|
Crypt Newsletter #19
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
CRYPT NEWSLETTER 19
Sept-Oct 1993
Editor: Urnst Kouch (George Smith, Ph.D.)
Media Critic: Mr. Badger (Andy Lopez)
TechnoSnort: KohnTark (Harry Shaw)
INTERNET: [email protected]
COMPUSERVE: 70743,1711
[The Crypt Newsletter is a monthly electronic magazine
distributed free to approximately 12,000 readers
on the Internet. It features media handling of
issues dealing with computers and society, news in science
and technology, and satire.]
------------------------------------
IN THIS ISSUE: The guv'mint's not-so-secret war on
citizen encryption . . . Mr. Badger on pansy futurists
. . . Alvin & Heidi Toffler's "War & Anti-War" . . .
The Secret Service bugged by virus . . . Mail theft
at The WELL . . . much more.
US GOVERNMENT STEPS UP ACTION ON CONTROLLING ENCRYPTION
AND THOSE WHO WOULD USE PRETTY GOOD PRIVACY TO SAP AND
IMPURIFY OUR PRECIOUS BODILY FLUIDS
In mid-September, the US government stepped up efforts to
control powerful citizen-held cryptographic software
by convening a Grand Jury to investigate Phil Zimmerman,
principal author of Pretty Good Privacy, for possible
violation of munitions export controls. Simultaneously,
Austin CodeWorks and ViaCrypt, two companies involved
in producing packages containing source code for the
ciphering algorithms employed by PGP, were also brought
into the investigation and served with requests by the
State Department to register as international arms
traffickers, even though neither company had plans to
distribute its products overseas.
These actions are regarded by most familiar with the issue
as part of the National Security Agency's decades
long campaign to restrict the availability of strong
encryption for American citizens. The agency's argument
that the PGP encryption technology must be protected from
foreign misuse is without much realistic merit, since the
software and its source code has been available for some
time from Internet sites from Finland to the University of
California at Berkeley as well as uncountable private and
public bulletin board systems in the United States and
abroad.
On October 3 and 4, The L.A. Times, devoted a two-part series,
to some of these privacy/cryptography issues. But by and
large, the controversy has been overlooked by the rest of
the mainstream media.
"Demanding the Ability to Snoop: Afraid new technology may foil
eavesdropping efforts, U.S. officials want phone and computer
users to adopt the same privacy code. The government would
hold the only key" was the title and subhead of Robert Lee
Hotz's L.A. Times piece.
Hotz focused on Clipper/Skipjack - the Clinton administration's
candidate for an transmission-scrambling telecommunications
chip equipped with a back door - in part, because Mykotronx,
Inc., the manufacturer of the device for the National
Security Agency, is based in Torrance, Los Angeles County.
The newspiece did not delve into any of the recent events
surrounding Pretty Good Privacy and Phil Zimmerman. Pretty
Good Privacy _was_ refered to as "one of the best codes . . .
free and [it] can be downloaded from computer network
libraries around the world"; the people who make up the
citizen-supported cryptography movement as "ragtag
computerzoids."
The L.A. Times series also included statistics documenting the
steady rise in court-ordered wiretapping from 1985 to 1992 and
the almost 100% increase in phones monitored by pen registers -
which record outgoing numbers - from 1,682 (1987) to 3,145 in 1992.
These numbers do not include monitoring by such as the NSA and
said so.
The October 3 installment wrapped up with this succinct bit from
Whitford Diffie, one of the gurus of modern encryption:
"Cryptography is perhaps alone in its promise to give us
more privacy rather than less."
Moving on from The L.A. Times, readers could find interesting
the following hodgepodge of facts, which taken together, lend
some historical perspective to the continuing conflict between
privately developed cryptography and the government.
For example, in reference to the Clipper chip, take the old
story of Carl Nicolai and the Phasorphone.
In 1977 Nicolai had applied for a patent for the Phasorphone
telephone scrambler, which he figured he could sell for $100 -
easily within the reach of John Q. Public. For that, the NSA
slapped a secrecy order on him in 1978. Nicolai subsequently
popped a nut, took his plight to the media, and charged in
Science magazine that "it appears part of a general
plan by the NSA to limit the freedom of the American people . . .
They've been bugging people's telephones for years and now
someone comes along with a device that makes this a little
harder to do and they oppose this under the guise of national
security."
The media went berserk on the issue and the NSA's Bobby Ray
Inman revoked the Phasorphone secrecy order. If the
cypherpunks have a spiritual Godfather, or need a likeness to
put on a T-shirt, Carl Nicolai and his Phasorphone could
certainly be candidates.
About the same time, Dr. George Davida of the University of
Wisconsin was also served with a NSA secrecy order, in response
to a patent application on a ciphering device which
incorporated some advanced mathematical techniques.
Werner Raum, chancellor of the University of Wisconsin's
Milwaukee campus, promptly denounced the NSA for messing with
faculty academic freedom. The Agency backed off.
Both setbacks only made the NSA more determined to exert
ultimate control over cryptography. In an interview in
Science magazine the same year, Bobby Inman stated that he
would like to see the NSA receive the same authority over
cryptology that the Department of Energy reserved for research
which could be applied to atomic weapons, according to James
Bamford's "The Puzzle Palace." "Such authority would grant
to NSA absolute 'born classified' control over all research
in any way related to cryptology," reads his book.
Davida and Nicolai were recipients of what are vulgarly
known as "John Does" - secrecy orders designed to gag
private individuals or businesses. Both were overturned
by the democratic process. However, it is worth noting
that in the last decade the number of newly issued secrecy
orders skyrocketed from 43 in 1980 to 506 in 1991, a
shocking increase.
The restriction and classification of modern encryption
is intimately wrapped up in how classification is applied
and how the United States determines what technology
can be used as arms.
In connection with this, readers see the acronym ITAR - for
International Traffic in Arms Regulation - a lot.
ITAR springs from the Arms Export Control Act of 1976, in
which "The President is authorized to designate those items
which shall be considered as defense articles and defense
services." ITAR contains the U.S. Munitions List, the
Commodity Control List and the Nuclear Referral List which
cover, respectively, munitions, industrial and nuclear-
related items.
Cryptographic technology falls into the Munitions List
which is administered by the Department of State, in
consultation with the Department of Defense. In this case,
the NSA controls most of the decision making, and the
State Department or subordinate organizations become cutouts
in serving the agency's policy.
The Arms Export Control Act (AECA) exists _primarily_ to
restrict the acquisition of biological organisms, missile
technology, chemical weapons and any items of use in production
of nuclear bombs to embargoed nations or countries thought
inimical to the interests of the United States. (Examples:
South Africa, North Korea, Libya, Iran, Iraq, etc.)
That the AECA is used as a tool to control the development
of private cryptography in the US is secondary to its original
aim, but is a logical consequence of four considerations which
the ITAR lists as determinants of whether a technological
development is a defense item. These are:
1. Whether the item is "inherently military in nature."
2. Whether the item "has a predominantly military application."
3. Whether an item has military and civil uses "does not in
and of itself determine" whether it is a defense item.
4. "Intended use . . . is also not relevant," for the item's
classification.
If you're brain hasn't seized yet - often, this is what
the government counts on - you may have the gut feeling that
the determinants are sufficiently strong and vague to allow
for the inclusion of just about anything in the U.S. Munitions
List or related lists of lists.
That would be about right.
---Yes, you too can be an armchair expert on the topic using
acronyms, insider terms, secret handshakes and obscure facts
and references to go toe-to-toe with the best in this
controversy.
Just use these references as Cliff Notes:
1. Bamford, James. 1982. "The Puzzle Palace: Inside The
National Security Agency, America's Most Secret Intelligence
Organization" Penguin Books.
Nota Bene: The NSA really hated James Bamford, so much so that
it attempted to classify _him_, all 150,000 published copies of
"The Puzzle Palace," his notes and all materials he had gained
under the Freedom of Information Act. Of this, NSA director
Lincoln D. Faurer said, "Just because information has been
published doesn't mean it shouldn't be classified."
2. Foerstal, Herbert N. 1993. "Secret Science: Federal
Control of American Science and Technology" Praeger
Publishers. [See underbar review, next.]
3. "Encyclopedia of the US Military", edited by William M.
Arkin, Joshua M. Handler, Julia A. Morrissey and Jacquelyn
M. Walsh. 1990. Harper & Row/Ballinger.
4. "The US and Multilateral Export Control Regimes," in
"Finding Common Ground" 1991. National Academy of Sciences,
National Academy Press.
----------------------------------------------------------
BOOK REVEALS GOVERNMENT PLAN TO WREST CONTROL OF SCIENCE
AND PUBLIC LIBRARIES FROM THOSE WHO WOULD USE THEM TO
SAP AND IMPURIFY OUR PRECIOUS BODILY FLUIDS
"In 1989 the Pentagon classified as secret a set of
rocks -- Russian rocks gathered by Americans, with Moscow's
approval -- from below the surface of Soviet territory.
[According to the classification memorandum] '. . .Those
who want them must be government-certified to handle
secret rocks.' Soviet officials said they were ordinary
rocks . . ."
--from Herbert N. Foerstel's "Secret Science:
Federal Control of American Science and Technology"
Those following the National Security Agency's attack on
Phil Zimmerman and the cryptography algorithms involved in Pretty
Good Privacy might also want to stroll over to their favorite
library and browse Herbert N. Foerstel's "Secret Science," an
interesting book which reviews the increasingly smothering and
anti-democratic government control over technology and science
in the US. Foerstel is the head of the University of Maryland's
Engineering & Physical Sciences Library and his book expends
quite a bit of effort documenting the National Security Agency's
efforts to control and classify any technology - usually
cryptography - which falls within its sphere of interest.
Completely beyond public oversight, the NSA operates almost
entirely behind the curtain of "deep black" classification,
despite, in recent years, a cynical facade of public relations
efforts and "friendly" review of cryptography research.
Foerstal's book recounts the relentless campaign by the NSA to
control cryptographic research funding through the National
Science Foundation and efforts to wrest all independence from
the scientific community through the idea of voluntary prior
restraint. What this translates to, according to "Secret
Science," is that all scientists engaged in cryptographic
research should be gentlemen and funnel all findings to the
NSA for oversight or the agency will use executive mandates to
intimidate and quash those in non-compliance.
Foerstal does not candy-coat the story, pointing out when he
thinks it appropriate, the self-serving agendas and illogic of
government leaders.
For example, Foerstal writes:
"Many in business and government point out the impossibility of
controlling cryptographic software. Indeed, the U.S. has
agreed to let its allies decontrol mass market software
with encryption features, and foreign companies, unencumbered
by munitions-type restrictions are bringing encrypted software
and related services to the international market. The British
have stated publicly that they are permitting the uncontrolled
export of such software, but US software manufacturers are
prevented from selling their products abroad."
Foerstal also compares the price of a brute force solution to
the current dumbed down NSA compliant DES key: $5,000 as
opposed to _$200 septillion_ using the original IBM 128-bit
key.
The conclusion he draws is simple and ugly: Our government
is determined to impede the development and dissemination of
sophisticated cryptographic tools in the private sector, mainly
because it wants to reserve the right to break the privacy of
American citizens when deemed necessary. The rationalization
that national sensitive technology must be kept from foreign
hands is a sham.
It's hard to emphasize how good a read "Secret Science" is!
In addition to amusing stuff on the above passage dealing
with "secret rocks," the book covers the explosion of
classification during the Reagan administration, the drive to
lock up general scientific material in libraries thought to
be sensitive even _after_ widespread international publication
and the FBI's continuing campaign to comb public libraries
for imagined revolutionaries, troublemakers, foreigners or
anyone with foreign-sounding names who accesses
the technical literature.
MR. BADGER SPEAKS: NON-LETHAL WEAPONS, POSSI-PULLITY AND
OTHER CRUEL MENTAL TRICKS DESIGNED TO SOFTEN THE MIND,
WEAKEN THE WILL AND EMPTY THE WALLET OF THE HIGH PROLE
Fortune magazine has seen fit to put out a special issue
on "Making High Tech Work For You: 1994 Information
Technology Guide" (Vol. 128, No. 7). Issues like this
are advertising bonanzas for magazines, so let's note for the
record that over fifty percent of the 170-odd pages are ads
for computer related merchandise and services. [Mr. Badger
knows. He counted. The big winner was UNISYS, with eleven
full pages of ads. IBM wins a consolation prize for advertising
under different headings (Pennant--2 pages; OS/2--2 pages;
PS/2E--2 pages; IBM networks--2 pages)] The articles vary
in quality, so here's a breakdown:
"How to Bolster the Bottom Line"
Mr. Badger gives an initial Ebert/Siskel "Thumbs Up" to any
article starting with this quote:
"Though barely out of its infancy, information technology is
already one of the most effective ways ever devised to squander
corporate assets."
The story does go on to present five companies with a decent
return on their investment. However, this is mind-rotting
boring stuff for folks in the know [which makes up fifty
percent of the this readership]. It's also pretty dreadful
for sociopaths with meager job skills [which makes up the
other fifty percent].
Next, we have:
"Making It All Worker-Friendly"
"When to Be a Beta Site"
"The Future of Travel"
"Me and My Modem"
Four hand-holding articles for managers still perplexed by
infrared TV remotes. What's said: It's better to design
software to work with employees than force employees to
master arcane software packages; beta sites waste a lot of
time and effort getting things to work right; video
conferencing won't eliminate business travel; there's lots
of databases out there with lots and lots of neat-o stuff that
you can call into! No shit, Sherlock. It may not be total
fluff, but it's close.
[Half of us would fall into a glassy-eyed coma over any of
these pieces. The other fifty percent are already in a
default state of stupor to start . . .]
"The Payoff From 3-D Computing"
Mr. Badger gives an automatic Siskel/Ebert "Thumbs Down" to
any article beginning with a two paragraph description of a
scene from "Jurassic Park." Yes, computers can make
pretty, pretty pictures that represent organizational charts,
securities trading, and databases. Yes, computer simulations
are cheaper than actually wrecking cars or practicing surgery
on cadavers. And, yes, it's inexcusable for the author to
ignore the inherent risks of floating large manufacturing and
financial decisions on theoretical models. Crypt readers
[at least, oh say, fifty percent of them] are already aware
that small errors in computer simulations lead to hidden
defects in real products and services; the typical reader of
Fortune magazine is not. With no mention given to the cost
of equipment or the need for programmers capable of
integrating two or three fields reliably, this article ranks
as a nutrient deficient, saccharin-loaded, junk news piece.
While again wandering through the local newsstand I chanced
upon the September-October (1993) issue of "The Futurist."
For the curious, "The Futurist" specializes in articles on
just how wonderful the future will be. [Wink, wink.] This issue
had these gems:
"Non-Lethal Weapons: Alternatives to Deadly Force
Guns that zap,trap, trip, or stun--but not kill--
could be the ideal weapons of the future."
"Conscious Evolution: Examining Humanity's Next Step"
A quick flip through yields strength-through-joy prattle
swaddled in a veneer of self-generated techno-babble. And if
that's not enough, here are more priceless relics from an
article on overcoming "neuroses" that get in the way of
creating the future:
"Future Phobia
Definition: Fear of the future
Disability: Leads to avoidance
Cure: Future Euphoria
Future Skill: 'Possi-pullity'"
"Paradigm Paralysis
Definition: Inability to shift view
Disability: Restricts flexibility
Cure: Ongoing open-mindedness
Future Skill: 'Flexpertise'"
What really caught my eye, though, was an article on "Computer
Monitoring: Pros and Cons." Figuring that the intrusion of
computer monitoring into private and public life would be of
interest (and always willing to write another rubber check for
the sake of a review), Mr. Badger left with a copy. We'll
get to a review of that, but this same magazine had another
piece that sidetracked even the determined Mr. Badger.
"The Plug-In School: A Learning Environment for the 21st
Century" only proves that Mr. Badger is always right. No matter
how captious and peevish he may appear, some newly found source
of treacle proves he was overly kind and optimistic.
Readers recall that in issue #16 of the newsletter, I ridiculed
and criticized a Professor Seymour Papert, an institution at
MIT, for basing his educational philosophy on a non-existent
"Knowledge Machine." Now it appears that David Pesanelli,
"an advanced planner and conceptual designer who develops
communications, environments, and products," has created a whole
new schooling system!
It's long been Mr. Badger's contention that people who watch
more than one episode of Star Trek a week should be branded
with the Mark of the Beast: A clear, indelible stamp that
would relegate the bearer to the back of all bank and postal
waiting lines, reduce pay scale, and allow emergency room
teams to forgo any resuscitation techniques. I am sure Mr.
Pesanelli watches at least 5 episodes of Trek a week!
You think this is some inane non-sequitur on Mr. Badger's part?
Just what do the following sound like:
-Educational Physical Plants
-Mobile Learning Modules in the Core Staging Area
-AIG (Artificial Intelligence Grounder)
-"Transporters" delivering "Containerized Modules"
-Self-guided Mobile Unit
What did you think of? That's right! Pesanelli could be
an ex-screenwriter of Trek! Read the following:
"As the session on robotics careers begins, a section of the
classroom wall slides aside, and the students grow quiet. The
teacher and a robotics expert enter the environment just ahead
of a self-guided mobile unit . . .
"A teaching assistant slides back the cover of the mobile learning
module. Inside are a laboratory's products--microbots. The
module's video camera scans the array of electronic and
mechanical marvels, and enlarged images appear on a suspended
video screen . . ."
Star Trek: TNG or The Plug-In School? Who knows? And who cares?
It's all the worst kind of utopian self-abuse. We won't
quibble with the view that all school children will one day
have portable computers. With economies of scale it could
happen -- after all, our parents couldn't envision the day when
every teenager would have a Walkman. What we ridicule, deride,
and hold in scorn is:
-Presenting a future when every class room has a teacher, a
teaching assistant, and guest speakers who are experts in their
field.
-Presenting a future when architectural firms, crafts companies,
and industrial labs would have the time, money, and inclination
to prepare "stimulating, career-oriented modules" for schools.
This is nothing but taking viable approaches to dealing with
today's educational problems and relegating them to a painless,
cost-free future that may never exist. What's stopping schools
from placing three adults in every classroom, now? What's
stopping schools from seeking the assistance of businesses and
museums, now? All of this can be done _in_the_present_. Of all
the abuses in analyzing the future uses of technology, this is
the most heinous: delaying for the future what can be done
today because in the future it will all work painlessly . . .
But back to article on computer monitoring, much needed relief
after wading through various "consultant's" wet-dreams: "Big
Brother or Friendly Coach?" - written by Kristen Bell DeTienne -
an assistant professor at Brigham Young University. I can't
give a better summary of the article than the author's own
forecasts for computer monitoring:
"1. Monitoring systems will become 'evasion-proof'.
2. Monitoring systems will provide suggestions to
employees for performance improvement.
3. Monitoring systems will give employees access to
information about their own performance.
4. Monitoring will be used as part of a results-oriented
focus.
5. Monitoring will primarily be used as a coaching device.
6. Monitoring systems will facilitate group work
and team-oriented approaches to work.
7. Pay will be more closely connected with employee
performance.
8. The number of electronically monitored employees who
work at home will increase.
9. There will be increased attempts to pass legislation
that regulates monitoring."
There's not much to quibble with: The author draws a good
picture of the present use of employee monitoring and supports
her views well.
While forecast #1 may seem naive, DeTienne is careful to say
that computer systems will become more complex and eliminate
much of the evasion and game-playing that goes on now, not that
such systems will be infallible.
Neither is she shy in pointing out that continual computerized
harassment may cause negative results.
In the end, DeTienne presents a good case for a future where
computers will be used to measure results, leaving the workers
more free to make personal choices. In her view, future systems
will present employees with the benefits of less subjective
methods of evaluation, but at the price of tying their pay
to the new evaluation methods.
Now, Mr. Badger normally refrains from intellectual analysis,
largely because God, having gifted badgers with the attitude
and claws needed for an information society, left them rather
more deficient in cranial capacity. However, I feel compelled
to ask the following question:
"If a computer is capable of consistently and accurately
evaluating an employee's performance, why not have the
computer do the job for the employee?"
Ten years ago, for instance, the local textile plant in Columbia,
South Carolina employed many people. The employees operated the
machinery and evaluated the results. Five years ago, computerized
monitoring started to replace human evaluation of the quality of
the textiles produced. Now the company is introducing
computerized production. People were making the jump from being
the means of production to supervising the means of production.
Computers were making the jump from being able to recognize good
output to being able to produce it.
So, in Mr. Badger's myopic little view, this presentation of
computer monitoring does a good job of reporting the present and
theorizing the near future. He has the feeling, however, that the
near future will be even more of a transitionary state than the
present. In any case, an article that causes even a badger to
think earns Crypt approval.
EDITORIAL CAVEAT:
Some readers have expressed concern over Mr. Badger's apparent
lack of mental equilibrium. Initially, the management of
Crypt Newsletter discounted them.
However, signs of erratic behavior continued to appear this
month.
We laughed when Badger arrived at a local biker bar in Pacoima
on a Honda. We were red-faced with embarrassment when he tried
to sell T-shirts, embossed with "Kinder, Kirche, K che," at a
NOW convention. But when we saw him heading off with several
current articles on the Internet under his arm, we knew the
price for intellectual hubris was about to be paid.
Shortly thereafter we received, wrapped in plain brown paper, a
diskette which carried several files encrypted with
Pretty Good Privacy. A plain manila envelope came the next day.
Inside, torturously printed in lemonade "invisible" ink, was a PGP
public key. Although Badger possessed a Crypt editorial public
key, it appeared he had little knowledge in the use of it,
as some of the files were encrypted with the public key for
another person, someone named "aeneuman." The key written in
invisible ink did not correspond to "aeneuman"'s public key,
or any other key in the Crypt Newsletter keyring.
What follows is a brief extract we _were_ able to decrypt:
"What self-destructive bent could cause a man - or badger - to
read all the tripe being published about the Internet? It's
foul, dark, and rank as only journalism can be. I cannot
remove these horrible and purple-cutesy quotes from my
my mind:
"I Want My Internet: Twentysomethings addicted to funky
on-line service" (J.C. Herz, Knight-Ridder Newspapers)
I sigh and remember; remember the Wall Street Journal
(September 16, 1993) article on commercial users of Internet, The
New Republic (September 13, 1993) article on: Internet. The
Fortune (Special Issue) article on . . . Internet. The
Knight-Ridder news service by-line on . . . Internet.
"Businesses have flocked to the Internet as excitedly as
sea gulls to a clambake." (Fortune magazine, special issue)
We would rant, rave, curse, and rend our garments -- but it does
no good! No use to worry about the city gates once the barbarians
have crawled in through the sewers. The Philistines are among us.
Can death and pestilence be far behind? The brave, new, cyberworld
has publicity and spokesmen, proponents and theorizers, in short,
everything. Everything but a prophet to cry against the heathen
come to destroy the promised land and carry its people
into slavery. There is knocking at the door even as I type.
They have come to gut me like a fish, crack the marrow from
my bones and spread the remains on the wallpaper over the mantel.
Please remember to say Kaddish for me."
Those readers who have knowledge of Mr. Badger's whereabouts
should send crash electronic mail to the Crypt Newsletter at:
[email protected].
DIAL-A-VIRUS REVISITED: THE CREEPING EVIL OF PRIVATE BULLETIN
BOARDS CONTINUES TO SAP AND IMPURIFY OUR PRECIOUS BODILY FLUIDS
[Portions of this article originally appeared in the June
1993 edition of Computer Virus Developments Quarterly
(American Eagle Publishing, Tucson, AZ). Reprinted
with permission.]
They're in your state, they're a phone call away, they seem
to be everywhere: electronic bulletin board systems which
warehouse assembled viruses, logic bombs, booby-trapped software
and commented source code.
Commonly thought in the microcomputer security field to have
been inspired by a system in Sofia, Bulgaria, favored by
the urban myth/virus programmer known as Dark Avenger, North
American virus exchange BBS's have one thing which the eastern
European system lacked: successful client bases. And most of
them are frequented by large numbers of local and long distance
callers who transfer news, viruses, gossip and source code.
According to the May 1993 issue of the British computer security
trade tabloid, Virus News International, the operator of
the Bulgarian system, a student known as Todor Todorov,
classified his BBS in Sofia as "an experiment which failed."
The system, he claimed in VNI, was never particularly active.
This is no big surprise if you've ever tried to make a long
distance phone call into any of the former Iron Curtain
republics. It's a maddening experience you never want to
repeat, reminiscent of extended bouts of listening to old
Cheech and Chong records through a PC speaker. In any
case, rapid long distance phone access is easy in the USA.
In addition, Todor Todorov and the reputed Bulgarian virus-
dispensing system can be regarded as part of the same urban
myth as the Dark Avenger virus programmer due to the fact
that the current generation of American BBS'ers involved in
electronic virus storage have had no direct contact with
"Todor Todorov" other than through poorly substantiated,
cursory reports in corporate security publications and
transient, possibly fabricated, network electronic mail.
In the United States, however, virus exchange bulletin board
systems do exist in some quantity. Indeed, they have
multiplied and whether viewed as the living embodiment of
all computing evil, a great information resource, or just
more crap much like the endless number of systems devoted
to mindnumbing amounts of redundant shareware, pornographic
imagery and/or pirated retailware, they are a fact of life
in cyberspace.
You may be curious, having heard of them only vaguely and
through second hand accounts. It is reasonable to assume
than anyone with a healthy sense of curiosity might wish
to establish for themselves what such systems are like,
free of reliance on designated, perhaps dubious, experts.
Accessing systems which store viruses is much like calling
any BBS. You will need a communications program, a modem
connected to your PC, a handful of phone numbers and, to
make the going easy, a roadmap and letter of introduction.
This article supplies a few numbers to play with,
descriptions of the BBS's and the author's name to drop.
This will get you onto the systems. From there, the caller
is on his own. But not to worry! In over a year of
frequenting virus exchange systems, I never received a file
that wasn't clearly labelled a virus. And it doesn't take
much sense to realize that it isn't purely the milk of
human kindness which would make this so. Keep in mind that,
generally, the sysop doesn't want to chase off users in
a cold sweat over some booby-trapped download which might
provoke a punitive civil action or unwanted attention from
local authorities. The sysop is fully aware, in these cases,
of the controversial and hazardous nature of virus files.
Once you have viruses, however, avoiding shooting oneself in
the foot becomes mostly _your_ responsibility.
Bulletin boards which warehouse viruses are not easily
categorized. Some are very restricted, some are wide open
to new users. Some use commercial BBS software, others
employ "elite" customized software thought only to be
in the domain of dedicated software pirates. On some systems,
viruses are mixed with databases of other hacking/phreaking/anarchy
tools. Others exclude such h/p/a files. And on still more
systems, viruses can coexist uneasily with pirated software,
or large collections of CD-ROM mounted shareware.
Curiously, some systems which warehouse viruses are
extremely heirarchical, almost bureaucratic, in structure
and operation. Some might think this odd when contrasted
with the shopworn hacker cliche: "Question authority; All
information must be free!"
Such systems exist with the sysop at the top a small,
"Der Prozess" Kafka-esque heirarchical bureaucracy, of
sorts. The sysop may be assisted by one or two trusted users
who perform day-to-day, shopkeeping tasks. The most
bureaucratic BBS's are often typified by the use of new user
voting systems in which visitors are required to run a
gauntlet of regulars who cast secret yes/no ballots on the
visitor's worthiness.
Voting can be influenced by results of testing imposed on
the visitor. Such tests are heavy on jargon and insider
language, not unlike pre-employment surveys imposed on
job seekers at various corporations in metropolitan
areas of the US.
Other systems require the visitor to fill out lengthy,
sometimes odious personal information forms, just like
many typical bureaucracies. [Note: validation of this kind
of information is often non-existent or dependent upon the
will of the sysop. That it can be easily bypassed or fabricated
is common knowledge.] I note with wry amusement that
the experienced BBS'er may see little difference
between the operation of virus exchange systems and the
"average" ones he/she is already familiar with.
Access to viruses can be mediated by any number of factors,
including:
--no mediation, virus access is immediate and unconditional
--cash payment required to access viruses
--trade: "unique" virus must be supplied to establish
a surplus balance of trade. Continued access is maintained
by an equitable balance of trade, based upon preference of
the sysop. What constitutes a "unique" virus is determined
by the sysop, if at all.
--"professional courtesy": visitor is recognized, rules
of access relaxed because of source or reputation
--a constantly changing mix of the above
What follows are four thumbnail descriptions of sample
systems which have viruses online (phone numbers
included at end of newsletter):
MICRO INFORMATION SYSTEMS SERVICES in Santa Clarita, CA, is
a perfect BBS for the reader who despises "elite" systems.
With its disarmingly straight name, it presents a suitably
institutionalized corporate facade, reassuring to those who
feel naked without a tie. It is efficiently run, frequented
by moon-lighting computer security wannabe's and features a
large selection of viruses and source code in a reasonably
well-documented file base. If you feel the need of some
cracked entertainment while on line, browse the system's
message echo devoted to the wit and wisdom of Rush Limbaugh.
If you're going to access a virus BBS on company time, MISS
will keep you out of trouble and away from the boss-key.
THE HELL PIT in Wheeling, Illinois, a suburb of Chicago, is
perhaps the busiest of the systems mentioned. It also bears
the distinction of being so well known it bore mention in
John Dvorak's "Guide To PC Telecommunications." "It's a
new hobby, folks," wrote Dvorak with some sarcasm. The Hell
Pit's virus file section is enormous, but no longer as active
as file bases devoted to hacking tools and discussions related
to gossip on systems intrusion and the state of US telephony.
Security workers rub elbows with virus programmers like the
Virus Creation Laboratory's author, Nowhere Man, on Hell Pit.
You must upload a virus to gain access to similar files on
this system.
THE VINE/GREATER CHICAGO INSTITUTE OF VIRUS RESEARCH is another
system with a moniker designed to disarm the white-shirt
brigade. The Vine has a large virus file base and many network
connections, including feeds to and from Fido and UseNet news
groups. Virus access is rules-based on the system, but access
to a handful of working samples is usually available to
most callers who can compose a reasonable letter of introduction
to its sysop, Michael Paris. The Vine and The Hell Pit are
worth mentioning in connection with their location in or
near Chicago, an area with a vigorous hacking community.
DARK COFFIN in the Lehigh Valley of Pennsylvania, a community
which once dislodged Flint, Michigan, of "Roger and Me" fame
as one of the most unlivable places in the United States,
resembles a scaled-down version of The Hell Pit. Virus
access is straightforward, usually had by subscription or
some manner of trade. The sysop is an easy-going student
who aspires to a career in politics.
CITY OF ILLUSIONS in Arcadia, CA, is the closest of
the above systems to the "elite" subset. Virus access
is negotiable, generally contingent upon how the visitor
does in the system's new user voting gauntlet. The
BBS cultivates users who embrace the MONDO 2000
magazine interpretation of cyberspace.
The profiled BBS's are just examples. Many such
BBS's carry ads for even more like-minded systems; by
paying attention to this it becomes even simpler to
find such a system more convenient to a specific area
code.
No claims can be made as to the specific nature of
information gained from any virus exchange system
except that, GENERALLY, it is much less formal, but
similar qualitatively to what can be read weekly
from the UseNet's _virus.comp_ news group. Such systems
also often have file bases essentially identical,
except for more easily accessed viruses, than the
traditional professional and amateur anti-virus bulletin
board systems and Internet sites which exist to service
the on-line world. Recently, this distinction was
blurred even more for a few months by the short-lived
phalcon/SKISM virus-programming group's uuencoded-virus
worldwide fileserver, [email protected], out of Canada.
Sources:
MICRO INFORMATION SYSTEMS SERVICES 1-805-251-0564
THE HELL PIT [New user password: BRIMSTONE] 1-708-459-7267
CITY OF ILLUSIONS 1-818-447-2667
THE VINE/CHICAGO INST. FOR VIRUS RESEARCH 1-708-863-5285
------------------------------------------------------------
IN THE READING ROOM: "WAR AND ANTI-WAR: SURVIVAL AT THE
DAWN OF THE 21st CENTURY" by ALVIN & HEIDI TOFFLER
(LITTLE, BROWN & CO., $22.95)
The Tofflers have been invited into the Pentagon's
blackest secret projects. While there they saw
God, and his name was Mars.
"War and Anti-War" is the stuff which makes editors at
glossy light news magazines hard at night - page after page of
super-weapons and dumbfounding technological breakthroughs. If we
just spend enough money now, it will make the US master of all
techno-states in the near future, capable of waging bloodless,
decapitating war on adversaries ranging from street crime kingpins
to Third World leaders and their followers whom the citizenry
can be propagandized into believing deserve a chrome-molybdenum
electrified cautery saber in the crop.
The Tofflers' world is one where nations metamorphose into
super-information fiefdoms led by computer wielding
hunter-gatherer shamans mad at work custom tailoring computer
viruses, launching spy satellites, manufacturing the odd nuclear
explosive in the basement or buying it from the local tagging
gang led by the disgruntled Russian nuclear scientist, or
fashioning just the right ultrasonic projector to disable the
crowd rioting down at the corner 7-11.
Everyone must become an information supersoldier, and the
professional soldier will be the philosopher king, dean
of academics and leader of the intellectual elite.
The word "struggle" comes up a lot.
Anyway, you either love this book or regard it as the Moslems
might a dysenteric pig loose in the temples of Mecca.
Most of the technological might presented in this book
is either grossly stretched out of scale or outright
lies, but "War And Anti-War" is interesting if you
can recognize the science fiction authors and their works
the Tofflers have borrowed from.
Here's a partial guide:
"The Forge of God/Anvil of Stars" (1987/1992) by Greg Bear
--Replicating mechanistic automatons, computers,
mini-viruses, "Von Neumann machines" wage war, destroy Earth.
In "Anvil," survivors use same technology to destroy
destroyers.
"Footfall" (1985) by Larry Niven and Dr. Jerry Pournelle
--Talking interplanetary elephants realize military
value of space between Earth and Moon, exploit it and
bombard planet from technological high ground not
covered by SDI. Americans realize same, rally survivors
and eventually defeat E.T. elephants, who aren't such bad
pets after all.
"Starship Trooper" (1959) by Robert Heinlein
--Soldiers of the future wear advanced, amplifying
body suit/weapons. They employ computerized smart
bombs to put down insurrections of repellent aliens
on planets oddly similar to Third World nations.
"Colossus/The Fall of Colossus/Colossus and the Crab"
(1966/1974/1977) by D. F. Jones
--The supercomputer network Colossus takes over defense
of mankind, then takes over mankind. Colossus is then
defeated by mankind with help of Martians who are really
E.T. supercomputers bent on world domination. They are in turn,
defeated by a secretly resurrected Colossus who we finally
realize was a buddy all along.
"Neuromancer" (1984) by William Gibson
--Computer wielding hunter-gatherer shamans become prime
movers by manipulation of information space.
"Mystery Science Theater 3000" (1991/1992/1993) by
Joel Hodgson
--Young scientist uses experience gained at think-tank
Gizmonic Institute to program artificial intelligence (AI)
into microprocessor-driven robot puppets, Tom Servo and
Crow. The robot puppets are intellectually superior to
average humans and have a better sense of humor, too.
The Tofflers brag they are "the world's most influential
futurists. [Our] books became the bible of democratic
intellectuals in China." Ain't it the truth.
SECRET SERVICE INCOMMODED BY SATAN BUG: AGENCY SUFFERS
FROM SAPPING AND IMPURIFICATION OF PRECIOUS BODILY
FLUIDS
Recently, the Secret Service was treated brusquely
by a PC computer virus known as Satan Bug. The virus
found its way onto networks operated by the agency in
Washington, D.C., knocked them off-line and so severely
flummoxed technical personnel and administration that
outside help was needed to retrieve the situation.
David Stang, an anti-virus researcher who edited and
published the specialty magazine Virus News and Review
before it went out of business in mid 1992, was called in
and eliminated the virus from Secret Service computers.
Satan Bug was written by a 16-year old hacker from
California who aggressively, and often acrimoniously,
advertised it in telecommunications and hacking forums on the
Prodigy on-line network several months ago. Telephone
numbers for on-line private bulletin board systems which
had the source code and assembled virus were widely
posted by the young programmer, who stated that the
virus used advanced variable encryption to disguise its
code so that it would be difficult to detect with standard
signature-matching anti-virus software.
Satan Bug spreads very quickly on infected computers
and cloaks itself in computer memory using ideas seen
in the Whale virus, a complex, sophisticated puzzle of
a program which inspired the young hacker.
The virus was named after a mid-'70s telemovie starring
Richard Basehart. The movie told the tale of a government
biological weapon capable of sterilizing all life on the
planet "to the last albatross winging its way across the
South Pole," stolen from a secret US installation and a
scientist's lone attempts to find it.
There are a number of commonly available anti-virus
programs which now detect Satan Bug.
STEALING PEOPLE'S MAIL: THE WHOLE EARTH 'LECTRONIC
LINK'S MAILBAG IS RIFLED BY VIRTUAL PEEPER
In early September the on-line service The WELL was
hacked by an intruder who gained complete access
to the system and used it to steal the mail of a
number of users. One of those affected was Netta
Gilboa, the editor of Gray Areas
magazine, a highly-regarded Philadelphia-based
publication which covers the work of hackers and
others thought to be on the fringes of society.
"It was just like electronic rape," Gilboa said
in interview. Gilboa maintained records of
contacts and interviews with people who wanted
their identities protected as well as personal
correspondence in her mailbox. The break-in,
she said, has worried her enough to make her
sick. "But I suppose it's flattering that of all the
people on The WELL, someone would pick my mail to
go through," Gilboa added sardonically.
The break-in was first noticed by U.S. Dept. of
Public Debt security expert Kim Clancy who
maintains contact with hackers throughout the
country as part of her job. Gossip among them made
her realize information was being passed around
that could only have been gained from root -
or top administrative - access on the service.
Clancy notifed WELL supervisors who combed their logs
for evidence and discovered the trail of Gilboa's
hacker.
A few days later The WELL announced to users that
the hacker's work had been discovered, mail had
been accessed and that the original hole had been
sealed. The FBI, according to Clancy, declined to
get involved in the case.
In the meantime, the virtual peeper contacted Gilboa and
talked at length of his exploits, claiming to be
part of a community of Internet surfers who enjoy
stealing private electronic mail and swapping it among
themselves.
Clancy commented in interview that the Internet is wide open;
The WELL and other public Unix systems have always
been hot.
"That's why anyone who has anything they don't
want everyone to see encrypts. It's a necessity,"
she said.
Rumors and claims flew hot and insane on Internet Relay
Chat - an electronic gossip zone which operates in
real time and spans the world network - about grandiose
hacks of WELL accounts and stolen shadow password
files.
Computer underground Digest editor Jim Thomas, who was
also affected by the original WELL peeper characterizes
the chatter this way: "If I had the time, I could do a
paper on poseurs based on the wannabes who claim to have
cracked [Billy] Idol's or [Mitch] Kapor's account . . . lots
of smoke, teeny fire, but until I see better evidence I'm
not inclined to take the talk on IRC very seriously."
Contacts:
Gray Areas: [email protected]
CuD: [email protected]
PRESS RELEASE--CLINTON APPOINTS SCI/TECH CZARS (satire)
(The "press release from Hell" originally appeared in
Computer underground Digest 5.73. It is excerpted
with permission.)
+++
>>The press release from Hell:
President Bill Clinton announced in late August that he would move
quickly to set up a new department, to be headed by newly appointed
science and technology czars Steven Spielberg and Michael Crichton.
"In this new age of information overload," said Clinton in a radio
address, "the United States can no longer entrust its technological
edge to scientists and engineers, alone. For this reason, I am
appointing Steven Spielberg and Michael Crichton as heads of a
superagency empowered to do whatever it takes to keep the United
States an inter-national leader in semi-conductors, biotechnology,
multimedia, publishing, the war on drugs, cold fusion, smart nuclear
weapons, spy satellites, the war on AIDS, dinosaur revivification,
protein sequencing, information superhighway development, virtual
reality gaming and pornographic cybersystems, and all sundry
grandiloquent, meaningless entertainments."
The superagency, to be called the Department Of Ground-breaking
Science, High-technology & Intellectual Twaddle (DOGSHIT) will
revolutionize the scientific process, replacing the obsolete and
stupid approval of new ideas by careful peer review, with a leaner and
meaner more cost effective approach, claim Clinton administration
officials.
According to Crichton's information minister, Michael Eisner, the
author and Speilberg would meet for weekly barnstorming sessions in
which they would comb through current abstracts in SCIENCE and NATURE
as well as breaking developments in OMNI, POPULAR SCIENCE, SPIN,
COMPUTER SHOPPER and INFOWORLD.
"Michael and Steven will sift the wheat from the chaff every week,"
said Eisner. "Active researchers are also invited to send electronic
press releases describing their current work to DOGSHIT's Internet
addresses. These contributions will also be included in the gleaning
process." DOGSHIT's Internet portals, said Eisner, are:
[email protected]; and [email protected].
Ideas, information and data deemed worthy of continued serious study
will be prepared by Crichton into "action memos." "Action memos" can
go any of four ways: into book projects, teleplays, merchandising or
to Speilberg's nationalized conglomerate, AMBLIN/Industrial Light and
Magic for immediate world wide implementation.
"In this manner," said Eisner, "the latest in scientific development
can be fielded with maximum benefit to the American citizen without
compromising the integrity of the scientific method. For too long,
American minds have been the laughingstock of the industrialized
nations; archetyped as scrawny and weak pencil-necked geeks incapable
of punching their way out of virtual wet paper bags. Now, from birth
until death, every American citizen's life will become part of a
continuing educational process. Walk into any mall and cardboard
standees bearing government approved DOGSHIT books will educate the
learning citizen, no matter his or her age, race or color. Television
advertisements and shows will convey all manner of DOGSHIT
technological developments, 24 hours a day. Newspapers will carry as
much DOGSHIT science and technology as willing, and will receive
government subsidies approved by the agency, for doing so. It will be
_the_ paradigm for intellectual excellence in the 21st century and in
its multi-media/multi-pronged strength-through-joy approach, Americans
will use it to conquer the stars and make this a land where, truly,
the sun never sets."
According to President Clinton, Crichton and Spielberg were chosen for
their continuing advancement in all areas of key technologies;
Crichton for know-how in technology transfer issues, molecular
genetics, epidemiology, cybernetic behavior modification and making
difficult scientific concepts understandable to cabbage; Spielberg for
his work in supercomputers, optics, IR/visible spectroscopy, high
energy physics, SETI and time travel.
Crichton and Spielberg were unavailable for comment but a Japanese
man-in-the-street from the home island of Honshu, when informed of the
US's new plan for technological dominance, screamed and said before
collapsing, "We're fucked!"
--------------------------------------------------------------------
MICROSOFT DISTRIBUTES FORM VIRUS by Harry Shaw
Recently, Microsoft unknowingly distributed a variant of
the FORM virus on demo disks for the new Microsoft Publisher
V2.0.
The demo was shipped to countless unwitting users,
including Computer Pictures magazine contributing editor
Eleanor Strothman, who reported the story in the September /
October issue of the magazine, page 8.
According to Mrs. Strothman, she was alerted to the fact
that she had installed (pun intended) a new variant of the
boot sector virus FORM in her computer, via Microsoft's PR
firm, Waggener-Edstrom. The Microsoft flack was quick to
blame the outside vendor responsible for duplicating the
diskettes and emphasized Microsoft's innocence.
A weird and rather useless explanation of FORM was
given: "...the virus only spreads if you reboot the computer
while it is in" (!!!!!??) and " it does not destroy data,
but it can make it (the computer) run slower or give problems
when rebooting."
It is worth mentioning that the FORM infected Microsoft
Publisher V2.0 demo as reported by Mrs. Strothman failed to
function correctly.
Expect FORM infection reports to pop up everywhere. In 1992,
entirely without the help of software developers, FORM passed
Stoned virus as the most common PC computer virus
infection.
Thank you, Microsoft!
Sources:
1. Computer Pictures magazine, September/October 1993, page 8.
2. VIRUS-L Digest v06i132 (#132, 1993)
--------------------------------------------------
Crypt Newsletter editor George Smith lives in Pasadena,
CA. He has been on National Public Radio's "TechNation:
Americans & Technology" and contributed to American
Journalism Review.
©opyright 1993 Crypt Newsletter. If you wish
to use portions of this publication, ask first.
|
|
