---[ Phrack Magazine Volume 8, Issue 52 January 26, 1998, article 19 of 20 -------------------------[ P H R A C K W O R L D N E W S Phrack World News - 52 New categorization: -[ Stories -[ Book Releases -[ Conventions -[ Other Headlines of Interest --------[ Issue 52 0x1: Hacker Acquitted & Iraq Computerises 0x2: The Impact of Encryption on Public Safety 0x3: Urban Ka0s -- 26 Indonesian Servers Haxed 0x4: Hacker accused of sabotaging Forbes computers 0x5: Privacy, Inc. Unveils its Internet Background Check 0x6: Commerce Dept encryption rules declared unconstitutional 0x7: The Million Dollar Challenge 0x8: High Profile Detainee Seeks Legal Help 0x9: Kevin Mitnick Press Release 0xa: SAFE crypto bill cracked again 0xb: RC5 Cracked - The unknown message is... 0xc: Kashpureff in custody. 0xd: XS4ALL refuses Internet tap 0xe: The FCC Wants V-Chip in PCs too 1x1: Book Title: Underground (review) 1x2: Book Title: The Electronic Privacy Papers 1x3: Book Title: "Computer Security and Privacy: An Information Sourcebook.. 2x0: Convention: 3x1: Misc: Civil Liberties Groups ask FCC to Block FBI Proposal 3x2: Misc: Anti-Spam Bills in Congress 3x3: Misc: Justice Dept Charges Microsoft.. 3x4: Misc: Small Minds Think Alike 3x5: Misc: Cyber Promotions tossed offline 0x1>------------------------------------------------------------------------- [submitted by: the wizard of id] Phrack, I thought that you guys may be able to make use of these articles which I found in my newspaper's IT section. Perhaps you should pass them on to the editors of Phrack World News. Hacker Acquitted ================ Extract from The Age, Victoria, Australia. -Tuesday 11/25/97 The US Air Force failed last Friday to convince Woolwich Crown Court in the UK that Matthew Bevan, 23, hacked into its secret files with his home computer. Computer guru Bevan was cleared of all accusations, which led to fears of US national security risk. He was charged with three offences of "unauthorised access and modification" into sensitive research and development files at New York's Griffiss Air Force Base and Lockheed Space and Missle Company in California via the Internet. The article is accompanied by a very cool picture of Bevan in a black suit, wearing mirrored sunglasses. :) Iraq Computerises ================= Extract from The Age, Victoria, Australia. -Tuesday 11/25/97 To conceal its deadliest arms from U.N. weapons inspectors, Iraq increasingly has turned to computers, including American brands sold to Baghdad since the end of the 1991 Persian Gulf War in violation of international sanctions, according to US officials and U.N. diplomats. Iraq is using mostly Western-made computers for two cirtical functions: To transfer data from bulky paper to small disks that they can easilly disperse, making the information difficult for U.N. weapons inspection teams to track. For research and development in all four categories of weapons Iraq has been forbidden from keeping under terms of the U.N. resolution ending the war - nuclear, chemical and biological weapons and long-rnge missiles. Because of shifting tactics, computer specialists have become an ever more important component of the weapons inspections teams, US and U.N. sources say. Their work often involves digging into hard drives and unearthing material that was erased after being transferred to disks. 0x2>------------------------------------------------------------------------- [submitted by: Mike Kretsch] Statement of Louis J. Freeh, Director Federal Bureau of Investigation Before the Permanent Select Committee on Intelligence, United States House of Representatives Washington, D. C. September 9, 1997 This man must be stopped. For other fun reading, check out his statements about the FBI's International Crime fighting efforts. Errrr. Wasnt international supposed to be CIA and domestic FBI? The Impact of Encryption on Public Safety Statement of Louis J. Freeh, Director Federal Bureau of Investigation Before the Permanent Select Committee on Intelligence United States House of Representatives Washington, D. C. September 9, 1997 Mr. Chairman and members of the committee, I appreciate the opportunity to discuss the issue of encryption and I applaud your willingness to deal with this vital public safety issue. The looming spectre of the widespread use of robust, virtually unbreakable encryption is one of the most difficult problems confronting law enforcement as the next century approaches. At stake are some of our most valuable and reliable investigative techniques, and the public safety of our citizens. We believe that unless a balanced approach to encryption is adopted that includes a viable key management infrastructure that supports immediate decryption capabilities for lawful purposes, our ability to investigate and sometimes prevent the most serious crimes and terrorism will be severely impaired. Our national security will also be jeopardized. For law enforcement, framing the issue is simple. In this time of dazzling telecommunications and computer technology where information can have extraordinary value, the ready availability of robust encryption is essential. No one in law enforcement disputes that. Clearly, in today's world and more so in the future, the ability to encrypt both contemporaneous communications and stored data is a vital component of information security. As is so often the case, however, there is another aspect to the encryption issue that if left unaddressed will have severe public safety and national security ramifications. Law enforcement is in unanimous agreement that the widespread use of robust unbreakable encryption ultimately will devastate our ability to fight crime and prevent terrorism. Unbreakable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity. We wll lose one of the few remaining vulnerabilities of the worst criminals and terrorists upon which law enforcement depends to successfully investigate and often prevent the worst crimes. For this reason, the law enforcement community is unanimous in calling for a balanced solution to this problem. Such a solution must satisfy both the commercial needs of industry for strong encryption and law enforcement's public safety decryption needs. In our view, any legislative approach that does not achieve such a balanced approach seriously jeopardizes the long-term viability and usefulness of court-authorized access to transmitted as well as stored evidence and information. Electronic surveillance and search and seizure are techniques upon which law enforcement depends to ensure public safety and maintain national security. One such balanced solution to this problem is key recovery encryption. Under this approach, a decryption "key" for a given encryption product is deposited with a trustworthy key recovery agent for safe keeping. The key recovery agent could be a private company, a bank, or other commercial or government entity that meets established trustworthiness criteria. Should encryption users need access to their encrypted information, they could obtain the decryption key from the key recovery agent. Additionally, when law enforcement needs to decrypt criminal-related communications or computer files lawfully seized under established legal authorities, they too, under conditions prescribed by law and with the presentation of proper legal process, could obtain the decryption key from the key recovery agent. This is the only viable way to permit the timely decryption of lawfully seized communications or computer files that are in furtherance of criminal activity. The decryption key or information would be provided to the law enforcement agency under very strict controls and would be used only for its intended public safety purpose. Under this approach, the law-abiding would gain the benefits of strong, robust encryption products and services with emergency decryption capabilities and public safety and national security would be maintained--as manufacturers produce and sell encryption products that include features that allow for the immediate decryption of criminal-related encrypted communications or electronic information. This solution meets industry's information security and communications privacy needs for strong encryption while addressing law enforcement's public safety needs for immediate decryption when such products are used to conceal crimes or impending acts of terrorism or espionage. Some have argued that government policy makers should step aside and let market forces solely determine the direction of key recovery encryption, letting market forces determine the type of technologies that will be used and under what circumstances. They argue that most corporations that see the need for encryption will also recognize the need for, and even insist on, key recovery encryption products to secure their electronically stored information and to protect their corporate interests should an encryption key be lost, stolen or used by a rogue employee for extortion purposes. We agree that rational thinking corporations will act in a prudent manner and will insist on using key recovery encryption for electronically stored information. However, law enforcement has a unique public safety requirement in the area of perishable communications which are in transit (telephone calls, e-mail, etc.). It is law enforcement, not corporations, that has a need for the immediate decryption of communications in transit. There is extraordinary risk in trusting public safety and national security to market forces that rightfully are protecting important but unrelated interests. Law enforcement's needs will not be adequately addressed by this type of an approach. It is for this reason that government policy makers and Congress should play a direct role in shaping our national encryption policy and adopt a balanced approach that addresses both the commercial and the public safety needs. The adverse impact to public safety and national security associated with any type of "wait and see" or voluntary market force approach would be far too great of a price for the American public to pay. Several bills have recently been introduced which address encryption. Language in some of the proposed bills makes it unlawful to use encryption in the furtherance of criminal activity and set out procedures for law enforcement access to stored decryption keys in those instances where key recovery encryption was voluntarily used. Only one of these bills, S. 909, comes close to meeting our core public safety, effective law enforcement, and national security needs. S. 909 takes significant strides in the direction of protecting public safety by encouraging the use of key recovery encryption through market based incentives and other inducements. All of the other bills currently under consideration by the Congress, to include S. 376, S. 377 , and H.R. 695, would have a significant negative impact on public safety and national security and would risk great harm to our ability to enforce the laws and protect our citizens if enacted. Unfortunately, S. 909 still does not contain sufficient assurances that the impact on public safety and effective law enforcement caused by the widespread availability of encryption will be adequately addressed. We look forward to working with you to develop legislative accommodations that adequately address the public safety needs of law enforcement and a balanced encryption policy. Further, some argue the encryption "Genie is out of the bottle," and that attempts to influence the future use of encryption are futile. I do not believe that to be the case. Strong encryption products that include decryption features for lawful purposes can, with government and industry support, become the standard for use in the global information infrastructure. No one contends that the adoption of a balanced encryption policy will prevent all criminals, spies and terrorists from gaining access to and using unbreakable encryption. But if we, as a nation, act responsibly and only build systems and encryption products that support and include appropriate decryption features, all facets of the public's interest can be served. And as this committee knows, export controls on encryption products exist primarily to protect national security and foreign policy interests. However, law enforcement is more concerned about the significant and growing threat to public safety and effective law enforcement that would be caused by the proliferation and use within the United States of a communications infrastructure that supports the use of strong encryption products but that does not support law enforcement's immediate decryption needs. Without question, such an infrastructure will be used by dangerous criminals and terrorists to conceal their illegal plans and activities from law enforcement, thus inhibiting our ability to enforce the laws and prevent terrorism. Congress has on many occasions accepted the premise that the use of electronic surveillance is a tool of utmost importance in terrorism cases and in many criminal investigations, especially those involving serious and violent crime, terrorism, espionage, organized crime, drug-trafficking, corruption and fraud. There have been numerous cases where law enforcement, through the use of electronic surveillance, has not only solved and successfully prosecuted serious crimes and dangerous criminals, but has also been able to prevent serious and life-threatening criminal acts. For example, terrorists in New York were plotting to bomb the United Nations building, the Lincoln and Holland tunnels, and 26 Federal Plaza as well as conduct assassinations of political figures. Court-authorized electronic surveillance enabled the FBI to disrupt the plot as explosives were being mixed. Ultimately, the evidence obtained was used to convict the conspirators. In another example, electronic surveillance was used to prevent and then convict two men who intended to kidnap, molest and then kill a male child. Most encryption products manufactured today do not contain features that provide for immediate law enforcement decryption. Widespread use of unbreakable encryption or communications infrastructure that supports the use of unbreakable encryption clearly will undermine law enforcement's ability to effectively carry out its public safety mission and to combat dangerous criminals and terrorists. This is not a problem that will begin sometime in the future. Law enforcement is already encountering the harmful effects of encryption in many important investigations today. For example: convicted spy Aldrich Ames was told by the Russian Intelligence Service to encrypt computer file information that was to be passed to them. an international terrorist was plotting to blow up 11 U.S.-owned commercial airliners in the Far East. His laptop computer which was seized during his arrest in Manilla contained encrypted files concerning this terrorist plot. a subject in a child pornography case used encryption in transmitting obscene and pornographic images of children over the Internet. a major international drug trafficking subject recently used a telephone encryption device to frustrate court-approved electronic surveillance. Requests for cryptographic support pertaining to electronic surveillance interceptions from FBI field offices and other law enforcement agencies have steadily risen over the past several years. For example, from 1995 to 1996, there was a two-fold increase (from 5 to 12) in the number of instances where the FBI's court-authorized electronic efforts were frustrated by the use of encryption products that did not allow for lawful law enforcement decryption. Over the last three (3) years, the FBI has also seen the number of computer-related cases utilizing encryption and/or password protection increase from 20 or two (2) percent of the cases involving electronically stored information to 140 or seven (7) percent. These included the use of 56-bit data encryption standard (DES) and 128-bit "pretty good privacy" (PGP) encryption. Just as when the Congress so boldly addressed the digital telephony issue in 1994, the government and the nation are again at an historic crossroad on this issue. The Attorney General and the heads of federal law enforcement agencies as well as the presidents of several state and local law enforcement associations recently sent letters to every member of Congress urging the adoption of a balanced encryption policy. In addition, the International Association of Chiefs of Police, the National Sheriff's Association and the National District Attorneys Association have all enacted resolutions supporting a balanced encryption policy and opposing any legislation that undercuts or falls short such a balanced policy. If public policy makers act wisely, the safety of all Americans will be enhanced for decades to come. But if narrow interests prevail, then law enforcement will be unable to provide the level of protection that people in a democracy properly expect and deserve. Conclusion We are not asking that the magnificent advances in encryption technology be abandoned. We are the strongest proponents of robust, reliable encryption manufactured and sold by American companies all over the world. Our position is simple and, we believe, vital. Encryption is certainly a commercial interest of great importance to this great nation. But it's not merely a commercial or business issue. To those of us charged with the protection of public safety and national security, encryption technology and its application in the information age--here at the dawn of the 21st century and thereafter--will become a matter of life and death in many instances which will directly impact on our safety and freedoms. Good and sound public policy decisions about encryption must be made now by the Congress and not be left to private enterprise. Legislation which carefully balances public safety and private enterprise must be established with respect to encryption. Would we allow a car to be driven with features which would evade and outrun police cars? Would we build houses or buildings which firefighters could not enter to save people? Most importantly, we are not advocating that the privacy rights or personal security of any person or enterprise be compromised or threatened. You can't yell "fire" in a crowded theater. You can't with impunity commit libel or slander. You can't use common law honored privileges to commit crimes. In support of our position for a rational encryption policy which balances public safety with the right to secure communications, we rely on the Fourth Amendment to the Constitution. There the framers established a delicate balance between "the right of the people to be secure in their persons, houses, papers, and effects (today we might add personal computers, modems, data streams, discs, etc.) against unreasonable searches and seizures." Those precious rights, however, were balanced against the legitimate right and necessity of the police, acting through strict legal process, to gain access by lawful search and seizure to the conversations and stored evidence of criminals, spies and terrorists. The precepts and balance of the Fourth Amendment have not changed or altered. What has changed from the late eighteenth to the late twentieth century is technology and telecommunications well beyond the contemplation of the framers. The unchecked proliferation of unbreakable encryption will drastically change the balance of the Fourth Amendment in a way which would shock its original proponents. Police soon may be unable through legal process and with sufficient probable cause to conduct a reasonable and lawful search or seizure, because they cannot gain access to evidence being channeled or stored by criminals, terrorists and spies. Significantly, their lack of future access may be in part due to policy decisions about encryption made or not made by the United States. This would be a terrible upset of the balance so wisely set forth in the Fourth Amendment on December 15, 1791. I urge you to maintain that balance and allow your police departments, district attorneys, sheriffs and federal law enforcement authorities to continue to use their most effective techniques to fight crime and terrorism--techniques well understood and authorized by the framers and Congress for over two hundred years. I look forward to working with you on this matter and at this time would be pleased to answer any questions. 0x3>------------------------------------------------------------------------- Subject: Urban Ka0s -- 26 Indonesian Servers Haxed Greetings Phrack, Today, our group (Urban Ka0s) and several portuguese Hackers attacked several Indonesian servers, in order to defend East Timor rights! We are Portuguese Hackers Agaisnt Indonesian Tirany. "Thix Site Was Haxed & Deleted by PHAiT. This attack is not against indonesian people but against its government and their opression towards the republic of timor. These actions were made to honour and remember all the 250 people killed in Dili on the 12 november 1991. As a result all sites belonging to indonesia's goverment were erased, the rest only had their webpages changed." East Timor, One People, One Nation "Whether it is in Tibet or Poland, the Baltics or the South Pacific, Africa or the Caribbean, it has been shown that force and repression can never totally suffocate the reasons underlying the existence of a people: pride in its own identity, capacity to preserve, without restriction, everything that identifies it as such, freedom to pass all this on to future generations, in brief, the right to manage its own destiny." Xanana Gusmo October 5, 1989 Please inform all ciber citizens of this action. Our contact is at: -- Urban Ka0s -- http://urbankaos.org irc: PT-Net irc.urbankaos.org 0x4>------------------------------------------------------------------------- Title: Hacker accused of sabotaging Forbes computers Source: Infobeat News Author: unknown Date: unknown A former temporary computer technician at business publisher Forbes Inc has been charged with sabotage and causing a massive crash of the firm's computer network, prosecutors said. According to the complaint filed in Manhattan Federal Court and unsealed Monday, George Mario Parente, 30, of Howard Beach in the borough of Queens was accused of hacking his way into the Forbes' network in April from his home, using an unauthorized password. Prosecutors alleged he erased vital information including budgets and salary from Forbes' computers because he was angry with the company after he was fired. 0x5>------------------------------------------------------------------------- Title: Privacy, Inc. Unveils its Internet Background Check Source: Author: unknown Date: August 1, 1997 Aurora, Colorado Privacy, Inc. (www.privacyinc.com) today released its Internet Background Check, a utility that empowers users to determine if they are at risk from the plethora of databases that are being placed on the Internet. Searches quickly scan through hundreds of databases beng placed on-line by state and local governments and law enforcement angencies in categories such as: * Registered Sex Offenders and Predators * Deadbeat Parents * Wanted Persons * Missing Persons * Arrest/Prison 'The Computer Is Never Wrong' "Errors and risks of mistaken identity in this data are a key concern," says Edward Allburn, founder and president of Privacy, Inc. The recent flurry of activity by government and law enforcement agencies to distribute such volatile information on the Internet creates an environment that potentially places innocent people at risk, especially for mistaken identity. Advanced technology was incorporated into the development of the Internet Background Check with this risk in mind. This technology allows users to also search for names that look and/or sound similar to their own while still delivering highly focused results that standard Internet search engines (such as Yahoo! and Lycos) are incapable of producing. One More Tool The release provides one more tool for consumers to protect themselves in the Information Age. Additional resources provided by Privacy, Inc. include: * Consumer Privacy Guide * Government Database Guide * Government Dossier Service * David Sobel's Legal FAQ * Privacy News Archive, updated weekly Guido, the Cyber-Bodyguard is another utility planned to be released in the coming months. Guido will interface with the Internet Background Check to automatically alert users via e-mail if/when their name appears in a new or updated database, in effect monitoring the Internet so users don't have to. 0x6>------------------------------------------------------------------------- Title: Commerce Dept encryption rules declared unconstitutional Source: fight-censorship@vorlon.mit.edu Author: unknown Date: unknown A Federal judge in San Francisco ruled today that the Commerce Department's export controls on encryption products violate the First Amendment's guarantees of freedom of speech. In a 35-page decision, U.S. District Judge Marilyn Patel said the Clinton administration's rules violate "the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional." Patel reaffirmed her December 1996 decision against the State Department regulations, saying that the newer Commerce Department rules suffer from similar constitutional infirmities. Patel barred the government from "threatening, detaining, prosecuting, discouraging, or otherwise interfering with" anyone "who uses, discusses, or publishes or seeks to use, discuss or publish plaintiff's encryption programs and related materials." Daniel Bernstein, now a math professor at the University of Illinois, filed the lawsuit with the help of the Electronic Frontier Foundation. Patel dismissed the State, Energy, and Justice departments and CIA as defendants. President Clinton transferred jurisdiction over encryption exports from the State to the Commerce department on December 30, 1996. The Justice Department seems likely to appeal the ruling to the Ninth Circuit, which could rule on the case in the near future. 0x7>------------------------------------------------------------------------- Title: The Million Dollar Challenge Source: unknown mail list Ultimate Privacy, the e-mail encryption program combining ease of use with unbreakability. Ultimate Privacy is serious cryptography. On the Links page we have links to other Internet sites that discuss One-Time Pad cryptography and why it is unbreakable when properly implemented. Nevertheless, should you wish to try, the first person to be able to discern the original message within a year (following the simple requirements of the Challenge) will actually receive the million dollar prize as specified in the Rules page. The prize is backed by the full faith and credit of Crypto-Logic Corporation and its insurors. You might be interested in to know how the Challenge was done. We used a clean, non-network-connected computer. After installing Ultimate Privacy, one person alone entered the Challenge message and encrypted it. After making a copy of the encrypted message, we removed the hard disk from the computer and it was immediately transported to a vault for a year. Therefore, the original message is not known by Crypto-Logic Corporation staff (other than the first few characters for screening purposes), nor are there any clues to the original message on any media in our offices. 0x8>------------------------------------------------------------------------- Title: High Profile Detainee Seeks Legal Help Source: fight-censorship@vorlon.mit.edu Author: unknown Date: September 3, 1997 Mr. Kevin Mitnick has been detained in Federal custody without bail on computer "hacking" allegations for over thirty months. Having no financial resources, Mr. Mitnick has been appointed counsel from the Federal Indigent Defense Panel. As such, Mr. Mitnick's representation is limited; his attorney is not permitted to assist with civil actions, such as filing a Writ of Habeas Corpus. For the past two years, Mr. Mitnick has attempted to assist in his own defense by conducting legal research in the inmate law library at the Metropolitan Detention Center (hereinafter "MDC") in Los Angeles, California. Mr. Mitnick's research includes reviewing court decisions for similar factual circumstances which have occurred in his case. MDC prison officials have been consistently hampering Mr. Mitnick's efforts by denying him reasonable access to law library materials. Earlier this year, Mr. Mitnick's lawyer submitted a formal request to Mr. Wayne Siefert, MDC Warden, seeking permission to allow his client access to the law library on the days set aside for inmates needing extra law library time. The Warden refused. In August 1995, Mr. Mitnick filed an administrative remedy request with the Bureau of Prisons complaining that MDC policy in connection with inmate access to law library materials does not comply with Federal rules and regulations. Specifically, the Warden established a policy for MDC inmates that detracts from Bureau of Prison's policy codified in the Code of Federal Regulations. Briefly, Federal law requires the Warden to grant additional law library time to an inmate who has an "imminent court deadline". The MDC's policy circumvents this law by erroneously interpreting the phrase "imminent court deadline" to include other factors, such as, whether an inmate exercises his right to assistance of counsel, or the type of imminent court deadline. For example, MDC policy does not consider detention (bail), motion, status conference, or sentencing hearings as imminent court deadlines for represented inmates. MDC officials use this policy as a tool to subject inmates to arbitrary and capricious treatment. It appears MDC policy in connection with inmate legal activities is inconsistent with Federal law and thereby affects the substantial rights of detainees which involve substantial liberty interests. In June 1997, Mr. Mitnick finally exhausted administrative remedies with the Bureau of Prisons. Mr. Mitnick's only avenue of vindication is to seek judicial review in a Court of Law. Mr. Mitnick wishes to file a Writ of Habeas Corpus challenging his conditions of detention, and a motion to compel Federal authorities to follow their own rules and regulations. Mr. Mitnick is hoping to find someone with legal experience, such as an attorney or a law student willing to donate some time to this cause to insure fair treatment for everyone, and to allow detainees to effectively assist in their own defense without "Government" interference. Mr. Mitnick needs help drafting a Habeas Corpus petition with points and authorities to be submitted by him pro-se. His objective is to be granted reasonable access to law library materials to assist in his own defense. If you would like to help Kevin, please contact him at the following address: Mr. Kevin Mitnick Reg. No. 89950-012 P.O. Box 1500 Los Angeles, CA 90053-1500 0x9>------------------------------------------------------------------------- Title: Kevin Mitnick Press Release Source: Press Release Author: Donald C. Randolph Date: August 7, 1997 THE UNITED STATES V. KEVIN DAVID MITNICK I. Proceedings to Date With 25 counts of alleged federal computer and wire fraud violations still pending against him, the criminal prosecution of Kevin Mitnick is approaching its most crucial hour. The trial is anticipated to begin in January, 1998. In reaching this point, however, Kevin has already experienced years of legal battles over alleged violations of the conditions of his supervised release and for possession of unauthorized cellular access codes. A. Settling the "Fugitive" Question The seemingly unexceptional charges relating to supervised release violations resulted in months of litigation when the government attempted to tack on additional allegations for conduct occurring nearly three years after the scheduled expiration of Kevin's term of supervised release in December, 1992. The government claimed that Kevin had become a fugitive prior to the expiration of his term, thereby "tolling" the term and allowing for the inclusion of additional charges. After months of increasingly bold assertions concerning Kevin's "fugitive" status, evidentiary hearings were held in which the government was forced to concede that its original position in this matter was unsupported by the facts. B. Sentencing In June of this year Kevin was sentenced for certain admitted violations of his supervised release and for possession of unauthorized access codes. The court imposed a sentence of 22 months instead of the 32 months sought by the government. Since Kevin has been in custody since his arrest in February 1995, this sentence has been satisfied. We are currently preparing a request for release on bail. During this stage of the proceedings, the government sought to impose restrictions on Kevin's access to computers which were so severe as to virtually prohibit him from functioning altogether in today's society. The proposed restrictions sought to completely prohibit Kevin from "using or possessing" all computer hardware equipment, software programs, and wireless communications equipment. After arguments that such restrictions unduly burdened Kevin's freedom to associate with the on-line computer community and were not reasonably necessary to ensure the protection of the public, the court modified its restrictions by allowing for computer access with the consent of the Probation Office. Nonetheless, the defense believes that the severe restrictions imposed upon Mr. Mitnick are unwarranted in this case and is, therefore, pursuing an appeal to the Ninth Circuit. II. The Government Seeks to make an Example of Mr. Mitnick One of the strongest motivating factors for the government in the prosecution of Kevin Mitnick is a desire to send a message to other would-be "hackers". The government has hyped this prosecution by exaggerating the value of loss in the case, seeking unreasonably stiff sentences, and by painting a portrait of Kevin which conjures the likeness of a cyber-boogie man. There are a number of objectives prompting the government's tactics in this respect. First, by dramatically exaggerating the amount of loss at issue in the case (the government arbitrarily claims losses exceed some $80 million) the government can seek a longer sentence and create a high-profile image for the prosecution. Second, through a long sentence for Kevin, the government hopes to encourage more guilty pleas in future cases against other hackers. For example, a prosecutor offering a moderate sentence in exchange for a guilty plea would be able to use Kevin Mitnick's sentence as an example of what "could happen" if the accused decides to go to trial. Third, by striking fear into the hearts of the public over the dangers of computer hackers, the government hopes to divert scrutiny away from its own game-plan regarding the control and regulation of the Internet and other telecommunications systems. III. Crime of Curiosity The greatest injustice in the prosecution of Kevin Mitnick is revealed when one examines the actual harm to society (or lack thereof) which resulted from Kevin's actions. To the extent that Kevin is a "hacker" he must be considered a purist. The simple truth is that Kevin never sought monetary gain from his hacking, though it could have proven extremely profitable. Nor did he hack with the malicious intent to damage or destroy other people's property. Rather, Kevin pursued his hacking as a means of satisfying his intellectual curiosity and applying Yankee ingenuity. These attributes are more frequently promoted rather than punished by society. The ongoing case of Kevin Mitnick is gaining increased attention as the various issues and competing interests are played out in the arena of the courtroom. Exactly who Kevin Mitnick is and what he represents, however, is ultimately subject to personal interpretation and to the legacy which will be left by "The United States v. Kevin David Mitnick". 0xa>------------------------------------------------------------------------- Title: SAFE crypto bill cracked again Source: Author: By Alex Lash and Dan Goodin Date: September 12, 1997, 8:40 a.m. PT For the second time in a week, a House committee has made significant changes to the Security and Freedom through Encryption (SAFE) Act to mandate that domestic encryption products give law enforcement agencies access to users' messages. The changes by the Intelligence Committee, which were passed as a "substitute" to SAFE, turn the legislation on its head. The amendment follows similar changes two days ago in the House National Security Committee. Initially drafted as a way to loosen U.S. export controls on encryption, legislators have instead "marked up" the bill, or amended it at the committee level, to reflect the wishes of the Federal Bureau of Investigation and other law enforcement agencies that want "wiretap" access to all encrypted email and other digital files. Both the Intelligence and the National Security committees tend to favor export controls, because they view encryption as a threat to information-gathering activities by U.S. military and law enforcement officials. The Intelligence Committee cited those concerns today when announcing the substitute legislation. "Terrorist groups...drug cartels...and those who proliferate in deadly chemical and biological weapons are all formidable opponents of peace and security in the global society," said committee chairman Porter Goss (R-Florida) in a statement. "These bad actors must know that the U.S. law enforcement and national security agencies, working under proper oversight, will have the tools to frustrate illegal and deadly activity and bring international criminals to justice." Opponents of government attempts to regulate encryption, including a leading panel of cryptographers, have argued that built-in access to encrypted files would in fact threaten national and individual security and be prohibitively expensive to implement. The amended legislation calls for all imported or U.S.-made encryption products that are manufactured or distributed after January 31, 2000, to provide "immediate access" to the decrypted text if the law officials present a court order. "Law enforcement will specifically be required to obtain a separate court order to have the data, including communications, decrypted." A markup of the same bill in the House Commerce Committee was postponed today for two weeks. It will be the fifth such committee vote on the bill since its introduction. The Intelligence and National Security amendments this week are by no means a defeat of the bill. Instead, they would have to be reconciled with versions of the bill already approved by the House Judiciary and International Relations committees. That reconciliation most likely would have to happen on the House floor. The rapidly fragmenting bill still has several layers of procedure to wend through before it reaches a potential floor vote, but people on both sides of the encryption debate openly question if the bill--in any form--will make it that far this year. The legislation has 252 cosponsors, more than half of the House membership. 0xb>------------------------------------------------------------------------- Title: RC5 Cracked - The unknown message is... Source: Author: David McNett [:] Date: Mon, 27 Oct 1997 08:43:38 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is a great privilege and we are excited to announce that at 13:25 GMT on 19-Oct-1997, we found the correct solution for RSA Labs' RC5- 32/12/7 56-bit secret-key challenge. Confirmed by RSA Labs, the key 0x532B744CC20999 presented us with the plaintext message for which we have been searching these past 250 days. The unknown message is: It's time to move to a longer key length In undeniably the largest distributed-computing effort ever, the Bovine RC5 Cooperative (http://www.distributed.net/), under the leadership of distributed.net, managed to evaluate 47% of the keyspace, or 34 quadrillion keys, before finding the winning key. At the close of this contest our 4000 active teams were processing over 7 billion keys each second at an aggregate computing power equivalent to more than 26 thousand Pentium 200's or over 11 thousand PowerPC 604e/200's. Over the course of the project, we received block submissions from over 500 thousand unique IP addresses. The winning key was found by Peter Stuer with an Intel Pentium Pro 200 running Windows NT Workstation, working for the STARLab Bovine Team coordinated by Jo Hermans and centered in the Computer Science Department (DINF) of the Vrije Universiteit (VUB) in Brussels, Belgium. (http://dinf.vub.ac.be/bovine.html/). Jo's only comments were that "$1000 will buy a lot of beer" and that he wished that the solution had been found by a Macintosh, the platform that represented the largest portion of his team's cracking power. Congratulations Peter and Jo! Of the US$10000 prize from RSA Labs, they will receive US$1000 and plan to host an unforgettable party in celebration of our collective victory. If you're anywhere near Brussels, you might want to find out when the party will be held. US$8000, of course, is being donated to Project Gutenberg (http://www.promo.net/pg/) to assist them in their continuing efforts in converting literature into electronic format for the public use. The remaining US$1000 is being retained by distributed.net to assist in funding future projects. Equally important are the thanks, accolades, and congratulations due to all who participated and contributed to the Bovine RC5-56 Effort! The thousands of teams and tens of thousands of individuals who have diligently tested key after key are the reason we are so successful. The thrill of finding the key more than compensates for the sleep, food, and free time that we've sacrificed! Special thanks go to all the coders and developers, especially Tim Charron, who has graciously given his time and expertise since the earliest days of the Bovine effort. Thanks to all the coordinators and keyserver operators: Chris Chiapusio, Paul Chvostek, Peter Denitto, Peter Doubt, Mishari Muqbil, Steve Sether, and Chris Yarnell. Thanks to Andrew Meggs, Roderick Mann, and Kevyn Shortell for showing us the true power of the Macintosh and the strength of its users. We'd also like to thank Dave Avery for attempting to bridge the gap between Bovine and the other RC5 efforts. Once again, a heartfelt clap on the back goes out to all of us who have run the client. Celebrations are in order. I'd like to invite any and all to join us on the EFNet IRC network channel #rc5 for celebrations as we regroup and set our sights on the next task. Now that we've proven the limitations of a 56-bit key length, let's go one further and demonstrate the power of distributed computing! We are, all of us, the future of computing. Join the excitement as the world is forced to take notice of the power we've harnessed. Moo and a good hearty laugh. Adam L. Beberg - Client design and overall visionary Jeff Lawson - keymaster/server network design and morale booster David McNett - stats development and general busybody 0xc>------------------------------------------------------------------------- Title: Kashpureff in custody. Source: Marc Hurst Author: Marc Hurst Date: Fri, 31 Oct 1997 10:40:20 -0500 (EST) Eugene Kashpureff, known for his redirect of the NSI web page, was apprehended this morning in Toronto by undercover RCMP detectives. Pending a deportation hearing, he will be returned to New York to face Felony Wire Fraud charges that were sworn out against him after he had settled out of court with NSI in regard to their civil suit. Early in the week Eugene relinquished control of the Alternic to an adhoc industry group and that group will be making an announcement in the next few days. A this time I have no further information to volunteer. Sincerely Marc Hurst 0xd>------------------------------------------------------------------------- Title: XS4ALL refuses Internet tap Source: Press Release Author: Maurice Wessling Date: November 13th 1997, Amsterdam, Netherlands. XS4ALL Internet is refusing to comply with an instruction from the Dutch Ministry of Justice that it should tap the Internet traffic of one of its users as part of an investigation. XS4ALL has informed the Ministry that in its view the instruction lacks any adequate legal basis. The company's refusal makes it liable for a penalty but XS4ALL is hoping for a trial case to be brought in the near future so that a court can make a pronouncement. On Friday October 31st, a detective and a computer expert from the Forensic Science Laboratory issued the instruction to XS4ALL. The Ministry of Justice wants XS4ALL to tap for a month all Internet traffic to and from this user and then supply the information to the police. This covers e-mail, the World Wide Web, news groups, IRC and all Internet services that this person uses. XS4ALL would have to make all the technical arrangements itself. As far as we are aware, there is no precedent in the Netherlands for the Ministry of Justice issuing such a far-reaching instruction to an Internet provider. The detectives involved also acknowledge as much. Considering that a national meeting of Examining judges convened to discuss the instruction, one may appreciate just how unprecedented this situation is. Hitherto, instructions have mainly been confined to requests for personal information on the basis of an e-mail address. XS4ALL feels obliged in principle to protect its users and their privacy. Furthermore, XS4ALL has a commercial interest, since it must not run the risk of action being brought by users under Civil Law on account of unlawful deeds. This could happen with such an intervention by the provider which is not based in law. Finally, it is important from the social point of view that means of investigation have adequate statutory basis. To comply with the instruction could act as an undesirable precedent which could have a major impact on the privacy of all Internet users in the Netherlands. XS4ALL has no view on the nature of the investigation itself or the alleged crimes. It is happy to leave the court to decide that. Nor will XS4ALL make any comment on the content of the study or the region in which this is occurring for it is not its intention that the investigation should founder. XS4ALL has proposed in vain to the examining judge that the instruction be recast in terms which ensures the legal objections are catered for. The Ministry of Justice based its claim on Article 125i of the Penal Code. This article was introduced in 1993 as part of the Computer Crime Act. It gives the examining judge the option of advising third parties during statutory preliminary investigations to provide data stored in computers in the interest of establishing the truth. According to legal history, it was never the intention to apply this provision to an instruction focused on the future. Legislators are still working to fill this gap in the arsenal of detection methods, by analogy with the Ministry of Justice tapping phone lines (125g of the Penal Code). The Dutch Constitution and the European Convention on the Protection of Human Rights demand a precise statutory basis for violating basic rights such as privacy and confidentiality of correspondence. The Ministry clearly does not wish to wait for this and is now attempting to use Article 125i of the Penal Code, which is not intended for this purpose, to compel providers themselves to start tapping suspect users. The Ministry of Justice is taking the risk of the prosecution of X, in the context of which the instruction was issued to XS4ALL, running aground on account of using illegal detection methods. Here, again, XS4ALL does not wish to be liable in any respect in this matter. For information please contact: XS4ALL Maurice Wessling email: maurice@xs4all.nl http://www.xs4all.nl/ 0xf>------------------------------------------------------------------------- Title: The FCC Wants V-Chip in PCs too Source: Cyber-Liberties Update Author: Date: Monday, November 3, 1997 Mandating that all new televisions have built-in censorship technology is not the only thing that the Federal Communications Commission (FCC) is seeking, said ACLU Associate Director Barry Steinhardt, it is also looking to require that the same technology be added to all new personal computers. Last year, culminating a protracted campaign against TV violence, Congress passed the Telecommunications Act of 1996, a law requiring that new televisions be equipped with the so-called V-chip. The V-chip is a computerized chip capable of detecting program ratings and blocking adversely rated programs from view. Now, the FCC has announced that it is soliciting public comments through November 24, on the idea of placing V-chips inside personal computers since some are capable of delivering television programming. ^SAt the time the V-chip was being considered we warned that with the growing convergence between traditional television (broadcast and cable) and the Internet, it was only a matter of time before the government would move to require that the V-chip be placed in PC's. Now that has happened,^T Steinhardt said. ^SHardwiring censorship technology into the PC is part of the headlong rush to a scheme of rating and blocking Internet content that will turn the Internet into a bland homogenized medium in which only large corporate interest will have truly free speech,^T Steinhardt said. The ACLU has criticized the mandatory requirement of V-chip arguing that it is a form of censorship clearly forbidden by the First Amendment. ^SAlthough its supporters claim the V-chip gives parents control over their children's viewing habits, in fact it will function as a governmental usurpation of parental control,^T said Solange Bitol, Legislative Counsel for the ACLU^Rs Washington National Office. ^SUnder the legislation, it is the government (either directly or by coercing private industry), and not the parents, that will determine how programs will be rated. If a parent activates the V-chip, all programs with a "violent" rating will be blocked. What kind of violence will be censored? Football games? War movies? News reports?^T she added. The ACLU is opposed to mandatory addition or use of censoring technologies and we will be filing comments with the FCC later this month. We believe people are smart enough to turn off their television sets or PCs on their own if they don^Rt like what they see. Tell the FCC what you think. Submit comments to them online at , and send us a copy as well so that we make sure your voice is heard. E-mail them to CSehgal@aclu.org. =-= To subscribe to the ACLU Cyber-Liberties Update, send a message to majordomo@aclu.org with "subscribe Cyber-Liberties" in the body of your message. To terminate your subscription, send a message to majordomo@aclu.org with "unsubscribe Cyber-Liberties" in the body. 1x1>------------------------------------------------------------------------- Book Title: Underground Poster: George Smith via Crypt Newsletter Date: 27 Aug 97 00:36:12 EDT From: "George Smith [CRYPTN]" <70743.1711@CompuServe.COM> Subject: File 5--An "Underground" Book on Australian Hackers Burns the Mind Source - CRYPT NEWSLETTER 44 AN "UNDERGROUND" BOOK ON AUSTRALIAN HACKERS BURNS THE MIND Crypt News reads so many bad books, reports and news pieces on hacking and the computing underground that it's a real pleasure to find a writer who brings genuine perception to the subject. Suelette Dreyfus is such a writer, and "Underground," published by the Australian imprint, Mandarin, is such a book. The hacker stereotypes perpetrated by the mainstream media include descriptions which barely even fit any class of real homo sapiens Crypt News has met. The constant regurgitation of idiot slogans -- "Information wants to be free," "Hackers are just people who want to find out how things work" -- insults the intelligence. After all, have you ever met anyone who wouldn't want their access to information to be free or who didn't admit to some curiosity about how the world works? No -- of course not. Dreyfus' "Underground" is utterly devoid of this manner of patronizing garbage and the reader is the better for it. "Underground" is, however, quite a tale of human frailty. It's strength comes not from the feats of hacking it portrays --and there are plenty of them -- but in the emotional and physical cost to the players. It's painful to read about people like Anthrax, an Australian 17-year old trapped in a dysfunctional family. Anthrax's father is abusive and racist, so the son --paradoxically -- winds up being a little to much like him for comfort, delighting in victimizing complete strangers with mean jokes and absorbing the anti-Semitic tracts of Louis Farrakhan. For no discernible reason, the hacker repetitively baits an old man living in the United States with harassing telephone calls. Anthrax spends months of his time engaged in completely pointless, obsessed hacking of a sensitive U.S. military system. Inevitably, Anthrax becomes entangled in the Australian courts and his life collapses. Equally harrowing is the story of Electron whose hacking pales in comparison to his duel with mental illness. Crypt News challenges the readers of "Underground" not to squirm at the image of Electron, his face distorted into a fright mask of rolling eyes and open mouth due to tardive dyskinesia, a side-effect of being put on anti-schizophrenic medication. Dreyfus expends a great deal of effort exploring what happens when obsession becomes the only driving force behind her subjects' hacking. In some instances, "Underground's" characters degenerate into mental illness, others try to find solace in drugs. This is not a book in which the hackers declaim at any great length upon contorted philosophies in which the hacker positions himself as someone whose function is a betterment to society, a lubricant of information flow, or a noble scourge of bureaucrats and tyrants. Mostly, they hack because they're good at it, it affords a measure of recognition and respect -- and it develops a grip upon them which goes beyond anything definable by words. Since this is the case, "Underground" won't be popular with the goon squad contingent of the police corp and computer security industry. Dreyfus' subjects aren't the kind that come neatly packaged in the "throw-'em-in-jail-for-a-few-years-while-awaiting-trial" phenomenon that's associated with America's Kevin Mitnick-types. However, the state of these hackers -- sometimes destitute, unemployable or in therapy -- at the end of their travails is seemingly quite sufficient punishment. Some things, however, never change. Apparently, much of Australia's mainstream media is as dreadful at covering this type of story as America's. Throughout "Underground," Dreyfus includes clippings from Australian newspapers featuring fabrications and exaggeration that bare almost no relationship to reality. Indeed, in one prosecution conducted within the United Kingdom, the tabloid press whipped the populace into a blood frenzy by suggesting a hacker under trial could have affected the outcome of the Gulf War in his trips through U.S. computers. Those inclined to seek the unvarnished truth will find "Underground" an excellent read. Before each chapter, Dreyfus presents a snippet of lyric chosen from the music of Midnight Oil. It's an elegant touch, but I'll suggest a lyric from another Australian band, a bit more obscure, to describe the spirit of "Underground." From Radio Birdman's second album: "Burned my eye, burned my mind, I couldn't believe it . . . " +++++++++ ["Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier" by Suelette Dreyfus with research by Julian Assange, Mandarin, 475 pp.] Excerpts and ordering information for "Underground" can be found on the Web at http://www.underground-book.com . George Smith, Ph.D., edits the Crypt Newsletter from Pasadena, CA. 1x2>------------------------------------------------------------------------- Book Title: The Electronic Privacy Papers : Documents on the Battle for Privacy in the Age of Surveillance by: Bruce Schneier + David Banisar publisher: John Wiley 1997 other: 747 pages, index, US$59.99 _The Privacy Papers_ is not about electronic privacy in general: it covers only United States Federal politics, and only the areas of wiretapping and cryptography. The three topics covered are wiretapping and the Digital Telephony proposals, the Clipper Chip, and other controls on cryptography (such as export controls and software key escrow proposals). The documents included fall into several categories. There are broad overviews of the issues, some of them written just for this volume. There are public pronouncements and documents from various government bodies: legislation, legal judgements, policy statements, and so forth. There are government documents obtained under Freedom of Information requests (some of them partially declassified documents complete with blacked out sections and scrawled marginal annotations), which tell the story of what happened behind the scenes. And there are newspaper editorials, opinion pieces, submissions to government enquiries, and policy statements from corporations and non-government organisations, presenting the response from the public. Some of the material included in _The Privacy Papers_ is available online, none of it is breaking news (the cut-off for material appears to be mid-to-late 1996), and some of the government documents included are rather long-winded (no surprise there). It is not intended to be a "current affairs" study, however; nor is it aimed at a popular audience. _The Privacy Papers_ will be a valuable reference sourcebook for anyone involved with recent government attempts to control the technology necessary for privacy -- for historians, activists, journalists, lobbyists, researchers, and maybe even politicians. -- %T The Electronic Privacy Papers %S Documents on the Battle for Privacy in the Age of Surveillance %A Bruce Schneier %A David Banisar %I John Wiley %C New York %D 1997 %O hardcover, bibliography, index %G ISBN 0-471-12297-1 %P xvi,747pp %K crime, politics, computing 1x3>------------------------------------------------------------------------- Book Title: "Computer Security and Privacy: An Information Sourcebook: Topics and Issues for the 21st Century" by Mark W. Greenia List: $29.95 Publisher: Lexikon Services Win/Disk Edition Binding: Software Expected publication date: 1998 ISBN: 0944601154 [PWN: I haven't seen this one in stores, and no further information or reviews have been found.] 3x1>------------------------------------------------------------------------- CDT POLICY POST Volume 3, Number 12 August 11, 1997 (1) CIVIL LIBERTIES GROUPS ASK FCC TO BLOCK FBI ELECTRONIC SURVEILLANCE PROPOSAL The Center for Democracy and Technology and the Electronic Frontier Foundation today filed a petition with the Federal Communications Commission to block the FBI from using the 1994 "Digital Telephony" law to expand government surveillance powers. The law, officially known as the "Communications Assistance for Law Enforcement Act" (CALEA), was intended to preserve law enforcement wiretapping ability in the face of changes in communications technologies. In their filing, CDT and EFF argue that the FBI has tried to use CALEA to expand its surveillance capabilities by forcing telephone companies to install intrusive and expensive surveillance features that threaten privacy and violate the scope of the law. 3x2>------------------------------------------------------------------------- Anti-Spam Bills in Congress Source - ACLU Cyber-Liberties Update, Tuesday, September 2, 1997 Unsolicited e-mail advertisement, or "spam," has few fans on the net. Court battles have been waged between service providers, such as AOL and Compuserve, and spam advertisers, including Cyber Promotions, over whether the thousands of messages sent to user e-mails can be blocked. Congress and several state legislatures have also stepped into the debate and have introduced some bills fraught with First Amendment problems because they ban commercial speech altogether or are content specific. [Laws against spam.. oh neat. So, how do they plan on enforcing it?] 3x3>------------------------------------------------------------------------- JUSTICE DEPARTMENT CHARGES MICROSOFT WITH VIOLATING 1995 COURT ORDER Asks Court to Impose $1 Million a Day Fine if Violation Continues WASHINGTON, D.C. -- The Department of Justice asked a federal court today to hold Microsoft Corporation--the world's dominant personal computer software company--in civil contempt for violating terms of a 1995 court order barring it from imposing anticompetitive licensing terms on manufacturers of personal computers. [PWN: Hey Bill.. nah nah nah, thptptptptptptp, nanny nanny boo boo] 3x4>------------------------------------------------------------------------- Small Minds Think Alike Source - : fight-censorship@vorlon.mit.edu CyberWire Dispatch Bulletin Washington --In this boneyard of Washington, DC it doesn't take long for big dawgs and small alike to bark. A couple of small ones yipped it up today. Rep. Marge (no relation to Homer) Roukema, R-N.J. and Sen. Lauch (??) Faircloth, R-N.C. introduced a bill to amend the Communications Act that would ban convicted sex offenders from using the Internet. [PWN: Oh yeah.. that will be easy to enforce.] 3x5>------------------------------------------------------------------------- Cyber Promotions tossed offline Cyber Promotions tossed offline By Janet Kornblum September 19, 1997, 1:25 p.m. PT Cyber Promotions, antispammers' enemy No. 1 on the Net, has once again been dumped by its access provider. Backbone provider AGIS cut off Cyber Promotions Wednesday, and the company has been scrambling for another ISP since. [PWN: Hey Samford.. ha ha ha, nanny nanny, thptptptptp.] "Ping-flood attacks observed originating from the West Coast into AGIS and directed to the Washington and Philadelphia routers severely degraded AGIS network performance to [an] unacceptable level...AGIS had no alternative but to shut off services to Cyber Promotions," reads a statement that Wallace put on his page. He alleged that the statement came from an AGIS engineer. [PWN: If a ping flood took them down this time...] ----[ EOF