Computer underground Digest Sun Oct 27, 1996 Volume 8 : Issue 76 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.76 (Sun, Oct 27, 1996) File 1--Hacker posts nudes on court's Web pages (fwd) File 2--Internet Anti-Piracy Campaign Launched File 3--COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT File 4--Dropping of the SPA Suit against CCC File 5--LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING File 6-- International Release: Internet Piracy Case File 7--The "Kiddie-Porn" Spam File 8--AOL - Breaking Spam News File 9--More on AOL "child porn" spam File 10--Flaw in Solaris 2.4 Daylight Savings Time Calculation (fwd) File 11--Cu Digest Header Info (unchanged since 7 Apr, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 25 Oct 1996 21:16:56 -0400 (EDT) From: Noah Subject: File 1--Hacker posts nudes on court's Web pages (fwd) From -Noah ---------- Forwarded message ---------- Date--Fri, 25 Oct 1996 16:47:39 -0500 C Y B E R - S P A C E P R O J E C T Email List / Instructions at the end ---------------------------------------------------------------- PHAETHON ::: 10/25/96 -- 12:43 AM Hacker posts nudes on court's Web pages By ROB CHEPAK of The Tampa Tribune TALLAHASSEE - The Internet home of the Florida Supreme Court isn't the kind of place you'd expect to find nudity. But that's what happened Wednesday morning when a judge in Tallahassee found a pornographic photo while he was looking for the latest legal news. A computer hacker broke into the high court's cyberhome, placing at least three pornographic photos and a stream of obscenities on its Web pages. ............. The Florida Court's Web site is used to post information about court opinions, state law and legal aid. Thousands of people, including children, use the court system's more than 500 Internet pages each month, Waters said. ............. Officials aren't sure how the culprit broke in, and FDLE had no suspects Thursday afternoon. But court officials long have suspected their Web site could be a target for hackers armed with the computer equipment to impose photos on the Web. The Florida Supreme Court became the first state Supreme Court in the nation to create its own Internet pages two years ago. ............. Without a clear motive or obvious physical evidence, FDLE investigators, who also investigate child pornography on the Internet, hope to retrace the culprit's steps in cyberspace. However, Ponder said cases of Internet tampering are "very difficult to solve." Thursday, the state's top legal minds, who are used to handing out justice, seemed unaccustomed to being cast as victims. "No damage was done," Kogan said in a statement. "But this episode did send a message that there was a flaw in our security that we now are fixing." * sotmesc@datasync.com aka ---* Frosty, ilKhan of the SotMESC * To send a submission, use this address with 'CSP' in the Subject line * Thanks to: Voyager, 2600, LOD, Knight Lightning, the Unabomber, etc * Visit us at: http://www.datasync.com/sotmesc/gcms * Or our convention at: http://www.datasync.com/sotmesc/ic-con ------------------------------ Date: Thu, 17 Oct 1996 22:44:41 -0500 From: jthomas3@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 2--Internet Anti-Piracy Campaign Launched FOR IMMEDIATE RELEASE Contact: David Phelps, (202) 452-1600, ext. 320, dphelps@spa.org SPA Files Copyright Suits Against ISPs and End Users Internet Anti-Piracy Campaign Launched _________________________________________________________________ (Oct.10, 1996 --Washington, D.C.) -- The Software Publishers Association (SPA) announced today that it has filed five civil lawsuits for copyright infringement occurring on the Internet. Three of the lawsuits were filed against Internet service providers (ISPs), and the remaining two were filed against individual end users. Additionally, SPA launched its Internet Anti-Piracy Campaign, which includes education and enforcement components, in an effort to educate and work cooperatively with ISPs regarding copyright infringement. ISP lawsuits were filed on Oct. 7 and 8 against Community ConneXion of Oakland, Calif.; GeoCities of Beverly Hills, Calif.; and Tripod Inc. of Williamstown, Mass. The SPA members named as plaintiffs in all three suits were Adobe Systems Inc., Claris Corp. and Traveling Software Inc. In each case, SPA first contacted the ISP and requested that the infringing material be removed, but the ISP failed to respond and cooperate. SPA also filed suit against Jeffrey Workman of Auburn, W. V., and Patricia Kropff of Scottsdale, Pa, on behalf of Adobe Systems Inc., Claris Corp., Corel Corp., Datastorm Technologies Inc. and Novell, Inc. In each of these instances, SPA received reports of alleged copyright infringement on certain Web sites, and with the assistance of the ISPs, tracked the individuals responsible for posting the infringing material. "These lawsuits send a clear signal to ISPs and end users that neither direct nor contributory copyright infringement will be tolerated. The Internet does not provide a safe haven for these types of activities," said Ken Wasch, SPA president. SPA's Internet Anti-Piracy Campaign (IAPC), which is outlined at http://www.spa.org/piracy/iapc.htm, contains information explaining why ISPs may be liable for copyright infringement, the risks involved and seven warning signs that infringing activity may be taking place on the ISP's server. Additionally, ISPs may sign an ISP Code of Conduct to show they have adopted the operating practices encouraged under the copyright law. Upon receiving a report of alleged copyright infringement on the Internet, SPA confirms the unlawful activity and sends a letter to the ISP servicing the infringing user. In most cases, the ISP cooperates and remedies the situation. If the infringing user can be identified -- as alleged in the Workman and Kropff cases -- SPA may then choose to seek action against the end user. If the ISP is unwilling to stop the unlawful activity, SPA may choose to file suit against the ISP. "Our intentions are to work cooperatively with ISPs. A key element of the IAPC is the ISP Education Program devoted to alerting ISPs to their potential liability and providing them with the tools and guidance to protect themselves," said Joshua Bauchner, SPA's Litigation Coordinator. "The IAPC maintains SPA's traditional balance between education and enforcement. We first make contact in an effort to amicably resolve the matter, and only when absolutely necessary do we turn to litigation." An integral part of the cooperative effort between SPA and ISPs is the ISP Code of Conduct. This simple agreement asks that ISPs protect themselves from liability by stopping pirate activity on their systems. In return, SPA will attempt to contact the ISP if it receives a piracy report concerning it -- before initiating other action. Piracy has taken many forms on the Internet. These include making unauthorized copies of software available for download, the posting of serial numbers, cracker and hacker utilities and links to pirate FTP sites. Although many believe piracy is limited to "warez" or illegal copies of software, it extends beyond that narrow definition. Under the law, anyone who knows -- or should have known -- of the infringement and who assists, encourages or induces the infringement is liable for indirect infringement. In each of the actions SPA filed, at least two of the above infringements were present. For additional information please visit the Internet Anti-Piracy Campaign site at http://www.spa.org/piracy/iapc.htm. The ISP Education Program information is available at http://www.spa.org/piracy/ispinfo.htm. To report a case of piracy please contact SPA's hotline at (800) 388-7478, piracy@spa.org or complete an on-line intake form at http://www.spa.org/piracy/pirreprt.htm. SPA is the leading trade association of the desktop software industry, representing the leading publishers as well as many start-up firms in the business, home office, consumer, education and entertainment markets. Its 1,200 members account for 85 percent of the sales of the U.S. packaged software industry. SPA press releases are available through fax on demand at (800) 637-6823. ------------------------------ Date: Mon, 14 Oct 1996 11:24:01 -0700 (PDT) From: sameer@c2.net Subject: File 3--COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT Fwd from: fight-censorship@vorlon.mit.edu COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT For release: October 14, 1996 Contact: Sameer Parekh 510-986-8770 Oakland, CA - Community ConneXion, Inc, dba C2Net, condemns the lawsuit served by Adobe Systems, Inc., Claris Corporation, and Traveling Software, Inc. as a frivolous lawsuit. "As near as we can tell," said C2Net President Sameer Parekh, "we are being sued for being an Internet Service Provider." C2Net is an ISP, providing shell accounts and web hosting services. But the company is primarily a software vendor, selling Stronghold, one of the most popular secure web servers on the market. "We were looking into joining the Software Publisher's Association, who filed the suit on behalf of the plaintiffs," said Parekh, "but it's not very likely to happen at this point." The lawsuit appears to charge C2Net with liability based upon allegations that C2Net's customers provide links to pirated software on other machines and "cracker tools" that allow users to beat copy-protection mechanisms like software serial numbers. "It's completely outrageous that the SPA has nothing better to do than to file frivolous lawsuits against hard-working Internet Service Providers," said Parekh. "We are not aware of any such links on our pages or our customer's pages, and if our customers are breaking any laws, we want to know about it so we can terminate their accounts." (The lawsuit provides no specific examples.) The lawsuit was apparently filed after a single attempt to contact the company with a form-letter e-mail. The copy of the alleged e-mail included as an attachment to the suit shows the SPA's real motive. "They want us to sign a 'Code of Conduct'," said Parekh. "Among other things, we'd have to agree to routinely monitor our customer's web pages, which we won't do. We deal with complaints about our customers on a case by case basis, and we have a firm and clear policy against illegal activity of any sort. We've shut down accounts for less than what they're alleging in this lawsuit." "This is clearly a frivolous lawsuit," said Terry Gross, counsel for C2Net. "The plaintiffs know that an ISP can only be liable if it participates in and has knowledge of the improper activity, and it is clear that they have no such basis." Although the lawsuit does not mention the "Code of Conduct", it appears that most ISPs who received the e-mail ended up signing it, largely to avoid legal action from the much-feared SPA. Those that didn't kowtow got sued. "The terms of the 'Code of Conduct' are completely unacceptable," said Parekh. "It basically gives the SPA the right to go on an ongoing fishing expedition through our customer's files, and requires us to do the same as their agent on a regular basis. The Code would classify us as 'publishers', and we would become responsible for everything our customers do. We've built this business on a solid foundation of respect for our customer's privacy. Monitoring their activities without grounds for suspicion is completely inconsistent with maintaining their privacy." "This lawsuit is grossly unfair, and it's going to cost us a lot of time and money, but we don't have any choice but to fight it," said Parekh. "What we have here is three giant software companies and their well-funded bag of lawyers trying to bully a smaller software company into adopting costly policies that invade customers' privacy." A coalition is currently being formed to fight this case and make sure that this form of legal terrorism does not occur in the future against internet providers. The coalition will probably include the three companies that have been served in the suit and other organizations with a stake in creating a rational legal enviroment for ISPs and their customers. C2Net provides high-security encryption solutions for the Internet worldwide. More information about C2Net's products are available at https://stronghold.c2.net/. Information about the forming coalition may be found at https://www.c2.net/ispdc/. ------------------------------ Date: Sat, 26 Oct 1996 00:32:11 -0500 From: jthomas2@SUN.SOCI.NIU.EDU(Jim Thomas) Subject: File 4--Dropping of the SPA Suit against CCC ORIGINAL ROBERT L. MAINES, State Bar No. 39977 FILED ANDREW L. FAGAN, State Bar No. 121445 BRYANT, CLOHAN, OTT, MAINES & BARUH Oct 22 '96 550 Hamilton Avenue, Suite 220 Palo Alto, California 94301 Richard W. Wieking Telephone: (415) 324-1606 CLERK Facsimile: (415) 324-4613 U.S. DISTRICT COURT NO. DIST. OF CA. S.J. GEOFFREY G. GILBERT ANTONIA S. PRITCHARD McBRIDE BAKER & COLES 500 West Madison St., 40th Floor Chicago, IL 60661-2511 Telephone: (312) 715-5700 Attorneys for Plaintiffs ADOBE SYSTEMS, INCORPORATED, CLARIS CORPORATION, and TRAVELLING SOFTWARE, INC. IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA SAN JOSE DIVISION ADOBE SYSTEMS, INCORPORATED, ) NO. C-96 20833 (SW EAI) CLARIS CORPORTATION, ) and TRAVELLING SOFTWARE, INC. ) NOTICE OF VOLUNTARY ) DISMISSAL ) Plaintiffs, ) ) v. ) COMMUNITY CONNEXION, INC. and ) SAMEER PAREKH, ) ) Defendants. ) _________________________________) NOTICE IS HEREBY GIVEN that pursuant to Rule 41(a)(1) of the Federal Rules of Civil Procedure plaintiffs voluntariily dismiss this action without prejudice. Dated: October 22, 1996. BRYANT, CLOHAN, OTT, MAINES & BARUH, LLP McBRIDE BAKER & COLES By:____[signature]_________ ROBERT L. MAINES Attorneys for Plaintiffs ADOBE SYSTEMS, INCORPORATED, CLARIS CORPORATION, and TRAVELLING SOFTWARE, INC. ------------------------------ Date: Thu, 24 Oct 1996 12:34:48 -0700 (PDT) From: sameer Subject: File 5--LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING For Release October 24, 1996 Contact: Sameer Parekh 510-986-8770 LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING Oakland, CA - In an ongoing attempt to force Internet Service Providers (ISPs) to monitor their customers' web pages, the Software Publisher's Association (SPA), acting on behalf of three member software companies, dropped a lawsuit against Community ConneXion, Inc., dba C2Net, but reserved the right to bring the suit again if C2Net failed to adopt a policy of monitoring their users' web pages for copyright infringement. The three plaintiffs, Adobe Systems, Inc., Claris Corporation, and Traveling Software, Inc., seemed surprised to find that they had filed the lawsuit, and sought to distance themselves from the action. For instance, Adobe's PR department maintained that Adobe has definitely not filed any such lawsuiT. (Contact Carol Sacks -- (408) 536-4033) C2Net, a small, Oakland-based ISP and software company, has always forbidden illegal activity on its servers. This includes copyright infringement and contributory copyright infringement. "We're very aware of the problems that software companies face from piracy; most of our revenue comes from software and we have our own problems with people pirating our software," said C2Net President Sameer Parekh. "I just don't think that bullying hard-working ISPs into embracing a highly questionable set of policies does anything constructive about the problem of piracy." The Software Publishers Association wants ISPs to sign a 'Code of Conduct' which would force ISPs to actively monitor users. Under current case law, this greatly increases the ISP's liability, in addition to being extremely expensive, time-consuming, and distasteful to users. "The telephone company isn't required to monitor all their users to make sure they're not saying illegal things," said Parekh. "How can we be expected to do that for our customers' use of the Internet?" Of the over twenty ISPs contacted by the SPA, many caved in and signed the 'Code of Conduct', fearing a lawsuit from the SPA more than the future expense and liability problems that result from ongoing monitoring. A coalition of ISPs and other concerned parties, the ISP Defense Coalition, has formed to oppose these bullying tactics by the SPA. "The SPA thought they could bully small ISPs, but they didn't realize we had principles and couldn't be cowed," said Parekh. Mike Godwin, Staff Counsel for the Electronic Frontier Foundation said, "My personal view is that the Software Publishers Association has forgotten that it is the legislature, not the courts, that is the primary avenue for seeking changes in copyright policy. What we see here is a perversion of the notion that the courts should be used to seek justice -- SPA seems to have picked defendants in the hope that they'd be too weak to resist. I find that decision morally objectionable. Speaking as a lawyer, I have to say that this is the kind of tactic that justifiably confirms in people's minds whatever low opinions they may have of lawyers." The suit alleged that C2Net users were providing tools to get around copy protection in the plaintiffs' software, and were providing pointers to other sites that actually contained pirated software. The SPA provided no examples, and did not allege any direct copyright infringement on C2Net machines. "Despite our best efforts to get specific information," said Parekh, "the SPA did not provide us with any specifics about our customers engaging in infringing activity. We suspect that they had no evidence of infringement, but acted merely on vague reports of questionable conduct on the part of a few users." C2Net provides high-security encryption solutions for the Internet worldwide. More information about C2Net's products are available at https://stronghold.c2.net/. Information about the forming coalition may be found at https://www.c2.net/ispdc/. ------------------------------ From: "David Gersic" Date: Wed, 23 Oct 1996 13:34:40 CDT Subject: File 6-- International Release: Internet Piracy Case If you don't already have a copy of this, I thought you might found it intestesting. Gee. Bomb-making recepies. How nice. And $60k worth of Novell products is hardly anything at all... These were from a private list server, so the header has been modified. ------- Forwarded Message Follows ------- Date sent-- Wed, 23 Oct 1996 11:30:47 -0600 Send reply to-- "xxxxxxxxxxxxxxxxx" From-- "xxxxxxxxxxxxxxxxx" Subject-- International Release--Internet Piracy Case To-- Multiple recipients of list xxxxxx Note: Attached is a press release on an anti-piracy raid in Switzerland. This release was distributed internationally. FOR IMMEDIATE RELEASE ---- October 23, 1996 Novell Brings Largest Ever Internet Piracy Case Swiss Police Swoop On Internet Pirate In Dawn Raid Following months of undercover investigation by Novell's Anti-Piracy Group, on 15th October 1996, Swiss Police executed an early morning raid in Zurich on the home of a 27 year old computer technician calling himself *The Pirate'. *The Pirate' was offering $60,000 of unlicensed Novell products, along with commercial software from other Business Software Alliance (BSA) members, to anyone with a connection to the Internet. During the enquiry, Novell Anti-Piracy investigators also found files containing bomb making recipes and instructions for defrauding credit cards. During the raid officers from the Swiss Police Commercial Crime Unit seized an extensive collection of computer hardware and software. *The Pirate' who was taken into custody, could face a maximum prison sentence of 3 years and/or a fine of up to SFR 100,000 (USD80,000) if convicted. In a related action on the same day, the Swiss police raided the M-E-M-O Bulletin Board System (BBS) run by a systems operator calling himself *The Shadow'. The M-E-M-O BBS was believed to have close connections with *The Pirate' and in addition to making available unlicensed Novell software via the telephone network, also offered a CD and DAT tape writing service. Martin Smith Novell's Licensing Manager for Europe Middle East and Africa says, *This is a landmark case for the software industry. For the first time today, individuals and organisations distributing unlicensed software on the Internet know that they can be caught and prosecuted. This case is the first of a series of Internet related actions which will be brought by Novell and the BSA in Europe in the coming months.* Smith continued *Novell is committed to working with law enforcement groups throughout Europe to halt the supply of illegal products on the Internet. Electronic distribution of illegally duplicated software poses a threat both to the industry and consumers. In many cases the software available from such sites has been passed around the world, each transfer exposing it to potential corruption and viruses. For the end-user this inevitably leads to system down time or loss of data.* Novell's Anti-Piracy Group can be contacted directly on dedicated hotlines, a list of which accompany this release. Founded in 1983, Novell (NASDAQ:NOVL) is the world's leading provider of network software. The company offers a wide range of network solutions for distributed network, Internet, intranet and small-business markets. Novell education and technical support programs are the most comprehensive in the network computing industry. Information about Novell's complete range of products and services can be accessed on the World Wide Web at http://www.novell.com.. Novell is a member of the Business Software Alliance (BSA). ### Press Contact: Sarah Williams +44-(0)1344-724042 Internet: sarah_williams@novell.com ------------------------------ Date: Thu, 24 Oct 1996 22:51:01 CDT From: Jim Thomas Subject: File 7--The "Kiddie-Porn" Spam ((The following spam was received by thousands of people, including me. It was received on an address that is rarely used for external mail or Net posting, so it's unclear how or why that account was selected. Following this post are several responses to it - jt)) ---------- Forwarded message ---------- Date--Mon, 21 Oct 1996 04:12:17 -0400 From--R9ch@aol.com Subject--Child XXX Hi! I sent you this letter because your email address was on a list that fit this category. I am a fan of child pornography and for the past 4 years, I have been able to gather quite a collection of it. I have pictures, VHS tapes, posters, audio recordings, and games based on child pornography. I am now selling my products (or trading for other child pornography). I have a complete color catalog of all my products now available. You can purchase pictures, both normal kodak, and computer GIF or JPG's. You can purchase posters, the VHS tapes, and Audio recordings. If you send your picture, I can morph your face into one of the action shots to make it appear that you are the one having anal sex with a young boy. There are many preferences you can choose from. Hair color, weight, age, height. Age of the young boys range from 7 yrs to 17. Young girls, age 4 to 19. For $2.99 we can send you a personalized audio cassette of a little boy moaning and groaning your name. There are many other products and services. If you were not supposed to receive this letter, please delete it immediately. I send out these advertisements to this mailing list once a week. If you you want to get off this mailing list, please send a letter to my address below. Do not write to this email address because I will delete it after I mail these letters. The only way to get off this mailing list is to write to my address below. Here are some prices: Complete Color Catalog (160 pages)...........................$5.00 100 Pictures young boys age 7-12..............................$9.95 120 Pictures young boys age 13-17............................$11.95 VHS tape, young boys "Bath Time".............................$49.95 VHS tape, young boys "Happy B-day, Timmy".............$49.95 VHS tape, young boys "Bobby and His Friends"...........$49.95 VHS tape, young boys "Kid Loves Candy"....................$39.95 VHS tape, "Mister's Sin (Tale of an Alter Boy)".............$39.95 Personalized Audio tape.............................................$2.99 Personalized morphed action pic................................$14.95 (be sure to include your picture) If you have any child pornography yourself, preferably young boys ages 7-9, I will trade or buy them from you. If they are action shots, of an adult with the young boy having sex, I am willing to trade big, or pay a lot. Please write to me for more details. Thanks. You can send a cash, check, or money order. Make it out to my company : "Kwo UN" Send your order to: Child Fun Jackson Heights, NY 11372 You can also send your credit card numbers. I do not accept American Express cards. ------------------------------ Date: Wed, 23 Oct 1996 15:49:54 -0700 (PDT) From: David Cassel Subject: File 8--AOL - Breaking Spam News CNN is reporting that today the FBI "hinted" they were close to making an arrest in the child pornography spam. Stories have appeared in Reuters, the Associated Press, CNN, and the Washington Post. Reuters reported that AOL was "deluged" with complaints, and said the FBI observed tips came to their offices "around the country". More interesting, an AOL officer told Reuters the account holders were not the ones who sent the mail. Hackers have been boasting about the capability to access any AOL account--without a password--since last spring. Some speculate hackers had moles in AOL's customer service department--when the editor of Internet Underground magazine contacted hackers for a story, they offered to recite his credit card number as proof. In July the Florida Times- Union reported AOL's Florida customer service building housed an employee who helped "hijack" customer credit card numbers. When arrested and convicted, he implicated two other employees [7/7/96]. AOL caught 38 of their own staffers in a June raid on the Warez chat room. And to this day, one hacker's web page contains screen shots of AOL's internal software. (http://www.netvirtual.com/blank/aol/) Even Reuters has picked up on AOL's low-security climate. Their story noted that "Hackers have in the past established bogus America Online accounts using stolen credit card numbers and the signup disks the service widely distributes..." The Washington Post reported 370,000 fake accounts were created between March and June [9/16/96]). That lends an odd context to the child pornography spam. Earlier this year AOL's postmaster collected the tens of thousands of messages Cyberpromotions sent to invalid addresses--then bounced them back, all at once. Cyberpromotions saw this as a vindictive prank, and took AOL to court, but some netizens lauded AOL for their effective retaliation. But today a University of Maryland graduate student told the San Francisco Examiner he received ten pieces of spam advertising a program called AKIMA--giving the same address in Jackson Heights. The student said he believes the child pornography mail was retaliation for the earlier spams advertising AKIMA--a program which, ironically, allows mass e-mailing to AOL subscribers. This raises the question: was the child pornography spam a variation of the postmaster's prank, perpetrated by someone within AOL? Their customer service department's ties to the hacker community beg the question. In September, speaking about unwanted spam, Steve Case said "this is the number one complaint we hear from our members." Either way, the event is being used to push pre-existing agendas. In an interview with the San Francisco Examiner, a federal law enforcement official "said it is apparently not against the law to pull a hoax on the Internet." And CNN took this opportunity to link to their "related" story, "Pedophiles stalk internet for victims". In September they had interviewed two customs agents, reporting that the two "said they become suspicious when someone offers pictures of celebrities--often a code word for child pornography." Coincidentally, CNN cites them as the agents who arrested Robert Green and Richard Russell--the school teachers running the child pornography ring on America Online (mentioned in a previous update). The Customs agents told CNN the teachers had "used computers to lure children to a certain location, where they would be molested." The Phoenix Gazette reported the men would then produce videotapes of the children they met on America Online. One of the boys was 11, the other 15; they were paid $15 each. Ironically, news of the account breach came from AOL's public affairs officer William Burrington, who was last seen at the Philadelphia trial for the Communications Decency Act, where Declan McCullagh's dispatch said he characterized AOL "as a 'resort pool with lifeguards' next to the wild, untamed ocean of the Internet". Current events don't bear that out. Part of the problem is their resort pool offers an unlimited supply of fake screen names--and apparently, the security on them isn't foolproof. (Even with the "lifeguards"...) In 1995 Burrington also testified before Congress about AOL's child pornography problems. He attributed the trafficking to "a very small percentage of its customers." An article in the Boston Phoenix, noting Burrington's "wind-tunnel-resistant hair", suggested the obvious follow-up question would be, "what percentage of members who traffic in child pornography is acceptable to AOL?" Watch for a story about this in tomorrow's Netly News (http://www.netlynews.com) ------------------------------ Date: Wed, 18 Mar 1953 04:13:11 -0500 From: Declan McCullagh Subject: File 9--More on AOL "child porn" spam ******* Date--Mon, 21 Oct 1996 06:58:08 From--atropos@aol.net (David O'Donnell at America Online) Please note that if you received unsolicited mail from "r9ch@aol.com" or "tiptoe0001@aol.com" yesterday (Sunday 20 October 1996), both accounts were closed early this morning. Copies of the messages have been forwarded to our legal department. Please do not send in more reports of this abuse. -- __ David B. O'Donnell (atropos@aol.net, PMDAtropos@aol.com) \/ AOL Internet Development Outreach and Technology Manager Tel.: 703/453-4000 x4255; FAX: 703/453-4102 "Spammum WWW: http://www.idot.aol.com/atropos/ Delendum Est" ******** [Thanks to Dave Cassel for this. --Declan] http://www.wco.com/~destiny/kidspam.htm Earlier today an AOL user e-mailed hundreds of people, announcing "I have pictures, VHS tapes, posters, audio recordings, and games based on child pornography." The notorious mail included a price-list and an address in Jackson Heights, New York. Several hundred students at the University of Oslo reportedly received copies, as did students at Yale. The message was e-mailed to Oregon, Georgia, Illinois, and New York, as well as England, Australia, Holland, Finland, Germany, and Canada (according to Usenet posts). The Royal Canadian Mounted Police received several calls, as did Interpol. One ISP reported 10 of their 1,000 users received copies--close to 1%. Even some net personalities received copies. Ron Newman, formerly of the MIT Media Lab, received the e-mail at five different accounts. Joe Shea, editor of the American Reporter, received a copy; Philip Elmer-DeWitt, author of Time magazine's "Cyberporn" cover story, received two. The authors of "The Stalker's Home Page," and "Why AOL Sucks" also received the e-mail. Responding to complaints, AOL stated "we have closed the accounts involved, and our legal department is taking action." Postmaster David O'Donnell posted to Usenet, "Please do not send in more reports of this abuse". Over 50 people complained to the New York police department, who investigated the location--a P.O. Box--with the FBI. (On a mailing list Brock Meeks noted that AOL has a "working relationship" with the FBI.) A reporter for the New York-based Newsday says the newspaper will probably carry a story about the event in Tuesday's edition. (http://www.newsday.com) According to one Usenet post, the address belongs to one of AOL's "disk dancers". The mailing address of the (presumably-framed) New Yorker is for sales of a program that lets AOL users spend time on the system without being charged. This is not the first time AOL's hacker community has cross swords with child pornography. The documentation for AOHell contains a section called "Why I made AOHell." "I'm sick of all the God damn pedophiles," the program's author states. "AOL constantly closed the 'Hackers' Member room, but refuses to do anything about all the pedophilia rooms...If AOL is going to do nothing about this type of sick behavior then I will do everything I can to screw AOL up." Instead, users signing onto AOL tonight received an advertisement for hardware that can "grab color images right from your camcorder, VCR, or TV." This December marks the five-year anniversary of the first child pornography scandal on AOL. In 1991 Newsweek reported that one subscriber posing as a child "received pictures of what appear to be youngsters involved in sexual acts." AOL's members didn't find out about the incident until the story turned up on CNN. (Mainly because the outraged user went straight to the network.) In 1993, ten-year-old George Burdynski disappeared from Brentwood, Virginia. He was never seen again--but his disappearance launched the largest child pornography investigation in FBI history. In September of 1995, the FBI raided the homes of 120 AOL users, and in July the FBI raided 100 homes just in Cincinnati. Days before, one agent told the Cincinnati Enquirer "there are new people being identified daily." The FBI had information on more than 3,000 users--which at the time constituted one out of every 1,200 AOL subscribers; "FBI and America Online records revealed that during one 25-minute span when an illegal photograph was made available on the computer service, about 400 people nationwide downloaded the picture to their computers." Jean Villanueva stated that AOL contacted the FBI "upon receiving the material, and verifying that it was in all likelihood illegal". (At least one children's rights activist questioned the legality of the delays "verification" added to AOL's response.) Earlier that year U.S. Customs Officials cracked a child pornography ring operating on America Online. In February of 1995 two teachers in Florida were charged, and a third suspect arrested in Salt Lake City. A Customs official said photographs were being downloaded directly from AOL's shareware section, which apparently wasn't monitored round-the-clock. The first guilty verdict from that investigation was handed down in February of 1996--for photographs a user transmitted in July of 1994. In August an AOL user in San Francisco was indicted for his involvement in a 13-year-old Kentucky girl's 2-week disappearance; in November of 1995, a New Jersey man was sentenced for actions with a young boy in July of 1994. The San Francisco Chronicle suggested problems were exacerbated by AOL's fully-anonymous screen names. In fact, up until September of 1995, AOL wasn't even verifying the full authenticity of the credit card information users input. That created an entrenched subculture of disk dancers that persists to this day. The Washington Post reported that between March and June, over 370,000 fake accounts were created with bogus credit card information. Ironically, the ten-year-old boy who disappeared lived just miles from AOL's headquarters in Vienna, Virginia. One children's rights advocate is considering setting up a fund in the boy's name. ------------------------------ Date: Fri, 25 Oct 96 07:35:25 CDT From: Eric Behr Subject: File 10--Flaw in Solaris 2.4 Daylight Savings Time Calculation (fwd) FYI, in case you missed this: >Date--Thu, 24 Oct 1996 23:47:01 -0700 >From--mark.graff@Eng.Sun.COM (Mark Graff) >Subject--URGENT--Flaw in Solaris 2.4 Daylight Savings Time Calculation > >I have been asked to announce here an anomaly in timezone calculation >which will affect some Solaris 2.4 customers this weekend. The bug: >log entries will not accurately reflect the upcoming transition from >Daylight Time back to Standard Time. You'll find details below. > >The only customers who will be affected are those who: > > * Run Solaris 2.4 systems, with kernel patch 101945-37 or later > (for x86 systems, that's kernel patch 101946-35 or later); and > > * Are in locales which are reverting to Standard Time this > weekend, such as most of the U.S., Canada, Mexico, and parts of > Europe (but not Japan and many parts of Asia, Australasia, and > Africa); and > > * Use (as most do) non-POSIX /usr/share/lib/zoneinfo > representation to designate system timezones; and > > * Require accurate timestamps for system log entries and events > this weekend. > >Since the problem will occur over a weekend evening, only lasts for a >matter of hours, and doesn't affect the system clock, we expect that >relatively few customers will even notice the effects of this bug. > >Note that this is *not* a security bulletin. We are sending this >advisory out along the channels we usually reserve for security bugs >because we wanted to get the information into our customers' hands as >quickly as possible. We actually discovered the complication only this >morning, while analyzing a related problem reported by a European >customer a few weeks ago. > >The bug involves the C library calls which translate system time into a >human-readable format, such as "Thu Oct 24 21:33:21 PDT 1996". The >exact effect of the bug is that localtime(3)-format strings will revert >to "Standard Time" at a moment indicated by GMT, not local time. This >means, for example, that starting at 0200 hours GMT, Sunday, 27 >October, system logs and other timestamps recorded in local time will >be off by one hour. The system will continue to record bad timestamps >until 0200 hours local time, when the real world and the computer's >calculations will once again agree. > >In the Pacific time zone, then, the problem will start at 1800 hours >PDT and last for eight hours. In the Eastern time zone, the problem >will start at the same moment (which is 2100 EDT) but only last for >five hours--0200 comes earlier there! Affected systems in the European >MET zone will experience the problem only for one hour--and the >erroneous time will be one hour later than the real time, not earlier, >as in the U.S. > >Note that it is in fact possible to avoid the problem behavior, by >re-specifying the system's time locale in POSIX representation. The >adjustment, however, is fairly complex; it involves re-booting the >system; and describing the workaround completely would require telling >you what to do for all 459 or so time locales around the world. We're >not prepared to do that tonight. > >Of course we will fix the bug in subsequent kernel patches. But the >patches won't be ready for some time, and certainly not before this >weekend. So please, if you believe your system is one of those >affected and would like help, now or later, contact your local Sun >Solution Center. > >-mg- > >Mark Graff >SunSoft ------------------------------ Date: Thu, 21 Mar 1996 22:51:01 CST From: CuD Moderators Subject: File 11--Cu Digest Header Info (unchanged since 7 Apr, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #8.76 ************************************