CRYPT NEWSLETTER 32 June - July 1995 Editor: Urnst Kouch (George Smith, Ph.D.) Media Critic: Mr. Badger (Andy Lopez) INTERNET: 70743.1711@compuserve.com Urnst.Kouch@comsec.org crypt@sun.soci.niu.edu COMPUSERVE: 70743,1711 Boys and girls, Crypt 32 is a toothsome one for your mid-Summer reading pleasure. We kick-off with the usual shredding of generic quacks and hacks in the mainstream news services, this time in connection with the Rimm report's alleged expose of 'net filth. Mr. Badger - our own would-be Spengler - returns to report on flunking a course in computer science, what can be learned from Kaiser Bill this month and his usual mentally ill but still ascerbic media review. Badger also reveals the Internet stinks. Wow! That's really news! Back in the real world, you can peruse a story on English virus writer Chris Pile, now entangled on the razorwire of English justice for being bad to the tune of half a million pounds. Woeful employees of hard disk manufacturer Quantum spill the beans to Crypt Newsletter about the company's joint effort with Symantec to make virus-resistant computer hard disks pre-loaded with a heroin-like dependence on the Norton Anti-virus. Well, there's more, too - but it's time to let you at it. IN THIS ISSUE: A revisit to computer culture and media images . . . Mr. Badger flunks a comp-sci course, flagellates TIME magazine and Kaiser Bill, The Nation and reviews "Resisting the Virtual Life". . . Mark Ludwig and an infowar Windows 95 virus . . . Chris Pile, U.K. virus writer, meets Judge Dredd . . . Quantum teams with Symantec on virus-resistant hard disks . . . University of Hamburg grad student tilts at Computer underground Digest and EFF.ORG for "distributing viruses". . . More for the Mitnick files . . . Crypt on Compuserve. RIMM JOB: A REVISIT TO COMPUTER CULTURE AND MEDIA IMAGES [The original "Computer Culture and Media Images" was published in Computer underground Digest 5.65, an electronic magazine edited and published by Northern Illinois University faculty member, Jim Thomas. The review was drafted after a reporter for The Contra Costa Times in central California profiled a series of public bulletin board systems in the San Francisco Bay area known as the NIRVANAnet. The news piece was remarkable for its naivete, snide insinuation that the network was involved in illegal activity and the complete failure of the newspaper reporter to allow the managers of the network to speak for themselves, a paint-by-numbers approach to on-line journalism that is very common. As time goes by, the Crypt Newsletter has noticed the more things change, the more they stay the same. The last six months of 1994 - no, make that the entire year - were devoted to a grandiose computers-and-networking hype by the mainstream media launched under the rubric of the "revolutionary age of information." The information highway scoop, as described by the same generic reporters that turn in stories similar in scope to The Contra Costa County Times/NIRVANAnet fiasco, was the first half of the trip down a new yellow brick road to the great and powerful Oz of national rebirth. By mid-1995, the same media goofballs had cast themselves as snarling Toto's, suddenly pulling back the curtain on a carnal on-line cheat of monstrous proportion, quite probably capable of scarring the children of honest Americans for life. The U.S. Congress, packed with as excessive a population of fork-tongued hypocrites, stone fools and pettifogging tallywhackers as can be found in western civilization, has been quick to act to slay the twin demons of cyberspace: smut and bombs. "Rimm Job: Computer Culture and Media Images Revisited" is a dust-off of my original piece, updated to illustrate how predictably idiotic and puppet-like the media has been on the story.] In 1993, after reviewing numerous stories on computer culture dating back to 1990, Mike Liedtke's Contra Costa Times piece on the NIRVANAnet BBS's came off as just one more example of a stupid genre: paint-by-numbers journalism, so predictable it's a cliche. The locales were shifting, the names changing but the overemphasis on the menace to society posed by superficially threatening but essentially trivial computer file "how-to's" on bombs, drugs, hacking and non-specific hell-raising remained the same. Unfortunately, through 1993 and today, so has the expertise of reporters. Locked into some kind of "ultimate computer goober" never-never land, there has never been a lack of writers who turn in stories which are painfully unsophisticated, plainly inadequate, sensational or pandering for the sake of cheap, momentary outrage. It's damnable, because the picture which emerges is one of mainstream journalists who ought to know the lay of the land, but who either won't pick it up or are being deliberately disingenuous in their work. By contrast, the lack of skill didn't hinder the mainstream media, or even slow it down, in being a conduit for countless fluffy, trend stories on the information superhighway, all equivalent to junk mail. The result, as it continues, is an abundance of useless information that no one wants. And as the deluge increases it becomes harder and harder to get anything of substance across which doesn't enrage, shock or appeal blindly to prurient interests. So, the users of the NIRVANAnet systems thought the news media arrogant in 1993. And they complained about it. Loudly. The current shaking of the cyberfists and stamping of the cyberfeet at Congress over the Exon/Coats bill, while a pathetic spectacle on the part of 'netizens who seemingly lack even the horse sense to realize they're part of the problem too, was similarly not just a scream of wounded pride or the surprised squeak of slimy characters exposed when their rock was overturned. It was justified. Why? Take, for example, a news piece which appeared way back in 1990 in The Morning Call newspaper of Allentown, PA. The Call had discovered a now long gone "underground" bulletin board in nearby Easton, PA. I lived in the area at the time and current news is uncannily similar to the one Morning Call reporter Carol Cleaveland delivered for the paper's readership. The same ingredients were in the mix, a micro-slice of the same content bemoaned on the Internet: adult files, plenty of text "how-to's" on how to make bombs, a regional lawman explaining about how hard it was to nail people for computer crime and a plainly venal and envious, rival sysop of another local _legitimate family-oriented_ system acting as official tut-tutter and squealer, warning concerned readers that he sure wouldn't want such a system in his backyard, corrupting the innocent, contributing to the overthrow of the republic, zzzzzzzzzz . . . . Typically, there was not a shred of comment from the sysop whose system was being profiled. Nothing ever came of the nonsense. The system continued on-line for a couple of more years, no criminal charges were filed, and the local businesses appeared not to go up in flames at the hands of unknown hackers or bomb-throwing, masked anarchists. So, this was news? Now, fast forward to The New York Times on January 25 of 1994. In an 'A' section article, reporter Ralph Blumenthal profiled "Phrakr Trakr," a federal undercover man keeping our electronic streets safe from cybernetic hoodlums too numerous to mention singly. A quick read shows the reporter another investigator from the mainstream who hadn't gotten anything from underground BBS's first-hand, relying instead on the Phrakr Trakr's tales of unnameable computer criminals trafficking in unspecified dread: "stolen information, poison recipes and bomb-making instructions." Blumenthal's continued fascination with text files for "turning household chemicals into deadly poisons, [or] how to build an 'Assassin Box' to supposedly send a lethal surge through a telephone line" was more of the same. Most anyone from teenagers to the college educated on-line _still_ seems to recognize these files as malevolently written crap or bowdlerized, error-filled reprints from engineering, biology and chemistry books. In either case, hardly noteworthy unless you're one who can't tell the difference between comic books and real news or has no idea of what's available at the library or well-stocked bookstore. On top of this continuum in late June was layered the gagging pig-stink of hardcore obscenity furnished courtesy of Carnegie-Mellon undergraduate Marty Rimm, his study on cyberporn and TIME magazine - which grabbed the report as a special issue exclusive and retooled it into a voyeuristic expose of damnation and decadence on the hot rails to Hell of techno-America. "I think there's no almost no question that we're seeing an unprecedented availability and demand of material like sadomasochism, bestiality, vaginal and rectal fisting, eroticized urinating . . ." Rimm blurted in TIME magazine. Know this: It's copy of this nature that many genero-journalists kill for! Even the casual reader has to admit he might jump at the chance to be _the first_ heroic scribe to ring the alarm bells on creeping electronic filth! Get yourself on Nightline! Rimm's study, in addition to not being peer-reviewed, wasn't easy to procure, leading critics to immediately accuse him, TIME magazine and a few select journalists of colluding with the author for maximum publicity and impact. (A visit to Rimm's World Wide Web-page a day or so ago showed while the student _had_ found himself the time to post media reaction to his study and the controversy embroiling it, he hadn't actually posted the paper, just the illusion of it.) One fragment of Rimm's paper was a mother-lode of purple prose - not detached science - but pure media-tempered gold-plated scandal. "Men of considerable intelligence have paid homage to Sade, admiring his unrivaled, demented imagination. Yet for all their efforts, Sade and his disciples pushed pornography only as far as the printed word allowed. Two centuries of technological innovations -- the photograph, the digital image, the scanner, computer bulletin boards, computer networks -- passed before Robert Thomas [a BBS sysop currently serving time in an obscenity case] would present us with Amateur Action BBS, a high-tech rendition of 'The 120 Days of Sodom.' "The Marquis, it seems, has finally been topped." So our advice is "Expect the worst!" - even more media-stoked smut frenzy - because, quite frankly, there really is no way to effectively counter the unholy union of peeper journalism and sensationalist _studies_ like Marty Rimm's cyberporn circus. THE COST OF EDUCATION: WISDOM LANGUISHES IN THE STREET - IGNORANCE AND SHAME, COURTESY OF YOUR LOCAL TECHNICAL COLLEGE Mr. Badger has been absent for some time, but not without due cause and some benefit. While enrolled in a local technical college, he found much of his computer knowledge woefully deficient. So he took a course to bone up. The course in question was called "Management of Information Resources." Mr. Badger found it to be an eye-opening expose of commonly believed fallacies. In an effort to share this wealth of knowledge, Crypt Newsletter is happy to present an instructional test of your ability to cope with the information age. Everything you know is wrong! 1. The difference between Intel's SX and DX cpu's is: A. SXes have the internal math coprocessor disabled. B. SXes have lower production standards. C. SXes have to work harder, and therefore wear out more easily. D. Both B & C. Answer: D. Yup, that's right. SXes just don't last. Due to inferior production standards, they have to compensate by "running harder" and burn out more quickly. 2. Servers should be left running continually to: A. Make timed backups easier and more convenient. B. Avoid the hassle of extended boot-ups. C. Avoid the stress placed on the computer during the boot-up process. Answer: C, of course. Weren't you paying attention during question #1? 3. Windows NT is: A. A true operating system. B. The same old shit, repackaged to include DOS. Answer: B. Not even a college professor will fall for Microsoft's marketing crap. We could continue, but it would be as pointless and maddening as the original course. It was telling that another student in the class, on seeing a never ending series of commas run across the screen, decided that a virus was downloading itself from America On-Line. Upon running Central Point Anti-Virus, he found that his AUTOEXEC.BAT and CONFIG.SYS files had been altered. So he deleted them. He then wondered why his computer wouldn't boot up. Needless to say, the original problem was a stuck comma key. The changes in AUTOEXEC and CONFIG were due to recent installations that altered both. While weeding through his system to retrieve the situation, I found over _twelve_ old copies of both AUTOEXEC.BAT and CONFIG.SYS, the result of many years worth of automated install programs that altered and saved both files. It's a damn amazing sight to see a 386SX take twenty minutes to boot, and a testimony to the uselessness of poorly installed or thought out virus protection. In the end, users are the ultimate evil against which computer viruses can be said to be merely petty annoyances. Which leads to a new marketing idea for Microsoft. Instead of Bob, the hopelessly condescending Windows manager, just sell teddy bears. Make 'em warm and fuzzy. Have them repeat meaningless assurances when squeezed and giggle insanely when jostled. I swear, it would fit the average Windows user perfectly. The average information systems professor, too, come to think of it. FURTHER RUMINATIONS ON THE MOTHER OF WHORES, THE GREAT BABYLON - NOW IN LEAGUE WITH THE BEAST -or- ADAPT AND SURVIVE -- STILL MORE IGNORANCE AND SHAME, COURTESY OF TIME MAGAZINE AND KAISER BILL A sign of the imminent demise of western civilization was seen in the June 5, 1995 TIME magazine. Turns out Bill Gates is the "Master of the Universe," while the cover goes on to say that: " . . . Bill Gates takes aim at banks, phone companies, even Hollywood. He's in for the fight of his life . . ." Nothing can save the travesty of Bill Gates on the cover, holding a miniature lighting bolt. But Kaiser Bill will soon find out that plum deals like the one from IBM that got Microsoft started, don't come twice in life. For those who don't remember, IBM, in a drive to develop its own brand of home based computer, used off the shelf hardware. They also farmed out the operating system and didn't seem to concerned about who had the rights to it. You have to give Gates credit: He bought someone else's OS, made some slight modifications and marketed it to the largest computer manufacturer in the world. He's played a good cop/bad cop scenario of backward compatibility and reputed software advances to the hilt. For all the talk of Bill Gates as a software genius and the embodiment of technological expertise, the real issue is that Microsoft climbed atop the market by using every bit of leverage available. Now Microsoft is using deep pockets and continual market research to pounce on new developments. The good news: Microsoft will get eaten alive in new markets. You can expand the marketing base of your original product, you can develop ancillary products for the same market, and you can maximize your old methods of distribution. When it comes to selling new products via new marketing lines, your ass is just as vulnerable as the newest start-up business with $500 in the bank. Customers are already complaining about bloated software. Imagine the headaches of using Windows to leverage on-line services, interactive TV, banking services, electronic shopping, entertainment and personal communications. For some of those the leverage is weak, for others it's simply nonexistent. Given Microsoft's propensity for never admitting failure, some mighty big chunks of change could be sunk in losing ventures. The really bad news: as long as hardware continues to develop at a frenetic pace, Microsoft will continue to dominate operating systems. There was a time when IBM and Apple could have banded together, put out a new operating system, and cleaned house. We're at the verge, however, of having hardware independent software. Nobody will be in a better position to exploit it than Microsoft. All of which leads me to a radical proposal for our country. We have long passed the point where marketing has triumphed over manufacturing! It doesn't matter how crappy your product is. Sell it shrewdly and you become the richest man in the world! It's time to succumb to the inevitable and adopt this strategy for all facets of democracy. Fro example, if the press is hampering the orderly process of a trial, the Hell with it! Throw the bums out. Throw the lawyers out, too. Each side picks a media consultant. [They already do. --Ed.] Allow them to prepare a one minute commercial. Pick twelve people on the street at random, have them watch the commercial, enter their vote and be done with it! (We'll rewrite Miranda; now it will be called "Simpsonizing": "You have the right to publicity. If you give up that right, the state can make up anything it wants about you. You have the right to a media consultant. If you cannot afford one, the court will appoint one for you . . .") We can do the same with Congress. Abolish the executive and legislative branches. Have ten minutes of allotted commercials a day! Votes are mailed in by anyone interested. Want to vote more than once? Sure, go ahead! After all, everybody else can, too! With the money saved by closing Congress, we could raffle off one new car in every vote. (Your vote must be postmarked by July 14. Previous winners not eligible. Send self-addressed, stamped envelope for list of winners.) CHILDREN OF DARKNESS, CHILDREN OF LIGHT -or- IGNORANCE AND SHAME FURNISHED BY THE NATION & HUMAN NATURE / LIGHT IN THE DARKNESS SUPPLIED BY HARPER'S On other fronts, the June 5, 1995 copy of The Nation has an article by Kirkpatrick Sale on "Lessons from the Luddites: Setting Limits On Technology." Mr. Badger found this to be a terribly sad article. There is little more depressing than seeing a (supposed) historian ignore the lessons of history. Luddites originally opposed - vocally and violently - the adoption of mechanized looms in England during the early 1800's. Kirkpatrick seeks to find corollaries between Luddites and "technophobes and techno-resistors." "Wherever the neo-Luddites may be found, they are attempting to bear witness to the secret little truth that lies at the the heart of the modern experience: Whatever its presumed benefits, of speed or ease or power or wealth, industrial technology comes at a price, and in the contemporary world that price is ever rising and ever threatening . . . From a long study of the Luddites, I have concluded that there is much in their experience that can be important for the neo-Luddites today to understand . . ." Sale outlines seven lessons that can be learned from the Luddite past, the first being "Technologies are never neutral, and some are hurtful." As proof, he presents the actions of "U.S. industrialism turned to agriculture after World War II . . . It was a war on land . . . capable of depleting topsoil at the rate of 3 billion tons a year and water at the rate of 10 billion gallons a year. It could be no other way: If a nation like this beats its swords into plowshares, they will still be violent and deadly tools." Mr. Badger is rarely of the "love it or leave it" mentality, but this is tremendously bigoted view of American agriculture. If Sale thinks this is a high-tech onslaught, he ought to go to India, southern China, or the Sudan and check the local menus. Even at abusive as petroleum derived fertilizers can be, we still have the most productive farmland in the world. While Mr. Badger won't use pesticides on his own land, he's still willing to put up the number of American citizens killed by pesticides and fertilizer against the numbers of starved and undernourished in a comparable-sized portion of any Third World region. Even worse, it ignores the long term lesson from the mechanization of production: There were short-term hardships caused by the loss of jobs, an elevated risk of danger to workers, but a long-term benefit in terms of quality and longevity of life for everybody. Elsewhere in the article, Kirkpatrick bemoans such things as clearcutting and the killing of whales. If he would care to look, he would see that the dangers from clearcutting, including soil erosion, are highest in _unmechanized_ environments. Most of the depletion of the Brazilian rainforest is coming from small farmers who clearcut, plant, harvest, and move in one year. They do this because they have no means of keeping the soil in production. Similarly, whaling has been around for as long as man can recall, but loses most of its economic benefits in a mechanized society. Whale oil used to be crucial to people living in cold weather environments, as was the meat and fat. In a modern society, better, cheaper alternatives are available because of mechanized, industrialized transportation. Similar blending and confusion of themes is seen in the second lesson: "Industrialism is always a cataclysmic process, destroying the past, roiling the present, making the future uncertain." Bullshit! HISTORY IS A CATACLYSMIC PROCESS TO BEGIN WITH. Don't come whining to me about what happened to the traditional Ladakhi society when the transistor radio was introduced. If you were a historian at all you would have read the Bible and realized that any encounters between cultures result in drastic changes in all societies involved. Sales' view is: "Whatever material benefits industrialism may introduce, the familiar evils -- incoherent metropolises, spreading slums, crime and prostitution, inflation, corruption, pollution, cancer and heart disease, stress, anomie, alcoholism -- almost always follow." Gee, pre-industrial societies produce familiar evils, too: typhoid fever, dysentery, diphtheria, sleeping sickness, Ebola, scurvy, goiter, starvation. A check of primitive cultures will show that alcoholism, tribal warfare/genocide, and summary killing of deformed babies isn't unknown, either. We might as well hold the Sioux guilty of supplanting the customs and habits of the past. The Sioux were kicking other tribes off of their traditional grounds long before the White Man got the Great Plains and the Dakotas. But Sale would never do that, after all, our third lesson is that "Only a people serving an apprenticeship to nature can be trusted with machines." Oh, spare me. In Irian Jaya there is a luscious fruit unknown to the western world. It grows high in a smooth barked tree that's damn near impossible to climb. Do you know how natives get the ripe fruit? They cut the tree down. Which leads to my summary dismissal of Sale and the remaining four points. Look. Folks is folks. Back when Assyrians where leading Israelites away with fish hooks, they were also cutting down all of the trees they could find. Reading through one of the oldest records of human behavior, one finds kings cutting the legs off living bulls, enemy farm land being salted, death, pestilence, famine - every evil imaginable and even some you can't. That Sale would say " . . . industrialism is inevitably and inherently disregardful of the collective human fate and of the earth from which it extracts all its wealth" shows such a deep bias that only life in the Third World will cure it. When will we realize that _we_ are the problem. It matters little if we come with stone axe or chainsaw in tow, in either case it is man that brings destruction. The Hindus have it wrong. We have no need of Kali. We _are_ Kali. And now for something completely different I will explain why I will not review the issue of smut on the Internet, congressional censorship, or anything similar. The Internet sucks. The material being transmitted on it is continually two steps ahead of the medium's ability to carry it reasonably. Internet Relay Chat is a meeting place where girls as large as heifers - or weird guys masquerading as girls - can chat with pimply-faced geeks across the world, mostly on university time. FTP is dumpster-diving with a blindfold on, mostly on university time. The World Wide Web is Windows for the chronic user of Quaalude analogs, mostly on university time. Newsgroups are self-therapy centers for emotionally disabled lamers, mostly on university time. And Archie is about as useful as tits on a boar. Mr. Badger figures that the average home Internet connection costs a user: 30 Megabytes - Windows based software. 15 Megabytes - Newsgroup Kill file. 45 Megabytes - Useless downloaded programs, not yet deleted. 20 Megabytes - Useless textfiles, not yet deleted. 05 Megabytes - Saved, but useless, e-mail. 10 Megabytes - Lists of addresses, all of which went down yesterday. And that's without the copyright-infringing porn. Internet, as such, isn't worth saving from Congress. It isn't worth being supported, even indirectly, by university funds. And if you're tired of putting up with lamers from Delphi and America On-Line, just wait until Windows 95 has access delivered to everyone else. Not me, though. You'll find Mr. Badger at the local library. Reading a book. [Editorial note: There are unconfirmed rumors of Mr. Badger running amok at the offices of a local internet access provider in Columbia, South Carolina. The provider in question failed to charge his Visa account for over three months and then applied all charges in the fourth month. When asked why, the provider explained that their modem had been broken for three months. At this point, details are hazy and witnesses won't talk. There is talk about firecrackers, tennis balls and a worn-out copy of "The Turner Diaries." In any case, we feel Mr. Badger's always tenuous impartiality and objectivity have been compromised in this matter.] Ahem. To return to the world of print, I am happy to point out an article in the June issue of Harper's magazine. "Out of Time: Reflections on the Programming Life" was written by Ellen Ullman, a software engineer from the San Francisco area. The article is an excerpt of the chapter Ullman wrote for "Resisting the Virtual Life," a compilation edited by James Brook and published by City Lights. Here's a sample that will give you a good taste of Ullman's style: "If you want money and prestige, you need to write code that only machines or other programmers understand. Such code is 'low.' It's best if you write microcode, a string of zeroes and ones that only a processor reads. The next best thing is assembler code, a list of instructions to the processor, but readable if you know what you're doing. If you can't write microcode or assembler, you might get away with writing in the C and C++ language. C and C++ are really sort of high, but they're considered 'low.' So you still get to be called a 'software engineer.' In the grand programmer-scheme of things, it's vastly better to be a 'software engineer' than a 'programmer.' The difference is about thirty thousand dollars a year and a potential fortune in stock. "Frank became a sales-support engineer. Ironically, working in sales and having a share in bonuses, he made more money. But he got no more stock options. And in the eyes of other engineers, Frank was as 'high' as one could get. When asked, we said, 'Frank is now in sales.' This was equivalent to saying he was dead." There's much more, but it only aggravates me to take bits and pieces out of the whole. Many of the stories have to be read in their entirety. Along that line, I'll express disappointment with Harper's editing. Cutting anything out of Ullman's original chapter was bad enough, but deleting her use of roman numerals to split portions of the text had a real impact on the tone of the writing. While I'll review the rest of the book in the next Crypt Newsletter, I'll say now my only complaint with Ullman's work is that it was too short. She should have written an entire book. As brief as it is, it's the most poignant description of software engineering and engineers I've seen. PHYSIOLOGICAL EFFECTS OF THE VULCAN DEATH GRIP CONTINUED -or- A BRIEF INFOMERCIAL FOR THE CHOATE MACHINE & TOOL COMPANY In Crypt Newsletter 31 we _infotained_ you with the ongoing Mexican horror-wrestling death struggle between virus writer Mark Ludwig and anti-virus software developer David Stang. The battle is again joined in the recent issue of Ludwig's _Underground Technology Review_, formerly known as _Computer Virus Developments Quarterly_. At $3.95/issue, this one was as fine an example of pathology as you'll find at the newsstand. In an editorial entitled "The Anti-virus Community Is Populated By Madmen," Ludwig refers to Norman Data Defense's David Stang as "Dr. Antivirus" and a . . . well, you'll just have to buy the issue for yourself since this is a _family_ publication. Suffice it to say, the pejorative phrase does appear to raise the bar in the savagery in namecalling sweepstakes. For Stang's case, Ludwig repeats the US Norman Data CEO's labelling of him as akin to a "child pornographer" for the April 16th issue of the Arizona Star. Fair is fair, after all. But this is already plowed ground to regular readers. A better find is the magazine's cover feature focusing on what Ludwig calls "Windows95 Insecurity." In it Ludwig quickly invokes author Andrew Schulman's _Unauthorized Windows 95_ (IDG Books) with the statement that it's elementary to crash Chairman Bill's entire operating system by overwriting the first thousand bytes of memory in any DOS box. The computer magazine Infoworld howled about the same problem for about three weeks and then suddenly dropped the issue, presumably when Kaiser Bill menacingly noticed the publication becoming a pest. However, Schulman - and by extension Ludwig and UTG - nevertheless supply a simple command to corrupt Windows 95 operation. By firing up Microsoft's DEBUG.EXE program with the instruction -f 0:0 FFFF 0 in any DOS box, Windows 95 promptly comes to a screeching halt, crashing everything that may have been running as other tasks in the system. Work on precious documents, potentially embarrassing correspondence to alt.pantyhose, on-line sessions, DOOM II, numbers crunching - gone, gone, all gone! And if this isn't anti-social enough, UTG supplies the source code to a Jerusalem virus variant and a handful of dime-sized utilities designed for the user curious about what that wretched slug boss is writing about him while logged in elsewhere on the network. By infecting only the DOS EXE-executable programs with the Jerusalem Win95 virus and firing up the adjunct utilities in a DOS box, the virus is sent to work draining keyboard input from other network sessions into a fink file for later snooping by taking advantage of a rather gaping hole in integrity between network sessions. However, the most interesting personal security observations are reserved for reporter Mark Ridenour in the UTG treatise "Blunt, Pointed, Edged & Other Weapons -- Assorted Items for Self-Defense the Prepared Person May Wish to Acquire." Written for those readers overfond of contemplating thrusting the business end of a chrome steel truncheon into a murderous - but preferably smaller - assailant, "Blunt, Pointed, Edged . . ." was an article of which Soldier of Fortune, a militia pamphlet, any fat-boy in woodlot cammies, or The Resister newsletter could be proud. The commando tool to have, writes Ridenour, is the Spetsnaz Spade, "a terrible noiseless weapon" . . . "balanced for hand-to-hand fighting as well as digging and chopping . . . [Use] it to strike telling blows, either with the flat of the blade or one of the edges." "However, it isn't always practical to carry a Spetsnaz Spade with you," continues Ridenour, which would seem indisputable. After finishing "Blunt, Pointed, Edged . . . " the Crypt Newsletter's hot consumer tip is _not_ the fine variety of alley-sweeping shotguns supplied by Mossberg but the Executive Ice Scraper manufactured by the Choate Machine & Tool Company of Bald Knob, Arkansas. The manufacturer includes a warning with it, reports Ridenour. "Do not hit anyone with this ice scraper." UTG reports an emergency room surgeon informed Ridenour it would take twenty stitches to close the wound caused by one blow from the Executive Ice Scraper. BLEWED, SCREWED & TATOO'D: ENGLISH VIRUS WRITER STRUNG UP IN CROWN COURT FOR MALICIOUS VIRUS SPREADING AND PANDERING Finally, after months of delay and postponement, a 26 year old unemployed computer programmer, Chris Pile, pleaded guilty on May 26, to eleven charges related to computer virus writing. Pile, known as the Black Baron, pleaded guilty to hacking into business computers and planting the computer viruses known as SMEG/Pathogen and SMEG/Queeg. The case followed an investigation by fraud squad officers and experts from Scotland Yard. The eleven charges stemmed from a period between October 1993 and April 1994 when the Black Baron obtained unauthorized access to computer programs and seeded them with viruses he'd written. He also pleaded guilty to one charge of inciting others to plant his viruses. Authorities stated that tracing Pile's viruses and repairing damage caused by them cost "well in excess of half a million pounds" with final charges billed by the anti-virus industry heading toward 1 million. Pile was released on bail and the trial adjourned for two months to allow the defense to prepare a pre-sentencing report. The May 27 edition of the London Times commented that Pile was warned he faced jail. The prosecution's Brian Lett said the virus writer had encouraged people who downloaded his instructions to create their own viruses. Expert opinion was called to determine what harm the SMEG viruses were continuing to cause with Lett testifying there could be further monetary loss. Pile also confessed he had encouraged others to spread computer viruses. The virus author, a Devon man, wrote the SMEG viruses which quickly gained the attention of anti-virus developers worldwide in mid-1994. Due to publicity on the nets and in the computer underground, they were rapidly distributed around the Internet at approximated the same time Pile was arrested in connection with the charges on which he would later be tried. Sentencing will probably depend upon the incidence of the SMEG viruses worldwide, or in countries where cases of infection can be determined reliably, _and_ the interpretation of Pile's intent to inspire others to write viruses employing his "SMEG" encryption kernel which was furnished internationally to virus exchange underground bulletin board systems in mid-1994. For example, anti-virus vendors in the U.S. contributing to the Computer Anti-virus Research Organization-administered WildList - a report of viruses in active circulation - have been questioned in this matter. (The Computer Anti-virus Research Organization is a professional/pan-professional trade group consisting predominantly of software vendors.) The incitement argument, however, is an arcane issue which calls for the examination and tracking of a computer archive containing a detailed technical "how-to" on installing Pile's "SMEG" virus encryption kernel into new viruses, the encryption software and a sample demonstration virus. Interestingly, Pile's SMEG archive is not unique. In fact, it hews closely to a style, or _anti-style_ for the whimsical, created by the Bulgarian virus writer known as the Dark Avenger who was the first to "formalize" the distribution of virus encryption kernels packaged in "how-to" archives mailed throughout the computer underground. The Dark Avenger's "benchmark" in computer virus development was known as the Mutation Engine. These types of "how-to" archives always adhere to rigid orthodoxy within the virus writing underground. To depart from the orthodoxy is viewed as heresy at worst, bad form at best. Each encryption kernel must always contain: 1. The encryption kernel - with a suitably scary name derived from an acronym. 2. A meaningless or silly software version number, sometimes used as a barometer of bug content. 3. A text file containing instructions, preferably incomplete, on the use of the encryption kernel in computer viruses. 4. An extremely simple demonstration computer virus and its source code designed with the purpose of illustrating how the encryption kernel is added to other computer viruses. In 1995, they are common on systems interested in material of this nature. In 1993, another English virus writer, Stephen Kapp, was arrested in connection with telephone fraud charges. Kapp was known as the "President of ARCV," or ARCV virus writing group which stood for Association of Really Cruel Viruses. It is worth noting that in 1992 at the height of the Michelangelo virus scare, few virus writers were easily identified. This is no longer the case. Due to the growth in computer networks and an increasing desire for underground network celebrity, many of the most prominent virus writers in the world work in plain sight. CITIZEN MITNICK COMMITS TO EIGHT MONTH TOUR OF BIGHOUSE Kevin Mitnick has plea-bargained his infamous early-1995 cross-country hacking and media jaunt into a sentence that will commit him to about eight months in prison, according to John Yzurdiaga, his attorney. The legendary hacker will plead guilty to possessing stolen cellular phone numbers, one of twenty three federal charges - all concerning cellular phone fraud - against him. The remaining charges will be dropped. However, according to the Los Angeles Times, federal prosecutors in North Carolina where Mitnick was bagged in January, maintain the hacker will probably face additional charges. In California, these charges could be built upon probation violations accumulated by Mitnick when he deserted a state-mandated counseling program for his "computer addiction" and disappeared during a 1992 FBI probe against him while employed at a private investigating firm in Calabasas. Although no other charges _have_ been filed, federal authorities claim additional ones could also be mounted from Seattle where Mitnick fled while on the run from continued government investigation. LOOSE LIPS SINK SHIPS: QUANTUM TEAMS UP WITH SYMANTEC IN INTRIGUING MARKETING OF THE NORTON ANTI-VIRUS At the end of 1992, Western Digital's Charles Haggerty proudly announced "Without some form of generic virus detection methodology, the industry cannot hope to keep up with the growing epidemic of more than 1000 known virus strains, much less the dozens of unidentified and mutated strains that are introduced into the community each month." It was corporate newspeak aimed at heralding the rollout of a Western Digital effort to eliminate the computer virus problem through a combination of company hardware and software designed to protect IDE-type hard disks. Great talk! But by 1993, Digital's hard disk controllers packed with proprietary logic to combat computer viruses was forgotten rubbish. Now, hard disk manufacturer Quantum and Norton Anti-virus are teaming up on a similarly elephantine strategy called AVID for Anti-Virus Inoculated Drive, according to unenthusiastic Quantum employees. AVID is proposed as a hardware solution similar to crippleware which mandates the purchase of the Norton Anti-virus for computer virus disinfection and the quieting of annoying warning messages supplied by the Quantum AVID-equipped hard disk. It's supposed to work like this: Using fierce industry-grade jargon, Quantum manufactured AVID hard disks will maintain what the company refers to as an "RBS," for reserve boot sector, on an area of the disk not directly accessible by the user. The RBS is a mirror, or backup, of the "ABS" - or active boot sector - the system area PC's use to initiate the loading of the machine's operating system and the sector targeted by common partition sector infecting viruses like Stoned or Michelangelo among others. On start, the Quantum AVID disk compares the ABS to the RBS and if they match, the machine boots from the hard disk. If there is a mismatch, the AVID disk hardware compares the changed ABS to - and here's another nice shred of techno-confuso-speak - the "FSL" - or Friendly Signature Library - which contains identification for multiple flavors of MS-DOS, PC-DOS, DR-DOS, Windows 95, Windows NT, OS/2, SCO Unix and Unixware boot sectors. It also compares the ABS to the "VSL," or Virus Signature Library of viruses known by Quantum and Symantec to infect the hard disk. If a match is found with AVID's virus signature library, the user is given the message to "use the AVID Cure feature of the Norton Anti-virus" which will simply copy the AVID-stored RBS back to the infected partition, eliminating the virus. The industry standard is for anti-virus software solutions to perform this type of disinfection _without_ hardware dependence and with the caveat that a stealth virus infecting a partition - or AVID's ABS - can only be reliably removed by starting the machine cleanly from a virus free diskette. This is a condition normally prompted by the detection of the virus in memory. While the Quantum/Symantec effort superficially appears to be an alternative to the virus free system diskette it _won't_ copy the reserve partition, even if it is clean, back to a contaminated partition. Quite cleverly however, it does contain the option to do just the opposite - copy a new partition infecting virus - or part of it - to its reserve partition sector if the user becomes frustrated or confused by the AVID error messages and interference with the boot process and chooses to "update the ABS." This approach also guarantees AVID hard disks will generate _interesting_ problems for users if new viruses which relocate and encrypt the original partition - the AVID "ABS" - (a not unrealistic assumption) and one sector of the virus is inadvertently updated into the "RBS" and the disk partition (ABS) is subsequently fiddled with by the user or infected by _another_ different computer virus. It is possible to entertain oneself for hours with worst case scenarios in which, while prompted by the AVID firmware, the user assists in the corruption of his own hard disk. Intentionally or not, the design also compels the consumer - corporate, academic or private home - to either purchase the Norton Anti-virus to perform a task not enabled in the AVID-hard disk firmware (and which, incidentally, can be currently purchased in much cheaper anti-virus software), put up with error messages if trouble occurs, or learn enough about the system area of the hard disk and how viruses infect it to enable a work around for the AVID disk. The Quantum/Symantec AVID plan is superficially similar to a "hardware/software" solution offered by Digital Enterprises in _1992_. Digital Enterprises marketed a V-Card which held a mirror of the partition and system areas which could be used to boot the machine around a virus-infected partition, similar to the AVID plan. Bundled with the card was virus removal software developed by Netz Computing of Israel, which is known for the Invircible anti-virus software package in 1995. Another example was Trend Micro Devices' PC-cillin Immunizer chip which stored a backup of the partition sector which could be copied back to the disk if it was altered by a virus. The discerning consumer will also recall that Peter Norton once claimed computer viruses were an "urban legend." A BRIEF TALE ON THE NATURE OF OBSESSION: BULGARIAN VIRUS RESEARCHER TILTS AT ALLEGED AMERICAN FOES "From Hell's heart I stab at thee . . . " -- Ahab in "Moby Dick" In late June, Vesselin Bontchev, a computer virus research associate at the University of Hamburg in Germany, accused Computer underground Digest (CuD) and the Internet site EFF.ORG of distributing computer viruses. In threatening electronic letters to CuD archivist Stanton McClandish and CuD editor Jim Thomas, Bontchev stated that users of EFF.ORG would no longer be allowed ftp access to Bontchev's anti-virus software archive at INFORMATIK.UNI-HAMBURG.DE. CuD maintains a computer underground archive on ftp accessible disk space at EFF.ORG. The archive contains publications and text files of interest to scholars, students and average citizens interested in the sociology and technology of the evolving culture within the computer underground and has been built and maintained by CuD since 1990. The virus-writing magazine 40Hex is also part of the CuD archive and it drew the fire of Bontchev who is determined to render illegal the existence of computer virus source code and related material on the Internet. In what has become a trademark style, Bontchev railed at the CuD editor in lengthy electronic correspondence: ". . . I will do everything which is within my power (and the limits of the law, of course) to stop you from [enabling access to 40Hex], and to communicate to you, your users, and the whole world, that you are doing a Bad Thing. So far I have found that severing ftp access from the virus distribution sites is one such - rather effective - way to communicate this message of mine to those sites. If I find a better one, I'll use it against [you] too." "We neither maintain nor distribute viruses on the CuD archives, and your continued claims to the contrary are becoming offensive," replied Thomas to the maddened Bulgarian. "Virus source code and instructions are no more viruses than are instructions for making a zip gun a weapon. Your continued insistence that virus advocacy and source code [contained in 40Hex] constitutes a 'virus' . . . in describing what the [CuD] archives contain and what [is] made available is either a gross confusion of terms or an intentional misrepresentation. ". . . I grow weary of repeating that I do not condone any sort of destructive, anti-social, or predatory behavior. I do not approve of the files that you describe, but neither do I approve of suppression of information. I consider the files you mention (that I have read) on a par with so-called 'anarchy files.' While they are not in good taste, and while I find them offensive, they nonetheless reflect a part of computer culture to which access should be available. One of the best ways to fight anti-social behavior is through education, not through suppression of information. On this, we have a profound and obviously irreconcilable difference of perspective." The Bulgarian virus researcher also offered to stop harassing CuD with the ftp ban if Thomas edited the virus source code and related material from the 40Hex issues on-line. This was an _interesting_ diversion since Bontchev, and almost everyone else familiar with computer viruses, is aware that erasing this material from 40Hex literally leaves little left but the title page of the electronic magazine. "You are in no position to offer a 'compromise' in matters of free speech," Thomas replied brusquely. "When the courts rule our material unprotected, or if there are demonstrable dangers that occur because of our holdings, we will then act to limit access." In his replies to the Bulgarian, Thomas stated infecting computers with viruses was already illegal at both state and federal levels in the U.S. That the Bulgarian wanted to make viruses illegal illustrated his true goal, the imposition of a personal view of what constitutes ethical behavior and illegality onto others. Thomas indicated that he was also annoyed by the personal attacks and threats contained within Bontchev's correspondence. FTP site access bans aren't new to some of the older boys in the professional/pan-professional Computer Antivirus Research Organization (CARO), of which Vesselin Bontchev is a founding member. Presently, users of the giant Internet provider Netcom are banned from INFORMATIK.UNI-HAMBURG.DE for, according to Bontchev, also promoting the distribution of computer viruses. Attempted log-ons from Netcom are presented with the disclaimer: "We have decided to restrict ftp access from your site because your Internet provider has the policy of allowing its users to distribute computer viruses from their accounts. "We are convinced that there is no good to come from computer viruses. Over and over again, we've seen users traumatised by damage, distrust and distress, even after a minor virus hit. Viruses, we believe, are quite simply a Bad Thing. Unfortunately, your Internet providers don't seem to share this view. As far as we can see, they are content to allow their hosts to be used for the dissemination of viruses without any apparent control or concern. "Since this system is dedicated to helping you *control* the spread of viruses, we feel it is inappropriate to allow incoming FTP sessions from the host you are on. Therefore, we are refusing this connection. "However, if you agree with us, and would like to see increasing levels of responsibility against viruses, why not contact your administrators and ask them to review your site's policy towards the dissemination of viruses? As soon as their policy is changed, access to our site will be re-enabled." The user is then logged off. Other sites which have been the target of CARO shelling over the past months have been Kaiwan - an access provider in Southern California, aql.gatech.edu or any other provider, temporary or in long-standing, which allows access to computer virus source code, computer viruses or underground magazines, such as 40Hex, which publish computer viruses and information on them. A few weeks ago Fridrik Skulason, the author of the anti-virus software program F-PROT, was dragged into the same issue in the Australian virus-writing magazine, VLAD. Skulason, according to a VLAD article entitled "F-PROT Troubles," was refusing access to F-PROT servers from Kaiwan. The point of objection was a series of archives called the Virus Collectors [sic] Kit which was being made available for ftp by a Kaiwan user. The "Kit" contained anti-virus programs, assemblers, disassemblers, virus writing magazines and computer viruses. The availability of the archives was publicized in the Usenet newsgroup alt.comp.virus which is frequently used as a forum for the publication of live viruses and virus source code. Group posts run the gamut from the worried, clueless or puzzled asking for anti-virus software recommendation to would-be cyberfiends calling for assistance in plaguing an enemy, their school, or some hapless target with computer viruses. Its signal-to-noise level, however, is vanishingly small. It is worth mentioning that commented virus disassemblies done by Vesselin Bontchev years ago are also part of the continuum of data present within the virus distribution points which provoke these bans. While these now comprise only a small portion of the virus material available on the Internet they remain an extremely contentious sore point and source of embarrassment to CARO members like Vesselin Bontchev. Ironically, through 1994 Fernando Bonsembiante, an Argentine virus expert affiliated with the CARO-administered WildList, was a South American agent for CARO nemesis Mark Ludwig. Ludwig has been the continued butt of CARO boycotts, protests and harassment for the publication and sale of computer viruses and related material. The WildList is a report devoted to tabulating common computer virus infection worldwide. Like most stories in computer virus-land, this one still more loose ends. As the Crypt Newsletter went to publication an anonymous voyeur on the Usenet newsgroup alt.comp.virus lamented the unpredictable nature of much publicized viruses-by-ftp on the Internet: ". . . aql crashed, kaiwan inactive for months, filbert's dos files [on Netcom] moved to an apparently inaccessible server, doc hobbs reorganizing and referring folks to aql instead, quarantine closed off, sbringer bowing out, craigb site closing down . . . unpleasant pattern manifesting here . . ." CRYPT ON COMPUSERVE Those readers with accounts on Compuserve can now take part in the dedicated Crypt Newsletter message base and attached file library in the National Computer Security Association special interest group. GO NCSAFORUM and look for message base #20, Crypt Newsletter. Current issues are on-line in the attached file library. CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE [Note: For those interested in subscribing to Crypt Newsletter, r-e-a-d s-l-o-w-l-y, THERE ARE NO SUBSCRIPTIONS. None. Not one. Not listserved. Not e-mailed. Nope.] You can now visit Crypt & The Virus Creation Labs on the World Wide Web, view pics of the author and his book, download back issues and sample a chapter from VCL! Set your graphical browser (Mosaic, Netscape, etc.) to: URL: http://www.soci.niu.edu:80/~crypt -------------------------------------------------------------- If you quite enjoy the Crypt Newsletter, editor George Smith's book, "The Virus Creation Labs: A Journey Into the Underground," will really flip your wig. In it Smith unravels the intrigue behind virus writers and their scourges, the anti-virus software developers and security consultants on the information highway. What readers are saying about THE VIRUS CREATION LABS: "There are relatively few books on the 'computer underground' that provide richly descriptive commentary and analysis of personalities and culture that simultaneously grab the reader with entertaining prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,' Katie Hafner and John Markoff's 'Cyberpunk,' and Bruce Sterling's 'The Hacker Crackdown.' Add George Smith's 'The Virus Creation Labs' to the list . . . 'Virus Creation Labs' is about viruses as M*A*S*H is about war!" ---Jim Thomas, Computer underground Digest 7.18, March 5, 1995 "THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo media blitz and moves on to become an engaging, articulate, wildly angry diatribe on the world of computer virus writers . . . Expert reporting." ----McClatchy NewsWire -------------------------order form------------------------- Yes, I want my wig flipped and wish to receive a copy of George Smith's "The Virus Creation Labs: A Journey Into the Underground" (American Eagle, ISBN 0-929408-09-8). Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas) NAME: _____________________________________________ ADDRESS: __________________________________________ CITY/STATE/ZIP: __________________________________ Payment method: ___ Master Charge ___ Money Order ___ Check ___ Visa Credit Card # ___________________________________________ Expiration date _________________________________________ Name: ____________________________ Orders can be taken by voice or fax through regular phone number and/or 1-800 number in USA. COD welcome. American Eagle: 1-800-719-4957 1-602-367-1621 POB 41404 Tucson, AZ 85717 ---------------------------------------------------- George Smith, Ph.D., edits the Crypt Newsletter when he feels like it and is the author of "The Virus Creation Labs: A Journey Into the Underground." Media critic Andy Lopez lives in Columbia, SC. copyright 1995 Crypt Newsletter. All rights reserved.