CRYPT NEWSLETTER 33
August-September 1995

Editor: Urnst Kouch (George Smith, Ph.D.)
Media Critic: Mr. Badger (Andy Lopez)
INTERNET: 70743.1711@compuserve.com
          Urnst.Kouch@comsec.org
          crypt@sun.soci.niu.edu
COMPUSERVE: 70743,1711


IN THIS ISSUE:  Triumph of the Shill: Kaiser Bill & Win95 . . .
Washington Post puzzled by Stealth Boot C virus . . . The military's 
new scorn flakes: Infowarriors & TIME magazine . . . Blewed, 
screwed & tattoo'd continued: Virus writer Chris Pile set upon
by computer forensic expert . . . Letters: On pepper spray, Win95, 
Underground Technology Review and nuts in militia groups . . .
more.


TRIUMPH OF THE SHILL: LARRY KING AND KAISER WILHELM

To the surprise of no one at the Crypt Newsletter, Larry King
sucked up to Kaiser Bill in front of millions on CNN prior to the
delivery of Win95.  But even for Larry's marshmallow questions on
life, Win95, the Justice Department v. Microsoft, and Der Kaiser's
wife, the Microsoft CEO was shifty and vague, parting with little
except that his spouse worked in programming at his company and that
he recommended his friends purchase PC's.

"Heh-heh," chortled Larry.

The only genuinely interesting part of the broadcast came when a caller
from Africa inquired of Der Kaiser whether he was considering setting
up a Microsoft operation in Nigeria - presumably virtual or
otherwise - where programmers were ready and eager to work cranking out
software for mere pennies on every US dollar.  Microsoft's maximum
leader didn't really answer the man. Perhaps this had something to
do with the fact that Der Kaiser regrets the general penury of Africa
which dictates that Nigerian users, among others, only pay for Microsoft
products with mere pennies on every US dollar, if they decide they
wish to pay for them at all.

"Heh-heh," snickered Larry.  Next caller.

But the most unnerving development stemming from the Win95 roll-out in
late August was a 30-minute infomercial at 7:00 pm on ABC the week
following Kaiser Bill's date with King. Hosted by Anthony Edwards, a
man who resembles the generic American sissy just enough to make even
Microsoft's CEO look like a regular guy, the Win95 infomercial
featured the paunchy Kaiser jabbering in flat tones without once looking
the audience square in the face!  All told, you could say - unless you're
a computer industry journaflack, of course - it was a numbing exercise
in the kind of pitiless merchandising that's now the standard for
so-called "age of information" innovations.

As such, Der Kaiser's Win95 show-and-tell was separated into a series of
segments - each a shiny bit of Fool's Gold and contempt for consumers
in its own right, each punctuated with a snazzy guitar riff copped from
the stylebooks of either Dire Straits or Jimi Hendrix. For instance,
one woman praised Kaiser Bill's OS for - and I'm not kidding - generating
her office paperwork. The rest of her recommendation
was devoted to the joy of watching the PC boot up.  "It's cool," or
something like that, she burbled, while little horns pooted out a cutesy
melody in the background.

There was a rock group named Sky Cries Mary shilling for Bill.  Its
members pulled the types of contrived stunts any struggling musical outfit
would: namedrop lots of more successful rock bands that don't have
computers but do employ an army of flunkies to manhandle the on-line or
CD-ROM thing for them and preview its computer game, made easy to
operate courtesy Win95, which allowed a purchaser to dress one of the
musicians - his name sounded like "Wino" - in a tutu and women's
underwear.

An average number of nondescript yuppies were also deployed, yakking
about how they had either: (1) taught their young daughter
the rudiments of faxing or sending e-mail to cellular phone-linked 
modems with Win95 for ten times the effort of a simple _voice_ phone call
or (2) decided that, as teachers, they weren't going to insist on
silly curricula anymore when it was just plain easier to let school
children fiddle about with Win95, the Microsoft Network or Microsoft's
EnCarta CD-ROM encyclopedia.

Not one to let grass grow under his feet, the same week Kaiser Bill
was reported meeting another member of the Richest-Men-In-The-World
club, Warren Buffett, perhaps to discuss a joint bulk purchase of the
rights to everything for use in future CD-ROM projects or on-line
promotions and the timely shipping of said rights back to Redmond,
Washington - C.O.D.


WASHINGTON POST COMPUTERS TROUBLED BY STEALTH BOOT COMPUTER
VIRUS INFECTION

Troubled by continuing incidence of Stealth Boot computer virus
infections on PC's at its D.C. plant during the summer, the Washington
Post is casting about for new anti-virus software.  The Stealth Boot
virus is a program written by Mark Ludwig, an Arizona-based graduate
of CalTech and MIT, who has made a living as a publisher selling
highly controversial - some would say _infuriating_ - technical books
on computer viruses.  His first volume, "The Little Black Book of
Computer Viruses," included the complete source code for the original
Stealth Boot virus, since altered into at least five variants
and seemingly become one of the more common computer viruses
circulating on world PC's.

Inability to control Stealth Boot virus infections led information
systems employees at the Post to cast about for corporate site-licensing
of new anti-virus software.  The front runners in the effort, employees
said to the Crypt Newsletter, were Symantec's Norton Anti-virus, McAfee
Associates SCAN and Datawatch's Virex because "Virex was a good
anti-virus program for the Macintosh."  There was no comment explaining
what relevance the Macintosh product had to computer virus infection on
the IBM-compatible PC. An information systems representative for the
Post who was also in charge of evaluation of the software suites under
consideration commented: "All the anti-virus products detect
the same number of viruses, so the primary factor in choice is going
to be the user interface."  Regular readers of the Crypt Newsletter
are invited to nod sagely and mysteriously while adding their own
whimsical spin to this _corporate_ statement.

Post employees were nonplussed when informed that Peter Norton once
claimed computer viruses were an "urban legend" and that the majority
of Symantec's Norton Anti-virus technical development staff had left
the company en masse for competitor positions at McAfee Associates,
IBM and Command Software, months previously. Post employees were
surprised to learn the computer virus incommoding them had been published
worldwide in books between 1990 and 1993, too.

In related news, Glenn Jordan, the chief developer of Datawatch's
Virex anti-virus software - another product highly thought
of by Post software evaluators - has abandoned Datawatch for a
European competitor, S&S International. S&S International's anti-virus
software regularly thrashes the software Post employees were considering,
a fact which has rarely made much impression at ponderous price-determined-
by-the-pound US computer magazines. S&S p.r.-babble in late August
concerning the matter showed Jordan - angry and tough - baring his
teeth in defiance at the viral digital foe.

"[A computer virus is] random mindless violence, up there
with drive-by shootings," growled Jordan menacingly. "I'm at war."

Grrrr. Get 'em, boy!


Notes:

The original Stealth Boot virus stems from Mark Ludwig's "Little
Black Book of Computer Viruses" which was published in 1990 but
didn't reach major circulation until 1992.

Since then, the book has been rolled-out in subsequent editions
and distributed widely in the United States and France. During
this period, Ludwig rewrote the original virus a
couple of times "to make it more compatible." The books contain the 
source code of the virus.  Accompanying computer diskettes also 
included the source code, a binary image of the virus and
a dropper program for infecting a floppy disk with the virus.
The Stealth Boot virus, due to the nature of current operating
systems for the IBM-compatible computer and the way the virus
manipulates the PC, introduces instability to the operating system.
Systems infected with Stealth Boot can seemingly become hostile when 
running Windows. Published versions of the Stealth Boot virus contain 
no intentionally harmful code.

One variant of Stealth Boot was also used by Ludwig to deliver a data
encryption scheme.  It remains a curiosity and hasn't attained wide 
for a number of reasons, the simplest being not many people 
actually know of it with even fewer understanding it to any great 
degree. As written, it was not possible for this variant, known as 
KOH, to spread in the wild. The source code for it, as with the 
original Stealth Boot viruses, is sold by Ludwig's company, 
American Eagle.

In 1993, Addison-Wesley France was the target of a lawsuit aimed
at stopping it from publishing Ludwig's "Little Black Book" - retitled
"Birth of a Virus" - and an accompanying disk which sold for 100 francs,
containing Stealth Boot and other viruses. The case made it to the
French equivalent of the Supreme Court where a decision in favor of
Addison-Wesley France was returned. The plaintiff was also commanded
to pay the publisher an undisclosed sum in damages and legal fees for
hindering the book's publication.  The French translation of the book
was written by Jean-Bernard Condat, "secretary general" of the French
chapter of the Chaos Computer Club. The back cover of the book is
illustrated with an icon of a smiley-face, fizzing bomb rolling
toward the reader.

"The Little Black Book" and "Birth of a Virus" remain in print.

The Stealth Boot viruses is only tricky - or _stealthy_ - in that when
it is loaded on PC start from an infected partition sector of the hard disk,
it will assume control of the machine at a low level and return an image of
the partition sector free of the virus when various software
tools attempt to observe this sector.  The virus will also defeat attempts
to write, erase or alter positions where its code is stored on disk
when it is in memory. The net effect is the masking of the virus code
on the disk from cursory examination.  Stealth Boot C is the common
name given to that Ludwig virus variant which appears to be
consistently reported infecting US PC's by anti-virus software vendors.
Since the virus also readily infects the boot sector of PC diskettes
inserted into machines with Stealth Boot infected hard disks, the virus
is easily transported.  In 1990 Ludwig wrote, rather accurately in
retrospect, "[Stealth Boot] is _highly contagious_ . . . It hides
itself pretty well and once it's infected several disks, it is
easy to forget where it's gone.  At this point, you
can kiss it good-bye."


THE US MILITARY'S NEW SCORN FLAKES -or- ANONYMOUS GOVERNMENT 
INFOWARRIORS AND TIME MAGAZINE VERSUS THE WORLD

TIME magazine, often ridiculed in the pages of the Crypt Newsletter,
has been described as the magazine for those that can't think.
Full of middle-brow cover stories of an editorial style
that panders to elements in US society easily moved to nutso 
hysteria, it's out-of-touch quality this past summer was 
excessive, even by the standards of supermarket periodicals.

"CYBERWAR" blared the cover of the August 21 issue.  "Computer
technology is revolutionizing the science of warfare, and 
the Pentagon is rushing to take full advantage of the new 'infowar'
technology," read the blurb for the story in the table of 
contents. Yes, it was awesome.  "Scientists," "CIA experts,"  
"Pentagon officials," "a secret national intelligence report,"  
"Senior Pentagon officials," - lots and lots of anonymous sources, 
all making claims delivered with the gravity of utterances 
from the burning bush - explained to TIME how the Pentagon was 
preparing to crush future foes with computer 
viruses, "wide-ranging plans," electromagnetic pulses, 
booby-trapped computer chips, psychologically
demoralizing messages beamed from warplanes and bacteria that eat
computer chips. The computer chip-eating bacteria were a
particular attention grabber because their theoretical existence
seemed to indicate that Pentagon officials, and TIME reporters,
lacked even the most tenuous grip on the basics of modern science.

For this article, the Crypt Newsletter made a few quick phone calls
to its own Beltway bandit-type experts but the results were
disappointing.  No one would talk about "infowar" without laughing
inappropriately.

Welcome to infowar 1995, "courtesy the same people who brought
you the Clipper chip - John Deutch, John McConnell -- they've 
convinced Clinton these are good things," chuckled Wayne Madsen 
of Computer Sciences Corporation. McConnell is head of
the secretive National Security Agency, Deutch - the CIA. 
Ironically, Madsen is chairing an "infowar" panel this October 
at an information security conference partly sponsored by the 
NSA. Madsen also mused that perhaps it was time the "infowarriors" 
review Stanley Kubrick's "Dr. Strangelove," specifically the
part where George C. Scott, as General Buck Turgidson shouts,
"Mr. President, we'll have a mineshaft gap!" paraphrased or
sub-titled to "infowar gap!"

Dave Banisar at EPIC was pretty sarcastic, too, so Crypt went back
to the TIME article to do some more reading. There was an 
interesting sidebar about "America's Persuader in the Sky," a 
fancy C-130 called the Napoleon Solo, er, the Commando Solo 
"stuffed with more electronics than a Radio Shack."  It's 
purpose was to broadcast propaganda and annoying practical jokes 
and messages at once and future enemies like
Saddam Hussein.  It was deployed to the Gulf War to trick Iraqi 
soldiers into deserting, said TIME.  The aircraft was also used 
to attack those menacing Haitian infowarrior enemies of 
Jean-Bertrand Aristide. But Crypt Newsletter found this 
intriguing, anyway, so it did more digging. Michael Gordon and 
General Bernard Trainor's "The General's War: The Inside Story 
of the Conflict In the Gulf" (1995, Little, Brown) came to
the rescue. The newsletter looked up the Commando Solo, only it was
called the Volant Solo by Trainor and Gordon. "Even with air
superiority, however, the Air Force considered _Volant
Solo_ to be a vulnerable aircraft and it never operated within 
broadcast range of Baghdad."  Worse, even the CIA's attempts 
at "infowar" in the Gulf were pathetic: "Acting with
the support of the CIA, the Saudis ran a network of radio stations,
dubbed the Voice of Free Iraq, which urged the Iraqi people to
topple Saddam Hussein.  But the range of the radio stations limited
the broadcast to Iraqi ground troops in [Kuwait] and the 
Shiite-dominated area of southern Iraq, a group Washington knew 
little about and was reluctant to support."  In the Gulf War, 
wrote Trainor and Gordon, the Pentagon's "infowar" did not reach 
its audience.

Further on in the TIME article, a security expert named Steve 
Kent babbled about Saddam Hussein's opportunity to take out 
the Internet courtesy of "Dutch hackers," a shopworn story of 
anonymous source which grows better upon each telling. Trainor 
tells a better one, however, in "The General's War":  During the 
Gulf War the Iraqi high command never learned of one of the 
US's greatest vulnerabilities, its reliance on civilian communications 
networks carried over satellite.  A great deal of the action on the 
network was carried over a commercial satellite uplink in 
occupied Kuwait City which, apparently, never came to the attention 
of Hussein's leadership.  This is the same Saddam Hussein, mind you, 
that TIME magazine and Pentagon "experts" cast as one of the next 
bogeymen capable of bringing the Republic to its knees through "infowar."

Trainor and Gordon also commented that the Army's vaunted reliance
on e-mail in the Gulf War was overrated - lacking in flexibility and
utility.  Equipped with field FM radio sets that were thirty 
to forty years old, the VII Corps resorted to using electronic 
mail for messages, using portable microwave antennas and 
cellular phones hooked to computers.  The authors claimed the 
links were easily broken and no one bothered to confirm by field 
telephone if e-mail was received.  "The main communications 
channel the Army used to give its attack orders was not as good 
as a modern office fax" (p. 408).

TIME magazine also portrayed CIA officials, unnamed of course,
cackling over clever non-specific plans to slip computer viruses
and logic bombs into software and hardware.  There was no mention of
the problem called "blow-back."  "Blow-back" is what happens when
a weapon you deploy on an enemy eventually smokes your own rear.
One of the best models of "blow-back" - one that occurred 
unexpectedly - is the recent case of the Natas computer virus.  
An incompetent computer security consultant in Mexico inadvertently 
infected his software with the virus, which was written in 
southern California, and accidentally smeared it over clients' 
computers.  The virus spread rapidly in Mexico and took little 
extra time - a couple months - to waft back across the border of 
the United States on diskettes carried by American businessmen 
with extensions and trading partners in Mexico.

But lest you think all this "infowar" stuff isn't stupid-sounding
enough, the best is saved for last.  Another Pentagon denizen,
Ken van Wyk of the Defense Information Systems Agency - a proxy of
the National Security Agency, is credited with the flakiest
non-sequitur of all: "Hackers" - although van Wyk offers no names
or examples for TIME - "say our computers are crunchy on the
outside but soft and chewy on the inside."  Perhaps like the minds
of the Pentagon's current crop of "infowarriors"  - or subscribers
to TIME.


THE TURNABOUT INTRUDER: CARNEGIE MELLON'S MARTY RIMM ALSO A
PUBLISHER OF PORN MARKETING PAMPHLET

The outrage on the Internet over the unholy union of TIME
magazine's peeper journalism/CYBERPORN cover story with the
sensationalist Carnegie-Mellon/Marty Rimm on-line smut _study_
gathered momentum until news of Rimm's own role as an on-line porn
booster surfaced. In its July 24 issue, TIME magazine almost, but
not quite, recanted for making Rimm a national star and poster
boy for the Christian Coalition in late June.

Previously, Computer underground Digest 7.59, an electronic
publication edited by Northern Illinois University professor 
Jim Thomas, revealed Rimm to have self-published a pamphlet entitled
"The Pornographer's Handbook: How to Exploit Women, Dupe Men and
Make Lots of Money."

Computer underground Digest continued that Rimm "went native" 
during the research for his porn study by trying to become involved 
with the organization of adult files on the Amateur Action BBS. The 
system's operator - a Milpitas, CA, man - is currently serving 
time in an obscenity case in the U.S. and had been characterized 
as the Marquis de Sade of the on-line world by Rimm's 
Carnegie-Mellon study.

In Computer underground Digest, Mike Godwin of the Electronic 
Frontier Foundation and a strong critic of the Rimm report, was 
reported as having interviewed Robert Thomas, Rimm's "Marquis 
de Sade," and told:

". . . Martin Rimm was a member of the Amateur Action BBS, that
he quarrelled publicly and privately with Robert and Carleen
Thomas about how they ran their BBS (among other things, he 
wanted them to change the way their BBS software kept track of 
downloads), that his messages to them after they refused to 
comply with his 'suggestions' grew angry and threatening, that 
he declared publicly that he would not renew his membership at 
Amateur Action, and that he _did_ renew his membership in 
February of this year."

In a scathing indictment of Rimm, TIME magazine and the Rimm study,
Brock Meeks of the Cyberwire Dispatch also reported that 
snatches of "The Pornographer's Handbook" were posted into the 
Usenet. Further, writes Meeks, Rimm had conceded to him that 
"The excerpts circulating around the Usenet were stolen from my 
marketing book . . . "

Meeks subsequently republished a part of Rimm's pornographic 
"how-to" manual, from a chapter devoted to the on-line marketing 
of buggery:

"When searching for the best . . . images, you must take
especial [sic] care to always portray the woman as smiling . . ."

Well, since this is a _family_ magazine, we can't reproduce the
rest of it here.  [However, Computer underground Digest 7.59
contains the full text.]

[Hey, wait a minute! You say you're not worried about your family?  
Then click here for the -->dirty stuff<--.  NOTE: FEATURE NOT
AVAILABLE IN RAW TEXT EDITION. -Ed.] 

Sixty-seven copies of Rimm's "The Pornographer's Handbook" were
distributed. Rimm's ex-girlfriend, also the pamphlet's illustrator,
blew the whistle on its existence, according to the Carnegie Mellon
student. When news of the pamphlet broke, Rimm promptly 
recharacterized it as a piece of satire. In late June, TIME 
magazine used Marty Rimm and his report as the star attraction in 
a voyeuristic expose of damnation and decadence on the hot rails 
to Hell of techno-America in the infamous CYBERPORN issue.

"I think there's no almost no question that we're seeing an
unprecedented availability and demand of material like 
sadomasochism, bestiality, vaginal and rectal fisting, eroticized 
urinating . . ." Rimm blurted for TIME's CYBERPORN cover story.

TIME magazine did not uncover Rimm's role as author of a 
pornographic "how-to" manual for its original cover expose, but 
did mention it in the July 24 article, "Fire Storm on the 
Computer Nets," which arrived three weeks later. This was as 
close to rolling in its own excrement for misinformation crimes 
against the citizenry as TIME was willing to get.


BLEWED, SCREWED & TATOO'D, PART II: ENGLISH VIRUS WRITER'S
HANDIWORK EVALUATED FOR DAMAGES, INCITEMENT TO ENCOURAGE THE
LIKE-MINDED, BY COMPUTER FORENSIC EXPERT

Chris Pile, the 26 year old programmer also known as the Black
Baron, remained in limbo in late August on whether or not he would
be serving time in a United Kingdom bighouse for convictions on
eleven charges related to writing and spreading of what are now
commonly known as the SMEG computer viruses. The Devon man awaited
sentencing dependent upon the evaluation of damages caused by his
viruses and to what degree he had incited others to emulate his 
actions. Pile's defense team requested more time to gather 
evidence and prepare expert testimony. This was granted by the 
English Crown Court.

Jim Bates of Computer Forensics commented to the Crypt Newsletter 
that Pile could be sentenced with anything from community service
to 20,000 English pounds in fines or up to five 
years "custodial care" - a nicely Orwellian term for 
"prison" - on ten of the eleven charges accrued under the third 
main offense, unauthorized modification of computer material, 
described by the British Computer Misuse Act of 1990. This 
offense, under English law, covers erasure of data, modification 
of it and the placing of computer viruses and logic bombs 
into general circulation and encompasses most of the events 
surrounding the Pile/SMEG viruses. However, an 
eleventh charge concerning the issue of inciting others to commit 
similar crimes through the distribution of Pile's computer 
viral encryption software and electronic documentation providing 
instruction on its proper use in novel viruses, could add 
further time to be served in addition to any other criminal 
penalties.  Bates was commissioned by English authorities to 
provide technical analysis of Pile's viruses and other evidence 
seized by New Scotland Yard from the defendant's home computer 
prior to the virus writer's trial.

In addition, Bates has supplied ongoing collection and evaluation 
of evidence relating to the spread of the Pile/SMEG viruses and 
damages attributed to them. (See additional notes.)  Bates added 
that one of the SMEG virus variants recently caused a shutdown 
of computer networks of one week's duration at a university in the 
Midlands of the United Kingdom.

Pile, said Bates, had attached a SMEG virus to a computer game and
uploaded it to a bulletin board system in the United Kingdom.  The 
virus writer had also targeted the Dutch-made Thunderbyte anti-virus 
software, initially by infecting one of the company's anti-virus 
programs distributed via the shareware route.  After examining 
software and source code for Pile's computer virus encryption 
engine, named the SMEG, Bates also maintained Pile had invested 
a great deal of time in fine-tuning subsequent revisions of it 
so it specifically generated encrypted computer virus samples opaque 
to the Thunderbyte anti-virus scanning software.

There is little unusual about this feature in 1995. During the 
past two years, virus writers have been drawn to Thunderbyte
anti-virus as an anti-virus software "of choice," of sorts, and 
seemingly invested a great deal of energy programming viral 
encryption schemes which defy the Dutch company's programs.  
The progressive development of the Thunderbyte anti-virus and 
computer viruses encrypted in a complex manner, much like Pile's 
SMEG viruses, could be said - in other words - to drive each 
other. Each enhancement of the Thunderbyte anti-virus's
sensitivity provokes an enhancement in computer viral encryption
schemes which, in turn, spurs further development of Thunderbyte
anti-virus.  Many other anti-virus programs enjoy a measure of 
similar attention but Thunderbyte is the program with the best 
word-of-mouth publicity in the virus underground.

US anti-virus software vendors had been contacted with regards to
incidence of Pile's viruses in the United States.  Bates
added these findings amounted to little since U.K. law stipulates
the presence of a police officer during the collection of such
evidence and British authorities in the Pile/SMEG case were 
uninterested in expending more money to send someone to America on 
an investigation for which the conviction had already been 
handed down.

Notes:

In late 1989, Jim Bates was among the first to examine software
called the AIDS Information Trojan, used as part of a
computer blackmail attempt launched by Joseph Popp, an erratic
scientist from Cleveland, Ohio.  Popp had concocted a wild
scheme to extort money from PC users in Europe which involved
the programming of a software booby-trap that masqueraded as a
database containing information on AIDS and how to assess an 
individual's risk of contracting the disease.  The database, as 
one might expect, was trivial and contained only the barest 
information on AIDS. However, when an unwitting user installed 
the software, the AIDS Information Trojan created hidden 
directories and files on the computer while hiding a counter in 
one of the system's start-up files, the AUTOEXEC.BAT.  Once the 
count reached 90, Popp's creation would encrypt the directory 
entries, alter the names of files with the intent
of making them inaccessible and present the operator with
a message to send approximately $200 to a postal drop in 
Panama City for a cure reversing the effects of the program.  
The AIDS Information Trojan came with a vaguely menacing warning 
not to install the software if one didn't intend to pay for 
it at once.

Popp mailed 20,000 sets of the trojan on disk to users in Europe,
apparently subscribers to a now defunct magazine called PC Business
World.  Bates was among the first to analyze Popp's AIDS Information
Trojan and supplied technical reports on it to English authorities.
The disks were eventually traced back to Popp and New Scotland Yard
began a lengthy process of extraditing him to England to stand 
trial for computer blackmail in connection with the disks, a 
battle which took almost another two years.  Bates was eventually 
flown to Cleveland to present evidence in court which persuaded 
American authorities to hand over Popp for extradition to London.  
Bates also analyzed Popp's original AIDS Information Trojan 
software, source code and a program which was evidently intended 
to reverse the effects of the logic bomb, thus regenerating a 
victim's data.

Instead of going smoothly, the Popp trial became a source of
controversy and puzzlement.  It was claimed Popp was unfit to stand
trial because he began wearing a cardboard box over his head, 
making it impossible to determine whether he was legitimately 
_non compos mentis_ or merely shamming.  As a result, Bates 
said, Popp was declared a "public disgrace" by the court and 
ejected from the country. In England, this is an unusual 
classification which, apparently, allows the case to remain open, 
the purpose being - on this occasion, according to Bates - to 
discourage by intimidation the authoring books or a publicity 
tour of talk shows in the United States by the defendant.

More recently, Bates was asked to supply a copy of his AIDS 
Information Trojan analysis to Italian authorities who went on 
to try Popp for the AIDS Information Trojan affair in absentia.  
He was convicted and sentenced to two years prison in Italy. Popp 
currently resides in Lake Jackson, Texas.



LETTERS: READER DISMAYED BY UNDERGROUND TECHNOLOGY REVIEW

Dear Crypt:

I just finished reading issue #32. Thanks for one of the best
written and most sane publications on the Net.  At least someone is
willing to tell it like it is: These computer things are too damn
complicated for 80% of the population!  (It's a pity 40% of the
population already have one.)

However, I can't come to the same conclusions as you about the latest
Underground Technology Review (UTR) from Mark Ludwig.

Now, I have subscribed to Computer Virus Developments Quarterly - UTR's
predecessor - since its inception. I have used knowledge derived from
it to protect the network I administer - 1150 PCs, ugh - from viruses.
For example, I've written a stealth-beating integrity checker which
would not have been possible without Mark Ludwig's explanations of
virus source code.  I greatly admire Ludwig's approach to the issue
(freedom of information, etc.), and when I heard that CVDQ was going
"monthly" (hmm . . . 3 issues in 7 months . . .), I was interested.
Only CVDQ had even begun to address stuff like protected-mode viruses,
which are the future with Win95 and OS/2.

However . . .

I'll leave the David Stang issue aside, since I don't understand what's
going on there.  Still, it's the Op/Ed part of the publication and
Ludwig is free to put in it whatever he likes.

I was _very_ disappointed by the Windows 95 article.  Both he and your
reviewer seem to have missed the point.  Windows 95 is multiTASKING
(more or less, although it's not brilliant with 16-bit applications),
but NOT a multiUSER operating system; so, memory read protection from
one task to another is not an issue.  Your boss can't be "logged in" to
the same machine as you (you in one DOS box, him in another) under
Windows 95, unless you are both very small and also very good at
multiplexing one keyboard between two people - in which case you can
probably read what he's typing, anyway. So this security "issue" is a
non-issue.

(I agree that if the DOS boxes are insufficiently virtualized that
zapping one can take down the machine, that's not brilliant. But
then OS/2's "crash protection" can be defeated just as easily on
non-MCA, non-EISA machines, as Andrew Schulman has also pointed out.
And crashing Windows 95, unless you set out to do it with the DEBUG
command which, after all, is functionally equivalent to reaching out
for the "Off" switch. In practice this requires that a misbehaving DOS
program overwrite just those few bytes in the first 64K which have
not been properly instanced - which, if you like - is a good emulation
of its DOS behavior.  I say all this as a fully paid-up member of the
Microsoft Hater's Club, too.)

Your reviewer extended this error by suggesting that you can spy on your
boss "elsewhere on the network." Now, of course, with all the wonderful
remote control packages out there, which most sites have to buy to hold
the hands of their incompetent Windows users this is quite possible,
but Ludwig's virus doesn't do this.  It's a neat bit of
programming since he's a great virus writer, but it is not terribly
menacing. And if you're the system manager of the machine, a virus is
surely _not_ the best way to modify your DOS .EXEs to install the
keyboard snooper. A simple one-off addition to KEYB.COM or DOSKEY would
do the trick just as well.

What would have been _truly_ worthwhile would have been a protected-mode
virus which could exploit the big holes in Windows 95 itself, like the
wide-open nature of the VxD chain.  I also wonder what Ludwig's - and,
come to that, Crypt's - view is, of the alleged directory listing that
the Microsoft Network connect software makes the first time you log in
to GatesLand.  Now that's "Underground" - and "Technology."

The third article on weapons was pretty nauseating. But then
I have a European attitude toward guns which is: The world is better
off with as few as possible.  An article in a previous Underground
Technology Review about making pepper spray was at least entertaining.
The latest article was messily written and when it finally got around
to discussing shotgun cartridges and their relative effects on assailants,
I found myself wondering how large the intersection is between the set
of people interested in computer viruses and the set of people
interested in shotgun reviews, who don't already subscribe to gun
magazines.  Anyhow, there is nothing "Underground," subversive or
even "Technological" about most of this stuff, apart perhaps the
"underground" nature of those who like to imagine their penises
expanding because they carry what looks like an ice scraper but
which _they know_ really turns them into John Rambo as soon as some
punk tries to mess with them!

I owe a lot to Mark Ludwig, his little black books, and Computer
Virus Developments Quarterly. But Underground Technology Review
seems to have more to do with anti-federal government politics than
technology and I don't know if I'll be renewing my subscription.

Nick Brown, Strasbourg, France


[The Crypt Newsletter responds:

As for the issue of David Stang, the brew-up in Underground Technology
Review dates back to events which started around Christmas.  Stang, the
CEO of Norman Data, an anti-virus software company located in Fairfax, VA,
had mailed Ludwig a holiday greeting card just around the same time
American Eagle published "The Virus Creation Labs," my book.  A chapter
of the book dealt with Stang's employment of the virus-writer Priest.
Stang had been quoted in Winn Schwartau's book "Information Warfare"
(Thunder's Mouth) saying, "Virus writers belong in jail!" Ouch.
According to Priest, while he was at Norman Data the virus writer
spent his time writing a cure for one of his own creations, Natas, which
was infecting PC's in Mexico and is now relatively common in North America.

Indeed, the release of the news caused such a dust up at Norman Data
that Stang and another Norman Data rep, Sylvia Moon, fought with
each other while trying to secure a copy of "The Virus Creation Labs."
First Ludwig was asked to send a copy directly to David Stang on the
Norman company credit card.  Then Sylvia Moon called, insisting the copy be
sent to her! One can imagine there was a terrible amount of
garment rending and spilt blood the day the book arrived in Fairfax.

However, around mid-Summer Stang struck back, attacking Ludwig in a
copy of the Arizona Daily Star, a Tucson newspaper.  Underground Technology
Review's editorial about anti-viral madmen was in response to the Star
piece.  It's purely a philosophical issue now. Stang's Norman Data was
awarded a 1.5 million copy site license by the US Dept. of Defense for
use of the Fairfax company's anti-virus software, Norman Armor.

As for the convergence of "gun-loving militia types" and those
pursuing the acquisition of computer viruses and related information,
the overlap is probably greater than you think.  It should be noted
that American Eagle, according to Ludwig, had some success advertising
in Soldier of Fortune magazine until the publication pulled the plug on
the ads recently. Obviously, if you wanted to know if _some_ survivalists
and the para-military types associated with militia groups have an interest
in computer virus books and collections of live viruses, the answer is
yes.  Aristotle, the sysop of the Black Axis BBS and a merchandiser of
computer viruses also commented to the Crypt Newsletter that, in the
past, he'd sold a collection to someone associated with a militia group.]

-=The Crypt Newsletter welcomes mail from readers. Published letters may
be edited for length and clarity.=-


CRYPT ON COMPUSERVE

Those readers with accounts on Compuserve can now take part in the
dedicated Crypt Newsletter message base and attached file library in
the National Computer Security Association special interest group.
GO NCSAFORUM and look for message base #20, Crypt Newsletter.
Current issues are on-line in the attached file library.

CRYPT HYPERBASE

If you're reading this you don't have it.  Crypt #33 was also published
as a hypertext/xText reader. It adds hyperlinked cross indices and a 
linked glossary, as well as expanded discussion of topics covered in 
this edition.


CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE

You can visit Crypt & The Virus Creation Labs on the
World Wide Web, download back issues and sample a chapter
from VCL!

Set your graphical browser (Mosaic, Netscape, etc.) to:

URL: http://www.soci.niu.edu:80/~crypt
--------------------------------------------------------------
If you quite enjoy the Crypt Newsletter, editor George Smith's book,
"The Virus Creation Labs: A Journey Into the Underground,"  will really
flip your wig. In it Smith unravels the intrigue behind
virus writers and their scourges, the anti-virus software
developers and security consultants on the information highway.

What readers are saying about THE VIRUS CREATION LABS:

"Heavens -  I don't think I've had as hysterically funny a read
in MONTHS!  The politics of the anti-virus field is at
least as back-biting and insane as the virus writing field, if not
more.  You really probably have no idea exactly how 'corrupt, corroded
and tangled' the anti-virus field really was . . . *chuckle* . . .
Anyhow, I just thought I'd write to you to express my appreciation,
as an ex-member of that 'long chain of cheats, hypocrites and fools'
for a hysterically funny look into the 'underground' that produced the
code we had so much fun - and really we DID, especially in the early
days - reverse engineering and countering."

                       ---an ex-McAfee Associates employee

"There are relatively few books on the 'computer underground' that
provide richly descriptive commentary and analysis of personalities
and culture that simultaneously grab the reader with entertaining
prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,' Katie
Hafner and John Markoff's 'Cyberpunk,' and Bruce Sterling's 'The
Hacker Crackdown.'  Add George Smith's 'The Virus Creation Labs' to
the list . . . 'Virus Creation Labs' is about viruses as
M*A*S*H is about war!"

                       ---Jim Thomas, Computer underground
                       Digest 7.18, March 5, 1995

"THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo
media blitz and moves on to become an engaging, articulate,
wildly angry diatribe on the world of computer virus writers . . .
Expert reporting."
                      ----McClatchy NewsWire


-------------------------order form-------------------------

Yes, I want my wig flipped and wish to receive a copy of George
Smith's "The Virus Creation Labs: A Journey Into the Underground"
(American Eagle, ISBN 0-929408-09-8).

   Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas)

   NAME: _____________________________________________

   ADDRESS: __________________________________________

   CITY/STATE/ZIP: __________________________________

   Payment method:

   ___ Master Charge

   ___ Money Order

   ___ Check

   ___ Visa

   Credit Card # ___________________________________________

   Expiration date _________________________________________

   Name: ____________________________

   Orders can be taken by voice or fax through regular phone
   number and/or 1-800 number in USA.  COD welcome.

   American Eagle: 1-800-719-4957
                   1-602-367-1621
                   POB 41404
                   Tucson, AZ 85717

----------------------------------------------------
George Smith, Ph.D., edits the Crypt Newsletter. Media critic 
Andy Lopez lives in Columbia, SC. For this issue, the editors
decided to kick ass _and_ chew bubblegum. Later, they found 
they were all out of bubblegum.

copyright 1995 Crypt Newsletter. All rights reserved.