**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.14 (June 14, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.14 / File 4 of 5 *** *************************************************************** We have not yet seen a copy of Craig Neidorf's June 12 indictment, but we are told that Phrack #19 (file 7) and Phrack #23 (file 3) will be introduced as evidence. We are also told that this stuff is sealed, so it would be unwise for anybody to request (or distribute) these files. PHRACK 19 (file 7, "Phrack World News"): This file announces that The Phoenix Project BBS returned on-line, and summarizes some general information. We are given the dictionary definitions of the terms "phoenix" and "project." We are told that Summer-con '87 was held on schedule, and that summer-con '88 would occur. We told that The Metal Shop BBS is down, perhaps permanently. Personnel from industry and law enforcement are explicitely invited to attend Summer-con '88. Dangerous stuff. PHRACK #23, File 3 (Part III of The Vicious Circle Trilogy). If it is true that this file will be used as evidence, we cannot comprehend what it is supposed to prove. It is a list of CU groups that have existed, and the premise of the article is that joining groups is a status thing and of no particular value. It discusses John Maxfield's work assessing the number of phreaks and hackers across the country, provides a logon application required by one p/h board, and discusses possible government informants who may have infiltrated various groups. There is nothing here that cannot be found in a media article or in the works of Maxfield or Donn Parker. PHRACK #22, Files 1, 4, 5, and 6: File 1 announces, for those who may not have figured it out, that some old-time hackers now have jobs, but that some still like to maintain links to the community. No names are mentioned in this revealing blurb. It also informs readers that Phrack will publish anonymous articles and provide E-mail delivery to legitimate accounts. The editors request submissions and provide an index of files in this issue. File 4 is a version of "The State of the Hack" entitled "A Novice's Guide to Hacking- 1989 edition." It is divided into four parts: Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it, Outdials, Network Servers, Private PADs Part 3: Identifying a Computer, How to Hack In, Operating System Defaults Part 4: Conclusion; Final Thoughts, Books to Read, Boards to Call, It is essentially an essay with some basic technical information available in any computer science course integrated in. Files 5 and 6 would appear to be the most serious of the files. Both are labelled as Unix hacking tips. This may be more a rhetorical ploy than anything substantive. The "tips" provided can be found in help files, text books, over-the-counter type manuals, and many, many other sources. These files are really little more than a guide on how to use Unix. File 6, however, does discuss how passwords might be hacked. But, so does Stoll's The Cuckoo's Egg, and one in fact learns more from Stoll's book than from these files. If the authors of these files had added some sex, perhaps a murder or two, and told a few funny stories, they, too, might have had a best seller. Having re-read these files, some troubling questions arise. 1. It appears that the charges against Craig have shifted from the E911 files to the content of what he has published. If found guilty, would a precedent be set that allows agents to indict anybody who prints information about entering a computer system? Would it allow prosecution of people who support hacking, even though they themselves have not engaged in any illegal activities? 2. Where would the line be drawn between legitimate and illigetimate information? Stoll's book provides a useful primer for a would-be Unix hacker. Could Stoll be indicted? What about Levy's Out of the Inner Circle? That book, published by Microsoft, provides explicit detail on hacking techniques. What about computer courses in a unversity? If an instructor provides details on how to use Unix that one could then apply in attempting to hack a system, would that instructor be liable? What protections would exist for teaching computer use? 3. What is the liability of anybody who possesses a copy of the Phracks in question? What happens if they upload one to another board? If a caller to a board, ignorant of the current witch hunt mentality, uploads a Phrack for upload credit, as many do, then would that user be liable? Would that constitute sufficient grounds for a search warrant that would allow confiscation of computer equipment? 4. What is the liability of sysops? Should they remove text files for fear that they might be raided or harrassed, even if those files are not illegal on the fear that they might SOMEDAY be deemed illegal and justify prosecution? 5. What happens, as occasionally does, if an attorney asks the moderators of CuD for a copy of Phrack #22 or the E911 file? If we send it, have we committed a crime? If the recipient accepts it has a second crime occured? It seems that federal agents are not particularly interested in clarifying these issues. It leaves the status of distribution of information in limbo and turns the "chilling effect" into a sub-zero ice storm. Perhaps this is what they want. It strikes us as quite irresponsible. Perhaps we are wrong, and these files are not, in fact, in question. If not, then we are worrying for nothing. If, however, we are correct, then it seems that the very future of electronic communication currently hangs in the balance. Case and statute law being formulated today will provide the protections (or lack of them) for the computer world for the coming decades. The future seems to lie in electronic communication and information flow. Without establishing protections now, we are committing ourselves to a bleak future indeed. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+