Computer underground Digest wed Nov 1, 1995 Volume 7 : Issue 86 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #7.86 (Wed, Nov 1, 1995) File 1--CyberAngels FAQ file File 2--Re: Attention Spammer: The War Has Started File 3--Scientology Attacks Carnegie Mellon University File 4--Head of the French hackers group was a secret service agent... File 5--Cu Digest Header Info (unchanged since 18 Oct, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Mon, 30 Oct 1995 11:54:48 -0600 From: bladex@BGA.COM(David Smith) Subject: 1--CyberAngels FAQ file CYBERANGELS: FAQ The Guardian Angels "CyberAngels" project is an all-volunteer Internet patrol and monitoring project started by senior members of the world famous "International Alliance of Guardian Angels", whose HQ is in New York City. We are a worldwide informal group of volunteers, whose mission is to be a Cyberspace "Neighborhood Watch". THE INTERNET IS OUR NEIGHBORHOOD - LET'S LOOK AFTER IT! 1) How did the CyberAngels project start? The Cyberangels project was born in June 1995, after a discussion between senior Guardian Angels about the apparent lawlessness of the Internet world CyberCity. Guardian Angels leaders on the West Coast of the USA (Los Angeles and San Francisco) had been online for the previous 2 years, and when Guardian Angels Founder and President Curtis Sliwa himself went online in New York City and got his email address, we began a serious discussion about CyberCrime and how the Guardian Angels might respond to it. Curtis Sliwa has a daily talk radio show on WABC in the New York state area. Once he had an email address, he made the announcement over the radio, and his email box immediately started to receive letters telling stories of online harassment (stalking), hate mail, pedophiles trying to seduce children in live chat areas, and complaints from worried parents about the easy access their children had to hard core pornographic images. Realizing that there was a big issue at stake here, Curtis began discussing the Internet issues on his talk show, and as the debate raged daily, and the letters kept pouring in, we realized that perhaps we were being asked to DO SOMETHING. We sat down and discussed what we the Guardian Angels could do to help reassure parents and to make the Net a safer place for kids and others. The answer was simple - we should do what we do in the streets. The Internet is like a vast city: there are some rough neighborhoods in it, including "red light" areas. Why not patrol the Internet, particularly in these "rough neighborhoods" just like a Neighborhood Watch? Just like our own Guardian Angels Community Safety Patrols. And why not recruit our volunteers from the very people who inhabited this vast world CyberCity? Who better than to cruise the Net watching out for people's safety than members of the Internet community themselves? After all, who else could do it? Never an organization to blame it on, or leave it to the government, we decided to do something ourselves. So the CyberAngels program was set up - an all volunteer team, providing a CyberSpace Community Safety Patrol and an Internet monitoring service. Current CyberAngels Chief Coordinator is Colin "Gabriel" Hatcher. 2) What is the purpose of the CyberAngels project? The purpose of the project is a) To promote and protect the idea that the same laws of decency and respect for others that apply in our streets should apply also to the Internet. b) To protect our children from online abuse. c) To pressurize service providers to enforce their Terms of Service. d) To give advice and assistance to victims of hate mail, harassment and sexual abuse online. e) To watch out for users violating terms of service by committing cybercrimes and to report them to relevant authorities (Sysadmins, or even Police). f) To help to make unnecessary Government legislation by showing Government that the World Net Community takes the safety of our children and the well being of all its members seriously. 3) How does the project work? Volunteers send their information to Gabriel at ganetwatch@aol.com and we send them a copy of our FAQ. Each volunteer volunteers to spend a minimum of 2 hours per week cruising the Net and looking for places where they believe there may be unacceptable activity. It is up to each member where they go and what they look for, although sometimes we may send a bulletin to all members advising them to search a particular area. If a volunteer finds criminal activity on the Net, GANetWatch functions as a clearing house for information. We do encourage members to report violations themselves, but we ask that copies of all actions taken are forwarded to us. Members may choose instead to simply report the problem to us and leave it to our more experienced members to deal with. We keep our members informed via email, with a regular update on what's going on. 4) Why do we need volunteers? The Internet Community is huge - around 40-50 million people, and growing every day. There are hundreds of new Web sites each week. The more volunteers we have, the more effective we can be. And by giving a little of your time to looking after the welfare of the Net, you can make a real difference! WE NEED MORE VOLUNTEERS! Anyone can be a CyberAngel. The only requirement is that you commit a minimum of 2 hours per week to the project. No previous experience or special skills are necessary...although a computer and an Internet account would be useful! :) JOIN US NOW! LOOK AFTER YOUR CYBERCITY! We are anonymous in cyberspace. Noone cruises with a Cyberangels badge. And we do not encourage our volunteers to identify themselves online. We DO NOT advise our volunteers to challenge cybercriminals directly, neither by arguing in live areas, nor by flaming in emails, nor by counter-postings on message boards / newsgroups. Being a CyberAngel involves no risk or danger. You are volunteering only to be eyes watching the Net. 5) What should volunteers be looking out for? We are searching to uncover and prevent: a) Child abuse and pedophilia; b) The trading in images of child pornography; b) Sexual harassment; c) Hate crimes, including harassment; d) Fraud schemes operating on the Net (particularly credit card fraud); e) Software piracy; f) Computer virus developments; g) Terrorism, bomb-making, weapons trading etc. Activities between consenting adults (providing they are within the law) are not our concern. Searching for the above violations our volunteers are encouraged to visit: a) Live talk sites (Chat Rooms, IRC areas, MUDs etc); b) Kids and Teens sites of all types; c) Message boards, where visitors can leave postings; d) Newsgroups (particularly "alt." newsgroups); e) Any sites providing material / discussions / images / contacts of a sexually explicit nature (there are thousands!) These are unsupervised areas of the Net where children may roam. For example, parts of the World Wide Web are online porno stores with the doors wide open, and with no staff inside. Kids can easily surf by.... The only warning says "Don't come in here if you are under 18". But there is noone there to check what is happening. And naturally enough kids are wandering in and looking at the merchandise. This is not acceptable on the streets of our cities, and yet we are allowing this on the Net. When discovering suspicious or criminal activity, CyberAngels should record the date, time and place and nature of the violation and write down the user's full ID and InterNet address. Mail can be forwarded to ganetwatch@aol.com, or volunteers may copy and paste information to send. Please follow our advice and DO NOT attempt to challenge cybercriminals directly. Simply report the violations to us at Netwatch, and also to the System Administrators, or Service Providers, of the cybercriminal. Email can usually be sent to "Postmaster@..." or "Sysop@..." or "Sysadmin@...", or find out by writing to/calling the company (the cybercriminal's Service Provider) and asking them who you contact to report a violation. As far as Web Sites are concerned, w e are encouraging parents to use some of the new filtering software, that can screen out chosen areas of the WWW. Organizations like **"Safesurf"** are campaigning for Websites to register as "child friendly", and are on the cutting edge in helping to develop new software for parents to regulate their children's access to the Internet. We fully support Safesurf and are working together with them. Together we believe that CyberAngels and Safesurf will form an irresistible alliance for Good on the Net! 6) How will the project develop? The first stage of our project is to involve volunteers in pressurizing Internet Providers to enforce their terms of service. This involves the accumulation of information and the reporting of violations to Service Providers. The second stage of our project involves the Police. Information about crimes will be passed to the relevant Police authorities, particularly Sex Crime departments and Fraud departments. For the third stage of our project we will have a section on our Web Site where we will be offering rewards for information about various cybercriminals. There will be the equivalent of "Wanted" posters, asking for further information about people who have already been reported to us, and whom we have verified as cybercriminals. 7) Is this a US First Amendment Issue? What about Freedom of Speech? Don't people have a right on the Internet to express their views freely? Are the CyberAngels proposing censorship? CyberAngels support the First Amendment of the US Constitution. We are not trying to abolish free speech, but we believe that freedom of speech should not be exercised if by exercising it you are violating someone else's basic rights. For example I could claim freedom of speech to justify talking sexually and obscenely to a young child - but we all know that that is wrong. This is not a First Amendment issue. Breaking the law takes precedence over "freedom of speech". We are all granted our freedom, but not the freedom to hurt, corrupt, abuse or harass innocent people. The First Amendment was not written to protect pedophiles. No criminal can claim "freedom of expression" to justify a crime. Child pornographers on the Net are criminals and should be brought to justice. 8) The Internet is huge and unregulated. Surely such a project is an impossible task? The fact that the Net is impossible to maintain crime-free is no reason for us to do nothing. Each person does their part. If everyone picked up their own trash, there would be no need for garbage collectors. The same could be said of our streets. We are not naively hoping to eliminate crime from the Net, only to play our part in protecting the innocent majority from the violations of the tiny tiny minority. The Internet Community consists of millions of people. That is millions of potential CyberAngels. TOGETHER WE CAN MAKE A DIFFERENCE! 9) What kinds of changes would the Guardian Angels / CyberAngels like to see? a) We would like to see an improvement in User identification. User ID is impossible to verify or trace back. The very anonymity of Users is itself causing an increase in rudeness, sexual abuse, flaming, and crimes like pedophile activity. We the Net Users must take responsibility for the problem ourselves. One of our demands is for more accountable User IDs on the Net. When people are anonymous they are also free to be criminals. In a riot you see rioters wearing masks to disguise their true identity. The same thing is happening online. We would like to see User ID much more thoroughly checked by Internet Service Providers. b) We would like to see Websites registering as "Child Safe" or "Child Friendly", so that parents can use the new software to restrict children's access. We support Safesurf in their campaign on this issue. c) We would like to see Internet Service Providers enforcing their Terms of Service. d) We would like to see a worldwide blacklist of known cybercriminals, circulated to all Providers and regularly updated, so that these people could be denied access to Internet accounts. e) We would like to see the whole Internet Community united together to protect the Net from all crimes and violations. JOIN US, NOW! ------------------------------ Date: Fri, 27 Oct 95 11:43:28 PDT From: Barry Gold <barryg@sparc.SanDiegoCA.ATTGIS.COM> Subject: 2--Re: Attention Spammer: The War Has Started Instead of using the extra-legal methods so heavily hinted-at in Patrick Townson's comments, I think we should look at technological methods to defend ourselves against Spammers. I don't think we can stop them althogether, but we can probably make their life more difficult and get rid of all but two classes: (A) First-time offenders that don't know enough to cover their tracks (B) A very few, really dedicated and net-wise spammers who won't give a damn about the law. Class (A), of course, can be dealt with by traditional methods: e-mail the ISP and get their account cancelled. Class (B) will probably require resort to the law, but I think we can push them to the point where they will have to commit actual crimes in order to get their spam through - which is why only a very few of them will remain. Let me (try to) explain: The latest round of spam (the "Magazine subscription service") came from an obviously forged address. In general, the more experienced spam artists forge the headers of their spam to make themselves harder to track down. (Which means it takes longer before we can get their account cancelled.) So, we make this a little harder: Definitions: "real site": something with an IP address that is up 24-hours a day (more or less, allowing for possible down time due to telecomm problems, software bugs, hardware faults, etc.). To qualify as a "real site", you must be able to ping it and open an SMTP connection to it on the standard port (25). "hop": something that shows up in "received:" headers. Each "hop" therefore causes either one "received: from... by..." header or a single pair of "Received: from" and "Received: by" headers, depending on the mailer daemons involved. Note that this isn't the same as the IP "hop" involved in the "hop count", "time-to-live", etc. fields. Assumption: A legitimate e-mail address is no more than "n" (say 2) hops away from a "real site". If it appears to be further away than that, the probability is that one or more "received:" headers have been forged to conceal the true origin of the message. 1 hop would be even better, because then we can at least verify the site names for every message (see below). 1. Mailing lists: two steps: a) Improve majordomo and listserv to recognize obviously forged headers and dump the messages. This is a simple change. If the supposedly "verified" From: line is non-conforming, trash the message. Some examples include: . more than one "from" address . totally ridiculous site names, especially where the top-level domain (the last one) isn't one of the "standard" three-letter names or a two-letter country code. b) A further improvement involves actually verifying the From: line before sending the message out again. This would be more work, but would make the spammer's job much more difficult. When processing a message, majordomo/listserv should open an SMTP connection to the site shown in the "From:" header. If that can't be done, the Return-Path and/or Received: headers should be parsed to find a system that _can_ be connected to. If the From: site is "real", majordomo/listserv should go further and verify that a RCPT-TO: will be accepted by the smtpd at that site. If it isn't real, at least verify that the next-site in the return-path is acceptable (RCPT-TO: postmaster@site). 2. News: similar two steps a) a daemon that runs periodically and trashes anything in the spool directories that has a bad From: line. b) verify From: lines as above. This might be done when the message is accepted by nntpd (or uucp, for sites that still use it). Or the above daemon might do the verify for each message it scans. Note that step b) can be improved by cacheing site names known to be good and possibly even user names at those sites. So, I can hear you asking, what does all this get us? The spammers will just put "real" site names and real usernames in their "From:" headers, right? Then when the software checks it out, the supposed "From:" site will say "sure, I exist and I've got a user with that name". And the message will be posted/remailed, and the spam will go on. BUT, if we fix things so the spammer can only get a message in with a real username, then those messages will be much closer to "forgeries" in the legal sense: a document issued by person B, and purporting to issue from person A. I'm not a lawyer, so I'm not sure if an ordinary letter qualifies for this purpose (as opposed to a check, deed, contract, etc.) but it sure brings them a lot closer to a prosecutable offense. And if it isn't currently unlawful, I think we can get the legal definition expanded without getting the government into constitutionally questionable areas of regulating free speech. We don't need the govt telling people what's "on-topic" for a given newsgroup or mailing list. No regulation of "commercial" speech in areas dedicated to "non-commercial" use -- and just try getting such a law through a Congress dominated by commercial interests anyway. Just a simple rule that makes it a crime to claim to be someone else. Note that this doesn't outlaw pseudonyms per se. Using an anonymous account, or one where you've used "chfn" or equivalent to change the name to something other than what you use for other purposes, wouldn't be unlawful -- the basic rule still applies: you can use any name you like, as long as the purpose isn't to defraud others. But pretending to be some other _real_ person would be a crime -- if not under current law, then under rules that could be enacted, would be defensible under constitutional challenge, and wouldn't be excessively intrusive in our freedoms on the net. In fact, such a law needn't (and _shouldn't_) mention the network, computers, etc. at all. It would be unlawful to sign someone else's name to a letter sent via snailmail, e-mail, netnews, posted on a supermarket bulletin board, or carved in the bark of a tree (S.K. -heart- J.S.). Of course, this still leaves the dedicated few who don't care about the law, but they will be few and very much on the fringes, _not_ the big companies that we usually worry about. Just as existing rules (and social controls) help keep down the number and intrusiveness of crackers, I think this scheme would keep down the number and volume of the spam artists. So, whatdya think? ------------------------------ Date: Wed, 1 Nov 1995 00:34:11 -0800 (PST) From: Declan McCullagh <declan@EFF.ORG> Subject: 3--Scientology Attacks Carnegie Mellon University Reprinted from FOCUS, vol. 25, no. 1, October 1995, page 4: SCIENTOLOGY ATTACKS CARNEGIE MELLON UNIVERSITY by Declan McCullagh (declan@well.com) A flame-war raging on the Internet over the Church of Scientology's attempts to halt the distribution of its bizarre secret scriptures has spread to Carnegie Mellon University. When SCS senior research scientist Dave Touretzky placed a copy of a Scientology tract on the World Wide Web in August, the church immediately moved to cancel his netnews posts that mentioned the web pages. It also faxed printouts of the pages to CMU's attorneys and threatened a lawsuit over "trade secret violations." The same day, University Attorney Walter DeForest called Touretzky, who agreed to remove the 136-page tract from his web site. "DeForest didn"t know what the legal status was of the court records and copyrighted documents. He was going to research this. In order to spare CMU and myself an unnecessary lawsuit, I voluntarily took the materials down," says Touretzky. Complicating the problem for CMU was the files' origin. Touretzky's web site contained documents that were then available to anyone who walked into the federal court building in Los Angeles. The court documents were later sealed after attorneys for Scientology successfully argued that copyright laws prohibiting unauthorized republication apply to the documents. "This is not an easy area of the law since it combines the Internet with controversial subjects," DeForest says. "It's normal and appropriate for a university to respect copyright -- if it exists. It's consistent with academic freedom." The threats against CMU are the most recent in a series of lawsuits the church has filed against Internet service providers, newspapers, magazines -- and especially against its critics, who argue Scientology is a cult that brainwashes and blackmails its members and harasses defectors and critics. "The Church of Scientology has made a practice of suing people who have been critics of their practices or their tactics. The fact is that these lawsuits are not meritorious," says Mike Godwin, staff counsel for the Electronic Frontier Foundation, an online civil liberties group based in San Francisco. In August the church sued one of its former members for posting anti-church information to the Internet and persuaded a federal judge to permit the seizure of his computer. The church then sued The Washington Post for reporting on the computer seizure and quoting from public court records. Ironically, the court documents were generated by Scientology's previous lawsuit against TIME magazine, which in 1991 ran a cover story calling the church a "thriving cult of greed and power." Despite Scientology's best efforts, its religious teachings remain publicly available on the Internet -- not just because of the efforts of critics and free-speech advocates, but because network users delight in passing around the excerpts, which read like one of Scientology founder L. Ron Hubbard's pulp science fiction novels. Hubbard's scriptures claim that 75 million years ago an evil galactic overlord named Xenu solved the galaxy's overpopulation problem by freezing the excess population and transporting the bodies to Teegeeack, now called Earth. After the hapless travelers were defrosted, they were chained to volcanoes that were blown up by hydrogen bombs. Then, Hubbard writes in Operating Thetan 7: "The Pacific area ones were taken in boxes to Hawaii and the Atlantic area ones to Las Palmas and there "packaged." His name was Xenu. He used renegades." Elsewhere in the scriptures, Hubbard requires church acolytes to go to a park or a zoo "with many types of life and communicate with each of them until you know the communication is received and, if possible, returned." The disembodied spirits of the dead are called "thetans" and supposedly still haunt mankind, but Scientology offers ways to "audit" them away -- for a price. Church members pay tens of thousands of dollars and wait years before they"re "cleared" for this "Operating Thetan" (OT) knowledge. (They"re required to wait this long. The tracts threaten pneumonia if the mentally unprepared read the OT texts.) Now, to the church's dismay, any of the Internet's 35 million users can peruse the most private -- and lucrative -- teachings of Scientology. The band of online dissidents understands this. Many are former church members who became disaffected and left. Some have used a private anti-cult bulletin board system in Colorado to distribute news on the activities of the church. Others have relied on netnews.alt.religion.scientology, a Usenet newsgroup, to disseminate information about Scientology tactics. If alt.religion.scientology is the front line of the war on the Internet, then the newsgroup is the Internet's equivalent of a food fight in a school cafeteria. The attacks on the church flowing through alt.religion.scientology once prompted a church attorney to try and delete the newsgroup from every computer on the Internet via an "rmgroup" control message. That raised the netiquette hackles of many Internet users and escalated the online fight from a small-scale battle into a full-scale war. It's one the church can"t win, says EFF's Godwin. "The church is going to lose. They"re making so many people angry that they"re succeeding in motivating people to become critics," says Godwin. On the WELL, a computer conferencing system in California, Godwin posted: "If the Church wanted the records sealed, it could have sought that. In the meantime, copyright interests do not normally trump the public's right to know the details of court proceedings." Another participant in the discussion, Jerod Pore, wrote that alt.religion.scientology is "the site of the most vicious flame-war on the Net: a flame-war that includes forged cancels of articles, with the forgeries coming from sites such as the Department of Energy, real lawsuits being filed to shut people up, death threats, midnight phone calls and the like." Other net-skirmishes have touched upon Scientology's attempts to censor anti-church netnews posts by deleting them from Usenet servers; the church's threats to sue people who posted the above-quoted lines about communicating with animals at the zoo; the church's attempt to file university disciplinary charges against a California college student; the church's attempt to force Caltech to reveal the identity of one of its alumni users; and the church's attempt to remove the contents of a web page maintained by an MIT user. But perhaps what riled online "netizens" the most was the church's raids on Finland's anon.penet.fi anonymous remailer and on the Colorado anti-cult bulletin board system. In both cases, the church was able to seize information to protect its "trade secrets" under international law. The secrets in question? Xenu and the galactic conspiracy. On the Internet, thousands of users every day rely on Julf Helsingus' anon.penet.fi server to communicate anonymously with other users or post to controversial netnews bboards under a numerical pseudonym automatically assigned by his computer. When Scientology and the Finnish police forced Helsingus to reveal the true name of one of his users, his subscribers on the Internet realized how vulnerable their identities were. And more sparks started flying on alt.religion.scientology. Recently, the 41-year-old church has experienced setbacks in its attempts to stifle its critics. Last month, a federal judge in Colorado upheld free speech claims and ordered Scientology to return the computers and files seized from two men who ran an anti-Scientology bulletin board. An ad-hoc group of network users formed and successfully fought the church's attempts to cancel netnews posts. On September 15, the judge in The Washington Post case said she thought the newspaper had acted appropriately in printing the Xenu excerpts and that Scientology had gone too far in snooping through the computer they seized in August. She ordered the church to "immediately return and restore to [the defendant] all seized materials in their exact original condition." The uproar from the church's raids on computers worldwide is why CMU's Touretzky became involved. "I realized there was a great interest in this material and I knew about the forged cancels. I wanted to further an educational purpose in a way that would be protected from vandals," says Touretzky. Even though Touretzky has removed the court records from his site, he maintains a list of their current locations on the Internet. After Scientology threatened an Internet service provider in the Netherlands, Dutch collections of the United States documents sprouted overnight. "Many of the Dutch sites are copies of my site. My site's still up, but with hyperlinks to the Dutch sites," Touretzky says. A member of the Dutch House of Commons has put the materials on his home page, and the materials are popping up elsewhere. Once Xenu is out of the bottle, there's no putting him back. DECLAN MCCULLAGH For more information, look at: http://www.cs.cmu.edu/~dst/Fishman on the World Wide Web. [ screen dump of a Netscape display of the 1991 TIME Magazine volcano cover, "The Cult of Greed", showing the URL for the Fishman web site. ] ................ FOCUS -- in seven issues a year -- is a publication of the faculty and staff of Carnegie Mellon University. Many of the articles in FOCUS express the opinions of individual members of the CMU community; unless so indicated, they should not be construed as reflecting university policy. ------------------------------ Date: 28 Oct 1995 18:56:54 GMT From: JeanBernard_Condat@EMAIL.FRANCENET.FR(JeanBernard Condat) Subject: 4--Head of the French hackers group was a secret service agent... Bonjour, In the October 12th issue of "Intelligence Newsletter", I note the following text that the editor accept to put at the end of this email. Don't hesitate to send me all your comments related at this fact... The _Chaos Digest_ from the CCCF was build in this mission by me! Regards, -- Jean-Bernard Condat 47 rue des Rosiers, 93400 Saint-Ouen, France Phone: +33 141238807, portable phone: +33 07238628 JeanBernard_Condat@eMail.FranceNet.FR ======================================================== A Computer Spy Unmasked For years Jean-Bernard Condat has undoubtedly been France's best-known computer hacker. Appearing on television talk shows, launching provocative operations and attending computer seminars, he founded the Chaos Computer Club France (CCCF) in 1989 as France's answer to the renowned Chaos Computer Club in Germany. French journalist Jean Guisnel revealed this week in a book entitled Guerres dans le Cyberespace, Internet et les Services Secrets (Cyberspace War, Internet and Secret Services) published by the Editions La Decouverte (ISBN 2-7071-2502-4) that Condat has been controlled from the outset by the Direction de la Surveillance du Territoire. A student in Lyons where he followed music and information technology courses, Condat was taken in hand by the local branch of the DST in 1983 after committing some "minor misdemeanor." The DST organized his participation in hacker meetings abroad. Guisnel said that from 1989 onwards "Jean-Luc Delacour, Condat's handler at the DST, decided that his proteg was ready for bigger and better things." He asked Condat to start up CCCF, then worked to promote his public image in order that the largest number of hackers would gravitate towards him. The DST printed hundreds of T-shirts and thousands of post cards for him. When Thomson and Pechiney found that hackers were trying to break into their systems Condat enabled the French counter-espionage service to trace the intruders. When he was taking part in a television program in 1991 in which he was to demonstrate how to hack into a system his handler dictated what he should say in his earphones. Questioned by Intelligence Newsletter, Condat admitted he had worked for the DST over a 52 month period and written up 1,032 reports during that time. He claims, however, that he broke with the DST in 1991 and that he intends to shortly publish an account of what he calls his "turpitude." Whether true or not, Condat worked for several years for the SVP company before leaving it a few months ago to take over a key function: he is now system operator for the France forum on Compuserve. Guisnel cites any number of cases of how "Internet is controlled to the bone" by such measures as turning around hackers, systematically bugging computer networks and manipulating newsgroups. "If no serious company should confide its correspondence to the network and if no government should use it to transmit sensitive information the reason is that the NSA is watching and that all the network's communications physically travel through the U.S., and very probably through computer filters at its installations at Fort Meade, Maryland," Guisnel said. He said the conclusion was that advanced encryption programs like PGP needed to be used if one wants to communicate in a secure manner on the Internet. Citing the debate raging in the U.S. over computer security which has made little impact in Europe, Guisnel called on France to authorize the use of encryption by everyone and criticized the country's reactionary policy in that score. He said the attitude, while defensive in nature, was all the harder to understand because its first consequence was to increase the vulnerability of French companies, to the benefit of NSA. ------ Copyright 1995 Indigo Publications. All rights reserved. This news report may not be republished or redistributed, in whole or in part, without the prior written consent of Indigo Publications. For more information and sample issues, please mail to indigo1@dialup.francenet.fr. ------------------------------ Date: Sun, 18 Oct 1995 22:51:01 CDT From: CuD Moderators <cudigest@sun.soci.niu.edu> Subject: 5--Cu Digest Header Info (unchanged since 18 Oct, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CUDIGEST Send it to LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu:80/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.86 ************************************