CYBER RIGHTS NOW! // /\ .^. / / //^\ \.^| |^.^./ / / |_: : : |/ / /^ ^ ^ \ \ /\ \_ | \ \ / /\ \ | \ \ // \ / . \ \ / | | \\ |CRN!| \ )ASCII by Bone( Newsletter 2 ****PLEASE DISTRIBUTE**** /\/\/\/\ CONTENTS /\/\/\/\ I. Introduction II. The Return of Bone's H/P/C page III. AOL's Method of AOHELL control IV. A Comment on C|NET V. A Quick Remark on the Movie Hackers \/\/\/\/\/\/\/\/\/\/\/\/\/ ********************************************************** INTRODUCTION By Bone Welcome to CRN! Newsletter #2. I honestly didn't even think we would make it to Issue #1 and here we are at #2. Cool. CRN! membership continues to grow daily. At last count (on 10/1/95) we were at 174 registered readers. That's not that bad considering CRN! really is a word of mouth/e-mail circulation thing. We have members from all over the world, and accessing from all different kinds of computers. The one group we seem to be missing is .gov. They don't seem to want to register (Even though I know they are still accessing the page). Ah well, you know big bro, he want's you to think he isn't there (yea right). One thing that has seem to decrease is the e-mail I have been receiving concerning CRN! or cyber rights in general. As of right now, this may be a short newsletter because of lack of articles. People who said they would send articles are falling short. But everyone get busy, so that's no prob. I'm shocked by the lack of e-mail because of all the things AOL has been doing to regulate people. I'm shocked some of the AOL users even put up with it. On the subject of articles, anyone can submit them. They don't have to be really specific, or just AOL (they are just the one's doing the most right now). You can write about how your school shut down your account for stupid reasons, or anything else like that. As you can see I sometimes rant and rave on topics not totally related to cyber rights. That's cool. Go for it. For those of you who have been accessing my homepages and noticing some screwy things or files missing, all will be explained later in this newsletter. Trust me, it will be fully operational soon, and have even more files (maybe even AOHELL3?!). I've been trying to find the author of AOHELL3 but most of my underworld contacts have dried up, and it's not going so well. We do now have a lawyer who reads the newsletter and offered to write about things from a legal point of view (but he hasn't answered in a while either). If you notice I say we a lot. I mean all the members of CRN!. This newsletter was created to express the masses views. Not just mine, but everyone who agrees that cyber rights are being abused. So I write this from the point of view of a group, not a single individual. If you notice that this issue is rather short it is because the people who had promised me articles decided not to ever send them to me. So I wrote what I could with the time I had (very little time mind you). Hopefully with all the new members we will have some authors who like to write. OK, enough with the intro. Lets get to it. -Riding a bit to freedom.... Bone ********************************************************** THE RETURN OF BONE'S H/P/C PAGE O 'RAMA By Bone Last issue I talked about why my homepage basically fell off the Earth. Now I'm here to tell you that it's back and what I'm doing to keep it back. If you recall AOL along with the FBI, CIA, NSA, and so on helped in the removal of my homepage. If none of you have ever been to my homepage it contains Virii, Hacking tools, Cracking tools, Credit Card information files, and other things along those lines. None of the software is copyrighted though. After finding that all the above organizations had been accessing it, the Sys Admin asked me to remove it. And I did. If you also recall, AOL had actually contacted my school. After talking with the Sys Admin and finding all the holes in the schools rules concerning computers, I can to a conclusion. The machine I was storing the page on belonged to the library, no the school (technically). The library could tell me what I could and could not do with my account because I was an employee and I did not pay for the account. The school account on the other hand I did pay for. Every student at IUP gets an account as soon as they enroll and they pay for it. Since I was paying for the account, I had more rights. But there was one small problem. The User accounts are only allocated 800k of storage space. My homepage needed over 20 megs. The school did have what is called an ldisk which is basically a public storage space 1 gig in size. But they auto delete the files after a week. So this was not a very feasible option. So here is what I did. The Sys Admin of the library computer told me he didn't care about the files, and he had plenty of space. He said he would let me use the library's machine as a storage location. I then moved the homepages only to the school computer. There is nothing illegal about having html code on the mainframe. All the html that points to files goes to the library's machine, bypassing the storage problem. Ta da! Back up. Some of you may notice that the pages seem to get screwed up sometime. This is because the homepages are on a VAX/VMS that is configured in the oddest way. It's not my fault and but I am trying to correct what I can. Does this mean I can put AOHELL back online? Very VERY possible. I'm discussing it with the library Sys Admin. He believes I have every right to have the file, as long as I don't use it (kinda like a gun). The only thing holding me back is that the Sys Admin of the VAX/VMS has been known to go and just delete files. This is highly illegal. I've talked to my lawyer and if he did such a thing I could possibly file a class action suit and get over $500,000. So in a way I'm hoping he does it. What is holding me back is the Computer Science Department (which I am a senior in). They have never liked me and I am currently asking the to make an exception to a minor they usually don't accept. Once it's accepted, AOHELL3 will probably go online. More files will also be coming. I haven't had time to dedicate to the homepage like I used to, and I am sorry. Anyway, so what does this have to do with cyber rights? Well if you read the first newsletter you will see. It's also an example of how you can get around things in the system like the corporations do. Oh yea, if you don't know, my homepages are: CRN! : http://www.lib.iup.edu/~seaman/index.html Bone's H/P/C : http://www.iup.edu/~psxb/main.html ********************************************************** AOL'S METHOD OF AOHELL CONTROL provided by : Anonymous Subject: AOL meeting with FBI: Tracking down Da Chronic From: *******@aol.com Date: 9 Sep 1995 17:11:33 -0400 Message-ID: *Peter Hypolite is Manager of AOL's Terms of Service Department.* *You can call him at 703-883-1544* *John Gardiner is an Attorney in AOL's employ.* *You can call him at 703-918-2042* Date: Fri, Sep 1, 1995 17:19 EDT From: PHYPOLITE Subj: Fwd: Attendees at AOL/FBI Meeting regarding AOHell To: MDHorton Posted on: America Online (using WAOL 2.5) Mike, lets rap about one of your "special forces" coordinating activities w/Jason Mitchell (Webmaster) to handle searches of web sites on a regular basis, and keeping a report of this. -Pete From: xxx6749751@aol.com (XXX6749751) Date: 14 Sep 1995 15:33:06 -0400 Message-ID: Yep, AOL cancelled my first post of the more detailed info I found on the FBI's investigation of the Chronic, so here goes again: ------------------------------------------------------------------ Date: Thu, Aug 31, 1995 11:19 AM EDT From: GardinerJD Subj: AOHell Status To: EKirsh, Dphillips Posted on: America Online (using WAOL 2.5) Ellen and Dave: Last Tuesday (Aug 22) I arranged a meeting between AOL and Federal law enforcement to discuss AOHell. In addition to me, AOL attendees included: Pete Hypolite, Brad Willard, David Kirk, a consultant assisting Kirk, a Webmaster (Jason). Fed attendees included: FBI Agent Hugh McLean, FBI Agent Court Jones, DOJ Attorney Philip Reitinger. I provided the Feds with background information for the meeting and presented our case, with support from Pete, Brad and David. Jason (from the Webmaster group) downloaded AOHell and gave a presentation of Credit Wizard (the credit card generator) and the AOHell functionality. The presentation was basically along the lines that through AOHell, adept users may can hack AOLis network using a variety of fictitious names and actual credit card and bank account numbers. Though AOL has implemented procedures to detect patterns of usage of AOHell, and has thus been able to terminate a substantial number of AOHell users and track some of them down, people are still using the program. We made it clear that the only purpose of AOHell is to abuse the AOL service and that a number of issues their investigating (i.e., child porn, computer crimes, etc.) are attributable to AOHell users because they have unbridles access to AOL. In addition, the Feds were made aware that issues include: (1) Copyright/Intellectual Property Infringement; (2) Fraud on America Online; (3) Fraud on Banks and Credit Cards; (4) Unauthorized Access and (5) Other Actions (AOHell users have been linked to illegal activity which AOHell promotes (e.g., a bomb scare, death threats to political figures, software piracy, child pornography and harassment)). The Feds stated that they were very interested in assisting us and that they would be willing to investigate incidents of use and postings and held track down the developer. The DOJ attorney is computer literate and very familiar with ECPA. He said that they would issue subpoenas to obtain information for their investigations. The FBI agent, though not as computer savvy, appears eager to investigate and issue subpoenas. I can't assess the likelihood of his success. Finally, the matter has also been referred to an Asst US Attorney for the eastern district of VA, Jack Hanly (who, I am told, does not have a computer). The meeting resolved one problem for us. The FBI will get the information from the coms/orgs/edus used to create web sites distributing AOHell as well as from coms/orgs/edus with which persons distributing AOHell have user ids. If we got the information, unless it was a significant matter, we would not proceed on the civil side. Therefore, we should NOT proceed with our own subpoena efforts and use outside counsel on this, but rather we should (and I am starting to coordinate) handle the matter internally as follows: (1) Webmaster and TOS will monitor newsgroups/web sites for AOHell distribution and will pass on the information to the Legal Department. (2) If its a web page distributing AOHell or a posting offering AOHell, we will contact the com/org/edu and notify them that their services is being used to distribute illegal hacking software. Thus far, every com/org/edu has terminated the web site. Postmasters at com/org/edus will determine whether the userid should be terminated pursuant to their applicable "TOS". This is the best way for us to take action. When we get our crimes specialist, he/she will undertake this effort. In the meantime, I have been calling and have enlisted Preston Green's assistance in tracking things down and making certain calls. (3) We will inform the com/org/edu that we are forwarding the info the FBI and they may be contacted soon. Thus far, Agent McLean has been contacting those com/org/edus I have identified. Thus, the FBI can investigate and do the leg work of tracking down Da Chronic. Through this procedure we can take action ourselves to immediately (a) get the site/posting deleted and (b) get the perpetrator's service provider involved and perhaps terminate his/her userid. Further, with the FBI, DOJ and US Attys. offices involved, they can handle the investigation better than we can as far as compiling a file of all names associated with distribution and tracking Da Chronic. Already I have been told that people are screaming (in some newsgroups) for AOHell 4 because web sites have been deleted (some I think through our efforts). Please let me know if you have any questions, comments, etc. John *Any spelling mistakes are the real thing. ********************************************************** A COMMENT ON C|NET By Bone One Sunday morning (after a heavy night of drinking) I woke up around 8 AM and did what most people do. I turned on the T.V. What I found was a show called C|NET. C|NET, if you don't already know, started out as sort of a newsletter about the computer world. Not specific in any real way, just about the happenings and new products. Anyway, it seems it has grown enough to get it's own T.V. show. So I'm watching C|NET and they start talking about AOL. Specifically they start talking about child pornography, and AOL's steps to regulate it. They stated that AOL has for a while been trying to regulate child pornography and has been working with the FBI. Now, anyone who knows AOL knows that is completely wrong. As talked about in CRN! #1 there are a ton of pornographic channels on AOL and a good portion do deal with children. I will admit something is going on because the local T.V. stations have had a few stories about child pornography busts in the area that dealt with computers. But AOL enforcing it for a while? BUAHAHA. Someone has to wake these C|NET reporters up. That or teach them to see past the payoff checks and power AOL is using. They never mentioned anything about hacking, or AOHELL. You can bet this is because it is to embarrassing for AOL to have known to the general public/Joe Schmo user. C|NET later went on to other topics. I had the distinct feeling that the reports were just that, reporters. They really didn't have a good feel about computers of the Internet, and if they did, they have not been around like most of the readers of CRN! have. I really think someone from the underground needs to go to these people and smack them with reality. Say "Hey! You guys have NO idea what is really going on out there. Start telling the truth!". Maybe then C|NET would also start talking about how CMU users had their first amendment rights basically stripped from them. Oh I'm sorry. Now that I'm in college I thought I could decide what is good and bad for me! Nope, still need some 50+ yr old to tell me what to do. Yep generation X, the sit back and take it generation (but that's another story). Back on topic. C|NET seems to be some exec's idea of cashing in on those lovely keywords like "cyber space" or "surfing the net". Nice production value, but the content just wasn't all there. ********************************************************** QUICK REMARK ON THE MOVIE HACKERS By Bone I still have not had time to get out and see the thing. Supposedly it's a pretty decent movie, but off on some things. All I know is everyone comes up to me going : "There is a guy who reminded me of you so much!" me : "Oh yea, who?" "There's a phreaker in it!" me : "Ok." "He was just like you!" me : "wow."(note sarcasm) "Yea, it was cool!" me : "Did they show any trashing or soc. eng'in?" "Umm..." and so on..... Anyway, I've never really been into those movies because I see it as someone just trying to make money. That and a good portion of the stories leave out one little thing that represents a good portion of hackers. A quest for knowledge. You see not every hacker is out to go hurt something or steal something. A lot of them (including myself) are their in a quest for knowledge. We were the little kids who tore apart old radios to see how they worked because we wanted to know. We are not out to make money, we are out to learn new things. In this process a few laws may bend, some may even break. We don't just blow this off, but it is a sacrifice that is made. We build red box's to learn how the phone system works on tones. We hack a system to learn how it is configured. Or if it is an OS you have never seen, to learn it (System 75's (Difinity G's) are a good example). It is also a bit of a thrill. When you con an operator into giving you an outside line. You learn how the human mind works, how it can be tricked. You feel a bit of power, the power of manipulation. It is these things that motivate most hackers. It is not a need for destruction. Granted there are some people out there who phreak just to save money, or hack just for destruction. But there are always bad eggs. Don't forget the people who just want to learn how the system works and since they can't do it legally, they do it illegally. It is a want for knowledge, not destruction. If you want to see a computer movie that's pretty realistic dig back a few years and watch WARGAMES.