Computer underground Digest Sun Apr 10, 1994 Volume 6 : Issue 31 ISSN 1004-042X Editors: J
Computer underground Digest Sun Apr 10, 1994 Volume 6 : Issue 31
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe (He's Baaaack)
Acting Archivist: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Suspercollater: Shrdlu Nooseman
CONTENTS, #6.31 (Apr 10, 1994)
FIle 1--MIT Student Indicted for Internet "Piracy" (MIT account)
FIle 2--MIT Student Indicted for Internet "Piracy" (AP account)
FIle 3--Text of Indictment of MIT Sysop
FIle 4--LaMacchia (MIT Student) Defense Atty Press Release
FIle 5--DO NOT confuse MIT board with legit CYNOSURE BBS in MD
FIle 6--FBI Erroneously Detains 2 "Suspects" at CFP '94
FIle 7--Phil Zimmeran Requests Info on PGP Uses
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send a one-line message: SUB CUDIGEST your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
FTP: UNITED STATES: etext.archive.umich.edu (22.214.171.124) in /pub/CuD/
aql.gatech.edu (126.96.36.199) in /pub/eff/cud/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Date: Fri, 9 Apr 1994 18:21:31 PDT
Subject: File 1--MIT Student Indicted for Internet "Piracy" (MIT account)
((MODERATORS' NOTE: Thanks to a Well poster who made the following
news item from the April 8 issue of the MIT student newspaper (THE
Student Indicted on Piracy Charges
((Documents relating to this story are available on our news
By Josh Hartmann Contributing Editor
Student Indicted on Piracy Charges
A federal grand jury charged an MIT student yesterday on a felony
charge for allegedly allowing the piracy of over $1 million in
business and entertainment software using Athena workstations.
David M. LaMacchia '95 was indicted on one count of conspiring to
commit wire fraud, according to a statement from the U.S. Attorney's
office in Boston. LaMacchia allegedly allowed the duplication of
hundreds of copyrighted software packages between Nov. 21, 1993, and
Jan. 5, 1994, using workstations on the Athena Computing Environment.
"We became aware sometime in December that a computer was being used
to distribute software," said Kenneth D. Campbell, director of the
news office. "That information was turned over to Campus Police and
the FBI. MIT personnel cooperated with the FBI in the investigation."
The incident was discovered when an Athena-user in the Student Center
cluster noticed that an unattended workstation next to him was
behaving abnormally, making frequent disk accesses, according to James
D. Bruce ScD '60, vice president for Information Systems.
The user apparently reported the abnormal behavior to members of the
Student Information Processing Board, who then proceeded to
investigate the matter, according to a source familiar with the
investigation. The SIPB members saw the status of the workstation and
reported the incident to the Information Systems staff, the source
SIPB itself was not part of the investigation, according to Jessie
Stickgold-Sarah '96, the SIPB chairman.
Attorneys for LaMacchia issued a swift denial of the charges late
yesterday, saying LaMacchia was merely the provider of a service which
others used to place and remove files. The statement called the
indictment a test case to "decide whether current criminal law would
penalize a [systems operator] who neither controls what is placed on
the system nor profits one cent from any copyrighted software that
others upload to and download from the system that he and others
create and operate."
Many of the people who accessed the pirated files over the Internet
concealed their location by using an anonymous service in Finland,
The Associated Press reported yesterday that LaMacchia advertised the
server strictly by word-of-mouth to avoid detection. The AP quoted the
indictment as saying that as many as 180 users accessed the server in
one 16-hour period.
DISCIPLINARY PROCESS UNDERWAY
Within MIT, "there was a disciplinary action filed against [LaMacchia]
sometime in January," Bruce said. These proceedings have been halted,
Another anonymous source said that the Office of the Dean for
Undergraduate Education and Student Affairs had received a complaint
in January, but had not decided whether the disciplinary action would
be forwarded to the Committee on Discipline, handled by the Dean's
Office, or dismissed outright.
Dean for Undergraduate Education and Student Affairs Arthur C. Smith
said last night that Institute disciplinary procedures are usually
suspended when a student is charged with such a crime. However, Smith
would not comment on the status of any disciplinary case underway. If
LaMacchia were convicted, he would still be subject to the normal
disciplinary measures within the Institute, Smith said.
LOSSES OVER $1 MILLION
Losses from the illegal software duplication are expected to surpass
$1 million, according to the statement from the U.S. Attorney's
"The pirating of business and entertainment software through
clandestine computer bulletin boards is tremendously costly to
software companies, and by extension to their employees and to the
economy," said U.S. Attorney Donald K. Stern. "We need to respond to
the culture that no one is hurt by these thefts and that there is
nothing wrong with pirating software."
A list obtained by The Tech revealed that MS-DOS games dominated the
server. Among the business software, however, were Aldus Pagemaker 5.0
for Windows, Microsoft Word for Windows 6.0, a beta (pre-release) copy
of a forthcoming operating system by Microsoft code-named Chicago,
WordPerfect 6.0 for both DOS and Windows, a beta copy of Microsoft
5.0, and Aldus PhotoStyler 2.0.
If found guilty LaMacchia could conceivably be the subject of a civil
suit by the software vendors, Bruce said. "It would be entirely
possible for a vendor to make a case that it suffered monetary
damages," he said. "I would think there is some reason [LaMacchia]
could be sued."
Bruce said he thought the Institute's liability would be limited
because of Athena rules prohibiting duplication of copyrighted
LaMacchia did not return telephone calls last night.
Copyright 1994 by The Tech. All rights reserved. This story was
published on Friday, April 8, 1994. Volume 114, Number 19 The story
began on page 1 and jumped to page 13. This article may be freely
distributed electronically, provided it is distributed in its entirety
and includes this notice, but may not be reprinted without the express
written permission of The Tech. Write to email@example.com for
Date: Fri, 9 Apr 1994 18:21:31 PDT
Subject: File 2--MIT Student Indicted for Internet "Piracy" (AP account)
((You might be interested the following AP item. Following an
investigation by the FBI, David LaMacchia, an MIT student, was
indicted April 7, 1994)).
MIT Student indicted for "Internet Piracy"
>From the Associated Press
BOSTON--A federal grand jury indicted an MIT student Thursday on
charges he ran a computer bulletin board that allowed people to copy
more than $1 million worth of copyrighted software for free.
David LaMacchia, 10, a junior at the Massachusetts Institute of
Technology, was indicted on one felony count of conspiring to commit
wire fraud, said U.S. Atty. Donald Stern.
LaMacchia, of Rockville, Md., used the computer aliases "John gaunt"
and "Grimjack," to operate the bulletin board at MIT from Nov. 21 to
Dec. 21, 1993, and from Jan. 3 to Jan. 5, the indictment said.
The bulletin board, named Cynosure, allowed people on MIT's computer
network to copy business and entertainment software, the indictment
Since MIT's system is part of the Internet, a super-network using
telephone lines to link educational, military, and commercial computer
networks around the world, Internet users also were able to illegally
copy the software, Stern said.
As many as 180 people used the illegal software library over one
16-hour period, downloading hundreds of copyrighted commercial
programs, the indictment said.
Date: Fri, 8 Apr 1994 04:09:47 GMT
From: firstname.lastname@example.org (jason n gull)
Subject: File 3--Text of Indictment of MIT Sysop
I thought this might be of interest to many. A federal grand jury in
Boston returned an indictment this afternoon, charging a 20-year-old
MIT student and sysop with conspiracy. The indictment alleges the
student, David Lamacchia, created and maintained a BBS/FSP site on the
internet, on which pirated software was exchanged.
UNITED STATES DISTRICT COURT
DISTRICT OF MASSACHUSETTS
UNITED STATES OF AMERICA | CRIMINAL NO. 94-10092RGS
| 18 U.S.C. Sect. 371 - Conspiracy
US v. DAVID LAMACCHIA
_COUNT ONE_: 18 U.S.C. S 371 - Conspiracy
The Grand Jury charges that:
1. From on or about November 21, 1993, to on or about
January 5, 1994, at Cambridge, in the District of Massachusetts,
and elsewhere, DAVID LAMACCHIA defendant herein, did knowingly
and intentionally combine, conspire, confederate, and agree with
other persons unknown to the Grand Jury, to commit offenses against
the United States, that is, to devise and execute a scheme and artifice
to defraud, and, for the purpose of. executing and attempting to
execute such scheme, to transmit and cause to be transmitted in
interstate commerce, by wire communication, writings, signs, signals,
pictures, and sounds for the purpose of executing such scheme and
artifice, in violation of Title 18, United States Code, section 1343.
_PERSONS AND ENTITIES_
2. At all times material to this Indictment, the
Massachusetts Institute of Technology (MIT) was an educational
institution located on Memorial Drive, in Cambridge, Massachusetts.
3. At all times material to this Indictment, defendant
DAVID LAMACCHIA was a student enrolled in and resident at MIT.
4. At all times material to this Indictment, MIT had a
connection to the Internet, an international collection of
electronic networks linking educational, military, and commercial
computers around the world.
_CONSPIRACY AND SCHEME TO DEFRAUD_
5. It was part of the scheme and conspiracy that defendant
DAVID LAMACCHIA, using the computer aliases "JOHN GAUNT" and
"GRIMJACK," set up, participated in setting up, and, from on or
about November 21, 1993, to on or about December 21, 1993, and
from on or about January 3, 1994 to on or about January 5, 1994,
operated and participated in the operation of a computer bulletin
board system named "CYNOSURE" to permit and facilitate, on an
international scale, the illegal copying and distribution of
copyrighted software, without payment of software licensing fees
or the software purchase price to the manufacturers and vendors of
the copyrighted software
6. It was further part of the conspiracy and scheme to
defraud that defendant DAVID LAMACCHIA operated, and
in the operation of, "CYNOSURE" on two computer work stations
owned and operated by MIT, located at Cambridge in the District of
Massachusetts. The two work stations were designated "CYNOSURE I"
and "CYNOSURE II." In addition, a third MIT computer was utilized
for back-up files and other purposes associated with running
7. A computer bulletin board system ("BBS") consists
essentially of a personal computer on which is installed a
computer program which permits persons all over the world, using
their own computers and telephone lines, to obtain access to the
BBS computer. Persons thereby obtaining access to the computer
BBS may post files and messages to the board ("upload"), and may
read and copy files and messages ("download") to their own
computer. The messages that may be uploaded or downloaded can
consist of virtually any type of data or information, including
other software programs. The CYNOSURE BBS was accessible
worldwide via the Internet.
8. In using the MIT work stations for the purpose of
running a computer BBS to pirate and distribute copyrighted
software, LAMACCHIA exceeded his authority, as an MIT student, to
access and use the MIT computer system and its connection to the
9. It was further part of the conspiracy and scheme to
defraud that the defendant, using the computer aliases "JOHN
GAUNT" and "GRIMJACK," communicated to other persons the
address (or "site") for the CYNOSURE BBS to permit them to send,
by means of interstate and foreign wire communication, files and
messages to the BBS and to avail themselves of the opportunity to
copy and cause to be transmitted by means of interstate and
foreign wire communication, computer files stored on the BBS. The
users of the CYNOSURE BBS often hid their identities by using an
Internet address located in Finland which afforded an anonymous
10. It was further part of the conspiracy and scheme for
users to "upload" computer files into the CYNOSURE BBS in order to
create a library of software that could be accessible to other
users who, without paying a purchase price or licensing fee, could
unlawfully download copyrighted software to their own computer
systems. Files downloaded to an anonymous Finnish Internet
address service would then be surreptitiously forwarded to the
user's own computer system.
11. It was further part of the conspiracy and scheme to
defraud to circulate the CYNOSURE BBS address to a trusted network
of computer users in order to protect the BBS from detection, and
to communicate with BBS users by posting "README" files on the
BBS. In these communications, which users would access through
interstate telephone communication between their computers and
MIT server upon which the CYNOSURE BBS was resident, the
defendant: advised users to check the CYNOSURE I index before
uploading files so as not to duplicate existing files; requested
particular copyrighted software; and cautioned against
over-publication of the Internet site address for the bulletin
board in order to reduce the risk of detection by the "net.cops,"
i.e., systems administrators and network security personnel.
12. In fact, however, as defendant knew, the site address
for the CYNOSURE BBS was disseminated widely and indiscriminately
over public electronic networks, and as defendant knew or
reasonably could have foreseen, traffic into and out of the
CYNOSURE BBS for the purpose of unlawfully copying copyrighted
software quickly became enormous. For example, approximately
contacted the BBS over a single 16-hour period of time it was in
downloading hundreds of computer software files containing
commercial programs during that same period.
13. As a result of the conspiracy and scheme to defraud, losses
illegal distribution of the pirated software are estimated to exceed
million dollars during the period the CYNOSURE BBS was in operation.
14. On or about November 24, 1993, at Cambridge, in the District of
Massachusetts, defendant DAVID LAMACCHIA created a "README"
file on the CYNOSURE BBS which stated,
Welcome to the Cynosure FSP site.
The site currently has about 150 megs of space, so go ahead
and upload. Let's get this site going!
New files should be uploaded in a new directory under
-- GrimJack, your sysop.
15. On or about December 4, 1993, at Cambridge, in
the District of Massachusetts, defendant DAVID LAMACCHIA
created, and participated in creating, a "README" file on the
CYNOSURE BBS which stated,
Welcome to the Cynosure I FSP site.
This site has a total of 193 megs of space.
This is a download-only site. If you want to upload (please
do!) on Cynosure II at 188.8.131.52 port 2433.
-- gJ (a.k.a. Gaunt,
"FSP" refers to "file service protocol." It is used to facilitate a large
volume of file activity without causing the system to "crash."
16. On or about December 9, 1993, at Cambridge, in the
District of Massachusetts, defendant DAVID LAMACCHIA created
a "README" file on the CYNOSURE BBS which stated: "Use this
directory for sending private pgp-encoded
messages to other users. -- John Gaunt"
17. On or about December 14, 1993, at Cambridge, in the District of
Massachusetts, defendant DAVID LAMACCHIA created a file on the
CYNOSURE BBS called "reqs.from.gaunt" which stated:
If anyone has this stuff, I'd appreciate it.
Sim City 2000
Excel 5.0 (Windoze)
WordPerfect 6.0 (Windoze)
And if you run a site, drop me a line in the to_sysop
directory. I'm also interested in cool sites people
use, trading other info, etc. Thanks . . .
-- John Gaunt, sysop.
18. On or about December 21, 1993, at Cambridge, in the
District of Massachusetts, defendant DAVID LAMACCHIA created a
"README" file on the CYNOSURE BBS which stated,
Cynosure II is currently acting as the upload site, and we're
periodically moving stuff to Cynosure I and deleting old stuff
Before you upload, make sure you're not putting something
up that's already on Cynosure I. Check there at 184.108.40.206
port 2433 to make sure, or look at the Cynosure I index for a
This is the second time I've caught some luser
publicizing the site address on #fsp over IRC. And
since I don't use it that much, I don't even want to
think about how much of this goes on. Think you guys: this
is what leads to a site getting purged, especially when you go
around spitting out site address to whomever (especially since
I was warned that two of those
online at the time might have been net.cops). If you're tempted
to give out the site: DON'T DO IT.
If this keeps happening that two things will happen (1) this
site will close and (2) its new incarnation will be private. So
think about it, ok?
Writing is back on for the meantime. It will probably go
off sometime tonight, since I'll be out of town. I "may" put
it back on while I'm gone . . . I'll see how things work out.
-- John Gaunt
"IRC" refers to the Internet Relay Chat, which functions like an
electronic CB radio over the Internet, permitting numerous users to
to a "channel" simultaneously.
19. On or about January 4, 1994, at Cambridge, in the
District of Massachusetts, defendant DAVID LAMACCHIA and
others whom he aided and abetted rebooted the CYNOSURE BBS,
i.e., reloaded the bulletin board software, to permit access over the
20. On or about January 4, 1994, at Cambridge, in the District of
Massachusetts, defendant DAVID LAMACCHIA created and
participated in creating
a file on the CYNOSURE BBS, stating:
Welcome to Cynosure I.
Cynosure II is currently down. Cynosure I is temporarily up.
CYNOSURE IS MOVING!!! Read on. . . .
Well, if you've waited this long we thank you for being a
dedicated user throughout our hiatus. While we were gone
the site was wiped clean. Everything on this machine and all
our off-line backups was lost.
This is disappointing. While it may not be the result
of being found by the net.cops, I still believe the site
was too public. Lusers were distributing the address
freely over IRC and to people they didn't trust.
Usually, the result of this for a site is for that site to
move and go private, so it doesn't happen again. I'm
going to try something else.
Cynosure is one of the last public sites, so I'm going
to keep it that way: if we're forced to go down again
because of lamers, I will probably have to go private.
So, hopefully, with controlled distribution of the
new address, this won't happen.
The move will happen soon. Distribution of the new
address will be limited at first, unlike last time.
Mongoose and I are currently hacking
a new loction that will (1) be more secure and (2) handle
a lot of the problems the site currently has (if you don't
know about it, don't worry).
Anyway, thanks again for sticking with us. Again, I'm
only leaving Cynosure I up while we move. It's better than
See you all on the net.
-- John Gaunt
All in violation of Title 18, United States Code, Section 371.
A TRUE BILL
Foreman of the Grand Jury
Jeanne Kempthorne [signed]
Assistant United States Attorney
DISTRICT OF MASSACHUSETTS; April 7, 1994, at 4:01 p.m.
Returned into the District Court by the Grand Jurors and filed.
Date: Sat, 10 Apr 1994 23:51:32 PDT
Subject: File 4--LaMacchia (MIT Student) Defense Atty Press Release
((MODERATORS' NOTE: We had not received permission to publish the
following press release from LaMacchia's attorneys from the poster on
a public access system by CuD press time. Because it's a public
document, and because of its importance, we assume that permission
would be granted pro forma)).
_Response of Defense Counsel to the_
_United States Attorney's Indictment of David LaMacchia_
Sadly, the United States Attorney for Massachusetts, Donald K.
Stern, has chosen in this case to attempt to exert control over the
use of the Internet and computer communication by an inappropriate
use of *criminal* law. It is almost always inappropriate to use
criminal prosecution, as opposed to legislative deliberation, to mold
the law in new and gray areas, as this area most certainly is. It
requires a stretching and bending of existing criminal statutes never
meant to be employed as the U.S. Attorney seeks to employ them, which
is precisely why, rather than prosecuting an individual, he or the
Department of Justice should be asking Congress to determine, clearly
and unequivocally, what conduct is criminal and what conduct is not.
An indictment is particularly inappropriate in this case. In
indicting David LaMacchia, a 20-year-old junior at M.I.T., the U. S.
Attorney and his staff are trying to brand as a computer systems
operator (a so-called "SYSOP" in computer jargon) as a criminal, for
what *other* people place on, and take off of, a computer system that
the SYSOP creates and maintains but does not control. It is not at
all clear that a SYSOP who neither controls what is placed on the
system nor profits one cent from any copyrighted software that others
upload to and download from the system (that he and others create and
operate) has committed *any* crime. In short, this case raises the
hotly disputed question of whether the operator of a "common carrier"
may be held criminally responsible for the manner in which others use
his communications system. Obviously, the people who run the
telephone company and who publish newspapers should be watching this
case carefully, lest they find themselves criminally responsible for
misuses of their communications media and systems.
The United States Attorney is quoted in _The Boston Globe_ of
April 8, 1994, as saying that the role played by young LaMacchia in
this case demonstrates an "intent to illegally distribute" software
placed on and taken off the system by others, and that this "takes
this far beyond the bounds of the First Amendment." On the other
hand, Harvard Law School Prof. Laurence H. Tribe, widely acknowledged
to be the foremost constitutional scholar of our time, is quoted in
the same edition of the _Globe_ as describing this prosecution as an
"excessive" use of "the criminal justice system to police the outer
boundaries of property in these gray areas, where it can't be alleged
that someone is deliberately profiting." We believe that the outcome
of this case will vindicate the view of Prof. Tribe rather than the
less educated view of U.S. Attorney Stern and his assistants.
If the government wishes to outlaw the activities in which David
LaMacchia is alleged to have engaged, it should ask Congress to pass
a statute clearly making such conduct criminal. We frankly believe
that the Department of Justice would have trouble convincing Congress
to do so, because of the troubling statutory, constitutional, and
policy problems involved. So, instead, the U. S. Attorney will use
this to case as a vehicle to try to convince the federal courts to
make David LaMacchia into a felon by stretching and mangling the
meaning of certain existing criminal laws.
David LaMacchia's conduct was not in violation of the criminal
law, and we are confident that the courts will agree with us. It is
unfortunate that this young man -- among the best and the brightest
that our society produces -- will have to suffer while this process
goes forward. Given the explosion of violent crime and other
criminal pathologies in our society, one would think that the U. S.
Attorney's staff of lawyers and FBI agents would have better things
to do with their time and the taxpayers' money than to imitate
guppies, the fish that devour their own young.
We and our client hope to have much more to say about this case and
its implications at that point in time when we are able to say more.
Meanwhile, we ask that David LaMacchia be accorded the presumption of
innocence to which our Constitution and laws entitle him. We ask
that all citizens concerned with liberty and fair play follow this
case closely and then, at the end, ask some hard questions about the
motives and judgment of the prosecutors who have brought this
* * * * *
Harvey A. Silverglate
Silverglate & Good
89 Broad Street, 14th flr
Boston, MA 02110-3511
Tel (617) 542-6663
Fax (617) 451-6971
Zalkind, Rodriguez, Lunt &
65A Atlantic Avenue
Boston, MA 02110
Tel (617) 742-6020
Fax (617) 742-3269
Counsel for David LaMacchia
Dated: April 8, 1994
Date: 10 Apr 1994 20:05:23 GMT
From: email@example.com (Douglas I. Granzow)
Subject: File 5--DO NOT confuse MIT board with legit CYNOSURE BBS in MD
On Thursday, April 7, 1994, David LaMacchia, 20, of Rockville,
MD, was indicted on wire fraud charges for the operation of an FSP
site at MIT, which distributed commercial software. The site was
I'm posting this because I run a BBS called Cynosure Online,
and I want to immediately clear up any confusion over his systems and
my system. Cynosure Online is not connected with Cynosure I/II in any
Cynosure Online has been in operation since January 28, 1987,
and has never allowed software piracy. The BBS started using
"Cynosure" in its name around September of 1992. Previously, it was
called "The II Sysops BBS", and was the offical BBS for a bi-monthly
newsletter (called "II Sysops") for operators of Apple II based
bulletin board systems. The name Cynosure was selected for its
uniqueness. The BBS has moved from the Apple II based ProLine
software to a multi-line version of Wildcat, running on a 486
computer. The BBS has offered its users Internet email and Usenet
news since it began using the ProLine software in 1991.
Anyone with any questions concerning Cynosure Online should
contact me at firstname.lastname@example.org.
Douglas Granzow, sysop of Cynosure Online (410-781-6271), Eldersburg, MD
Date: 31 Mar 94 07:39:22 CST
Subject: File 6--FBI Erroneously Detains 2 "Suspects" at CFP '94
((MODERATORS' NOTE: The FBI detained two participants of the CFP '94
conference in March. The following is a summary by an attendee, Sean
Harp. In the second incident, described below, the FBI was looking
for an "Agent Steal," the handle of a suspected felon. They in fact
did apprehend "Agent Steele," but the wrong one--Robert Steele, the
target and a conference attendee, could draw from his CIA background
to claim the sobriquet. He indicates that the FBI was looking for a
youngish male with a wooden leg. When a naked middle-aged man answered
the FBI's knock on the hotel door first claiming "room service," and
then "FBI," it took, he said, about 60 seconds to clarify the error.
Our account of the "Agent Steal" incident differs a bit from the
account presented below, but the essentials--an FBI goof and
obvious attendance and perhaps monitoring of the conference seem
Within a 24 hour period at the Computers, Freedom and Privacy '94 conference
the FBI "detained" (arrested) two people the FBI thought were fugitives. In
both cases they turned out to be the wrong person, and released.
At the conference banquet on Thursday evening Jim Settle, a FBI agent, and
a young person happened to be seated at the same table. The person's real
name (on his conference badge) happened to be an alias that had been
used by Kevin Mitnick in the past. The name seemed familar to Jim
Settle, who ran an National Crime Information Center (NCIC) check, and
came up with the arrest warrant for Kevin Mitnick. There was also,
apparently, a poor quality picture and physical description that could
be claimed matched the person at the conference. "Multiple" FBI agents
confirmed that the description matched the person at the conference.
The FBI obtained a subpena for the hotel records. At 6am, the FBI entered
the hotel room where the person was staying with several friends (who informed
the agents the person was not Kevin Mitnick) and took the person to the
Chicago FBI field office. He was fingerprinted, and the prints were FAXed
to Washington, D.C. for comparison. It turns out there isn't a qualified
fingerprint analyst at the local Chicago FBI office. About 30 minutes
later, the report comes back that the fingerprints don't match. The FBI
apologized to the person, and returned him to the hotel. At lunch on
Friday, the chair of CFP'94 mentions the mistaken identity "arrest." On
Saturday, New York Times reporter Peter Lewis mentioned mistaken arrest
in his story on the CFP'94 conference on the front page of the NYT business
Jim Settle mentioned, since this person's physical description and real
name matches an alias used by Kevin Mitnick, this could happen to that
person again if he is ever stopped by the police (traffic ticket, whatever)
and they run an NCIC check. He suggested that the person contact him at the
FBI - National Computer Crime Section (Jim's phone is in the conference
attendee list) and he'll tell the person how to quickly verify to the police
he isn't Kevin Mitnick.
A 5 foot 6 inch tall brown/black long hair person was mistaken for
a 6 foot 5 inch tall blond hair fugitive called "Agent Steal." Once
again, "multiple" agents made the identification. I don't remember
anyone mentioning when the FBI first suspected this person was Agent
Steal. In this case the FBI didn't know what room the person was
staying in, so the agents waited for over two hours on a couch by the
elevators in the hotel. This person was stopped when he got off the
elevator, told a story about looking like a suspect in the World Trade
Center bombing, and asked to show the FBI agents his leg. As I heard
the explanation, Agent Steal has a steel or artificial leg. Since
this person didn't have an steel or artificial leg, he was released.
The person who was stopped estimated he was detained about 15 minutes.
Date: Sat, 9 Apr 1994 21:18:54 CDT
From: Alan Westrope
Subject: File 7--Phil Zimmeran Requests Info on PGP Uses
((MODERATORS' NOTE: The following has circulated during the past few
weeks over the Nets. We lost the original source(s) who sent it over,
so thanks to all of ya who did. The author is Alan Westrope (see
address below). Although he wasn't the one who posted this to us, we
put his address in the "From:" line to facilitate responses)).
To all PGP users:
We've all heard arguments raised by the law enforcement and
intelligence communities that PGP and other encryption technology can
be used by criminals to hide their activities. This line of
reasoning is being used to justify Government key escrow systems like
Clipper, and to clamp down on encryption technology like PGP. It
would be helpful to come up with real-world examples of how PGP has
been used for good constructive purposes. Journalists sometimes ask
me for examples of positive uses for PGP. But most of my fan mail
from PGP users do not tell me what they are using it for.
If you have any stories about how PGP is used for good purposes, I'd
like to see them. Not just disaffected paranoid libertarians
embracing it for the theoretical benefits for a free society. We
need to be able to cite examples of real people using PGP for good
ends. Human rights activists using it are a great example. But it
doesn't have to be in the Nobel-Prize winning catagory of human
endeavor (although that would be nice). It could just be any
positive upbeat application that normal people can relate to in a
positive way, so I can tell reporters about it. I'd like to hear
(actually, see some email) from real people who are actually using
PGP for good things.
It could be for helping others, like protecting HIV patient records,
or keeping psychological counseling records. Or conducting good
wholesome business that must remain confidential. Or lawyers using
it to maintain confidential records and communications with their
clients. Or, it could be for your own personal life, but for
wholesome upbeat uses, like sending love letters (you don't have to
supply any actual love letters), or keeping your diary.
For those that don't know what PGP is: Pretty Good Privacy (PGP) is
a free software program that encrypts email using public key
cryptography, allowing you to communicate securely with people you've
never met, without the prior exchange of keys over secure channels.
PGP has become the worldwide de facto standard for email encryption.
It's available on many Internet FTP sites and BBS systems.
Please send me some email (to email@example.com), with the subject line
"Positive uses for PGP", so that I can quickly sort it out from the
rest of my email. If it's a really good story, I may want to use it,
so let me know if I can and if I can give reporters the information.
You might not get a reply-- it depends on how much mail I get or how
busy I am when you send it.
There is no prize for the best story, but for what it's worth, I'll
sign the public key of the person who submits the best story by
Monday, April 11th. But keep sending stories after that date if
you've got them.
This notice can be copied and reposted on any newsgroup or mailing
list that is likely to be familiar with PGP.
As I recall, the in-person validators sometimes use PGP to authenticate
their messages to Andrew, and there's a text file somewhere on Nyx
containing instructions for this procedure. If I'm correct, could
some kind soul tell me the name of this file so I can pass the info
along to Phil?
Alternatively, if someone familiar with the process wants to send email
to Phil, go for it! (Please post a reply here if you do this, so he
doesn't get duplicate messages about it. Some luser posted an April
Fool's message about him being arrested, resulting in a torrent of phone
calls and email, which he's probably still plowing through...)
End of Computer Underground Digest #6.31
E-Mail Fredric L. Rice / The Skeptic Tank