|
Crypt Newsletter #32
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
CRYPT NEWSLETTER 32
June - July 1995
Editor: Urnst Kouch (George Smith, Ph.D.)
Media Critic: Mr. Badger (Andy Lopez)
INTERNET: 70743.1711@compuserve.com
[email protected]
[email protected]
COMPUSERVE: 70743,1711
Boys and girls, Crypt 32 is a toothsome one for your mid-Summer reading
pleasure. We kick-off with the usual shredding of generic quacks and
hacks in the mainstream news services, this time in connection with the
Rimm report's alleged expose of 'net filth. Mr. Badger - our own
would-be Spengler - returns to report on flunking a course in
computer science, what can be learned from Kaiser Bill this month
and his usual mentally ill but still ascerbic media review. Badger
also reveals the Internet stinks. Wow! That's really news! Back
in the real world, you can peruse a story on English virus writer
Chris Pile, now entangled on the razorwire of English justice for
being bad to the tune of half a million pounds. Woeful employees of
hard disk manufacturer Quantum spill the beans to Crypt Newsletter
about the company's joint effort with Symantec to make virus-resistant
computer hard disks pre-loaded with a heroin-like dependence on the
Norton Anti-virus. Well, there's more, too - but it's time to let
you at it.
IN THIS ISSUE: A revisit to computer culture and media images . . .
Mr. Badger flunks a comp-sci course, flagellates TIME magazine and
Kaiser Bill, The Nation and reviews "Resisting the Virtual
Life". . . Mark Ludwig and an infowar Windows 95 virus . . . Chris
Pile, U.K. virus writer, meets Judge Dredd . . . Quantum teams with
Symantec on virus-resistant hard disks . . . University of Hamburg
grad student tilts at Computer underground Digest and EFF.ORG for
"distributing viruses". . . More for the Mitnick files . . . Crypt
on Compuserve.
RIMM JOB: A REVISIT TO COMPUTER CULTURE AND MEDIA IMAGES
[The original "Computer Culture and Media Images" was published in
Computer underground Digest 5.65, an electronic magazine edited and
published by Northern Illinois University faculty member, Jim Thomas. The
review was drafted after a reporter for The Contra Costa
Times in central California profiled a series of public bulletin
board systems in the San Francisco Bay area known as the NIRVANAnet.
The news piece was remarkable for its naivete, snide insinuation that the
network was involved in illegal activity and the complete failure of the
newspaper reporter to allow the managers of the network to speak for
themselves, a paint-by-numbers approach to on-line journalism that is very
common. As time goes by, the Crypt Newsletter has noticed the more
things change, the more they stay the same. The last six
months of 1994 - no, make that the entire year - were devoted to a
grandiose computers-and-networking hype by the mainstream media
launched under the rubric of the "revolutionary age of information." The
information highway scoop, as described by the same generic reporters that
turn in stories similar in scope to The Contra Costa County
Times/NIRVANAnet fiasco, was the first half of the trip down a new
yellow brick road to the great and powerful Oz of national rebirth.
By mid-1995, the same media goofballs had cast themselves as snarling
Toto's, suddenly pulling back the curtain on a carnal on-line cheat
of monstrous proportion, quite probably capable of scarring the
children of honest Americans for life. The U.S. Congress, packed with
as excessive a population of fork-tongued hypocrites, stone fools and
pettifogging tallywhackers as can be found in western civilization, has
been quick to act to slay the twin demons of cyberspace: smut and bombs.
"Rimm Job: Computer Culture and Media Images Revisited" is a dust-off of
my original piece, updated to illustrate how predictably idiotic and
puppet-like the media has been on the story.]
In 1993, after reviewing numerous stories on computer culture dating
back to 1990, Mike Liedtke's Contra Costa Times piece on the
NIRVANAnet BBS's came off as just one more example of a stupid genre:
paint-by-numbers journalism, so predictable it's a cliche. The locales
were shifting, the names changing but the overemphasis on the menace to
society posed by superficially threatening but essentially trivial
computer file "how-to's" on bombs, drugs, hacking and non-specific
hell-raising remained the same. Unfortunately, through 1993 and
today, so has the expertise of reporters.
Locked into some kind of "ultimate computer goober" never-never
land, there has never been a lack of writers who turn in stories
which are painfully unsophisticated, plainly inadequate, sensational
or pandering for the sake of cheap, momentary outrage. It's damnable,
because the picture which emerges is one of mainstream journalists who
ought to know the lay of the land, but who either won't pick it up or are
being deliberately disingenuous in their work.
By contrast, the lack of skill didn't hinder the mainstream media,
or even slow it down, in being a conduit for countless fluffy, trend
stories on the information superhighway, all equivalent to junk mail.
The result, as it continues, is an abundance of useless information
that no one wants. And as the deluge increases it becomes harder and
harder to get anything of substance across which doesn't enrage, shock
or appeal blindly to prurient interests.
So, the users of the NIRVANAnet systems thought the news media
arrogant in 1993. And they complained about it. Loudly. The current
shaking of the cyberfists and stamping of the cyberfeet at Congress
over the Exon/Coats bill, while a pathetic spectacle on the part
of 'netizens who seemingly lack even the horse sense to realize they're
part of the problem too, was similarly not just a scream of wounded
pride or the surprised squeak of slimy characters exposed when their
rock was overturned. It was justified.
Why?
Take, for example, a news piece which appeared way back in 1990 in
The Morning Call newspaper of Allentown, PA.
The Call had discovered a now long gone "underground" bulletin board
in nearby Easton, PA. I lived in the area at the time and current
news is uncannily similar to the one Morning Call reporter Carol
Cleaveland delivered for the paper's readership. The
same ingredients were in the mix, a micro-slice of the same content
bemoaned on the Internet: adult files, plenty of text "how-to's"
on how to make bombs, a regional lawman explaining about how hard it
was to nail people for computer crime and a plainly venal and envious,
rival sysop of another local _legitimate family-oriented_ system
acting as official tut-tutter and squealer, warning concerned readers
that he sure wouldn't want such a system in his backyard, corrupting
the innocent, contributing to the overthrow of the republic,
zzzzzzzzzz . . . .
Typically, there was not a shred of comment from the sysop whose system
was being profiled. Nothing ever came of the nonsense. The system
continued on-line for a couple of more years, no criminal charges were
filed, and the local businesses appeared not to go up in flames at the
hands of unknown hackers or bomb-throwing, masked anarchists. So, this
was news?
Now, fast forward to The New York Times on January 25 of 1994. In
an 'A' section article, reporter Ralph Blumenthal profiled "Phrakr
Trakr," a federal undercover man keeping our electronic streets safe
from cybernetic hoodlums too numerous to mention singly.
A quick read shows the reporter another investigator from the
mainstream who hadn't gotten anything from underground BBS's
first-hand, relying instead on the Phrakr Trakr's tales of unnameable
computer criminals trafficking in unspecified dread: "stolen information,
poison recipes and bomb-making instructions."
Blumenthal's continued fascination with text files for
"turning household chemicals into deadly poisons, [or] how to build an
'Assassin Box' to supposedly send a lethal surge through a telephone
line" was more of the same.
Most anyone from teenagers to the college educated on-line _still_
seems to recognize these files as malevolently written crap or bowdlerized,
error-filled reprints from engineering, biology and chemistry books.
In either case, hardly noteworthy unless you're one who can't tell the
difference between comic books and real news or has no idea of what's
available at the library or well-stocked bookstore.
On top of this continuum in late June was layered the gagging
pig-stink of hardcore obscenity furnished courtesy of Carnegie-Mellon
undergraduate Marty Rimm, his study on cyberporn and TIME magazine -
which grabbed the report as a special issue exclusive and retooled it into
a voyeuristic expose of damnation and decadence on the hot rails to Hell
of techno-America.
"I think there's no almost no question that we're seeing an
unprecedented availability and demand of material like sadomasochism,
bestiality, vaginal and rectal fisting, eroticized urinating . . ."
Rimm blurted in TIME magazine.
Know this: It's copy of this nature that many genero-journalists
kill for! Even the casual reader has to admit he might jump at the
chance to be _the first_ heroic scribe to ring the alarm bells on
creeping electronic filth! Get yourself on Nightline!
Rimm's study, in addition to not being peer-reviewed, wasn't easy to
procure, leading critics to immediately accuse him, TIME magazine and a
few select journalists of colluding with the author for maximum publicity
and impact. (A visit to Rimm's World Wide Web-page a day or so ago
showed while the student _had_ found himself the time to post media
reaction to his study and the controversy embroiling it, he hadn't
actually posted the paper, just the illusion of it.)
One fragment of Rimm's paper was a mother-lode of purple prose -
not detached science - but pure media-tempered gold-plated scandal.
"Men of considerable intelligence have paid homage to Sade, admiring
his unrivaled, demented imagination. Yet for all their efforts,
Sade and his disciples pushed pornography only as far as the printed
word allowed. Two centuries of technological innovations -- the
photograph, the digital image, the scanner, computer bulletin boards,
computer networks -- passed before Robert Thomas [a BBS sysop currently
serving time in an obscenity case] would present us with Amateur
Action BBS, a high-tech rendition of 'The 120 Days of Sodom.'
"The Marquis, it seems, has finally been topped."
So our advice is "Expect the worst!" - even more media-stoked smut frenzy -
because, quite frankly, there really is no way to effectively counter the
unholy union of peeper journalism and sensationalist _studies_ like
Marty Rimm's cyberporn circus.
THE COST OF EDUCATION: WISDOM LANGUISHES IN THE STREET - IGNORANCE
AND SHAME, COURTESY OF YOUR LOCAL TECHNICAL COLLEGE
Mr. Badger has been absent for some time, but not without due cause
and some benefit. While enrolled in a local technical college, he found
much of his computer knowledge woefully deficient. So he took a course
to bone up. The course in question was called "Management of Information
Resources." Mr. Badger found it to be an eye-opening expose of
commonly believed fallacies. In an effort to share this wealth of
knowledge, Crypt Newsletter is happy to present an instructional test
of your ability to cope with the information age. Everything you
know is wrong!
1. The difference between Intel's SX and DX cpu's is:
A. SXes have the internal math coprocessor disabled.
B. SXes have lower production standards.
C. SXes have to work harder, and therefore wear out
more easily.
D. Both B & C.
Answer: D. Yup, that's right. SXes just don't last.
Due to inferior production standards, they have
to compensate by "running harder" and burn out
more quickly.
2. Servers should be left running continually to:
A. Make timed backups easier and more convenient.
B. Avoid the hassle of extended boot-ups.
C. Avoid the stress placed on the computer during the
boot-up process.
Answer: C, of course. Weren't you paying attention
during question #1?
3. Windows NT is:
A. A true operating system.
B. The same old shit, repackaged to include DOS.
Answer: B. Not even a college professor
will fall for Microsoft's marketing
crap.
We could continue, but it would be as pointless and maddening as
the original course. It was telling that another student in the
class, on seeing a never ending series of commas run across the screen,
decided that a virus was downloading itself from America On-Line.
Upon running Central Point Anti-Virus, he found that his AUTOEXEC.BAT
and CONFIG.SYS files had been altered. So he deleted them. He then
wondered why his computer wouldn't boot up.
Needless to say, the original problem was a stuck comma key. The
changes in AUTOEXEC and CONFIG were due to recent installations that
altered both. While weeding through his system to retrieve the situation,
I found over _twelve_ old copies of both AUTOEXEC.BAT and CONFIG.SYS, the
result of many years worth of automated install programs that altered
and saved both files. It's a damn amazing sight to see a 386SX take
twenty minutes to boot, and a testimony to the uselessness of poorly
installed or thought out virus protection. In the end, users are the
ultimate evil against which computer viruses can be said to be merely
petty annoyances.
Which leads to a new marketing idea for Microsoft. Instead of Bob, the
hopelessly condescending Windows manager, just sell teddy bears. Make 'em
warm and fuzzy. Have them repeat meaningless assurances when
squeezed and giggle insanely when jostled. I swear, it would fit the
average Windows user perfectly. The average information systems
professor, too, come to think of it.
FURTHER RUMINATIONS ON THE MOTHER OF WHORES, THE GREAT BABYLON - NOW IN
LEAGUE WITH THE BEAST -or- ADAPT AND SURVIVE -- STILL MORE IGNORANCE AND
SHAME, COURTESY OF TIME MAGAZINE AND KAISER BILL
A sign of the imminent demise of western civilization was seen in
the June 5, 1995 TIME magazine. Turns out Bill Gates is the "Master of the
Universe," while the cover goes on to say that:
" . . . Bill Gates takes aim at banks, phone companies, even Hollywood.
He's in for the fight of his life . . ."
Nothing can save the travesty of Bill Gates on the cover, holding a
miniature lighting bolt. But Kaiser Bill will soon find out that
plum deals like the one from IBM that got Microsoft started, don't
come twice in life. For those who don't remember, IBM, in a drive to
develop its own brand of home based computer, used off the shelf
hardware. They also farmed out the operating system and didn't seem to
concerned about who had the rights to it. You have to give Gates
credit: He bought someone else's OS, made some slight modifications
and marketed it to the largest computer manufacturer in the world.
He's played a good cop/bad cop scenario of backward compatibility and
reputed software advances to the hilt. For all the talk of Bill Gates
as a software genius and the embodiment of technological expertise, the
real issue is that Microsoft climbed atop the market by using every bit of
leverage available. Now Microsoft is using deep pockets and continual
market research to pounce on new developments.
The good news: Microsoft will get eaten alive in new markets. You can
expand the marketing base of your original product, you can develop
ancillary products for the same market, and you can maximize your old
methods of distribution. When it comes to selling new products via
new marketing lines, your ass is just as vulnerable as the newest
start-up business with $500 in the bank.
Customers are already complaining about bloated software. Imagine
the headaches of using Windows to leverage on-line services,
interactive TV, banking services, electronic shopping, entertainment and
personal communications. For some of those the leverage
is weak, for others it's simply nonexistent. Given Microsoft's
propensity for never admitting failure, some mighty big chunks of
change could be sunk in losing ventures.
The really bad news: as long as hardware continues to develop at a
frenetic pace, Microsoft will continue to dominate operating systems.
There was a time when IBM and Apple could have banded
together, put out a new operating system, and cleaned house. We're
at the verge, however, of having hardware independent software.
Nobody will be in a better position to exploit it than Microsoft.
All of which leads me to a radical proposal for our country.
We have long passed the point where marketing has triumphed over
manufacturing! It doesn't matter how crappy your product is. Sell it
shrewdly and you become the richest man in the world! It's time to
succumb to the inevitable and adopt this strategy for all facets of
democracy.
Fro example, if the press is hampering the orderly process of a trial,
the Hell with it! Throw the bums out. Throw the lawyers out, too.
Each side picks a media consultant. [They already do. --Ed.]
Allow them to prepare a one minute commercial. Pick twelve people on
the street at random, have them watch the commercial, enter their vote
and be done with it! (We'll rewrite Miranda; now it will be called
"Simpsonizing": "You have the right to publicity. If you give up
that right, the state can make up anything it wants about you. You
have the right to a media consultant. If you cannot afford one,
the court will appoint one for you . . .")
We can do the same with Congress. Abolish the executive and
legislative branches. Have ten minutes of allotted commercials a
day! Votes are mailed in by anyone interested. Want to vote more
than once? Sure, go ahead! After all, everybody else can, too!
With the money saved by closing Congress, we could raffle off one
new car in every vote. (Your vote must be postmarked by
July 14. Previous winners not eligible. Send self-addressed, stamped
envelope for list of winners.)
CHILDREN OF DARKNESS, CHILDREN OF LIGHT -or- IGNORANCE AND SHAME
FURNISHED BY THE NATION & HUMAN NATURE / LIGHT IN THE DARKNESS
SUPPLIED BY HARPER'S
On other fronts, the June 5, 1995 copy of The Nation has an article
by Kirkpatrick Sale on "Lessons from the Luddites: Setting
Limits On Technology." Mr. Badger found this to be a terribly sad
article. There is little more depressing than seeing a
(supposed) historian ignore the lessons of history. Luddites
originally opposed - vocally and violently - the adoption of
mechanized looms in England during the early 1800's. Kirkpatrick
seeks to find corollaries between Luddites and "technophobes and
techno-resistors."
"Wherever the neo-Luddites may be found, they are attempting
to bear witness to the secret little truth that lies at the
the heart of the modern experience: Whatever its presumed
benefits, of speed or ease or power or wealth, industrial
technology comes at a price, and in the contemporary world that
price is ever rising and ever threatening . . . From a long study
of the Luddites, I have concluded that there is much in their
experience that can be important for the neo-Luddites today to
understand . . ."
Sale outlines seven lessons that can be learned from the Luddite
past, the first being "Technologies are never neutral, and some are
hurtful." As proof, he presents the actions of
"U.S. industrialism turned to agriculture after World War II . . . It
was a war on land . . . capable of depleting topsoil at the rate of
3 billion tons a year and water at the rate of 10 billion gallons a year.
It could be no other way: If a nation like this beats its swords into
plowshares, they will still be violent and deadly tools."
Mr. Badger is rarely of the "love it or leave it" mentality, but
this is tremendously bigoted view of American agriculture. If Sale
thinks this is a high-tech onslaught, he ought to go to India, southern
China, or the Sudan and check the local menus. Even at
abusive as petroleum derived fertilizers can be, we still have the most
productive farmland in the world. While Mr. Badger won't
use pesticides on his own land, he's still willing to put up the
number of American citizens killed by pesticides and fertilizer against
the numbers of starved and undernourished in a comparable-sized portion
of any Third World region.
Even worse, it ignores the long term lesson from the mechanization
of production: There were short-term hardships caused by the
loss of jobs, an elevated risk of danger to workers, but a long-term
benefit in terms of quality and longevity of life for
everybody. Elsewhere in the article, Kirkpatrick bemoans such things
as clearcutting and the killing of whales. If he would care
to look, he would see that the dangers from clearcutting, including
soil erosion, are highest in _unmechanized_ environments. Most
of the depletion of the Brazilian rainforest is coming from small
farmers who clearcut, plant, harvest, and move in one year. They
do this because they have no means of keeping the soil in production.
Similarly, whaling has been around for as long as man can
recall, but loses most of its economic benefits in a mechanized society.
Whale oil used to be crucial to people living in cold
weather environments, as was the meat and fat. In a modern
society, better, cheaper alternatives are available because of
mechanized, industrialized transportation.
Similar blending and confusion of themes is seen in the second lesson:
"Industrialism is always a cataclysmic process, destroying
the past, roiling the present, making the future uncertain." Bullshit!
HISTORY IS A CATACLYSMIC PROCESS TO BEGIN WITH. Don't
come whining to me about what happened to the traditional Ladakhi
society when the transistor radio was introduced. If you were a
historian at all you would have read the Bible and realized that any
encounters between cultures result in drastic changes in all
societies involved. Sales' view is:
"Whatever material benefits industrialism may introduce,
the familiar evils -- incoherent metropolises, spreading slums,
crime and prostitution, inflation, corruption, pollution, cancer
and heart disease, stress, anomie, alcoholism -- almost always
follow."
Gee, pre-industrial societies produce familiar evils, too: typhoid fever,
dysentery, diphtheria, sleeping sickness, Ebola, scurvy, goiter,
starvation. A check of primitive cultures will show that alcoholism,
tribal warfare/genocide, and summary killing of deformed babies isn't
unknown, either.
We might as well hold the Sioux guilty of supplanting the customs
and habits of the past. The Sioux were kicking other tribes off
of their traditional grounds long before the White Man got the Great
Plains and the Dakotas. But Sale would never do that, after
all, our third lesson is that "Only a people serving an apprenticeship
to nature can be trusted with machines." Oh, spare me. In
Irian Jaya there is a luscious fruit unknown to the western world.
It grows high in a smooth barked tree that's damn near impossible
to climb. Do you know how natives get the ripe fruit? They cut the
tree down.
Which leads to my summary dismissal of Sale and the remaining
four points.
Look. Folks is folks. Back when Assyrians where leading
Israelites away with fish hooks, they were also cutting down all
of the trees they could find. Reading through one of the oldest
records of human behavior, one finds kings cutting the legs off
living bulls, enemy farm land being salted, death, pestilence,
famine - every evil imaginable and even some you can't.
That Sale would say " . . . industrialism is inevitably and inherently
disregardful of the collective human fate and of the earth from which
it extracts all its wealth" shows such a deep bias that only life
in the Third World will cure it. When will we realize that
_we_ are the problem. It matters little if we come with stone axe
or chainsaw in tow, in either case it is man that brings destruction.
The Hindus have it wrong. We have no need of Kali. We _are_ Kali.
And now for something completely different I will explain why I will
not review the issue of smut on the Internet, congressional censorship,
or anything similar. The Internet sucks. The material being transmitted
on it is continually two steps ahead of the medium's ability
to carry it reasonably. Internet Relay Chat is a meeting place where
girls as large as heifers - or weird guys masquerading as girls - can chat
with pimply-faced geeks across the world, mostly on university time.
FTP is dumpster-diving with a blindfold on, mostly on university time.
The World Wide Web is Windows for the chronic user of Quaalude analogs,
mostly on university time. Newsgroups are self-therapy centers for
emotionally disabled lamers, mostly on university time. And Archie is
about as useful as tits on a boar.
Mr. Badger figures that the average home Internet connection costs
a user:
30 Megabytes - Windows based software.
15 Megabytes - Newsgroup Kill file.
45 Megabytes - Useless downloaded programs, not yet deleted.
20 Megabytes - Useless textfiles, not yet deleted.
05 Megabytes - Saved, but useless, e-mail.
10 Megabytes - Lists of addresses, all of which went down
yesterday.
And that's without the copyright-infringing porn. Internet, as such,
isn't worth saving from Congress. It isn't worth being
supported, even indirectly, by university funds. And if you're tired
of putting up with lamers from Delphi and America On-Line, just wait until
Windows 95 has access delivered to everyone else. Not me, though.
You'll find Mr. Badger at the local library. Reading a book.
[Editorial note: There are unconfirmed rumors of Mr. Badger running
amok at the offices of a local internet access provider in Columbia,
South Carolina. The provider in question failed to charge his Visa
account for over three months and then applied all charges in the
fourth month. When asked why, the provider explained that their modem
had been broken for three months. At this point, details are hazy and
witnesses won't talk. There is talk about firecrackers, tennis balls
and a worn-out copy of "The Turner Diaries." In any case, we feel
Mr. Badger's always tenuous impartiality and objectivity have been
compromised in this matter.]
Ahem.
To return to the world of print, I am happy to point out an article
in the June issue of Harper's magazine. "Out of Time: Reflections on
the Programming Life" was written by Ellen Ullman, a software engineer
from the San Francisco area. The article is an excerpt of
the chapter Ullman wrote for "Resisting the Virtual Life," a compilation
edited by James Brook and published by City Lights.
Here's a sample that will give you a good taste of Ullman's style:
"If you want money and prestige, you need to write code that only
machines or other programmers understand. Such code is 'low.'
It's best if you write microcode, a string of
zeroes and ones that only a processor reads. The next best
thing is assembler code, a list of instructions to the
processor, but readable if you know what you're doing. If you
can't write microcode or assembler, you might get away with
writing in the C and C++ language. C and C++ are really
sort of high, but they're considered 'low.' So you still
get to be called a 'software engineer.' In the grand
programmer-scheme of things, it's vastly better to be a
'software engineer' than a 'programmer.' The difference is
about thirty thousand dollars a year and a
potential fortune in stock.
"Frank became a sales-support engineer. Ironically, working in
sales and having a share in bonuses, he made more money. But
he got no more stock options. And in the eyes of other
engineers, Frank was as 'high' as one could get. When asked,
we said, 'Frank is now in sales.' This was equivalent to
saying he was dead."
There's much more, but it only aggravates me to take bits and pieces out of
the whole. Many of the stories have to be read in their entirety.
Along that line, I'll express disappointment with Harper's editing.
Cutting anything out of Ullman's original chapter was bad enough, but
deleting her use of roman numerals to split portions of the text had a
real impact on the tone of the writing. While I'll review the rest of
the book in the next Crypt Newsletter, I'll say now my only complaint
with Ullman's work is that it was too short. She should have written
an entire book. As brief as it is, it's the most poignant description
of software engineering and engineers I've seen.
PHYSIOLOGICAL EFFECTS OF THE VULCAN DEATH GRIP CONTINUED -or-
A BRIEF INFOMERCIAL FOR THE CHOATE MACHINE & TOOL COMPANY
In Crypt Newsletter 31 we _infotained_ you with the ongoing Mexican
horror-wrestling death struggle between virus writer Mark Ludwig and
anti-virus software developer David Stang. The battle is again joined
in the recent issue of Ludwig's _Underground Technology Review_, formerly
known as _Computer Virus Developments Quarterly_. At $3.95/issue, this
one was as fine an example of pathology as you'll find at the newsstand.
In an editorial entitled "The Anti-virus Community Is Populated
By Madmen," Ludwig refers to Norman Data Defense's David
Stang as "Dr. Antivirus" and a . . . well, you'll just have to buy
the issue for yourself since this is a _family_ publication.
Suffice it to say, the pejorative phrase does appear to raise the bar
in the savagery in namecalling sweepstakes. For Stang's case, Ludwig
repeats the US Norman Data CEO's labelling of him as akin to a "child
pornographer" for the April 16th issue of the Arizona Star. Fair is
fair, after all.
But this is already plowed ground to regular readers.
A better find is the magazine's cover feature focusing on what Ludwig
calls "Windows95 Insecurity." In it Ludwig quickly invokes author Andrew
Schulman's _Unauthorized Windows 95_ (IDG Books) with the statement
that it's elementary to crash Chairman Bill's entire operating system
by overwriting the first thousand bytes of memory in any DOS box.
The computer magazine Infoworld howled about the same problem for about
three weeks and then suddenly dropped the issue, presumably when Kaiser
Bill menacingly noticed the publication becoming a pest.
However, Schulman - and by extension Ludwig and UTG - nevertheless supply
a simple command to corrupt Windows 95 operation.
By firing up Microsoft's DEBUG.EXE program with the instruction
-f 0:0 FFFF 0
in any DOS box, Windows 95 promptly comes to a screeching halt,
crashing everything that may have been running as other tasks in the
system. Work on precious documents, potentially embarrassing
correspondence to alt.pantyhose, on-line sessions, DOOM II, numbers
crunching - gone, gone, all gone!
And if this isn't anti-social enough, UTG supplies the source code
to a Jerusalem virus variant and a handful of dime-sized utilities
designed for the user curious about what that wretched slug boss
is writing about him while logged in elsewhere on
the network. By infecting only the DOS EXE-executable programs with
the Jerusalem Win95 virus and firing up the adjunct utilities in a DOS
box, the virus is sent to work draining keyboard input from other
network sessions into a fink file for later snooping by taking
advantage of a rather gaping hole in integrity between network sessions.
However, the most interesting personal security observations are
reserved for reporter Mark Ridenour in the UTG treatise
"Blunt, Pointed, Edged & Other Weapons -- Assorted Items for
Self-Defense the Prepared Person May Wish to Acquire."
Written for those readers overfond of contemplating thrusting
the business end of a chrome steel truncheon into a
murderous - but preferably smaller - assailant, "Blunt, Pointed,
Edged . . ." was an article of which Soldier of Fortune, a militia
pamphlet, any fat-boy in woodlot cammies, or The Resister newsletter
could be proud.
The commando tool to have, writes Ridenour, is the Spetsnaz Spade,
"a terrible noiseless weapon" . . . "balanced for hand-to-hand
fighting as well as digging and chopping . . . [Use] it to strike telling
blows, either with the flat of the blade or one of the edges."
"However, it isn't always practical to carry a Spetsnaz Spade with
you," continues Ridenour, which would seem indisputable.
After finishing "Blunt, Pointed, Edged . . . " the Crypt Newsletter's
hot consumer tip is _not_ the fine variety of alley-sweeping shotguns
supplied by Mossberg but the Executive Ice Scraper manufactured by
the Choate Machine & Tool Company of Bald Knob, Arkansas. The
manufacturer includes a warning with it, reports Ridenour.
"Do not hit anyone with this ice scraper."
UTG reports an emergency room surgeon informed Ridenour it would take
twenty stitches to close the wound caused by one blow from the
Executive Ice Scraper.
BLEWED, SCREWED & TATOO'D: ENGLISH VIRUS WRITER STRUNG UP IN CROWN
COURT FOR MALICIOUS VIRUS SPREADING AND PANDERING
Finally, after months of delay and postponement, a 26 year old
unemployed computer programmer, Chris Pile, pleaded guilty on
May 26, to eleven charges related to computer virus writing.
Pile, known as the Black Baron, pleaded guilty to hacking into
business computers and planting the computer viruses known as
SMEG/Pathogen and SMEG/Queeg. The case followed an investigation by
fraud squad officers and experts from Scotland Yard. The eleven
charges stemmed from a period between October 1993 and April 1994
when the Black Baron obtained unauthorized access to computer programs
and seeded them with viruses he'd written. He also pleaded guilty to
one charge of inciting others to plant his viruses. Authorities stated
that tracing Pile's viruses and repairing damage caused by them
cost "well in excess of half a million pounds" with final charges
billed by the anti-virus industry heading toward 1 million. Pile was
released on bail and the trial adjourned for two months to allow the
defense to prepare a pre-sentencing report.
The May 27 edition of the London Times commented that Pile was warned he
faced jail. The prosecution's Brian Lett said the virus writer had
encouraged people who downloaded his instructions to create their own
viruses. Expert opinion was called to determine what harm the SMEG
viruses were continuing to cause with Lett testifying there could
be further monetary loss. Pile also confessed he had encouraged
others to spread computer viruses.
The virus author, a Devon man, wrote the SMEG viruses which quickly
gained the attention of anti-virus developers worldwide in mid-1994.
Due to publicity on the nets and in the computer underground, they were
rapidly distributed around the Internet at approximated the same time
Pile was arrested in connection with the charges on which he would
later be tried.
Sentencing will probably depend upon the incidence of the SMEG viruses
worldwide, or in countries where cases of infection can be determined
reliably, _and_ the interpretation of Pile's intent to inspire others to
write viruses employing his "SMEG" encryption kernel which was furnished
internationally to virus exchange underground bulletin board systems in
mid-1994. For example, anti-virus vendors in the U.S. contributing to
the Computer Anti-virus Research Organization-administered
WildList - a report of viruses in active circulation - have been questioned
in this matter. (The Computer Anti-virus Research Organization is a
professional/pan-professional trade group consisting predominantly of
software vendors.)
The incitement argument, however, is an arcane issue which calls for
the examination and tracking of a computer archive containing a detailed
technical "how-to" on installing Pile's "SMEG" virus encryption kernel
into new viruses, the encryption software and a sample demonstration virus.
Interestingly, Pile's SMEG archive is not unique. In fact, it hews closely
to a style, or _anti-style_ for the whimsical, created by the Bulgarian
virus writer known as the Dark Avenger who was the first to "formalize"
the distribution of virus encryption kernels packaged in "how-to"
archives mailed throughout the computer underground. The Dark
Avenger's "benchmark" in computer virus development was known as the
Mutation Engine.
These types of "how-to" archives always adhere to rigid orthodoxy
within the virus writing underground. To depart from the orthodoxy
is viewed as heresy at worst, bad form at best. Each encryption
kernel must always contain:
1. The encryption kernel - with a suitably scary name derived from
an acronym.
2. A meaningless or silly software version number, sometimes used
as a barometer of bug content.
3. A text file containing instructions, preferably incomplete, on
the use of the encryption kernel in computer viruses.
4. An extremely simple demonstration computer virus and its source
code designed with the purpose of illustrating how the encryption
kernel is added to other computer viruses.
In 1995, they are common on systems interested in material of this
nature.
In 1993, another English virus writer, Stephen Kapp, was arrested
in connection with telephone fraud charges. Kapp was known as the
"President of ARCV," or ARCV virus writing group which stood for
Association of Really Cruel Viruses.
It is worth noting that in 1992 at the height of the Michelangelo
virus scare, few virus writers were easily identified. This is no
longer the case. Due to the growth in computer networks and an
increasing desire for underground network celebrity, many of the most
prominent virus writers in the world work in plain sight.
CITIZEN MITNICK COMMITS TO EIGHT MONTH TOUR OF BIGHOUSE
Kevin Mitnick has plea-bargained his infamous early-1995
cross-country hacking and media jaunt into a sentence that will commit
him to about eight months in prison, according to John Yzurdiaga, his
attorney. The legendary hacker will plead guilty to possessing stolen
cellular phone numbers, one of twenty three federal charges - all
concerning cellular phone fraud - against him. The remaining charges will
be dropped.
However, according to the Los Angeles Times, federal prosecutors
in North Carolina where Mitnick was bagged in January, maintain
the hacker will probably face additional charges. In California, these
charges could be built upon probation violations accumulated by
Mitnick when he deserted a state-mandated counseling program for
his "computer addiction" and disappeared during a 1992 FBI probe against
him while employed at a private investigating firm in Calabasas. Although
no other charges _have_ been filed, federal authorities claim additional
ones could also be mounted from Seattle where Mitnick fled while on the
run from continued government investigation.
LOOSE LIPS SINK SHIPS: QUANTUM TEAMS UP WITH SYMANTEC IN INTRIGUING
MARKETING OF THE NORTON ANTI-VIRUS
At the end of 1992, Western Digital's Charles Haggerty proudly
announced "Without some form of generic virus detection methodology, the
industry cannot hope to keep up with the growing epidemic of
more than 1000 known virus strains, much less the dozens of
unidentified and mutated strains that are introduced into the
community each month." It was corporate newspeak aimed at heralding
the rollout of a Western Digital effort to eliminate the computer virus
problem through a combination of company hardware and software designed
to protect IDE-type hard disks.
Great talk! But by 1993, Digital's hard disk controllers packed with
proprietary logic to combat computer viruses was forgotten
rubbish.
Now, hard disk manufacturer Quantum and Norton Anti-virus are teaming
up on a similarly elephantine strategy called AVID for Anti-Virus
Inoculated Drive, according to unenthusiastic Quantum employees. AVID
is proposed as a hardware solution similar to crippleware which
mandates the purchase of the Norton Anti-virus for computer virus
disinfection and the quieting of annoying warning messages
supplied by the Quantum AVID-equipped hard disk.
It's supposed to work like this:
Using fierce industry-grade jargon, Quantum manufactured AVID hard
disks will maintain what the company refers to as
an "RBS," for reserve boot sector, on an area of the disk not directly
accessible by the user. The RBS is a mirror, or backup, of the "ABS" - or
active boot sector - the system area PC's use to initiate the loading of
the machine's operating system and the sector targeted by
common partition sector infecting viruses like Stoned or Michelangelo
among others.
On start, the Quantum AVID disk compares the ABS to the RBS and if they
match, the machine boots from the hard disk. If there is a mismatch,
the AVID disk hardware compares the changed ABS to - and here's another
nice shred of techno-confuso-speak - the "FSL" - or Friendly Signature
Library - which contains identification for multiple flavors of
MS-DOS, PC-DOS, DR-DOS, Windows 95, Windows NT, OS/2, SCO Unix and
Unixware boot sectors. It also compares the ABS to the "VSL," or Virus
Signature Library of viruses known by Quantum and Symantec to infect
the hard disk.
If a match is found with AVID's virus signature library, the user
is given the message to "use the AVID Cure feature of the Norton
Anti-virus" which will simply copy the AVID-stored RBS back to the
infected partition, eliminating the virus. The industry standard
is for anti-virus software solutions to perform this type of
disinfection _without_ hardware dependence and with the caveat that a
stealth virus infecting a partition - or AVID's ABS - can only be
reliably removed by starting the machine cleanly from a virus free
diskette. This is a condition normally prompted by the detection of
the virus in memory. While the Quantum/Symantec
effort superficially appears to be an alternative to the virus free
system diskette it _won't_ copy the reserve partition, even if it is
clean, back to a contaminated partition. Quite cleverly however, it
does contain the option to do just the opposite - copy a new partition
infecting virus - or part of it - to its reserve partition sector if
the user becomes frustrated or confused by the AVID error messages and
interference with the boot process and chooses to "update the ABS."
This approach also guarantees AVID hard disks will generate
_interesting_ problems for users if new viruses which relocate and
encrypt the original partition - the AVID "ABS" - (a
not unrealistic assumption) and one sector of the virus is inadvertently
updated into the "RBS" and the disk partition (ABS) is subsequently
fiddled with by the user or infected by _another_ different computer virus.
It is possible to entertain oneself for hours with worst case scenarios
in which, while prompted by the AVID firmware, the user assists in the
corruption of his own hard disk.
Intentionally or not, the design also compels the consumer - corporate,
academic or private home - to either purchase the Norton Anti-virus to
perform a task not enabled in the AVID-hard disk firmware (and which,
incidentally, can be currently purchased in much cheaper anti-virus
software), put up with error messages if trouble occurs, or learn
enough about the system area of the hard disk and how viruses infect
it to enable a work around for the AVID disk.
The Quantum/Symantec AVID plan is superficially similar to a
"hardware/software" solution offered by Digital Enterprises in _1992_.
Digital Enterprises marketed a V-Card which held a mirror of the
partition and system areas which could be used to boot the machine
around a virus-infected partition, similar to the AVID plan. Bundled
with the card was virus removal software developed by Netz Computing
of Israel, which is known for the Invircible anti-virus software
package in 1995. Another example was Trend Micro Devices' PC-cillin
Immunizer chip which stored a backup of the partition sector which
could be copied back to the disk if it was altered by a virus.
The discerning consumer will also recall that Peter Norton once claimed
computer viruses were an "urban legend."
A BRIEF TALE ON THE NATURE OF OBSESSION: BULGARIAN VIRUS RESEARCHER
TILTS AT ALLEGED AMERICAN FOES
"From Hell's heart I stab at thee . . . "
-- Ahab in "Moby Dick"
In late June, Vesselin Bontchev, a computer virus research
associate at the University of Hamburg in Germany, accused Computer
underground Digest (CuD) and the Internet site EFF.ORG of distributing
computer viruses. In threatening electronic letters to CuD archivist
Stanton McClandish and CuD editor Jim Thomas, Bontchev stated that users
of EFF.ORG would no longer be allowed ftp access to Bontchev's
anti-virus software archive at INFORMATIK.UNI-HAMBURG.DE.
CuD maintains a computer underground archive on ftp accessible disk
space at EFF.ORG. The archive contains publications and text files
of interest to scholars, students and average citizens interested in
the sociology and technology of the evolving culture
within the computer underground and has been built and maintained by CuD
since 1990. The virus-writing magazine 40Hex is
also part of the CuD archive and it drew the fire of Bontchev who
is determined to render illegal the existence of computer virus source
code and related material on the Internet.
In what has become a trademark style, Bontchev railed at the CuD editor
in lengthy electronic correspondence:
". . . I will do everything which is within my power (and the limits of
the law, of course) to stop you from [enabling access to 40Hex], and
to communicate to you, your users, and the whole world, that you are
doing a Bad Thing. So far I have found that severing ftp access from the
virus distribution sites is one such - rather effective - way to
communicate this message of mine to those sites. If I find a better one,
I'll use it against [you] too."
"We neither maintain nor distribute viruses on the CuD archives, and
your continued claims to the contrary are becoming offensive," replied
Thomas to the maddened Bulgarian. "Virus source code and instructions are
no more viruses than are instructions for making a zip gun a weapon. Your
continued insistence that virus advocacy and source code [contained in
40Hex] constitutes a 'virus' . . . in describing what the [CuD] archives
contain and what [is] made available is either a gross confusion of terms
or an intentional misrepresentation.
". . . I grow weary of repeating that I do not condone any sort of
destructive, anti-social, or predatory behavior. I do not approve
of the files that you describe, but neither do I approve of suppression
of information. I consider the files you mention (that I have read) on a
par with so-called 'anarchy files.' While they are not in good taste, and
while I find them offensive, they nonetheless reflect a part of computer
culture to which access should be available. One of the best ways to fight
anti-social behavior is through education, not through suppression of
information. On this, we have a profound and obviously irreconcilable
difference of perspective."
The Bulgarian virus researcher also offered to stop harassing CuD with
the ftp ban if Thomas edited the virus source code and related material
from the 40Hex issues on-line. This was an _interesting_ diversion
since Bontchev, and almost everyone else familiar with computer viruses,
is aware that erasing this material from 40Hex literally leaves
little left but the title page of the electronic magazine.
"You are in no position to offer a 'compromise' in matters of free
speech," Thomas replied brusquely. "When the courts rule our material
unprotected, or if there are demonstrable dangers that occur
because of our holdings, we will then act to limit access."
In his replies to the Bulgarian, Thomas stated infecting computers with
viruses was already illegal at both state and federal levels in the U.S.
That the Bulgarian wanted to make viruses illegal illustrated his true
goal, the imposition of a personal view of what constitutes ethical
behavior and illegality onto others. Thomas indicated that he was also
annoyed by the personal attacks and threats contained within Bontchev's
correspondence.
FTP site access bans aren't new to some of the older boys in the
professional/pan-professional Computer Antivirus Research Organization
(CARO), of which Vesselin Bontchev is a founding member. Presently,
users of the giant Internet provider Netcom are banned from
INFORMATIK.UNI-HAMBURG.DE for, according to Bontchev, also promoting the
distribution of computer viruses.
Attempted log-ons from Netcom are presented with the disclaimer:
"We have decided to restrict ftp access from your site because your
Internet provider has the policy of allowing its users to distribute
computer viruses from their accounts.
"We are convinced that there is no good to come from computer viruses.
Over and over again, we've seen users traumatised by damage, distrust
and distress, even after a minor virus hit. Viruses, we believe, are
quite simply a Bad Thing. Unfortunately, your Internet providers don't
seem to share this view. As far as we can see, they are content to allow
their hosts to be used for the dissemination of viruses without any
apparent control or concern.
"Since this system is dedicated to helping you *control* the spread of
viruses, we feel it is inappropriate to allow incoming FTP sessions from
the host you are on. Therefore, we are refusing this connection.
"However, if you agree with us, and would like to see increasing levels of
responsibility against viruses, why not contact your administrators and
ask them to review your site's policy towards the dissemination of viruses?
As soon as their policy is changed, access to our site will be re-enabled."
The user is then logged off.
Other sites which have been the target of CARO shelling over
the past months have been Kaiwan - an access provider in Southern
California, aql.gatech.edu or any other provider, temporary or in
long-standing, which allows access to computer virus source code,
computer viruses or underground magazines, such as 40Hex, which
publish computer viruses and information on them.
A few weeks ago Fridrik Skulason, the author of the anti-virus
software program F-PROT, was dragged into the same issue in the
Australian virus-writing magazine, VLAD.
Skulason, according to a VLAD article entitled "F-PROT Troubles,"
was refusing access to F-PROT servers from Kaiwan.
The point of objection was a series of archives called the Virus
Collectors [sic] Kit which was being made available for ftp by a
Kaiwan user. The "Kit" contained anti-virus programs, assemblers,
disassemblers, virus writing magazines and computer viruses.
The availability of the archives was publicized in the Usenet newsgroup
alt.comp.virus which is frequently used as a forum for the publication
of live viruses and virus source code. Group posts
run the gamut from the worried, clueless or puzzled asking for
anti-virus software recommendation to would-be cyberfiends calling for
assistance in plaguing an enemy, their school, or some hapless target
with computer viruses. Its signal-to-noise level, however, is
vanishingly small.
It is worth mentioning that commented virus disassemblies done by
Vesselin Bontchev years ago are also part of the continuum of data
present within the virus distribution points which provoke these bans.
While these now comprise only a small portion of the virus material
available on the Internet they remain an extremely contentious sore point
and source of embarrassment to CARO members like Vesselin Bontchev.
Ironically, through 1994 Fernando Bonsembiante, an Argentine virus expert
affiliated with the CARO-administered WildList, was a South American
agent for CARO nemesis Mark Ludwig. Ludwig has been the continued butt of
CARO boycotts, protests and harassment for the publication and sale of
computer viruses and related material. The WildList is a report devoted
to tabulating common computer virus infection worldwide.
Like most stories in computer virus-land, this one still more loose
ends. As the Crypt Newsletter went to publication an anonymous voyeur
on the Usenet newsgroup alt.comp.virus lamented the unpredictable nature
of much publicized viruses-by-ftp on the Internet:
". . . aql crashed, kaiwan inactive for months, filbert's dos files [on
Netcom] moved to an apparently inaccessible server, doc hobbs reorganizing
and referring folks to aql instead, quarantine closed off, sbringer bowing
out, craigb site closing down . . . unpleasant pattern manifesting
here . . ."
CRYPT ON COMPUSERVE
Those readers with accounts on Compuserve can now take part in the
dedicated Crypt Newsletter message base and attached file library in
the National Computer Security Association special interest group.
GO NCSAFORUM and look for message base #20, Crypt Newsletter.
Current issues are on-line in the attached file library.
CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE
[Note: For those interested in subscribing to Crypt
Newsletter, r-e-a-d s-l-o-w-l-y, THERE ARE NO SUBSCRIPTIONS. None.
Not one. Not listserved. Not e-mailed. Nope.]
You can now visit Crypt & The Virus Creation Labs on the
World Wide Web, view pics of the author and his book,
download back issues and sample a chapter from VCL!
Set your graphical browser (Mosaic, Netscape, etc.) to:
URL: http://www.soci.niu.edu:80/~crypt
--------------------------------------------------------------
If you quite enjoy the Crypt Newsletter, editor George Smith's book,
"The Virus Creation Labs: A Journey Into the Underground," will really
flip your wig. In it Smith unravels the intrigue behind
virus writers and their scourges, the anti-virus software
developers and security consultants on the information highway.
What readers are saying about THE VIRUS CREATION LABS:
"There are relatively few books on the 'computer underground' that
provide richly descriptive commentary and analysis of personalities
and culture that simultaneously grab the reader with entertaining
prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,' Katie
Hafner and John Markoff's 'Cyberpunk,' and Bruce Sterling's 'The
Hacker Crackdown.' Add George Smith's 'The Virus Creation Labs' to
the list . . . 'Virus Creation Labs' is about viruses as
M*A*S*H is about war!"
---Jim Thomas, Computer underground
Digest 7.18, March 5, 1995
"THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo
media blitz and moves on to become an engaging, articulate,
wildly angry diatribe on the world of computer virus writers . . .
Expert reporting."
----McClatchy NewsWire
-------------------------order form-------------------------
Yes, I want my wig flipped and wish to receive a copy of George
Smith's "The Virus Creation Labs: A Journey Into the Underground"
(American Eagle, ISBN 0-929408-09-8).
Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas)
NAME: _____________________________________________
ADDRESS: __________________________________________
CITY/STATE/ZIP: __________________________________
Payment method:
___ Master Charge
___ Money Order
___ Check
___ Visa
Credit Card # ___________________________________________
Expiration date _________________________________________
Name: ____________________________
Orders can be taken by voice or fax through regular phone
number and/or 1-800 number in USA. COD welcome.
American Eagle: 1-800-719-4957
1-602-367-1621
POB 41404
Tucson, AZ 85717
----------------------------------------------------
George Smith, Ph.D., edits the Crypt Newsletter when he feels like it
and is the author of "The Virus Creation Labs: A Journey Into the
Underground." Media critic Andy Lopez lives in Columbia, SC.
copyright 1995 Crypt Newsletter. All rights reserved.
|
|
