with Ingrahams' hyperbolic analogy
to rape by alluding to a few other examples of older men who've done
hatchet jobs on young males. Like John Gacy and Jeffrey Dahmer.
They, too, felt no need to apologize to their victims."
My, those statements really are thought provoking aren't they?
You and all the rest of us have to fight and fight hard to maintain
credibility. We don't do any favors for the "cause" when we cry foul
and start to spew commentary in the CuD that makes us look like
spoiled children. We need to work smart, not work hard! We need to
stop tilting at windmills and start learning what makes the windmill
work so that we can change the way it works or change the direction
the wind blows (if at all). No, it may not be fair and it may not be
easy, but it is reality.
Date: 9 Nov 91 11:29:54 CDT
From: Jim Thomas
Subject: File 3-- Response to Ingraham Criticisms
The above criticisms of the language of my commentary about prosecutor
Don Ingraham's treatment of Craig Neidorf on Geraldo's "Mad Hacker"
segment of _Now it can be Told_ have merit, and I am not in total
disagreement. Each of the above posts raises several issues that
deserve a response.
Both posts suggest that excessive rhetoric reduces the effectiveness
of criticism of law enforcement agents by de-valuing the currency of
language and subverting the credibility of those attempting to assure
that rights in cyberspace are given the same Constitutional
protections as in other realms of social life. Both posters, while
supporting the principle of civil liberties, remind us that no all
sympathizers share the same tactics, perspective, or rhetoric of
others working toward the same goal. This raises a number of issues,
but I'll address only a few.
First is the goal of CuD. We estimate the combined readership of CuD
(including the mailing list, Usenet, and BBS downloads) to range
between 16,000-20,000. The readership is diverse, and we try to
tailor articles to an ambiguous happy medium. As with all co-edited
outlets, the two CuD co-editors are not always in total accord on
acceptable levels of stridency. Therefore, articles that are personal
opinions are written under our own names (rather than "moderators")
and posted from our private e-mail addresses. As Tom argued above,
there is a danger that some might see the post of a single individual
as shared by *all* readers. This would obviously be a gross error,
and it is crucial that those who disagree recognize that they have the
obligation to respond, as the above posters have done.
Second, if the above critics were uncomfortable with my language, it
is safe to assume that others were also disturbed. This raises the
issue of readers' responses. Sometimes readers may not respond because
they are leery of becoming the targets of flames or because they think
others will respond. Sometimes readers are simply not sure what to
say. As a forum for debate, we *strongly* encourage readers to be as
critical of CuD's position and posts as they feel appropriate. Except
in the most unusual of situations (such as this one), we do not
respond, but simply print the posts. Even if readers respond with only
a one-line comment, it provides an idea of where people stand on an
issue and helps us direct our attention to readers' interests and
concerns. We cannot print all the comments we receive, and we prefer
longer, well-reasoned responses for publication. But, we commonly print
shorter posts, especially when they summarize others' concerns.
Both co-editors see CuD as a means of raising issues, provoking when
necessary, and trying to deliver the same message in several different
ways. Sometimes this takes the form of fairly reasoned commentary. At
other times, the message may be reflect the tenor of the tone created
by the target. In this case, the language reflected the tone sent by
The use of dramatic terrorist imagery and Ingraham's invocation of the
metaphor of rape in alluding to computer intruders, coupled with
Geraldo's sensationalistic style, triggered the metaphors I used in my
post. I did not seek them; they were created by the show's
participants and handed to me. I fully agree that the language was
strident. However, strident language-in-kind strikes me as
occasionally appropriate to dramatize the images and inaccuracies
created by--in this case--a nationally known prosecutor who appears
unaccountable for his own excesses. Sometimes diplomatic discourse
seems ineffective, and other than short posts criticizing the Geraldo
show, we have seen no extended commentary that could be published. So,
I filled what I perceived to be a void.
Communication needn't be a solemn affair. Occasional violation of the
norms of good-taste can be a fully legitimate form of response to
illustrate the base level of discourse in which solemn ideas are
discussed. Sometimes hyperbole is the best way of saying serious
things, as long as hyperbole isn't the norm. Do I agree with the
posts of Mike and Tom? Yes. Do I still justify my original post? I am
reminded of the response by French philosopher Albert Camus when asked
how, as a pacifist, he could justify violence against Nazi Invaders:
"I do not justify it. It is simply necessary."
Subject: File 4-- Draft of BBS warnings to Law Enforcement Agents
Date: Mon, 28 Oct 91 10:26:22 PST
((Moderators' note: Keith Henson sent the following draft over for
comments. The intent of such notes is as much symbolic as instrumental,
and is targeted especially at local enforcement agents who may be
unaware of existing laws. Any comments for for revision can be sent
directly to Keith or back to CuD)).
In a recent conversation with a person who has a lot of erotic GIF on
his bbs, I came up with a few legal stumbleing blocks to make the cops
think twice before they break in and bust up his bbs. Modify the
numbers as appropriate to fit your bbs if you want to use this.
In addition, you might want to get signed agreements in advance from
your users. Such agreements might assign a portion of their minimum
awards to you to compensate for the hassle, lost time, and busted up
equipment you can expect in a raid. Whatever agreement terms you come
up with should be reviewed by a lawyer. You might require users to
keep a minimum amount of stored email just to invoke the Electronic
Communication Privacy Act (ECPA).
Unlike a booby traps, this one should be clearly marked, at least with
a pointer into this file from the logon screen:
++++ cut here ++++
NOTICE TO LAW ENFORCEMENT AGENTS:
The owners and users of this system are exercising First Amendment
Some material on this system is in preparation for public disemination
and is "work product material" protected under USC 42, Section 2000aa.
Note that this is a civil statute. Violation of this statute by law
enforcement agents is very likely to result in a civil suit. Each and
every person who has "work product material" stored on this system is
entitled to recover at least minimum damages of $1000 *plus all legal
expenses.* Agents may not be protected from personal civil liability
if they violate this statute.
In addition, there is email, i.e., "stored electronic communications"
which has been in storage less than 180 days on this system. Such
stored electronic communications are protected from seizure or even
"preventing authorized access" without a warrant specific to each
person's email. Again, this is protected under civil action in USC
18, 2704. On this system you can expect up to xxxx people to have
stored email. Each of them is entitled to collect $1000 *plus all
legal expenses* for violations. While the agency you work for *might*
pay your legal fees and judgements against you, why take chances? If
you feel the need to go after email, or take actions which would deny
email access to our users, get appropriate warrants.
It is the policy of the sysop(s) of this system to cooperate with law
enforcement agents--though we will not be involved in entrapments.
Please bring it to my (our) attention if you discover illegal
activities on this board.
**(End of Keith Henson's post)
((Moderators' note: PC-Exec in Milwaukee has an X-rated GIF section,
and sysop Bob Mahoney has resolved the access problem with the
following post received when one attempts to access the section
prior to registering)):
C O L L E C T I O N S E L E C T I O N >>Full Access Paid Caller<<
OK? Collection Description
DUC Mahoney MS-DOS Collection
D !FREE TO ALL CALLERS- LISTS OF FILES FOR DOWNLOAD!
D !FREE TO ALL CALLERS- UTILITIES AND VARIETY!
D PC-SIG California Collection
DUC MS Windows
DU UNIX / XENIX
DUC Adult Pictures & Files, rated PG or higher
DUC Picture files (.GIF .MAC .PIC, etc.)
D C Apple Copyright Software
DUC Macintosh Collection
DUC Amiga Collection
DUC Atari ST Collection
DUC CoCo RSDOS & OS9 Collection
D Chat System File
Selected: Adult Pictures & Files, rated PG or higher
>> This file collection contains 6,144 great files at this time!
>> Sorry, this collection requires you to fill out a permission form.
>> Please go to
subscribe menu and select 'Adult' option.
>> If you prefer to NOT have this collection show up as an option,
>> please go to TOP:ENVIRONMENT menu and turn off ADULT options.
We can appreciate your frustration with the new release form required for
access to the Adult file collection here. We hate paperwork too, but after
discussing it with our attorney, this is the only way we can *legally*
offer adult pictures & files on this system. So if we are to stay in
business to serve you long into the future, we must obey the law.
((End of PC-Exec warning))
Date: 9 Nov 91 11:29:54 CDT
Subject: File 5-- CU Bibliography Update
Gene Spafford, Dave Appel, Ben Discoe, Jerry Carlin and a few
others suggested that the following be added to the CU bibliography:
The January 1992 issue of "Journal of Systems and Software:" It is a
special issue devoted to ethics and computing, including break-ins and
"The Shockwave Rider" by John Brunner, 1975, published by Ballantine
Books, the first novel that that dealt with "hacking" and computer
worms (This was left off the original list). Other science fiction
works by John Brunner are "Stand on Zanzibar", 1968, and "The Sheep
Look Up" in 1972.
One reader wrote:
" I'm upset that the Books for Fun Reading list recently
appearing in this group totally forget Rudy Rucker, a grand
originator of much of the FUN side of tech and now an
establish cyber persona."
Another reader suggested that True Names by Vernor Vinge (sp?) is
archetypical and should be included.
There are others, and when you come across a title, send it over. If
it's a new book, feel free to write a short (50-200 line) review.
Date: 9 Nov 91 11:29:54 CDT
Subject: File 6-- Senate Bill 516 -- Electronic Privacy in the Workplace
Senator Paul Simon (Dem, Ill) introduced Senate Bill 516 intended to
curtail abuses of covert electronic monitoring in the workplace by
requiring employers to notify employees of the existence, extent, and
uses of surveillance and the information obtained.
Contrary to rumors, the Bill *DOES NOT* prohibit electronic monitoring
of employees. It simply extends principles of privacy into a domain
where the dangers of covert intrusion are becoming increasing
sophisticated. Criticisms against the bill include: a) The government
has no place in legislating what employees may or may not do in the
workplace; b) The Bill would appear to cover a broad range of
potential mechanisms of surveillance not originally intended (such as
Unix commands that allow monitoring of account use or telephone
systems that record the number of calls to specific individuals)
As one commentator observed, there are also problems of scope. For
example, section (b)(2) doesn't mention civil "prosecutions". If a
criminal investigation is resolved through civil charges, is it still
a criminal investigation? Deciding civil liability, as in cases of
seizure and forfeiture without criminal prosecution, seems to leave a
gap in the existing language. Section (b)(3) seems to cover the
exceptions to the second and provide a glaring exception that can
readily be circumvented.
In the main, the Bill is the right step toward recognizing the dangers
of the abuse of technology to intrude into privacy. However, the
language of the Bill needs clarification of the ambiguous language of
scope and redress. If there is sufficient response from readers, we
will devote a special issue to readers' comments and forward them to
Senator Simon's office. The Bill has been sent to committee, so there
is time to communicate concerns.
+++ S 516 follows +++
1st SESSION S. 516
To prevent potential abuses of electronic monitoring in the workplace.
IN THE SENATE OF THE UNITED STATES
February 27 (Legislative day, February 6) 1991
Mr. Simon introduced the following bill; which was read twice and
referred to the
Committee on Labor and Human Resources
To prevent potential abuses of electronic monitoring in the
_Be it enacted by the Senate and House of Representatives of
the United States of American assembled,_
SECTION 1. SHORT TITLE.
This Act may be cited as the "Privacy for Consumers
and Workers Act".
SEC. 2. DEFINITIONS.
As used in this Act--
(1) the term "electronic monitoring" means the collection,
storage, analysis, and reporting of information concerning an
employee's activities by means of a computer, electronic observation
- 2 -
remote telephone surveillance telephone call accounting, or other form
of visual, auditory, or computer-based surveillance conducted by any
transfer of sings, signals, writing, images, sounds, data, or
intelligence of any nature transmitted in whole or in part by a wire,
radio, electromagnetic, photoelectronic, or photo-optical system;
(2) the term "employee" means any current or former employee
of an employer;
(3) the term "employer" means any person who employs
employees, and includes any individual, corporation, partnership,
labor organization, unincorporated association, or any other leal
business, the Federal Government, any State (or political subdivision
thereof), and any agent of the employer.
(4) the term "personal data" means any information
concerning an employee which, because of name, identifying number,
mark, or description, can be readily associated with a particular
individual, and such term includes information contained in printouts,
forms, or written analyses or evaluations;
(5) the term "prospective employee" means an individual who
has applied for a position of employment with an employer and
- 2 -
(6) the term "Secretary" means the Secretary of Labor.
(a) IN GENERAL.--Each employer who engages in electronic
monitoring shall provide each affected employee with prior written
notice describing the following regarding the electronic monitoring
directly affecting the employee:
(1) The forms of electronic monitoring used.
(2) The personal data to be collected.
(3) The frequency of each form of electronic monitoring
which will occur.
(4) The use of personal data collected.
(5) Interpretation of printouts of statistics or other
records of information collected through electronic
(6) Existing production standards and work performance
(7) Methods for determining production standards and
work performance expectations based on electronic
(b) NOTICE CONCERNING EXISTING FORMS OF ELECTRONIC
MONITORING.--(1) Each employer shall notify a prospective employee at
any personal interview or meeting of existing forms of electronic
monitoring which may directly
- 3 -
affect the prospective employee if such employee is hired by the
(2) Each employer, upon request by a prospective employee, shall
provide the prospective employee with the written notice described in
subsection (a) regarding existing forms of electronic monitoring which
may directly affect the prospective employee if such employee is hired
by the employer.
(3) Each employer who engages in electronic monitoring shall
provide the affected employee with a signal light, beeping tone,
verbal notification, or other form of visual or aural notice, at
periodic intervals, that indicates that electronic monitoring is
taking place. If the electronic monitoring is conducted on a
continuous basis during each of the employee's shift, such notice need
not be provided at periodic intervals.
(4) An employer who engages in telephone service observation
shall provide the affected customer with a signal light, beeping tone,
verbal notification, or other form of visual or aural notice, at
periodic intervals, indicating that the telephone service observation
is taking place.
(c) NOTICE TO CURRENTLY AFFECTED EMPLOYEES.--Notwithstanding
subsection (a), an employer who is engaged in electronic monitoring on
the effective date of this Act shall have 90 days after such date to
provide each affected employee with the required written notice.
- 4 -
SEC.4.ACCESS TO RECORDS.
Each employer shall permit an employee (or the employee's
authorized agent) to have access to all personal data obtained
by electronic monitoring of the employee's work.
(a) RELEVANCY REQUIRED.--An Employer shall not collect personal
data on an employee through electronic monitoring which is not
relevant to the employee's work performance.
(b) DISCLOSURE LIMITED.--An employer shall not disclose personal
data obtained by electronic monitoring to any person or busness entity
except to (or with the prior written consent of) the individual
employee to whom the data pertains, unless the disclosure would be--
(1) to officers and employees of the employer who have a
legitimate need for information in the performance of
(2) to a law enforcement agency in connection with a
criminal investigation or prosecution; or
(3) pursuant to the order of a court of competent
SEC.6.USE OF DATA COLLECTED BY ELECTRONIC MONITORING.
(a) DATA MAY NOT BE USED AS A SOLE BASIS FOR EVALUATION.--An
employer shall not use personal data obtained by electronic monitoring
as the exclusive basis for indi-
- 5 -
vidual employee performance evaluation or disciplinary action, unless
the employee is provided with an opportunity to review the personal
data with a reasonable time after such data is obtained.
(b) DATA MAY NOT BE USED AS SOLE BASIS FOR PRODUCTION QUOTAS.--An
employer shall not use personal data or collective data obtained by
electronic monitoring data as the sole basis for setting production
quotas or work performance expectations.
(c) DATA MAY NOT DISCLOSE EMPLOYEE'S EXERCISE OF CONSTITUTIONAL
RIGHTS.--An employer shall not maintain, collect, use, or disseminate
personal data obtained by electronic monitoring which describes how an
employee exercises rights guaranteed by the First Amendment unless
such use is expressly authorized by statute or by the employee to whom
the data relates or unless pertinent to and within the scope of, an
authorized law enforcement activity.
SEC.7.ENFORCEMENT PROVISIONS.--(1) Subject to paragraph (2), any
employer who violates any provision of this Act may be assessed a civil
penalty of not more that $10,000.
(2) In determining the amount of any penalty under paragraph (1),
the Secretary shall take into account the previous record of the
person in terms of compliance with this Act and the gravity of the
- 6 -
(3) Any civil penalty assessed under this subsection shall be
collected in the same manner as is required by subsections (b) through
(e) of section 503 of the Migrant and Seasonal Agricultural Worker
Protection Act (29 U.S.C. 1853) with respect to civil penalties
assessed under subsection (a) of such section.
(b) INJUNCTIVE ACTIONS BY THE SECRETARY.--The Secretary may bring
an action under this section to restrain violations of this Act. The
Solicitor of Labor may appear for and represent the Secretary in any
litigation brought under this Act. In any action brought under this
section, the district courts of the United States shall have
jurisdiction, for cause shown, to issue temporary or permanent
restraining orders and injunctions to require compliance with this
Act, including such legal or equitable relief incident thereto as may
be appropriate, including employment, reinstatement, promotion, and
the payment of lost wages and benefits.
(c) PRIVATE CIVIL ACTIONS.--(1) An employer who violates this Act
shall be liable to the employee or prospective employee affected by
such violation. Such employer shall be liable for such legal or
equitable relief as may be appropriate, including employment,
reinstatement, promotion, and the payment of lost wages and benefits.
(2) An action to recover the liability prescribed in paragraph
(1) may be maintained against the employer in any
- 7 -
Federal or State court of competent jurisdiction by an employee or
prospective employee for or on behalf of such employee, prospective
employee, and for other employees or prospective employees similarly
situated. No such action may be commenced more than 3 years after the
date of the alleged violation.
(3) The court, in its discretion, may allow the prevailing (other
than the United States) reasonable costs, including attorney's fees.
(d) WAIVER OF RIGHTS PROHIBITED.--The rights and procedures
provided by this Act may not be waived by contract or otherwise,
unless such a waiver is part of a written settlement agreed to and
signed by the parties to the pending action or complaint under this
The Secretary shall, within 6 months after the date of the
enactment of this Act, issue rules and regulations to carry out the
provisions of this Act.
SEC.8.INAPPLICABLE TO MONITORING CONDUCTED BY LAW ENFORCEMENT
This At shall not apply to electronic monitoring administered by
law enforcement agencies as may otherwise be permitted in criminal
-- end S516 --
Date: 9 Nov 91 11:29:54 CDT
From: Len Rose
Subject: File 7-- Letter from Prison (part 2 of 2)
Following is the second of the two-part letter by Len Rose. It
reinforces our own view that there is no such place as an "easy time"
prison. Len is no different than many other first-time, non-violent
offenders: Loneliness and emotional deprivation border on "cruel and
unusual punishment." It is not the loss of freedom, but the disruption
of family and consequences of incarceration on the innocent that make
prisons especially hard for offenders. Those wishing a chronology and
background of Len's case can obtain it from the Len Rose file in the
CuD ftp archives at widener or uchicago.
Sheldon Zenner, Len's former attorney, has agreed to serve as a
conduit for funds to help Len's family. Checks or money orders (*NO
CASH*) should be made out to:
Sheldon T. Zenner
RE: Len Rose
Katten, Muchin, and Zavis
525 West Monroe Street (Suite 1600)
Chicago, IL 60606-3693
BE SURE TO PUT LEN'S NAME ON THE CHECK AND AN INDICATION IN THE MEMO
SECTION THAT IT'S FOR LEN ROSE so it may be directed properly.
Len's address for those who've missed it:
Len Rose (27154-037)
Seymour Johnson AFB
Caller Box 8004
Goldsboro, NC 27531-8004
He would appreciate a letter or post card.
+++ Len's letter follows +++
I am desperate for my family. My wife has run out of money, and she is
on her own. Normally, this wouldn't be that serious, but she is
handicapped by lack of English skills, and no marketable job skills.
She has two small children to care for, ages six and three, and can't
afford day care/baby sitters if she did obtain minimum wage
employment. I was able to raise $5,000 from the sale of some of the
equipment that was kindly returned to me by the Secret Service. It
was not enough. She receives some public assistance, but it isn't
enough to sustain them. I understand that she is on a waiting list for
subsidy for public housing, but was also told there is a two-year
Since we cannot conduct a useful correspondence via written medium,
and cannot afford to telephone, we are virtually cut-off from each
other. The phone bill has not been paid, and it looks like that will
soon be cut off (We are only allowed to make collect calls here). My
wife has bravely survived for four months, and I feel very lucky to be
married to her. She has endured so much these last two years. I am
proud of her.
They are the ones who are really being punished. I am quite capable of
serving my 10 and a half month sentence. It is mental hell, but I can
handle it. They however, may not. If I could be released to home
detention or perhaps a halfway house, I could return to the work force
and support them. I can only wonder at the logic behind my sentence,
but at this point I am no longer bitter. I am in stasis. I cannot and
will not allow myself to think of what was or might have been. To
indulge in such opens the door to thoughts which are at this point
self-destructive. I have learned that when survival is pitted against
pride, instincts take over. I have become (I hope) a model prisoner.
I work hard. I do what I am told, and smile. I am pleasant and
respectful. I have only one desire. I must be free. My family's
survival--my children--depend on me. Things look very bleak now. I
have put my faith in God that I can get out before they are on the
street, are taken away and placed in foster care. I have received so
much help from various people. They know who they are. More thanks are
not enough, and if I am ever fortunate enough to be a success again,
they will be repaid.
Right now, it looks like my family doesn't stand much of a chance. If
I can be released in time, I can save them from a very harsh fate.
Prison has enlightened me in several ways. Loneliness--I never dreamt
that it had such depths. I am never alone here, yet I am extremely
lonely for my wife, Sun. After 11 years (soon to be 12!) of marriage,
she has become part of me. I don't feel whole. It's also bizarre how
much I came to depend on my children. My three year old daughter
warmed my heart like nothing else could. My son, six years old, had
finally grown to the point where he had become a friend. I could spend
hours with him just talking. Being separated from them has been the
worst punishment. I think that is the key to being in prison: It is
not the conditions or physical confinement. Being cut off from loved
ones is terrible. Especially when they need you.
My wife is serving my prison sentence. My children are also. Me? I am
fine, I suppose. If I were single, I could stay here and eventually
cope. I have all my needs provided for. I don't have to worry about
next month's rent, or food, or having the electricity cut off in the
middle of winter. My wife does.
My loneliness for my wife is the harshest part of my imprisonment.
Since we cannot write each other (as in meaningful communication),
it's been sheer torture for me, and I'm sure for her as well. Before
you accuse me of complaining, I'd like to say that I accept what has
happened to me. I have learned to live with my fate. It took a long
time for that, believe me. At this point in my life, I only wish to
return to my family. I'd like to resume a normal life and hopefully
earn a decent living. Perhaps, in time, I can heal my family's wounds.
I am very proud of my wife. She has been the source of my resolve.
Her loyalty and her strength have kept me going. She has seen her
world crumble, and she still keeps a brave face on life. I pray for
them every night and also pray for my release. Some people have told
me that prison will force you to learn more about yourself. I have
learned a great deal. I know that I have discovered that I really do
love my wife. I took so many things for granted before.
Date: 23 Oct 91 19:08:41 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 8-- "Password violations helped Hill hacker"
"Password violations helped Hill hacker"
Ogden Standard-Examiner Wednesday, Oct 9, 1991 Page 3C (Utah/Local)
SALT LAKE CITY (AP) - A military auditor had little difficulty
breaking into restricted Hill Air Force Base computer files and using
them to leapfrog into other Air Force computers in Texas, Georgia and
Ohio, according to an Air Force Audit Agency report.
The auditor's secret to access was taking advantage of procedural
violations, the audit said. When prompted for a password by the Hill
computer, he typed the first or last name of people who worked on the
computers. Under Air Force regulation, names are not supposed to be
used for such passwords.
In a copyright story Tuesday, the Desert News [of Salt Lake City,
Utah] reported that the agency also said inspection of computers at
Hill showed some people had installed "pirated" software programs
illegally, and others improperly used commercial programs that had not
been inspected for possible computer viruses that could destroy
The auditor decided to test computer security at Hill's Ogden Air
Logistics Center - on of five centers that order supplies for the Air
Force - by obtaining a list of people who worked on computers there
and trying to gain access using their names.
"Systems-user-created passwords related to the personal identity in
three of four systems reviewed, enabling the auditor to make
unauthorized entries into 13 (total) systems," he wrote.
One of the passwords he discovered was for a systems programmer, which
gave the auditor access to virtually ever file in that system. It
also allowed him to compromise "almost all" of the passwords there -
some of which were good on other systems, too, the report said.
With that, he said he was able to raid restricted systems around Hill
that contained information on contracts, orders, material needs and
electronic mail for base personnel. "Potential existed (for) ...
manipulation or destruction of sensitive data," he wrote.
The auditor noted all users have since been instructed about proper
selection of passwords, and new software has been installed in some
systems to automatically stop use of names.
Hill spokesman Len Barry added that new systems require use of both
numbers and letter for passwords. Further, programs do not allow the
same password to be used in more than one system.
End of Computer Underground Digest #3.40
E-Mail Fredric L. Rice / The Skeptic Tank