Computer underground Digest Wed Feb 10, 1993 Volume 5 : Issue 12 ISSN 1004-042X Editors: J
Computer underground Digest Wed Feb 10, 1993 Volume 5 : Issue 12
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Seniur
CONTENTS, #5.12 (Feb 10, 1993)
File 1--CPSR Sues Secret Service for 2600 Docs
File 2--Clever Tactics Against Piracy
File 3--SPA has Banner Year
File 4--Mitch Kapor's Forbes Column on S.893
File 5--Re: Pirate Software
File 6--In Re "Legal Strategy on 2600 Nov. '92" (CuD #5.07)
File 7--Common Carrier Review Request
File 8--Some Comments on "Approach Zero" (review)
File 9--For your mailing lists/newsgroups
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from email@example.com. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS
at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352)
466893; and using anonymous FTP on the Internet from ftp.eff.org
(126.96.36.199) in /pub/cud, red.css.itd.umich.edu (188.8.131.52) in
/cud, halcyon.com (184.108.40.206) in /pub/mirror/cud, and
ftp.ee.mu.oz.au (220.127.116.11) in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail server at
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Date: Thu, 4 Feb 1993 11:52:25 -0500
From: Dave Banisar
Subject: File 1--CPSR Sues Secret Service for 2600 Docs
CPSR SEEKS RECORDS ON ILLEGAL SEARCH: QUESTIONS SECRET SERVICE RAID
Computer Professionals for Social Responsibility (CPSR) filed suit in
federal court today seeking information on the role of the Secret
Service in the disruption of a meeting of computer users last
November. The incident, which occurred at the Pentagon City Mall in
Arlington, Virginia, has been described as an example of overzealous
law enforcement activities directed against so-called computer
On November 6, 1992, a group of people affiliated with the computer
magazine "2600" were confronted by mall security personnel, local
police officers and several unidentified individuals. The group
members were ordered to identify themselves and to submit to searches
of their personal property. Their names were recorded by mall
security personnel and some of their property was confiscated.
However, no charges were ever brought against any of the individuals
at the meeting.
The Secret Service has not formally acknowledged its role in the
November incident. However, a mall security official and the
Arlington County Police have said that Secret Service agents were
present and directed the activities of the mall security personnel.
"If this was a Secret Service operation, it raises serious
constitutional questions. It is unlawful for the government to
disrupt a meeting of people who are peaceably assembled and to seize
their personal property. We have filed this FOIA suit to determine
the precise role of the Secret Service in this affair," said CPSR
Washington Director Marc Rotenberg.
CPSR submitted a Freedom of Information Act (FOIA) request to the
Secret Service several days after the incident. To date, the agency
has failed to respond. Under the law FOIA requesters may file suit in
federal court when an agency has not complied with the legally imposed
CPSR, a national membership organization that protects civil liberties
for computer users, previously filed a FOIA suit against the Secret
Service after the agency was criticized for several poorly conducted
investigations of computer users. Documents disclosed to CPSR from
the Operation Sun Devil case revealed that the agency monitored
publicly accessible electronic "bulletin boards."
CPSR has recommended the development of guidelines for computer
crime investigations an called for a reassessment of the Secret
Service's role in the computer crime field.
For more information about the suit, contact David Sobel (202) 544
9240 Email: firstname.lastname@example.org
For CPSR membership information, contact CPSR % PO Box 717 % Palo
Alto, CA 94302-0717 (415) 322-3778 Email: email@example.com.
Copies of CPSR documents are available via FTP and Gopher from
cpsr.org, folder /cpsr.
Date: Wed, 3 Feb 1993 14:50:24 GMT
From: kadie@EFF.ORG(Carl M. Kadie)
Subject: File 2--Clever Tactics Against Piracy
A repost from: : comp-academic-freedom-talk-request@EFF.ORG
Date--Fri, 29 Jan 93 14:16:11 +0100
Subject--Clever Tactics Against Piracy
I thought the info-mac readers would find this article
interesting..... Jay Rolls, Stuttgart, Germany
((sent to RISKS by gio@DARPA.MIL (Gio Wiederhold) via many others))
COMPUTER CHEATS TAKE CADSOFT'S BAIT
Employees of IBM, Philips, the German federal interior ministry and
the federal office for the protection of the constitution are among
those who unwittingly 'turned themselves in' when a German computer
software company resorted to an undercover strategy to find out who
was using illegal copies of one of its programs.
Hundreds of customers accepted Cadsoft's offer of a free demonstration
program that, unknown to them, searched their computer hard disks for
illegal copies. Where the search was successful, a message appeared
on the monitor screen inviting the customer to print out and return a
voucher for a free handbook of the latest version of the program.
However, instead of a handbook the users received a letter from the
Bavarian-based software company's lawyers.
Since the demonstration program was distributed last June about 400
people have returned the voucher, which contained coded information
about the type of computer and the version of the illegally copied
Cadsoft program being used. Cadsoft is now seeking damages of at
least DM6,000 (ECU3,06E2) each from the illegal users.
Cadsoft's tactics are justified by manager Rudolf Hofer as a necessary
defence against pirate copying. The company had experienced a 30% drop
since 1991 in sales of its successful Eagle design program, which
retails at DM2,998. In contrast, demand for a DM25 demo version, which
Cadsoft offered with the handbook of the full version, had jumped,
indicating that people were acquiring the program from other sources.
Although Cadsoft devised its plan with the help of lawyers, doubts
have been raised about the legal acceptability of this type of
computer detective work. In the case of government offices there is
concern about data protection and official secrets. The search program
may also have had side-effects that caused other files to be damaged
or lost. Cadsoft is therefore preparing itself for what could be a
long legal battle with some customers. So far it has reached
out-of-court agreement with only about a quarter of those who
Date: 13 Jan 93 18:24:26 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--SPA has Banner Year
The Software Publishers Association announced last week that 1992
marked the most active year for its anti-piracy activities to date.
Working on behalf of its members, the SPA investigates cases of
software copyright infringement involving corporations, educational
and non-profit institutions, commercial dealers, and bulletin boards.
Most investigations begin with a call to the SPA anti-piracy hotline
(1-800-388-7478). Information gathered from telephone conversations
are then reviewed by the SPA's in-house litigation staff. Depending
on the strength of the information and the severity of the case, legal
action can be taken using cease and desist letters, corporate audits,
or Ex-Parte seizure orders. In 1992, up to 30 phone calls per day
poured into the hotline. Based on these leads, the SPA took action
against 747 organizations. This included 218 audits and lawsuits
(resulting in the payment of $3.9 million in fines and penalties) and
529 cease and desist letters. Of the audits and lawsuits filed, 95
percent were corporate cases, while the remaining 5 percent of
defendants comprised bulletin board services (BBS), training
facilities, and schools. Also in 1992, the SPA received its largest
settlement to date in an audit action.
The company, whose identity must remain anonymous, paid nearly
$500,000 in settlement of a case involving 66 SPA members. During
1992, the SPA supported legislation that elevates the willful copying
of computer software from a misdemeanor to a felony. The new law,
passed by Congress last October, targets professional software pirates
who make many copies of software and resell them at low prices;
illegal bulletin board operators who distribute pirated software; and
PC dealers who offer "free" but illegal software to hardware
purchasers. Nearly 25,000 copies of a 12-minute informational
videotape entitled "It's Just Not Worth the Risk," and 20,000 copies
of an 8-minute educational video, "Don't Copy That Floppy," targeting
computer-using schoolchildren, were also distributed in 1992. Lastly,
the association maintains an active anti-piracy speakers' bureau.
Last year, SPA representatives delivered 112 anti-piracy presentations
across North America.
(reprinted from Z*Net #486 1/9/93 with permission)
Date: 6 Feb 93 08:25:00 GMT
From: Mitchell Kapor
Subject: File 4--Mitch Kapor's Forbes Column on S.893
Copyright 1993 Mitchell Kapor
If you copy this, please include the complete article including header
(First Published in the February 15, 1993 issue of Forbes) (Mitch
Ratcliffe, Editor-at-Large of Mac Week, provided research assistance
for this article.)
It doesn't take much to persuade Congress to jack up the penalties for
white-collar crime, and last fall's amendments to the Copyright Act
were no exception. With a little prodding from the Software Publishers
Association, legislators made a felony of possession of ten
unauthorized copies of a program, collectively valued at as little as
$2,500. The new law is a powerful bargaining chip for an industry that
has learned to enforce its property rights through intimidation. A
little too powerful, I'll wager. Under the new law, just about any
computer department manager could be charged as a felon.
There's no doubt that software companies need help enforcing their
property rights against brazen counterfeiting schemes, as a recent
action brought by Microsoft shows. Its civil suit against Taiwanese
defendants alleges that hundreds of thousands of counterfeit copies of
the MS-DOS operating system were sold to unsuspecting customers. Armed
with seizure orders, attorneys for Microsoft staged elaborate raids on
secret warehouses in southern California, carting off truckloads of
contraband. Use of the new criminal provisions of the copyright law
makes sense in an extreme situation such as this.
But should it be a felony to make ten unauthorized copies of a
program? In public speeches on this topic, I routinely ask members of
the audience how many of them will stand up to declare they have no
unauthorized copies on their hard disks. Only a tiny minority will do
so. This suggests to me that, under the new law, any manager with a
handful or more of employees could be prosecuted and sent to jail.
Software producers, of course, have to protect themselves against more
than the counterfeiters. The software association estimates that its
members lose between $1 billion and $2 billion a year in revenue from
customers who buy fewer copies of business software than they should.
At Lotus, we tried to solve this problem by adopting technical
measures to restrict the copying of files. As I learned to my chagrin,
this approach had the unacceptable consequence of also restricting
legitimate uses by paying customers. Nowadays very few software
producers use copy protection devices. They're too likely to be
broken by serious hackers and too likely to alienate innocent users.
As a simple technical matter, there is no barrier today to anyone
walking off with a $500 product in a shirt pocket, or to a corporate
software customer that wants to use more copies than it is willing to
pay for. But the solution to this problem is not a rigid prohibition
on copying. Even in the overwhelming majority of honest companies,
including many with stringent internal policies, employees routinely
make copies of their applications for use on portable and home
computers, temporary copies for a co- workers, multiple back-up
copies, and the like. Unauthorized copies proliferate. Careful lines
must be drawn, dividing software duplication into three different
grades of behavior: totally innocent copying, unfair use that might
give rise to a lawsuit, and criminal piracy. The new anti-piracy law
fails to make these distinctions.
The software association claims it has no intention to use the
criminal law to enforce essentially civil claims against customers who
make and use multiple copies. ``I don't need to call the FBI to beat
on corporations,'' says Ken REAL NAME Wasch, the association's
executive director. ``There's absolutely no intention of criminalizing
the inadvertent copier in a corporation. We have a very adequate civil
remedy.'' By its own accounting, Wasch's group has done very well in
Nonetheless, with these stiff new provisions in place, I can't imagine
that sooner or later the felony criminal provisions won't be used, in
practice or as threat, against less than obviously flagrant violators.
Here's one scenario: The software association will knock politely and
ask to review XYZ Corp.'s computers for illegal copies. If XYZ refuses
to allow the audit, the enforcers can now do more than file a civil
action. They can threaten to call in the Department of Justice for a
This law is simply prone to abuse. It won't stop piracy, nor will it
contribute to a new ethic that respects the hard work and research
dollars put into application software.
Software vendors could take one step in the right direction by
rewriting their license agreements to be more realistic. Most licenses
don't permit a user to install the same copy of a product twice under
any circumstances, except to make a backup. However, a few companies
permit customers to make multiple installations of a single copy of
software as long as only one copy is in use at any time.
With more executives using a desktop computer in the office and a
notebook computer on the road, broadening the terms of acceptable use
just represents common sense. It would also go a long way to ease
tensions with customers who find themselves uncomfortable at the
prospect of being branded as felons.
We live in a difficult era in which, as Stewart Brand puts it,
information wants to be free, yet it also wants to be expensive. Until
both vendors and users sincerely acknowledge this paradox, efforts to
reduce piracy are likely
Date: Mon, 25 Jan 1993 15:46:08 EDT
From: Paul Brown
Subject: File 5--Re: Pirate Software
At CyberArts International 91 (Pasadena November 1991) Chip Hawkins
(who is CEO of Electronic Arts and previously at Apple) asked how many
of his audience had totally legal software running on their systems.
About 3 (out of 400) claimed they were. Hawkins commented that this
was a typical response regardless of type of audience.
Hawkins commented that new copyright laws are needed that would be
similar to the "reasonable use" regulations that congress introduced
when photocopying became widespread. He commented that congress would
be unlikely to review copyright again so soon after these revisions.
Most commentators seem to be suggesting that much looser controls are
necessary for two reasons:
a. they will encourage more creative, widespread use of software
products and therefore lead to greater overall sales
b. people using bootleg copies will eventually want to upgrade or get
documentation and will get legitimate copies.
Software piracy is a *serious* offence and can lead to serious
consequences. One anti-piracy organization in the UK ran a series of
ads last year in kids comic books encouraging high-schoolers to "turn
in" their teachers if they allowed school systems to be used for
copying. Major financial rewards were on offer.
My kids - who live in the UK sent me copies of the ads which I found
very distasteful and reminded me of the Nazi pressure on youth to turn
in Jewish friends and teachers.
I hope nobody interprets this as a defence of piracy - as an artist
and software writer I believe in due reward.
I am interested in the whole idea of copyright (which is based on the
imperfection of the copying process) needs redefining not we all can
easily make perfect copies (of software or databases).
Date: 05 Feb 93 16:25:34 EST
From: Steve Brown <70511.3424@COMPUSERVE.COM>
Subject: File 6--In Re "Legal Strategy on 2600 Nov. '92" (CuD #5.07)
Response to CUD 5.07, File-3 "Legal Strategy on 2600 Nov. '92
Mall Harassment" by Robert A. Carolina.
Who are you talking about? Just because someone wears a badge and a
uniform does not mean he or she will act a certain way. Security
agents are private agents who protect property and assets for the
owner. Security guards do the same with a state certificate (as long
as you are breathing and have never had a felony conviction). Law
enforcement officers are 24 -hour-a-day public servants who are sworn
to uphold the laws of the state within the parameters of the
Constitution. Private security guards and law enforcement officers
have completely different missions. The former has minimal (if any)
formal training. Why do you think they would act the same?
>>When you combine nervous uniforms (like under-trained mall
rent-a-cops) together with volatile personalities (like hackers
sporting anti-social nick-names) the result is usually a rapidly
escalating level of disharmony. (At the far extreme, disharmony
like this can produce four cops beating the hell out of Rodney
King because he "just wouldn't lie still on the ground". The
point is not to criticize Mr. King, but to make sure that you
don't end up in the hospital. Money awarded by a court is a poor
substitute for missing teeth.)<<
The point is that you are confusing the issues by comparing apples to
oranges. You over generalize and create the impossible. By using the
term "uniforms" you lump law enforcement officers and security guards
together. "Uniforms" implies that since they look alike and use some
of the same tools (gun, baton), then they must act alike and do the
same. This is not likely if they follow different rules, laws,
standards, and training.
>> Fourth, mall cops are not government agents, and as such,
their conduct is (mostly) not governed by the Constitution.<<
This IS true. Unless, the mall SECURITY GUARDS are directed to do
something in behalf of a government law enforcement agency (in this
case the Secret Service). Then, technically, the SECURITY GUARDS
become government agents and are subject to the same formal
procedures. This may have been the case, and you do point this out.
>>Third, recognize that a mall IS private property and the mall
operators can throw you out for little or no reason. Fourth,
mall cops are not government agents, and as such, their conduct
is (mostly) not governed by the Constitution. So what does this
all mean? Basically, Ghandi was right. The ticket to dealing
with obstreperous uniformed mall cops is polite, passive
resistance. The key here is POLITE. At all times, assure the
mall cop that you will obey all lawful instructions. Do not give
the uniforms any reason whatsoever to escalate the scene.<<
>>If you are confronted by a group of threatening looking mall
cops and they hassle you, ask if you are being ejected from the
mall. If yes, then wish the officers a nice day and head for the
nearest exit. If no, then wish the officers a nice day and head
for the nearest exit. (Do you see a pattern emerging? Remember,
you do not generally have a "right" to stay in a mall. Thus,
your best defense from ignorant mall cops is to get the hell off
of their turf.)<<
Once again you are right. "The mall operators can throw you out for
little or no reason." So if that's the case, why would you even want
to stay and ask a bunch of unintelligent questions. As for your
strategy, I think Ghandi would tell you to forget about being polite.
I think he'd tell you to "get the hell out of Dodge." Why you would
encourage anyone to confront "obstreperous uniformed mall cops with
polite, passive resistance" is beyond me. You'd be better off leaving
on your own accord. This would at least insure your chances of a safe
return at a later time if need be. If it is evident that you are not
wanted while on private property (mall or elsewhere) just leave and
take your $$ with you.
Through subtle uses of the English language sectors of society (law
enforcement and the media) have portrayed the would-be criminals
behind a keyboard "as "hackers." There has been a great amount of
ignorance and myth regarding the use of the computer as a criminal
tool. The ignorance has led to the name calling of the people who use
these powerful machines to conduct crimes. They are called "hackers"
when they should simply be called criminals. I can surely understand
how the derogatory use of the term "hacker" could anger the
legitimate computer world. By choosing to use the term "hacker" rather
than criminal, more attention is placed upon the computer, itself,
rather than the person who has done the crime. The derogatory use of
hacker is dehumanizing. By definition criminals have rights; Hackers
and witches do not. Steve Jackson might be a witch (or would it be a
warlock?) in a modern day Salem Witch Hunt.
My biggest concern is your attempt to dehumanize the police in a
similar way. Whether you know it or not (maybe you don't really care),
you have employed the same dehumanizing method in your effort to
portray law enforcement. The computer world should not alienate its
"enemy" through the use of name calling.
Your effort seems to have been to inform people of their legal
recourses during an incident similar to the "2600 Harassment"
incident. The strength of the legal advise given, however, was
weakened by the strategy you chose to use. You have probably confused
a good many people in your attempt to explain sound legal ideas. A
GUARD is a guard. A LAW ENFORCEMENT OFFICER (police, cop) is a law
A uniform unfortunately is what many ignorant people see. It is a
way to dehumanize a person who gives you a ticket when you speed,
prevents you from driving home after a fun night of partying, rushes
your child to the hospital while he or she bleeds to death in a patrol
car, and risks his life to protect yours during a robbery.
Occasionally, he or she has to arrest an individual whether it be for
a crime committed with a computer or not. Often when a police officer
is killed in the line of duty, the news passes like a cold wind. It's
much easier to put a bullet through a uniform than someone with a wife
or husband and children.
Ignorance is a disease of the mind which must be fought, not
only with facts, but with a sound strategy.
Date: Mon, 8 Feb 93 07:17:51 EST
Subject: File 7--Common Carrier Review Request
REQUEST FOR REVIEW - COMMON CARRIER STATUS BILL
Electronic mediums have increased over the years. People have drifted
to communications using E-mail, the Internet, Online services,
Bulletin Board Services, and other services that network computers
A problem that exists, however, involves the legal status of these
information services. AT&T has long ago been proclaimed to be a
"common carrier". Under this status, communications that occur over
their communication lines (the medium), are not held as the
responsibility of that company. People who use that medium are held
responsible for what they say and do, and the carrier is not held
responsible for any crimes (i.e. conspiracy, planning to kill the
What is needed, is a bill that updates the legal status of bulletin
board services to "common carrier" status. This would free carriers
to have concern about how their service was operating, and free them
to stop monitoring conversations, etc. on their services. It would
allow for a greater freedom of speech, free up restrictions (real or
implied) on the businesses, and hold individuals to a greater degree
of responsibility for their actions.
In a ruling for Compuserve in a recent court case, Compuserve was
found to be NOT responsible for child pornography that was being
passed through their online service. They assisted in the catching of
the responsible individuals. The individuals were easily tracked
through usage logs and other electronic means. The users of the
medium were held responsible for their own actions.
Compuserve is not the ONLY online service out there. Internet sites
that offer electronic mail, and bulletin board services that offer
messaging and file transfer services to its users should also be able
to claim "common carrier" status. A bill is needed to make this clear
to the operators, and users of these services.
In order to provide the necessary responsibility levels, system usage
should also have restrictions on anonymity of messages/files. The
system should not be allowed to carry messages or files that originate
from an unknown source. Restrictions on "common carrier" services
should mandate that the service in question be able to identify from
which source it obtained any specific message or file. This will
restrict "common carriers" from carrying, let us say, child
pornography, without knowing where it was obtained and without being
able to trace its source.
Restrictions should also be made to specify a requirement to notify
authorities upon any illegal traffic that may be carried over their
carrier service. The Bulletin Board, for an example, should notify
police personnel about any illegal traffic on their board. However,
these BBS systems should NOT be mandated to oversee all the traffic
that occurs on their systems. Much like the telephone companies,
where traffic is only made known on occasion, BBS operators often do
not read ALL message traffic on their BBS.
I am looking for any comments that others out there may have on this
subject, and I would like to open it for discussion. (i.e. I may be
completely off-base, and if so, I want to know about it.)
Please read this document, and reply to me personally, or through this
Date: 05 Feb 93 11:51:29 EST
From: The Crypt Newsletter <70743.1711@COMPUSERVE.COM>
Subject: File 8--Some Comments on "Approach Zero" (review)
I'm sure a number of your readers have, by now, browsed through the
February issue of Discover magazine and seen the excerpt from another
book on "hackers" called "Approaching Zero," to be published by Random
House. The digested portion is from a chapter dealing with what
authors' Bryan Clough and Paul Mungo call "the Bulgarian virus
While I found it interesting - outwardly a brightly written article -
to someone a little more familiar with the subject matter than the
average Discover reader, it was another flawed attempt at getting the
story right for a glossy magazine-type readership.
First, I was surprised that reporters Mungo and Clough fell short of
an interview with virus author, the Dark Avenger. Since they spent so
much time referring to him and publishing a few snippets of his mail,
it was warranted, even if he is a very tough contact.
In addition, they continually exaggerate points for the sake of
sensationalism. As for their claim that the Dark Avenger's "Mutating
Engine" maybe being the "most dangerous virus ever produced," there's
no evidence to support it. And they continue the hallowed media
tradition of calling the Mutation Engine a virus. It's not. The
Mutation Engine is a device which can be included in virus code to
grant the virus a sophisticated, variable encryption. That's all. It
does not automatically make a virus horribly destructive, that's a
feature virus-writers put into viruses separate from the Engine. And
although the first Mutation Engine viruses introduced into the U.S.
could not be detected by scanners included in commercial anti-virus
software, most of these packages included tools to monitor data
passively on any machine. These tools COULD detect Mutation Engine
viruses, a fact that can still be demonstrated with copies of the
software. It's also a fact that almost everyone covering the Mutation
Engine angle glosses over, if they bother to mention it at all. In any
case, Mutation Engine code is well understood and viruses equipped
with it are now no more hidden than viruses which don't include it.
Of greater interest, and an issue Mungo and Clough don't get to, is
the inspiration the Dark Avenger Mutation Engine supplied to virus
programmers. By the summer of 1992, disassembled versions of the
Mutation Engine were widely available on underground BBS's in this
country and abroad. It seemed only a matter of time before similar
code kernels with more sophisticated properties popped up and this has
been the case. Coffeeshop, a virus mentioned in the original Discover
piece, is just such an animal, although the authors don't get into it.
Coffeeshop utilizes a slightly more sophisticated variable encryptor -
called the Trident Polymorphic Engine - which adds a few features not
present in the Dark Avenger model. It, too, has been distributed in
this country as a device which can be utilized by virus authors
interested in shot gunning it into their own creations. It is of
Dutch origin, produced by a group of programmers operating under the
name "TridenT." They freely acknowledge the inspiration of the
Mutation Engine. Curiously, Coffeeshop is Dutch slang for a place to
pick up some marijuana. Interesting, is it not?
However, the Trident Polymorphic Engine is no more inherently
dangerous than the Mutation Engine. Viruses utilizing it can be
detected by the same tools used to detect Mutation Engine viruses
before those could be scanned.
The reporters also claim that disassembling a virus to find out what
it does is a "difficult and time-consuming process" capable of being
carried out "only by specialists." This is another myth which feeds
the perception that viruses are incredibly complicated and that one
can only be protected from them by the right combination of
It has NO basis in reality. Almost all computer viruses can be
disassembled within 5-10 minutes by individuals with only a modest
understanding of computer programming and access to one or two common
diagnostic programs. The programs are so user-friendly they can even
print out a summary of a virus's key instructions! It's a complete
myth that anyone needs to be some kind of high-powered programming
expert to understand and analyze computer viruses.
And that's what's the most irritating about Mungo and Clough's
research. In search of the cool story, they further the dated idea
that virus-programming is some kind of arcane art, practiced by "manic
computer freaks" living in a few foreign countries where politics and
the economy are oppressive . While it's true that a few viruses are
clever, sophisticated examples of programming, the reality is that
almost anyone (from 15-year olds to middle-aged men) with a minimal
understanding of assembly language can write them from scratch or
cobble new ones together from pieces of found code.
Since everyone's computers DON'T seem to be crashing from viral
infection right and left (remember Michelangelo?), Mungo and Clough,
in my opinion, really stretch the danger of the "Bulgarian virus
factory." This is such an old story it has almost become shtick, a
routine which researcher Vesselin Bontchev (apparently Clough and
Mungo's primary source) has parlayed into an intriguing career.
A great number of the 200 or so Bulgarian viruses the reporters
mention in fear-laden terms ARE already here, too - stocked on a
score of BBS's run by programmers and computer enthusiasts. Mungo and
Clough years." That's an easy, leading call to make because no one
will remember or hold them to it in 2000. I suggest "We don't know."
Now that would have been more honest. But I doubt if it would have
sold as well.
Date: Tue, 02 Feb 93 12:21:31 -0500
From: Gene Spafford
Subject: File 9--For your mailing lists/newsgroups
C A L L F O R P A P E R S
ACMBUL's FIRST INTERNATIONAL COMPUTER VIRUS PROBLEMS AND
5-8 April, 1993 - Varna, Bulgaria
The purpose of the 1993 International Computer Virus
Conference is to provide a forum for anti-virus product
developers, researchers and academicians to exchange
information among themselves, students and the public. ICVC'93
will consist of open forums, distinguished keynote speakers, and the
presentation of high-quality accepted papers. A high degree of
interaction and discussion among Conference participants is
expected, as a workshop-like setting is promoted.
Because ICVC'93 is a not-for-profit activity funded primarily
by registration fees, all participants are expected to have
their organizations bear the costs of their expenses and registration.
Accommodations will be available at reduced rates for conference
WHO SHOULD ATTEND
The conference is intended for computer security
researchers, managers, advisors, EDP auditors, network
administrators, and help desk personnel from government and industry,
as well as other information technology professionals
interested in computer security.
This Conference, devoted to advances in virus prevention, will
encompass developments in both theory and practice. Papers are
invited in the areas shown and may be theoretical, conceptual,
tutorial or descriptive in nature. Submitted papers will be
refereed, and those presented at the Conference will be included in
Possible topics of submissions include, but are not
o Virus Detection o Virus Trends and Forecast
o Virus Removal o Virus Prevention Policies
o Recovering from Viruses o Incident Reporting
o Viruses on various platforms o Emergency Response
(Windows, Unix, LANs, WANs, etc.) o Viruses and the Law
o Virus Genealogy o Education & Training
THE REFEREEING PROCESS
All papers and panel proposals received by the submission
deadline and which meet submission requirements will be
considered for presentation at the Conference.
All papers presented at ICVC'93 will be included in the
Conference proceedings, copies of which will be provided to
Conference attendees. All papers presented, will also be
included in proceedings to be published by the ACMBUL.
INSTRUCTIONS TO AUTHORS
 Two (2) copies of the full paper, consisting of
up-to 20 double-spaced, typewritten pages, including
diagrams, must be received no later than 28 February 1993.
 The language of the Conference is English.
 The first page of the manuscript should include
the title of the paper, full name of all authors, their
complete addresses including affiliation(s), telephone
number(s) and e-mail address(es), as well as an abstract of
o Full papers to be received in camera-ready form by the
Organizing Committee by 28 February 1993.
o Notification of accepted papers will be mailed to the
author on or before 10 March 1993.
o Conference: 5-11 April 1993, St. Konstantine Resort,
WHOM TO CONTACT
Questions or matters relating to the Conference Program
should be directed to the ACMBUL:
Attn: Mr. Nickolay Lyutov
Varna University of Economics
77 Boris I Blvd, 9002 P.O.Box 3
Phone/Fax: (+35952) 236-213
firstname.lastname@example.org (Organizing Committee)
ACMBUL -- Bulgarian Chapter of ACM
email@example.com (Organizing Committee)
ACMBUL -- Bulgarian Chapter of ACM
End of Computer Underground Digest #5.12
E-Mail Fredric L. Rice / The Skeptic Tank