|
==Phrack Magazine== Volume Five, Issue Forty-Six, File 28 of 28 PWN PWN PNW PNW PNW PNW PNW PNW PNW PNW PNW PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Damn The Torpedoes June 6, 1994 ~~~~~~~~~~~~~~~~~~ by Loring Wirbel (Electronic Engineering Times) (Page 134) On May 3, a gargantuan satellite was launched with little press coverage from Cape Canaveral. The $1.5 billion satellite is a joint project of the NSA and the National Reconnaissance Office. At five tons, it is heavy enough to have required every bit of thrust its Titan IV launcher could provide--and despite the boost, it still did enough damage to the launch-pad water main to render the facility unusable for two months. The satellite is known as Mentor, Jeroboam and Big Bertha, and it has an antenna larger than a football field to carry out "hyper-spectral analysis" -- Reconnaissance Office buzzwords for real-time analysis of communications in a very wide swath of the electromagnetic spectrum. Clipper and Digital Signature Standard opponents should be paying attention to this one. Mentor surprised space analysts by moving into a geostationary rather than geosynchronous orbit. Geostationary orbit allows the satellite to "park" over a certain sector of the earth. This first satellite in a planned series was heading for the Ural Mountains in Russia at last notice. Additional launches planned for late 1994 will park future Mentors over the western hemisphere. According to John Pike of the Federation of American Scientists, those satellites will likely be controlled from Buckley Field (Aurora, Colorado), an NSA/Reconnaissance downlink base slated to become this hemisphere's largest intelligence base in the 1990s. [Able to hear a bug fart from space. DC to Daylight realtime analysis. And you Clipper whiners cry about someone listening to your phone calls. Puh-lease.] ----------------------------------------------------------------------------- Discovery of 'Data Processing Virus Factory' In Italy February 17, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AFP Sciences It was learned in Rome on 10 February that a data processing virus "factory" -- in fact, a program called VCL (Viruses Creation Laboratory), capable of triggering a virus epidemic--was discovered in Italy Mr. Fulvio Berghella, deputy directory-general of the Italian Institute for Bank Data Processing Security (ISTINFORM), discovered what it takes to enable just about anybody to fabricate data processing viruses; he told the press that its existence had been suspected for a year and a half and that about a hundred Italian enterprises had been "contaminated." An investigation was launched to try to determine the origin of the program, said Mr. Alessandro Pansa, chief of the "data processing crime" section of the Italian police. Several copies of VCL were found in various places, particularly in Rome and Milan. Producing viruses is very simple with the help of this program, but it is not easy to find. A clandestine Bulgarian data bank, as yet not identified, reportedly was behind all this. An international meeting of data processing virus "hunters" was organized in Amsterdam on 12 February to draft a strategy; an international police meeting on this subject will be held next week in Sweden. Since 1991, the number of viruses in circulation throughout the world increased 500% to a total of about 10,000 viruses. In Italy, it is not forbidden to own a program of this type, but dissemination of viruses is prosecuted. [So, I take it Nowhere Man cannot ever travel to Italy?] -------------------------------------------------------------------------- DEFCON TV-News Coverage July 26, 1994 by Hal Eisner (Real News at 10) (KCOP Channel 13 Los Angeles) [Shot of audience] Female Newscaster: "Hackers are like frontier outlaws. Look at what Hal Eisner found at a gathering of hackers on the Las Vegas strip." [Shot of "Welcome to Vegas" sign] [Shot of Code Thief Deluxe v3.5] [Shot of Dark Tangent talking] Dark Tangent: "Welcome to the convention!" [Shot of Voyager hanging with some people] Hal Eisner: "Well not everyone was welcome to this year's Def Con II, a national convention for hackers. Certainly federal agents weren't." [Shot DTangent searching for a fed] Dark Tangent: "On the right. Getting closer." Fed: "Must be me! Thank you." [Dark Tangent gives the Fed "I'm a Fed" t-shirt] Hail Eisner: "Suspected agents were ridiculed and given identifying t-shirts. While conventioneers, some of [Shot of someone using a laptop] which have violated the law, and many of which are [Shot of some guy reading the DefCon pamphlet] simply tech-heads hungry for the latest theory, got [Shot of a frequency counter, and a scanner] to see a lot of the newest gadgetry, and hear some tough talk from an Arizona Deputy DA that [Shot of Gail giving her speech] specializes on computer crime and actually recognized some of her audience." Gail: "Some people are outlaws, crooks, felons maybe." [Shot back of conference room. People hanging] Hal Eisner: "There was an Alice in Wonderland quality about all of this. Hackers by definition go where they are not invited, but so is the government that is trying to intrude on their privacy." Devlin: "If I want to conceal something for whatever reason. I'd like to have the ability to." Hal Eisner: "The bottom line is that many of the people here want to do what they want, when they want, and how they want, without restrictions." Deadkat: "What we are doing is changing the system, and if you have to break the law to change the system, so be it!" Hal Eisner: "That's from residents of that cyberspacious world [Shot of someone holding a diskette with what is supposed to be codez on the label] of behind the computer screen where the shy can be [Code Thief on the background] dangerous. Reporting from Las Vegas, Hal Eisner, Real News. ------------------------------------------------------------------------------ Cyber Cops May 23, 1994 ~~~~~~~~~~ by Joseph Panettieri (Information Week) (Page 30) When Chris Myers, a software engineer at Washington University in St. Louis, arrived to work one Monday morning last month, he realized something wasn't quite right. Files had been damaged and a back door was left ajar. Not in his office, but on the university's computer network. Like Commissioner Gordon racing to the Batphone, Myers swiftly called the Internet's guardian, the Computer Emergency Response Team (CERT). The CERT team boasts impressive credentials. Its 14 team members are managed by Dain Gary, former director of corporate data security at Mellon Bank Corp. in Pittsburgh. While Gary is the coach of the CERT squad, Moira West is the scrambling on-field quarterback. As manager of CERT's incident-response team and coordination center, she oversees the team's responses to attacks by Internet hackers and its search for ways to reduce the Internet's vulnerabilities. West was formerly a software engineer at the University of York in England. The rest of the CERT team remains in the shadows. West says the CERT crew hails from various information-systems backgrounds, but declines to get more specific, possibly to hide any Achilles' heels from hackers. One thing West stresses is that CERT isn't a collection of reformed hackers combing the Internet for suspicious data. "People have to trust us, so hiring hackers definitely isn't an option," she says. "And we don't probe or log-on to other people's systems." As a rule, CERT won't post an alert until after it finds a remedy to the problem. But that can take months, giving hackers time to attempt similar breakins on thousands of Internet hosts without fear of detection. Yet CERT's West defends this policy: "We don't want to cause mass hysteria if there's no way to address a new, isolated problem. We also don't want to alert the entire intruder community about it." ------------------------------------ Who You Gonna Call? How to reach CERT Phone: 412-268-7090 Internet: cert@cert.org Fax: 412-268-6989 Mail: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 ------------------------------------ [Ask for that saucy British chippie. Her voice will melt you like butter. CERT -- Continually re-emphasizing the adage: "You get what you pay for!"] And remember, CERT doesn't hire hackers, they just suck the juicy bits out of their brains for free. ------------------------------------------------------------------------------ Defining the Ethics of Hacking August 12, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Amy Harmon (Los Angeles Times) (page A1) Eric Corley, a.k.a Emmanuel Goldstein -- patron saint of computer hackers and phone phreaks -- is having a party. And perhaps it is just in time. 2600, the hacker magazine Corley started when he was 23, is a decade old. It has spawned monthly hacker meetings in dozens of cities. It has been the target of a Secret Service investigation. It has even gone aboveground, with newsstand sales of 20,000 last year. As hundreds of hackers converge in New York City this weekend to celebrate 2600's anniversary, Corley hopes to grapple with how to uphold the "hacker ethic," an oxymoron to some, in an era when many of 2600's devotees just want to know how to make free phone calls. (Less high-minded activities -- like cracking the New York City subway's new electronic fare card system -- are also on the agenda). Hackers counter that in a society increasingly dependent on technology, the very basis for democracy could be threatened by limiting technological exploration. "Hacking teaches people to think critically about technology," says Rop Gonggrijp, a Dutch hacker who will attend the Hackers on Planet Earth conference this weekend. "The corporations that are building the technology are certainly not going to tell us, because they're trying to sell it to us. Whole societies are trusting technology blindly -- they just believe what the technocrats say." Gonggrijp, 26, publishes a magazine much like 2600 called Hack-Tic, which made waves this year with an article showing that while tapping mobile phones of criminal suspects with radio scanners, Dutch police tapped into thousand of other mobile phones. "What society needs is people who are independent yet knowledgeable," Gonggrijp said. 'That's mostly going to be young people, which society is uncomfortable with. But there's only two groups who know how the phone and computer systems work, and that's engineers and hackers. And I think that's a very healthy situation." [By the way Amy: Phrack always grants interviews to cute, female LA Times reporters.] ------------------------------------------------------------------------------ Fighting Telephone Fraud August 1, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~ by Barbara DePompa (Information Week) (Page 74) Local phone companies are taking an active role in warning customers of scams and cracking down on hackers. Early last month, a 17-year old hacker in Baltimore was caught red-handed with a list of more than 100 corporate authorization codes that would have enabled fraud artists to access private branch exchanges and make outgoing calls at corporate expanse. After the teenager's arrest, local police shared the list with Bell Atlantic's fraud prevention group. Within hours, the phone numbers were communicated to the appropriate regional phone companies and corporate customers on the list were advised to either change their authorization codes or shut down outside dialing privileges. "We can't curb fraud without full disclosure and sharing this type of vital information" points out Mary Chacanias, manager of telecommunications fraud prevention for Bell Atlantic in Arlington, VA. ----------------------------------------------------------------------------- AT&T Forms Team to Track Hackers August 30, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (Reuters News Wire) AT&T Corp.'s Global Business Communications Systems subsidiary said Wednesday it has formed an investigative unit to monitor, track and catch phone-system hackers in the act of committing toll fraud. The unit will profile hacker activity and initiate "electronic stakeouts" with its business communications equipment in cooperation with law enforcement agencies, and work with them to prosecute the thieves. "We're in a shoot-out between 'high-tech cops' -- like AT&T -- and 'high-tech robbers' who brazenly steal long distance service from our business customers," said Kevin Hanley, marketing director for business security systems for AT&T Global Business. "Our goal is not only to defend against hackers but to get them off the street." [Oh my God. Are you scared? Have you wet yourself? YOU WILL!] ----------------------------------------------------------------------------- Former FBI Informant a Fugitive July 31, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Keith Stone (Daily News) Computer outlaw Justin Tanner Petersen and prosecutors cut a deal: The Los Angeles nightclub promoter known in the computer world as "Agent Steal" would work for the government in exchange for freedom. With his help, the government built its case against Kevin Lee Poulsen, a Pasadena native who pleaded guilty in June to charges he electronically rigged telephones at Los Angeles radio stations so he could win two Porsches, $22,000 and two trips to Hawaii. Petersen also provided information on Kevin Mitnick, a Calabasas man wanted by the FBI for cracking computer and telephone networks at Pacific Bell and the state Department of Motor Vehicles, according to court records. Petersen's deal lasted for nearly two years - until authorities found that while he was helping them undercover, he also was helping himself to other people's credit cards. Caught but not cornered, the 34-year-old "Agent Steal" had one more trick: He admitted his wrongdoing to a prosecutor at the Los Angeles U.S. Attorney's Office, asked to meet with his attorney and then said he needed to take a walk. And he never came back. A month after Petersen fled, he spoke with a magazine for computer users about his role as an FBI informant, who he had worked against and his plans for the future. "I have learned a lot about how the bureau works. Probably too much," he said in an interview that Phrack Magazine published Nov. 17, 1993. Phrack is available on the Internet, a worldwide network for computer users. Petersen told the magazine that working with the FBI was fun most of the time. "There was a lot of money and resources used. In addition, they paid me well," he said. "If I didn't cooperate with the bureau," he told Phrack, "I could have been charged with possession of government material." "Most hackers would have sold out their mother," he added. Petersen is described as 5 foot, 11 inches, 175 pounds, with brown hair - "sometimes platinum blond." But his most telling characteristic is that he walks with the aid of a prosthesis because he lost his left leg below the knee in a car accident. Heavily involved in the Hollywood music scene, Petersen's last known employer was Club "Velvet Jam," one of a string of clubs he promoted in Los Angeles. ----------------------------------------------------------------------------- Hacker in Hiding July 31, 1994 ~~~~~~~~~~~~~~~~ by John Johnson (LA Times) First there was the Condor, then Dark Dante. The latest computer hacker to hit the cyberspace most wanted list is Agent Steal, a slender, good-looking rogue partial to Porsches and BMWs who bragged that he worked undercover for the FBI catching other hackers. Now Agent Steal, whose real name is Justin Tanner Petersen, is on the run from the very agency he told friends was paying his rent and flying him to computer conferences to spy on other hackers. Petersen, 34, disappeared Oct. 18 after admitting to federal prosecutors that he had been committing further crimes during the time when he was apparently working with the government "in the investigation of other persons," according to federal court records. Ironically, by running he has consigned himself to the same secretive life as Kevin Mitnick, the former North Hills man who is one of the nation's most infamous hackers, and whom Petersen allegedly bragged of helping to set up for an FBI bust. Mitnick, who once took the name Condor in homage to a favorite movie character, has been hiding for almost two years to avoid prosecution for allegedly hacking into computers illegally and posing as a law enforcement officer. Authorities say Petersen's list of hacks includes breaking into computers used by federal investigative agencies and tapping into a credit card information bureau. Petersen, who once promoted after-hours rock shows in the San Fernando Valley, also was involved in the hacker underground's most sensational scam - hijacking radio station phone lines to win contests with prizes ranging from new cars to trips to Hawaii. Petersen gave an interview last year to an on-line publication called Phrack in which he claimed to have tapped the phone of a prostitute working for Heidi Fleiss. He also boasted openly of working with the FBI to bust Mitnick. "When I went to work for the bureau I contacted him," Petersen said in the interview conducted by Mike Bowen. "He was still up to his old tricks, so we opened a case on him. . . . What a loser. Everyone thinks he is some great hacker. I outsmarted him and busted him." In the Phrack interview, published on the Internet, an international network of computer networks with millions of users, Agent Steal bragged about breaking into Pacific Bell headquarters with Poulsen to obtain information about the phone company's investigation of his hacking. Petersen was arrested in Texas in 1991, where he lived briefly. Court records show that authorities searching his apartment found computer equipment, Pacific Bell manuals and five modems. A grand jury in Texas returned an eight-count indictment against Petersen, accusing him of assuming false names, accessing a computer without authorization, possessing stolen mail and fraudulently obtaining and using credit cards. The case was later transferred to California and sealed, out of concern for Petersen's safety, authorities said. The motion to seal, obtained by Sherman, states that Petersen, "acting in an undercover capacity, currently is cooperating with the United States in the investigation of other persons in California." In the Phrack interview, Petersen makes no apologies for his choices in life. While discussing Petersen's role as an informant, Mike Bowen says, "I think that most hackers would have done the same as you." "Most hackers would have sold out their mother," Petersen responded. ------------------------------------------------------------------------------ Computer Criminal Caught After 10 Months on the Run August 30, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Keith Stone (Daily News) Convicted computer criminal Justin Tanner Petersen was captured Monday in Los Angeles, 10 months after federal authorities said they discovered he had begun living a dual life as their informant and an outlaw hacker. Petersen, 34, was arrested about 3:30 a.m. outside a Westwood apartment that FBI agents had placed under surveillance, said Assistant U.S. Attorney David Schindler. A flamboyant hacker known in the computer world as "Agent Steal," Petersen was being held without bail in the federal detention center in Los Angeles. U.S. District Court Judge Stephen V. Wilson scheduled a sentencing hearing for Oct. 31. Petersen faces a maximum of 40 years in prison for using his sophisticated computer skills to rig a radio contest in Los Angeles, tap telephone lines and enrich himself with credit cards. Monday's arrest ends Petersen's run from the same FBI agents with whom he had once struck a deal: to remain free on bond in exchange for pleading guilty to several computer crimes and helping the FBI with other hacker cases. The one-time nightclub promoter pleaded guilty in April 1993 to six federal charges. And he agreed to help the government build its case against Kevin Lee Poulsen, who was convicted of manipulating telephones to win radio contests and is awaiting trial on espionage charges in San Francisco. Authorities said they later learned that Petersen had violated the deal by committing new crimes even as he was awaiting sentencing in the plea agreement. On Monday, FBI agents acting on a tip were waiting for Petersen when he parked a BMW at the Westwood apartment building. An FBI agent called Petersen's name, and Petersen began to run, Schindler said. Two FBI agents gave chase and quickly caught Petersen, who has a prosthetic lower left leg because of a car-motorcycle accident several years ago. In April 1993, Petersen pleaded guilty to six federal charges including conspiracy, computer fraud, intercepting wire communications, transporting a stolen vehicle across state lines and wrongfully accessing TRW credit files. Among the crimes that Petersen has admitted to was working with other people to seize control of telephone lines so they could win radio promotional contests. In 1989, Petersen used that trick and walked away with $10,000 in prize money from an FM station, court records show. When that and other misdeeds began to catch up with him, Petersen said, he fled to Dallas, where he assumed the alias Samuel Grossman and continued using computers to make money illegally. When he as finally arrested in 1991, Petersen played his last card. "I called up the FBI and said: 'Guess what? I am in jail,' " he said. He said he spent the next four months in prison, negotiating for his freedom with the promise that he would act as an informant in Los Angeles. The FBI paid his rent and utilities and gave him $200 a week for spending money and medical insurance, Petersen said. They also provided him with a computer and phone lines to gather information on hackers, he said. Eventually, Petersen said, the FBI stopped supporting him so he turned to his nightclubs for income. But when that began to fail, he returned to hacking for profit. "I was stuck out on a limb. I was almost out on the street. My club was costing me money because it was a new club," he said. "So I did what I had to do. I an not a greedy person." [Broke, Busted, Distrusted. Turning in your friends leads to some seriously bad Karma, man. Negative energy like that returns ten-fold. You never know in what form either. You could end getting shot, thrown in jail, or worse, test HIV Positive. So many titty-dancers, so little time, eh dude? Good luck and God bless ya' Justin.] ----------------------------------------------------------------------------- Fugitive Hacker Baffles FBI With Technical Guile July 5, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Markoff (New York Times) [Mitnik, Mitnik, Mitnik, and more Mitnik. Poor bastard. No rest for the wicked, eh Kevin?] ----------------------------------------------------------------------------- Computer Outlaws Invade the Internet May 24, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Mike Toner (Atlanta Journal-Constitution) A nationwide wave of computer break-ins has law enforcement authorities scrambling to track down a sophisticated ring of "hackers" who have used the international "information highway," the Internet, to steal more than 100,000 passwords -- the electronic keys to vast quantities of information stored on government, university and corporate computer systems. Since the discovery of an isolated break-in last year at a single computer that provides a "gateway" to the Internet, operators of at least 30 major computer systems have found illicit password "sniffers" on their machines. The Federal Bureau of Investigation has been investigating the so-called "sniffer" attacks since February, but security experts say the intrusions are continuing -- spurred, in part, by the publication last month of line-by-line instructions for the offending software in an on-line magazine for hackers. Computer security experts say the recent rash of password piracy using the Internet is much more serious than earlier security violations, like the electronic "worm" unleashed in 1988 by Cornell University graduate student Robert Morris. "This is a major concern for the whole country," she says. "I've had some sleepless nights just thinking about what could happen. It's scary. Once someone has your ID and your password, they can read everything you own, erase it or shut a system down. They can steal proprietary information and sell it, and you might not even know it's gone." "Society has shifted in the last few years from just using computers in business to being absolutely dependent on them and the information they give us -- and the bad guys are beginning to appreciate the value of information," says Dain Gary, manager of the Computer Emergency Response Team (CERT), a crack team of software experts at Carnegie-Mellon University in Pittsburgh that is supported by the Defense Department's Advanced Research Projects Agency. Gary says the current rash of Internet crime appears to be the work of a "loosely knit but fairly organized group" of computer hackers adept not only at breaking and entering, but at hiding their presence once they're in. Most of the recent break-ins follow a similar pattern. The intruders gain access to a computer system by locating a weakness in its security system -- what software experts call an "unpatched vulnerability." Once inside, the intruders install a network monitoring program, a "sniffer," that captures and stores the first 128 keystrokes of all newly opened accounts, which almost always includes a user's log-on and password. "We really got concerned when we discovered that the code had been published in Phrack, an on-line magazine for hackers, on April 1," he says. "Putting something like that in Phrack is a little like publishing the instructions for converting semiautomatic weapons into automatics. Even more disturbing to security experts is the absence of a foolproof defense. CERT has been working with computer system administrators around the country to shore up electronic security, but the team concedes that such "patches" are far from perfect. [Look for plans on converting semiautomatic weapons into automatics in the next issue.] ------------------------------------------------------------------------------ Information Superhighwaymen - Hacker Menace Persists May 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (Open Computing) (Page 25) Once again the Internet has been labeled a security problem. And a new breed of hackers has attracted attention for breaking into systems. "This is a group of people copying what has been done for years," says Chris Goggans, aka Erik Bloodaxe. "There's one difference: They don't play nice." Goggans was a member of the hacker gang called the Legion of Doom in the late '80s to early '90s. Goggans says the new hacking group, which goes by the name of "The Posse," has broken into numerous Business Week 1000 companies including Sun Microsystems Inc., Boeing, and Xerox. He says they've logged onto hundreds of universities and online services like The Well. And they're getting root access on all these systems. For their part, The Posse--a loose band of hackers--isn't talking. ------------------------------------------------------------------------------ Security Experts: Computer Hackers a Growing Concern July 22, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New York Times News Wire (Virginian-Pilot and Ledger Star) (2A) Armed with increasing sophisticated snooping tools, computer programmers operating both in the United States and abroad have gained unauthorized access to hundreds of sensitive but unclassified government and military computer networks called Internet, computer security experts said. Classified government and military data, such as those that control nuclear weapons, intelligence and other critical functions, are not connected to the Internet and are believed to be safe from the types of attacks reported recently. The apparent ease with which hackers are entering military and government systems suggests that similar if not greater intrusions are under way on corporate, academic and commercial networks connected to the Internet. Several sources said it was likely that only a small percentage of intrusions, perhaps fewer than 5 percent, have been detected. ------------------------------------------------------------------------------ NSA Semi-confidential Rules Circulate ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Keay Davidson (San Francisco Examiner) (Page A1) It arrived mysteriously at an Austin, Texas, post office box by "snail mail" - computerese for the Postal Service. But once the National Security Agency's employee handbook was translated into bits and bytes, it took only minutes to circulate across the country. Thus did a computer hacker in Texas display his disdain for government secrecy last week - by feeding into public computer networks the semiconfidential document, which describes an agency that, during the darkest days of the Cold War, didn't officially "exist." Now, anyone with a computer, telephone, modem and basic computer skills can read the 36-page manual, which is stamped "FOR OFFICIAL USE ONLY" and offers a glimpse of the shadowy world of U.S. intelligence - and the personal price its inhabitants pay. "Your home, car pool, and public places are not authorized areas to conduct classified discussions - even if everyone involved in the discussion possesses a proper clearance and "need-to-know.' The possibility that a conversation could be overheard by unauthorized persons dictates the need to guard against classified discussions in non-secure areas." The manual is "so anal retentive and paranoid. This gives you some insight into how they think," said Chris Goggans, the Austin hacker who unleashed it on the computer world. His on-line nom de plume is "Erik Bloodaxe" because "when I was about 11, I read a book on Vikings, and that name really struck me." NSA spokeswoman Judi Emmel said Tuesday that "apparently this document is an (NSA) employee handbook, and it is not classified." Rather, it is an official NSA employee manual and falls into a twilight zone of secrecy. On one hand, it's "unclassified." On the other hand, it's "FOR OFFICIAL USE ONLY" and can be obtained only by filing a formal request under the U.S. Freedom of Information Act, Emmel said. "While you may take this handbook home for further study, remember that it does contain "FOR OFFICIAL USE ONLY' information which should be protected," the manual warns. Unauthorized release of such information could result in "appropriate administrative action ... (and) corrective and/or disciplinary measures." Goggans, 25, runs an on-line electronic "magazine" for computer hackers called Phrack, which caters to what he calls the "computer underground." He is also a computer engineer at an Austin firm, which he refuses to name. The manual recently arrived at Goggans' post office box in a white envelope with no return address, save a postmark from a Silicon Valley location, he says. Convinced it was authentic, he typed it into his computer, then copied it into the latest issue of Phrack. Other hackers, like Grady Ward of Arcata, Humboldt County, and Jeff Leroy Davis of Laramie, Wyo., redistributed the electronic files to computer users' groups. These included one run by the Cambridge, Mass.-based Electronic Frontier Foundation, which fights to protect free speech on computer networks. Ward said he helped redistribute the NSA manual "to embarrass the NSA" and prove that even the U.S. government's most covert agency can't keep documents secret. The action also was aimed at undermining a federal push for data-encryption regulations that would let the government tap into computer networks, Ward said. [Yeah...sure it was, Grady.] ------------------------------------------------------------------------------ Hackers Stored Pornography in Computers at Weapons Lab July 13, 1994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Adam S. Bauman (Virginian-Pilot and Ledger-Star) (Page A6) One of the nation's three nuclear weapons labs has confirmed that computer hackers were using its computers to store and distribute hard-core pornography. The offending computer, which was shut down after a Los Angeles Times reporter investigating Internet hacking alerted lab officials, contained more than 1,000 pornographic images. It was believed to be the largest cache of illegal hardcore pornography ever found on a computer network. At Lawrence Livermore, officials said Monday that they believed at least one lab employee was involved in the pornography ring, along with an undetermined number of outside collaborators. [Uh, let me see if I can give this one a go: A horny lab technician at LLNL.GOV uudecoded gifs for days on end from a.b.p.e. After putting them up on an FSP site, a nosey schlock reporter blew the whistle, and wrote up a big "hacker-scare" article. The top-notch CIAC team kicked the horn-dog out the door, and began frantically scouring the big Sun network at LLNL for other breaches, all the while scratching their heads at how to block UDP-based apps like FSP at their firewall. MPEGs at 11. How does shit like this get printed????] ------------------------------------------------------------------------------ Clipper Flaw May Thwart Fed Effort June 6, 1994 by Aaron Zitner (Boston Globe) Patents, Technical Snares May Trip Up the 'Clipper' June 6, 1994 by Sharon Fisher (Communications Week) (Page 1) [Clipper, Flipper, Slipper. It's all a big mess, and has obsoleted itself. But, let's sum up the big news: How the Clipper technology is SUPPOSED to work 1) Before an encoded message can be sent, a clipper computer chip assigns and tests a scrambled group of numbers called a LEAF, for Law Enforcement Access Field. The LEAF includes the chip's serial number, a "session key" number that locks the message and a "checksum" number that verifies the validity of the session key. 2) With a warrant to wiretap, a law-enforcement agency like the FBI could record the message and identify the serial number of a Clipper chip. It would then retrieve from custodial agencies the two halves of that chip's decoding key. 3) Using both halves of the decoding key, the FBI would be able to unscramble the session key number, thus unlocking the messages or data that had been protected. How the Clipper technology is FLAWED (YAY, Matt Blaze!) 1) Taking advantage of design imperfections, people trying to defeat the system could replace the LEAF until it erroneously passed the "checksum" verification, despite an invalid session-key number. 2) The FBI would still be able to retrieve a decoding key, but it would prove useless. 3) Because the decoding key would not be able to unscramble the invalid session key, the message would remain locked.]