Computer underground Digest Wed Jan 19 1994

 Computer underground Digest    Wed  Jan 19 1994   Volume 6 : Issue 08

                           ISSN  1004-042X


       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)

       Archivist: Brendan Kehoe (Improving each day)

       Acting Archivist: Stanton McCandlish

       Shadow-Archivists: Dan Carosone / Paul Southworth

                          Ralph Sims / Jyrki Kuoppala

                          Ian Dickinson

       Copy Edselator:    H. E. Ford


CONTENTS, #6.08 (Jan 19 1994)

File: 1--Proposed Computer-related Sentencing Guidelines/Hearings

File: 2--Re: Cu Digest, #6.07: CPSR lives down from my expectations (#1)

File: 3--Re: Cu Digest, #6.07: CPSR lives down from my expectations (#2)

File: 4--"Terminal Compromise" by W. Schwartau (Book Review)

File: 5--Pit Stops Along The Info Turnpike

File: 6--FBI Pushes for Enhanced Wiretap Capabilities


Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are

available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The

editors may be contacted by voice (815-753-0303), fax (815-753-6302)

or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL

60115.


Issues of CuD can also be found in the Usenet comp.society.cu-digest

news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of

LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT

libraries and in the VIRUS/SECURITY library; from America Online in

the PC Telecom forum under "computing newsletters;"

On Delphi in the General Discussion database of the Internet SIG;

on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG

WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020

CuD is also available via Fidonet File Request from 1:11/70; unlisted

nodes and points welcome.

EUROPE:   from the ComNet in LUXEMBOURG BBS (++352) 466893;

          In ITALY: Bits against the Empire BBS: +39-461-980493


ANONYMOUS FTP SITES:

  AUSTRALIA:      ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.

  EUROPE:         ftp.funet.fi in pub/doc/cud. (Finland)

  UNITED STATES:

                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud

                  etext.archive.umich.edu (141.211.164.18)  in /pub/CuD/cud

                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD

                  halcyon.com( 202.135.191.2) in mirror2/cud

                  ftp.warwick.ac.uk in pub/cud (United Kingdom)

  KOREA:          ftp: cair.kaist.ac.kr in /doc/eff/cud


COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing

information among computerists and to the presentation and debate of

diverse views.  CuD material may  be reprinted for non-profit as long

as the source is cited. Authors hold a presumptive copyright, and

they should be contacted for reprint permission.  It is assumed that

non-personal mail to the moderators may be reprinted unless otherwise

specified.  Readers are encouraged to submit reasoned articles

relating to computer culture and communication.  Articles are

preferred to short responses.  Please avoid quoting previous posts

unless absolutely necessary.


DISCLAIMER: The views represented herein do not necessarily represent

            the views of the moderators. Digest contributors assume all

            responsibility for ensuring that articles submitted do not

            violate copyright protections.


----------------------------------------------------------------------


Date: Wed, 19 Jan 94 15:19:21 PST

From: CuD Moderators <cudigest@mindvox.phantom.com>

Subject: File 1--Proposed Computer-related Sentencing Guidelines/Hearings


((MODERATORS' NOTE: CuD 6.05 reported EFF's contributions to the

proposed sentencing guidelines amending penalties for computer

infractions. Below is the notice of public hearings and the text of

the proposed computer-related modifications.  The entire text can be

obtained from the EFF archives ftp.eff.org in the

pub/EFF/Issues/Legal/sentencing.amendment directory)).


                                FEDERAL REGISTER

                                 VOL. 58, No. 243


                                    Notices


                      UNITED STATES SENTENCING COMMISSION


                 Sentencing Guidelines for United States Courts


                                     Part V


                                 58 Fed. Reg. 67522


DATE: Tuesday, December 21, 1993


ACTION: Notice of proposed amendments to sentencing guidelines, policy

statements, and commentary; request for public comment. Notice of hearing.


SUMMARY: The Commission is considering promulgating certain amendments to

the sentencing guidelines, policy statements, and commentary. The proposed

amendments and a synopsis of issues to be addressed are set forth below.

The Commission may report amendments to the Congress on or before May 1,

1994. Comment is sought on all proposals, alternative proposals, and any

other aspect of the sentencing guidelines, policy statements, and

commentary.


DATES:  The Commission has scheduled a public hearing on these proposed

amendments for March 24, 1994, at 9:30 a.m. at the Education Center

(concourse level), South Lobby, Thurgood Marshall Federal Judiciary

Building, One Columbus Circle, NE., Washington, DC 20002-8002.


   Anyone wishing to testify at this public hearing should notify Michael

Courlander, Public Information Specialist, at (202) 273-4590 by March 10,

1994.


   Public comment, including written testimony for the hearing, should be

received by the Commission no later than March 18, 1994, to be considered

by the Commission in the promulgation of amendments due to the Congress by

May 1, 1994.


ADDRESSES:  Public comment should be sent to:  United States Sentencing

Commission, One Columbus Circle, NE, Suite 2-500, South Lobby, Washington,

DC 20002-8002, Attention:  Public Information.


FOR FURTHER INFORMATION CONTACT:  Michael Courlander, Public Information

Specialist, Telephone: (202) 273-4590.


SUPPLEMENTARY INFORMATION:  The United States Sentencing Commission is an

independent agency in the judicial branch of the United States Government.

The Commission is empowered under 28 U.S.C. 994(a) to promulgate sentencing

guidelines and policy statements for federal sentencing courts. The statute

further directs the Commission to review and revise periodically guidelines

previously promulgated and authorizes it to submit guideline amendments to

the Congress no later than the first day of May each year. See 28 U.S.C.

994(o), (p).


   Ordinarily, the Administrative Procedure Act rule-making requirements

are inapplicable to judicial agencies; however, 28 U.S.C. 994(x) makes the

Administrative Procedure Act rulemaking provisions of 5 U.S.C. 553

applicable to the promulgation of sentencing guidelines by the Commission.


   The proposed amendments are presented in one of three formats. First,

the majority of the amendments are proposed as specific revisions of a

guideline, policy statement, or commentary. Second, for some amendments,

the Commission has published alternative methods of addressing an issue,

shown in brackets. Commentators are encouraged to state their preference

among listed alternatives or to suggest a new alternative. Third, the

Commission has highlighted certain issues for comment and invites

suggestions for specific amendment language.


   Section 1B1.10 of the United States Sentencing Commission Guidelines

Manual sets forth the Commission's policy statement regarding retroactivity

of amended guideline ranges. Comment is requested as to whether any of the

proposed amendments should be made retroactive under this policy statement.


   Although the amendments below are specifically proposed for public

comment and possible submission to the Congress by May 1, 1994, the

Commission emphasizes that it welcomes comment on any aspect of the

sentencing guidelines, policy statements, and commentary, whether or not

the subject of a proposed amendment.


   The amendments below are derived from a variety of sources, including:

monitoring and hotline data, case law review, and the recommendations of

the Judicial Conference of the United States, Department of Justice,

Federal and Community Defenders, Practitioners' Advisory Group, Probation

Officers' Advisory Group, American Bar Association Sentencing Guidelines

Committee, Families Against Mandatory Minimums, individual judges,

probation officers, attorneys, and others. Publication of a proposed

amendment or issue for comment reflects only the Commission's determination

that the amendment or issue is worthy of public comment.


   As a resource when considering the proposed amendments, working group

reports prepared by Commission staff are available for inspection at

Commission offices or off-site duplication. The reports contain empirical

and legal sentencing research focusing on (1) money laundering offenses;

(2) computer-related offenses; (3) public corruption offenses; and (4)

controlled substance offenses/role in the offense. Contact the Commission's

public information specialist at (202) 273-4590 for details.


   Authority: 28 U.S.C. Section 994(a), (o), (p), (x).


William W. Wilkins, Jr.,


Chairman.


Computer-Related Offenses


Chapter Two, Parts B (Offenses Involving Property) and F (Offenses

Involving Fraud or Deceit)


   1. Synopsis of Proposed Amendment: This amendment adds Commentary to

SectionSection 2B1.1 (Larceny, Embezzlement, and Other Forms of Theft;

Receiving, Transporting, Transferring, Transmitting, or Possessing Stolen

Property), 2B1.3 (Property Damage or Destruction), and 2F1.1 (Fraud and

Deceit; Forgery; Offenses Involving Altered or Counterfeit Instruments

Other than Counterfeit Bearer Obligations of the United States) to address

harms that may be significant in computer-related cases but not adequately

accounted for by the loss table. In addition, this amendment revises

Appendix A (Statutory Index) for violations of 18 U.S.C. 1030 to reference

the offense guidelines that most appropriately address the underlying

harms.


   Proposed Amendment:  The Commentary to Section 2B1.1 captioned

"Application Notes" is amended by inserting the following additional note:]


   "15. In cases in which the loss determined under subsection (b)(1) does

not fully capture the harmfulness and seriousness of the conduct, an upward

departure may be warranted. For example, an upward departure may be

warranted if the offense involved a substantial invasion of a privacy

interest. Although every violation of 18 U.S.C. Section 1030(a)(2)

(intentional, unauthorized access of financial or credit card information)

constitutes an invasion of a privacy interest, the Commission does not

consider each such invasion to be a substantial invasion of a privacy

interest. When the primary purpose of the offense was pecuniary, a sentence

within the applicable guideline range ordinarily will be sufficient. By

contrast, an upward departure may be warranted if the financial records of

a particular individual were accessed for a non-pecuniary motive.".


   The Commentary to Section 2B1.3 captioned "Application Notes" is amended

in Note 4 by inserting "or interference with a telecommunications network"

immediately before "may cause".


   The Commentary to Section 2B1.3 captioned "Application Notes" is amended

by inserting the following additional note:   [*67523]


   "5. In a case in which a computer data file was altered or destroyed,

loss can be measured by the cost to restore the file. If a defendant

intentionally or recklessly altered or destroyed a computer data file and,

due to a fortuitous circumstance, the cost to restore the file was

substantially lower than the defendant could reasonably have expected, an

upward departure may be warranted. For example, if the defendant

intentionally or recklessly damaged a valuable data base, the restoration

of which would have been very costly but for the fortuitous circumstance

that, unknown to the defendant, an annual back-up of the data base had

recently been completed thus making restoration relatively inexpensive, an

upward departure may be warranted.".


   The Commentary to Section 2F1.1 captioned "Application Notes" is amended

in Note 10 by deleting the period at the end of subdivision (f) and

inserting in lieu thereof a semicolon; and by inserting the following

additional subdivisions:


   "(g) the offense involved a substantial invasion of a privacy interest;


   (h) the offense involved a conscious or reckless risk of harm to a

person's health or safety.".


   Appendix A (Statutory Index) is amended in the line beginning "18 U.S.C.

1030(a)(2)" by deleting "2F1.1" and inserting in lieu thereof "2B1.1"; in

the line beginning "18 U.S.C. 1030(a)(3)" by deleting "2F1.1" and inserting

in lieu thereof "2B2.3"; and in the line beginning "18 U.S.C. Section

1030(a)(5)" by deleting "2F1.1" and inserting in lieu thereof "2B1.3".


------------------------------


Date: Mon, 17 Jan 94 15:21:28 -0800

From: erikn@GOLDFISH.MITRON.TEK.COM(Erik Nilsson)

Subject: File 2--Re: CuD, #6.07: CPSR lives down from my expectations (#1)


I would like to respond to Bryce Eustace Wilcox's article in CUD

#6.07, entitled "CPSR lives down from my expectations."


Wilcox sez CPSR is:


> a radical socialist/welfare-state lobby with a thinly veiled and

> very active political agenda.


Strong words, Bryce.  As a CPSR member, I do not find that these words

fit CPSR.  CPSR isn't a socialist/welfare-state lobby, and there is

_nothing_ veiled about our agenda.  However, I won't microanalize your

charges against CPSR, but rather fulfill your stated request: more

information on what CPSR is and what CPSR stands for.


The first thing to know about CPSR is that we discuss alot.  CPSR is

primarily composed of highly motivated and in many cases highly

opinionated individuals, one of whom is Jim Davis and another of whom

is me.  Periodically, CPSR will be wracked by discussion on what

CPSR's prioities should be.  This is healthy and generally works out

pretty well, and means that even one CPSR member, if they make a well

reasoned argument, can ultimately sway the course of the entire

organization.


This has happened several times: when CPSR broadened its focus from

computerized weapons systems to civil liberties and more computer use

issues, and again when a small group in Seattle got CPSR directly

involved in organizing and developing community networks, bringing the

on-line world to the neighborhood.


> CPSR is not simply a cyberspace civil rights lobby


Damn strait.  CPSR has other areas of concern, but our work on civil

liberties for the on-line community has been very effective.  More to

the point, CPSR is not primarily a lobby organization at all, but an

educational organization.  To that end, we present all kinds of

viewpoints in our newsletters, public forums, and so on.  These are

the views of our members or others, which, just like any college class

or company department, cover a thankfully broad chunk of the political

spectrum.


We also file FOIA suits against government agencies who won't tell

Americans things that by law they must tell us.  I don't imagine that

makes CPSR very popular with the NSA, the National Security Council,

or the FBI, but I'm not sure that bothers me very much.


I'm not a board member, so I can't speak with authority on CPSR's

position on cyberspace, but my understanding of CPSR's position is as

follows:


If we look at how telephones have worked out, there have been positive

and negative points.  One positive point is that almost everybody has

one, and in fact has access to one pretty much whenever they need one.

Another good point is that, in theory, your telephone call is private.

Not only does no one else (who doesn't have a warrant) have the right

to listen to your call, they don't have a right to even know the call

existed.


One bad point is that each phone is hooked up to one LEC, and if the

LEC is a goof (or, worse, you're using a COCOT, which all seem to be

run by goofs), then you will have shitty service, and may not even be

able to do what you wanted to do with the telephone.


Furthermore, "regulated" monopolies have pretty much guaranteed that

LECs will be goofy.


The current NII slamdance may take care of the monopoly part, although

it bears watching, remember the COCOTS.  It would be a pity, however,

if in finally untangling ourselves from Ma Bell's local loop apron

strings, we somehow lose universal service.  What good is all this

whizzy new bandwidth, if you can't afford it, or even if you win the

lottery, your friends can't afford it, so you can't visit them in

cyberspace?


Equally troubling, the FBI is now publicly and agressively demanding

that the entire telecommunications infrastructure be modified, at

untold expense, for automated wiretaps of _everything_ for voice and

data.  In a sense the FBI proposes to bug every car on the information

highway, causing nothing but grief.  Really, the proposed "new rules"

are ludicrously broad.  BBSs would appear to be covered, as are

private networks.  Running a little Appletalk net at home for

printing?  Better order that FBI-use-only dial-in line damn snappy,

unless you want an in-depth field-trip through the criminal justice

system.


The FBI's actions combined with continuing BBS raids point out the

extreme lack of regard in some quarters for civil liberties in

cyberspace.  Naturally, CPSR takes exception to these developments.


CPSR's research and testimony was instrumental in keeping the FBI from

creating a "suspect" database in the NCIC (a database of "suspicious"

people who had never been charged with a crime), so we're comfortable

tangling with the G-Men, and well-positioned to resist these

disturbing developments.


Here are some official words on CPSR:


------------------------------------------------------------------------



************************************************************************

         COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY

************************************************************************


The mission of CPSR is to provide the public and policymakers

with realistic assessments of the power, promise, and problems of

information technology.  As concerned citizens, CPSR members

work to direct public attention to critical choices concerning the

applications of information technology and how those choices affect

society.


Founded in 1981 by a group of computer scientists concerned about

the use of computers in nuclear weapons systems, CPSR has grown

into a national public-interest alliance of information technology

professionals and other people.  Currently, CPSR has 22 chapters in

the U.S. and affiliations with similar groups worldwide.  In addition

to our National Office in Palo Alto, California, we maintain an office in

Washington, D.C.


Every project we undertake is based on five principles:


o  We foster and support public discussion of, and meaningful

   involvement in, decisions critical to society.


o  We work to correct misinformation while providing

   understandable and factual analyses about the impact of societal

   technology.


o  We challenge the assumption that technology alone can solve

   political and social problems.


o   We critically examine social and technical issues within the

    computer profession, both nationally and internationally.


o  We encourage the use of information technology to improve

   the quality of life.


************************************************************************

                         CPSR PROJECTS

************************************************************************


By sponsoring both national and local projects, CPSR serves as a

catalyst for in-depth discussion and effective action in key areas:


   o  The National Information Infrastructure

   o  Civil Liberties and Privacy

   o  Computers in the Workplace

   o  Technology Policy and Human Needs

   o  Reliability and Risk of Computer-Based Systems


In addition, CPSR's chapter-based projects and national working

groups tackle issues ranging from the implementation of Calling

Number ID systems to the development of nanotechnology and

virtual reality, from the use of computers in education to working

conditions for computer professionals, from community networks

to computer ethics.


------------------------------


Date: Sun, 16 Jan 1994 21:53:02 -0500 (EST)

From: The Advocate <tk0jut2@mvs.cso.niu.edu>

Subject: File 3--Re: CuD, #6.07: CPSR lives down from my expectations (#2)


Well i am glad to see the radical libertarian rush limbaugh reading

writer  has dropped out of CPSR.  otherwise he would have hung around

and like some bad avian from a poe story been crying out about

socialism  all day.


I suppose the last time he used a pay phone out in the country he of

course paid  3 dollars to handle the cost of the wire out to whatever

cow patch he was in.  And of course he pays in per mile  to the state

for the roads he uses.  And when he drives out of town,  and gets a

soda,  he of course pays the true market cost for the electricity to

cool that.


And  when he flies out of those crappy western airports he of course

throws  a few dollars to the Air Traffic controllers along the way.


We live in a society.  sometimes we decide that certain items are

public necessities.  Consequently we decide to make them available to

all without regards to  means  or  geography.  It's why we are a

democracy.   IF he doesn't like it, i suggest he move to hong kong.

he may be happier there.


------------------------------


Date: 16 Jan 1994 00:47:44 -0600

From: ROBERTS%DECUS@MIMAS.ARC.AB.CA(Rob Slade, Ed. DECrypt & ComNet,

Subject: File 4--"Terminal Compromise" by W. Schwartau (Book Review)


Terminal Compromise  (by Wynn Scwhartau)


PUBLISHER:

Inter.Pact Press

11511 Pine St. N.

Seminole, FL   34642

813-393-6600

fax: 813-393-6361


"Terminal Compromise", Schwartau, 1991, 0-962087000-5, U$19.95/C$24.95

wschwartau@mcimail.com p00506@psi.com


"Terminal Compromise" was first published in 1991, and was

enthusiastically promoted by some among the security community as the

first fictional work to deal realistically with many aspects of data

communications and security.  Although still available in that form,

recently is has been "re-issued" in a softcopy "shareware" version on

the net.  (It is available for ftp at such sites as ftp.uu.net,

ftp.netsys.com, soda.berkeley.edu and wuarchive.wustl.edu. Use archie

to look for TERMCOMP.)  Some new material has been added, and some of

the original sections updated.  Again, it has been lauded in postings

on security related newsgroups and distribution lists.


Some of you may be old enough to recall that the characters current in

"Outland" sprang from a previous Berke Breathed cartoon strip called

"Bloom County".  Opus, at one point, held the post of movie reviewer

for the "Bloom County Picayune".  I remember that one of his reviews

started out, "This movie is bad, really bad, abominably bad, bad, bad,

bad!"  He considers this for a moment, and then adds, "Well, maybe not

*that* bad, but Lord! it wasn't good!"


A fairly large audience will probably enjoy it, if such trivialities

as language, characterization and plot can be ignored.  For once the

"nerds" don't get beat on; indeed, they are the heroes (maybe).  The

use of computers is much more realistic than in most such works, and

many ideas that should have greater currency are presented.  The book

will also appeal to paranoiacs, especially those who believe the US

federal government is out to get them.


Consistency is the hobgoblin of little minds -- but it does make for a

smoother "read".  "Terminal Compromise" would benefit from a run

through a style checker ... and a grammar checker ... and a spelling

checker.  Constructions such as "which was to be the hypocenter of the

blast if the Enola Gay hadn't missed its target" and "National Bureau

of Standards which sets standards" are understandable, although

awkward.  In other places it appears words might be missing, and you

have to read over sentences several times to puzzle out the meaning.

(The softcopy/shareware version comes off a little worse here, with

fragments of formatting codes left in the text.)


On second thought, forget the spelling checker.  Most of the words are

spelled correctly: they are simply *used* incorrectly.  A reference to

an "itinerant professional" has nothing to do with travelling.  (Maybe

he meant "consummate":  I couldn't think of a synonym starting with

"i".)  The "heroine" trade was probably intended to refer to white

powder rather than white slavery.  There are two automobile "wreak"s.

"Umbrage" is used twice.  An obscure seventeenth century usage did

once refer to shelter given by islands to a harbour, but it's

stretching the language a bit to make it refer to a covering for the

naughty bits.  Umbrage usually refers to offence, suspicion, doubt or

rage, as in "I take umbrage at what I suspect is a doubtful use of the

language".


Characterization?  There isn't any.  The major characters are all

supposed to be in their forties: they all, including the President of

the United States, speak like unimaginative teenage boys whose

vocabulary contains no adjectives other than obscenities.  This makes

it difficult at times to follow the dialogue, since there are no

distinctives between speakers.  (The one exception is the president of

a software firm who makes a successful, although surprising,

translation from "beard" to "suit", and is in the midst of the most

moving and forceful speech in the book, dealing with our relationship

to computers, when the author has him assassinated.)


The book is particularly hard on women.  There are no significant

female characters.  None.  In the initial introduction and background

of the hero there is no mention of a significant other.  It is

something of a shock later to discover he is married, then that he is

divorced.  Almost all of the females are simply bedroom furniture.

The portrayals remind one of the descriptions in "Don Quixote" of

women "so gay, striking and beautiful that the sight of her impressed

them all; so vividly that, if they had not already seen [the others],

they would have doubted whether she had her match for beauty".


Which raises another point.  All of the hackers, except some of the

Amsterdam crew, are fit, athletic and extremely attractive to the

female of the species.  Even among the I-Hack crowd, while there may

be some certifiable lunatics, nobody is unkempt or unclean.  These

urbane sophisticates drink "Glen Fetitch" and "Chevas" while lounging

in "Louis Boston" suits on "elegant ... PVC furniture".  Given that

the hackers save the day (and ignoring, for the moment, that they

caused the trouble in the first place) there seems to be more than a

touch of wish fulfillment involved.


(Schwartau tries to reiterate the "hackers aren't evil" point at every

opportunity.  However, he throws away opportunities to make any

distinctions between different types of activities.  Although the

different terms of phreaks, hackers and crackers are sprinkled

throughout the story they are not well defined as used by the online

community.  At one point the statement is made that "cracking is

taking the machine to its limit".  There is no indication of the

divisions between phreaks, hackers and crackers within their various

specialties, nor the utter disdain that all three have for virus

writers.  Cliff Stoll's "Hanover (sic) Hacker", Markus Hess, is

described as a "well positioned and seemingly upstanding individual".

This doesn't jibe with Stoll's own description of a "round faced,

slightly overweight ... balding ... chain smoking" individual who was

"never a central figure" with the Chaos Computer Club, and who, with a

drug addict and a fast buck artist for partners "knew that he'd

screwed up and was squirming to escape".)


What little character is built during the story is unsteady.  The

author seems unable to decide whether the chief computer genius is one

of the good guys or the bad.  At times he is mercenary and

self-centred; at others he is poetic, eloquent and visionary; in yet

other scenes he is mentally unbalanced.  (He also appropriates the

persona and handle of another hacker.  We are never told why, nor are

we ever informed of what happened to the original.)  Following the

characters isn't made any easier by the inconsistency of naming: in

the space of five paragraphs we find that our hero, Scott Byron Mason

(maybe) is the son of Marie Elizabeth Mason and Louis Horace Mason.

Or possibly Evelyn Mason and Horace Stipton Mason.  The main academic

studying viral programs is Dr. Les (or Arnold) Brown (or Sternman) who

is a professor at Sheffield (or MIT).  (Interestingly, there is an

obvious attempt to correct this in the later "softcopy" version of the

book.  At times the "corrections" make the problem worse.)


For a "thriller", there is very little tension in the story.  The

unveiling of the plot takes place on a regular step by step basis.

There is never any hint that the hero is in the slightest personal

danger: the worst that happens is that one of his stories is quashed.

Indeed, at the end of the book the computer attacks seem basically all

to have succeeded, credit card companies are bankrupt, banks are in a

mess, airlines are restricted, phone systems are unreliable and the

bad guys are in charge.  Yet our heroes end up rich and happy on an

island in the sun.  The author seems to be constantly sounding the

alarm over the possibility of this disaster, but is unwilling,

himself, to face the tremendous personal suffering that would be

generated.


Leaving literary values aside, let us examine the technical contents.

The data security literate will find here a lot of accurate

information.  Much of the material is based on undisputed fact; much

of the rest brings to light some important controversies.  We are

presented with a thinly disguised "Windows", a thinly disguised Fred

Cohen (maybe two?), a severely twisted Electronic Freedom Foundation

and a heavily mutated John Markoff.  However, we are also presented

with a great deal of speculation, fabrication and technical

improbabilities.  For the technically adept this would be

automatically disregarded.  For the masses, however (and this book

seems to see itself in an educational light), dividing the wheat from

the chaff would be difficult if not impossible.


As with names, the author appears to have problems with the

consistency of numbers.  In the same paragraph, the softcopy version

has the same number quoted as "over 5000", "almost 5000" and "three

thousand".  (It appears to have been "corrected" or updated from the

original version without reading the context).  A calculation of the

number of hackers seems to be based upon numbers pulled out of the

air, and a computer population an order of magnitude larger than

really exists.  The "network", seemingly referring to the Internet,

has a population two orders of magnitude too large.  Four million

legal copies, with an equal number of pirate copies, of a virus

infected program apparently result in only "between 1 and 5 million"

infections.  (I *knew* a lot of people had bought Windows but never

used it!)  Not the most prolific virus we've ever seen.


Schwartau seems uncertain as to whether he wants to advertise real

software or hide it.  At various times the characters, incessantly

typing to each other across the (long distance) phone lines use

"xtalk" (the actual filename for Crosstalk), "ProCom" (ProComm,

perhaps?), "ComPro" and "Protalk".  They also make "4800 BAUD"

connections (technically unlikely over voice grade lines, and even if

he meant "bits per second" 4800 is rather an odd speed) and

communicate with "7 bits, no parity, no stop bits" parameter settings.

(The more common parameter settings are either 8 bits, no parity or 7

bits, even parity.  You *must* have stop bits, usually one.  And to

forestall the obvious criticism, there is no indication in the book

that a "non-standard" setting is being used for security reasons.)


We are, at places in the text, given detailed descriptions of the

operations of some of the purported viral programs.  One hides in

"Video RAM".  Rather a stupid place to hide since any extensive video

activity will overwrite it.  (As I recall, the Proto-T hoax, which was

supposed to use this same mechanism, started in 1991.  Hmmm.)  Another

would erase the disk the first time the computer was turned on, which

leads one to wonder how it was supposed to reproduce.  (This same

program was supposed to be able to burn out the printer port

circuitry.  Although certain very specific pieces of hardware may fail

under certain software instructions, no printer port has ever been

numbered among them.)  One "hidden file" is supposed to hide itself by

looking like a "bad cluster" to the system.  "Hidden" is an attribute

in MS-DOS, and assignable to any file.  A "bad cluster" would not be

assigned a file name and therefore would never, by itself, be executed

by any computer system.  We also have a report of MS-DOS viri wiping

out a whole town full of Apple computers.


Schwartau is not averse to making up his own virus terminology, if

necessary.  ("Stealth" is also reported as a specific virus.)  At one

point the book acknowledges that viral programs are almost invariably

detected within weeks of release, yet the plot relies upon thousands

of viri remaining undetected for years.  At another point the use of

"radio broadcasts" of viral programs to enemy systems is advocated,

ignoring the fact that the simplest error checking for cleaning

"noise" from digital radio transmissions would eliminate such

activity.


A number of respected security experts have expressed approval of

"Terminal Compromise".  This approbation is likely given on the basis

that this book is so much better than other fictional works whose

authors have obviously had no technical background.  As such the

enthusiasm is merited: "Terminal Compromise" raises many important

points and issues which are currently lost on the general public.


Unfortunately, the problems of the book, as a book, and the technical

excesses will likely restrict its circulation and impact.  As a

fictional work the lack of literary values are going to restrict both

its appeal and longevity.  As an exhortative or tutorial work, the

inability to distinguish between fact and fiction will reduce its

value and effectiveness in promoting the cause of data security.


copyright Robert M. Slade, 1993   BKTRMCMP.RVW   931002


------------------------------


Date: Sun, 16 Jan 94 20:58:18 PST

From: David.Batterson@F290.N105.Z1.FIDONET.ORG(David Batterson)

Subject: File 5--Pit Stops Along The Info Turnpike


                       Pit Stops Along The Info Turnpike

                              by David Batterson


     Following are some thoughts gathered about the [and I'm getting

sick of hearing the term] Information Superhighway, and some products

that hope to catch some of the road travel business.


     AT&T is obviously bullish on the future, and not only because it

offers long distance phone service.  It now owns EO, Inc. (which makes

the EO Personal Communicator, the expensive cousin to Apple's Newton),

as well as Pensoft Corp., which makes EO's Perspective information

management software.


     The EO Personal Communicator hasn't exactly taken the world by

storm, but then again, the Newton hasn't either. John Sculley puffed

his chest and crowed how the Newton was going to take off like a

rocket; then Sculley shot off the launch pad instead.


     I've been trying to get an EO review unit since last summer, and

still no luck yet.  I could go buy one at one of 351 Office Depot

superstores if I had the spare change, but I don't.  8^/


     The CEO of EO is Alain Rossmann, who helped found C-Cube, Inc. (a

market leader in digital still image and digital video compression

technologies), and he was also a co-founder of Radius, Inc.  Besides

having an MBA, Rossmann has Masters degrees in civil engineering, math

and physics.


     Rossmann said that "Pensoft has developed a breakthrough product

with Perspective, and simultaneously created a data environment that

allows customers with AT&T EO Personal Communicators to retrieve,

store and manage a rich fabric of information from stock quotes and

airline schedules to multimedia data."  He adds that "Pensoft's data

architecture, combined with EO's wireless access to the nation's

information superhighway [whoop, there it is again!] is a powerful

enabler for content publishing."


     Even though EO user get a free subscription to AT&T Mail, nowhere

in the EO presskit is there any e-mail address for the company.

Ironically, the EO spec sheet is headlined: "Always in Touch."  Yeah,

but I guess it's a carefully guarded secret how to reach them online.

Wouldn't want to bother them with questions or anything, would we?


     Joel Silberman, Marketing Manager, Wireless Networking Group at

National Semiconductor Corp., continues the line of thinking about

PDAs.  "The next generation of PDAs, hand-held terminals, subnotebooks

are clearly on track to providing end users good tools on which to

conveniently work," Silberman told me recently.  "Wireless solutions

such as WLAN cards, messaging/paging cards, and Personal Wireless

Systems (like National Semiconductor's AirShare radio modules used

with Traveling Software's new LapLink Wireless) are enabling

technologies which when coupled with user-friendly software

applications (such as LapLink) provide end users unparalleled

convenience in accessing and sharing information on our new PDAs," he

said.


     Silberman added that "new applications will allow for more

reliable data collection and tracking, more productive doctors and

nurses, and customer service and convenience that will drive the

adoption of computers becoming consumer products."  He thinks that

"AirShare is significant because it brings the concept of personal,

cordless wireless systems on the scene." and it will "set the stage

for a host of products" that permit "a reliable way of sharing data in

a local area while remaining mobile."


     Silberman likes the idea that "the information comes to me

instead of me going to the data."  If you want to send Silberman

information, try:  tjossc@tevm2.nsc.com.


     Mark Eppley, CEO of Traveling Software, isn't shy about

expressing an opinion either.  He e-mailed me that "basically, in

terms of true consumer wireless on and off ramps to this much

publicized info hwy, we are NOT there yet.  I like using the auto

industry to help explain where wireless technology is today."


     "There were two primary inventions that had a dramatic impact on

making the automobile a widely used consumer product," Eppley said.

"The first was the electric starter which became common place around

1921. We are now seeing the equivalent of 'electric starters' in the

new crop of PDAs and portables with PCMCIA wireless card options."


     Eppley said "the second event that expanded the acceptance of the

auto, was the automatic transmission in 1942.  This is exactly what we

need for the wireless data industry to take off.  LapLink Wireless is

really the first such automatic transmission.  It's the first product

that will automatically accomplish data communications by the mere

fact of walking within range of the radio transceivers," he said.




     Right now, even though many of us--including journalists--get a

lot of data via our fax machines and fax modems, how do we extract it

for further use?  I sure don't like retyping anything if I can help

it.  And until more PR agencies and in-house departments get

up-to-speed on e-mail, then we'll just have to use fax software with

OCR capability.


     I've been testing FaxWorks Pro 3.0 for several months now, and

find it serves my faxing needs quite well.  Its OCR feature converts

text to all the popular word processing formats or to plain ASCII

text.  Below is the exact text read by the FaxWorks OCR module, from a

fax of CuD information:


  Computer underground Digest is a weekly  electronic  journal/newsletter.

  Sub5cription5 are available free via e-mail from tkOjut2@mv5.c5o.niu.edu.

  The editor5 ma!j be contacted b!j voice (815-753-0303), FAX (815-753-G302)

  or 5nailmail at: Jim Thoma5, Department of Sociology, NIU, DeKalb, IL

  60115.


     As you'll see, the FaxWorks OCR got everything right, except

reading some of the "s" characters as a "5" instead, and a "y"

character came out as "!j" for some reason.  But with a quick search

and replace, you can fix those misreads easily.  That's what good data

management today requires:  quickness!


     FaxWorks Pro is from SofNet, Inc. in Atlanta, no Internet address

was provided.  Big surprise.


     In spite of the media frenzy, the "data thoroughfare" is still a

long way off for most of us.  Meanwhile most users are still dealing

with the Windows 3.1 communication bottleneck, which limits reliable

asynchronous data transfers above 19.2K bps.


     Pacific CommWare has now released TurboCom/2, an update of its

drop-in replacement for the native Windows comm driver.  It now takes

advantage of the 16550 UART (Universal Asynchronous

Receiver/Transmitter) chip used in the better 14.4K bps (and faster)

internal modems.   [Your newer PC may also have 16550 UART serial

ports installed  If not, you can upgrade.]


     What does this mean?  You can then have up to 115.2K bps speeds,

and support up to four high-speed serial ports simultaneously.  And

TurboCom/2 Plus allows you to use up to NINE serial ports.


     Will Windows 4.0 (aka the Chicago project) have new comm drivers

making it unnecessary to buy add-ons like TurboCom/2?  Quite possibly.

Pam Edstrom, VP at Waggener Edstrom--Microsoft's PR firm--told me the

other day that the next Windows will have a "Vcom.36, 32-bit

communications driver, written as a virtual device" and it's "being

developed internally."


     Pacific CommWare puts its e-mail addresses on its letterhead, so

I'll give them to you: 3445374@mcimail.com, or

71521.760@compuserve.com.


     And last we look at another significant part of the Communique

Interstate:  BBBs and the massive amount of messaging going on there.

The only way that users can deal with the glut of e-mail, public mail

and files is with offline mail readers.


     I've tested and used a number of them including OffLine eXpress

(OLX), Blue Wave and VbReader.  My current reader of choice is Silver

Xpress Off-Line Mail Reader, Ver. 4.0. It's not a Windows program,

although "a Windows version is coming this year," Andrea Santos at

Santronics Software told me.


     Silver Xpress--a shareware program that's widely available on

BBSs--has many unique features not found in other mail readers. Many

more are in development, Santos told me, and the new product will be

called Gold Xpress.  Silver Xpress has "in excess of 5,000

registrations," Santos said, "and we guess about 2-5% of users are

registering."


     Santronics did list their BBS number (305-248-7815) but they

didn't list an Internet address, but luckily I had it already:

andrea.santos@f42.n105.z1.fidonet.org.


     So there you have it: some very different companies and their

attempts to steer their way onto the {you know what], and extract a

few dollars from your digital bank account.  Happy trails, travelers.


                                      ###


David Batterson has written for various computer publications, and

weekly newspapers, including WIRED, PC TODAY, ComputorEdge (San

Diego), WILLAMETTE WEEK (Portland), The Weekly News (Miami), and Bay

Area Reporter (S.F.). This article may be freely distributed for

noncommercial usage, but may not be published without permission.

Thank you in advance for your proper use.


 * Evaluation copy of Silver Xpress. Day # 55

 --- via Silver Xpress V4.00 [NR]

  --

uucp: uunet!m2xenix!puddle!290!David.Batterson

Internet: David.Batterson@f290.n105.z1.fidonet.org


------------------------------


Date: Thu, 13 Jan 1994 21:29:44 EST

From: Alert@washofc.cpsr.org

Subject: File 6--FBI Pushes for Enhanced Wiretap Capabilities


Source:  CPSR ALERT,Volume  3.01  January 13, 1994


             FBI Pushes for Enhanced Wiretap Capabilities


In the past month, FBI officials have indicated publicly that they are

continuing to push for enactment of legislation to mandate the building

in of electronic surveillance capabilities into most telecommunications

equipment. In addition, there are also reports that the Department of

Justice is investigating the possibility of recommending changes in the

law to allow for military personnel and equipment to be used by law

enforcement for electronic surveillance of Asian speakers.


On December 8, FBI Director Louis Freeh spoke at the National Press

Club where he stated:


     In order to keep up with the criminals and to protect our

     national security, the solution is clear. We need legislation

     to ensure that telephone companies and other carriers provide

     law enforcement with access to this new technology.


Communications Daily reported that the FBI and the telecommunications

carriers have formed a working group to discuss the problem and that

the companies might implement the capabilities voluntarily. This

working group has met several times.


Scripps Howard News Service reported on December 5 that the Department

of Justice is considering proposing new legislation to allow the

military to assist with wiretaps of Asian suspects. Currently the

military is prohibited by the 1878 Posse Comitatus Act, which prohibits

the use of military personal and resources in civilian law enforcement

activities. It was amended in 1981 to allow for use of military

personal and equipment for advice and assistance in drug interdiction.


Freeh reportedly told Scripts Howard that "I think that if we had

access to 50 or 100 qualified linguists in the Asian language[s] we

could probably monitor by ten times our ability to do court-authorized

surveillances of Asian organized crime groups."


Civil liberties groups are concerned about the military conducting

domestic electronic surveillance, especially in light of the recent

disclosures by CPSR of the National Security Agency's role in the

development of the Digital Signature Standard and the Digital Telephony

Proposal.


Sources inside the administration indicate that the long awaited

inter-agency review of government encryption policy, including Clipper,

the Digital Telephony Proposal and export control is due out by the end

of January. The report is expected to be classified.


((CPSR ALERT can be obtained on-line from alert@washofc.cpsr.org))


------------------------------


End of Computer Underground Digest #6.08

************************************


Comments

Popular posts from this blog

BOTTOM LIVE script

Evidence supporting quantum information processing in animals

ARMIES OF CHAOS