Previous Next Index Thread
Previous Next Index Thread
Computer underground Digest wed Nov 1, 1995 Volume 7 : Issue 86
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #7.86 (Wed, Nov 1, 1995)
File 1--CyberAngels FAQ file
File 2--Re: Attention Spammer: The War Has Started
File 3--Scientology Attacks Carnegie Mellon University
File 4--Head of the French hackers group was a secret service agent...
File 5--Cu Digest Header Info (unchanged since 18 Oct, 1995)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Mon, 30 Oct 1995 11:54:48 -0600
From: bladex@BGA.COM(David Smith)
Subject: 1--CyberAngels FAQ file
CYBERANGELS: FAQ
The Guardian Angels "CyberAngels" project is an all-volunteer
Internet patrol and monitoring project started by senior members of the world
famous "International Alliance of Guardian Angels", whose HQ is in New York
City.
We are a worldwide informal group of volunteers, whose mission is to be a
Cyberspace "Neighborhood Watch".
THE INTERNET IS OUR NEIGHBORHOOD - LET'S LOOK AFTER IT!
1) How did the CyberAngels project start?
The Cyberangels project was born in June 1995, after a discussion between
senior Guardian Angels about the apparent lawlessness of the Internet world
CyberCity. Guardian Angels leaders on the West Coast of the USA (Los Angeles
and San Francisco) had been online for the previous 2 years, and when
Guardian Angels Founder and President Curtis Sliwa himself went online in New
York City and got his email address, we began a serious discussion about
CyberCrime and how the Guardian Angels might respond to it.
Curtis Sliwa has a daily talk radio show on WABC in the New York state area.
Once he had an email address, he made the announcement over the radio, and
his email box immediately started to receive letters telling stories of
online harassment (stalking), hate mail, pedophiles trying to seduce children
in live chat areas, and complaints from worried parents about the easy access
their children had to hard core pornographic images.
Realizing that there was a big issue at stake here, Curtis began discussing
the Internet issues on his talk show, and as the debate raged daily, and the
letters kept pouring in, we realized that perhaps we were being asked to DO
SOMETHING.
We sat down and discussed what we the Guardian Angels could do to help
reassure parents and to make the Net a safer place for kids and others. The
answer was simple - we should do what we do in the streets. The Internet is
like a vast city: there are some rough neighborhoods in it, including "red
light" areas. Why not patrol the Internet, particularly in these "rough
neighborhoods" just like a Neighborhood Watch? Just like our own Guardian
Angels Community Safety Patrols. And why not recruit our volunteers from the
very people who inhabited this vast world CyberCity? Who better than to
cruise the Net watching out for people's safety than members of the Internet
community themselves? After all, who else could do it? Never an
organization to blame it on, or leave it to the government, we decided to do
something ourselves.
So the CyberAngels program was set up - an all volunteer team, providing a
CyberSpace Community Safety Patrol and an Internet monitoring service.
Current CyberAngels Chief Coordinator is Colin "Gabriel" Hatcher.
2) What is the purpose of the CyberAngels project?
The purpose of the project is
a) To promote and protect the idea that the same laws of decency and respect
for others that apply in our streets should apply also to the Internet.
b) To protect our children from online abuse.
c) To pressurize service providers to enforce their Terms of Service.
d) To give advice and assistance to victims of hate mail, harassment and
sexual abuse online.
e) To watch out for users violating terms of service by committing
cybercrimes and to report them to relevant authorities (Sysadmins, or even
Police).
f) To help to make unnecessary Government legislation by showing Government
that the World Net Community takes the safety of our children and the well
being of all its members seriously.
3) How does the project work?
Volunteers send their information to Gabriel at ganetwatch@aol.com and we
send them a copy of our FAQ. Each volunteer volunteers to spend a minimum of
2 hours per week cruising the Net and looking for places where they believe
there may be unacceptable activity. It is up to each member where they go
and what they look for, although sometimes we may send a bulletin to all
members advising them to search a particular area.
If a volunteer finds criminal activity on the Net, GANetWatch functions as a
clearing house for information. We do encourage members to report violations
themselves, but we ask that copies of all actions taken are forwarded to us.
Members may choose instead to simply report the problem to us and leave it
to our more experienced members to deal with.
We keep our members informed via email, with a regular update on what's going
on.
4) Why do we need volunteers?
The Internet Community is huge - around 40-50 million people, and growing
every day. There are hundreds of new Web sites each week. The more
volunteers we have, the more effective we can be. And by giving a little of
your time to looking after the welfare of the Net, you can make a real
difference!
WE NEED MORE VOLUNTEERS!
Anyone can be a CyberAngel. The only requirement is that you commit a
minimum of 2 hours per week to the project. No previous experience or
special skills are necessary...although a computer and an Internet account
would be useful! :)
JOIN US NOW! LOOK AFTER YOUR CYBERCITY!
We are anonymous in cyberspace. Noone cruises with a Cyberangels badge. And
we do not encourage our volunteers to identify themselves online. We DO NOT
advise our volunteers to challenge cybercriminals directly, neither by
arguing in live areas, nor by flaming in emails, nor by counter-postings on
message boards / newsgroups. Being a CyberAngel involves no risk or
danger. You are volunteering only to be eyes watching the Net.
5) What should volunteers be looking out for?
We are searching to uncover and prevent:
a) Child abuse and pedophilia;
b) The trading in images of child pornography;
b) Sexual harassment;
c) Hate crimes, including harassment;
d) Fraud schemes operating on the Net (particularly credit card fraud);
e) Software piracy;
f) Computer virus developments;
g) Terrorism, bomb-making, weapons trading etc.
Activities between consenting adults (providing they are within the law) are
not our concern.
Searching for the above violations our volunteers are encouraged to visit:
a) Live talk sites (Chat Rooms, IRC areas, MUDs etc);
b) Kids and Teens sites of all types;
c) Message boards, where visitors can leave postings;
d) Newsgroups (particularly "alt." newsgroups);
e) Any sites providing material / discussions / images / contacts of a
sexually explicit nature (there are thousands!) These are unsupervised areas
of the Net where children may roam. For example, parts of the World Wide Web
are online porno stores with the doors wide open, and with no staff inside.
Kids can easily surf by.... The only warning says "Don't come in here if you
are under 18". But there is noone there to check what is happening. And
naturally enough kids are wandering in and looking at the merchandise. This
is not acceptable on the streets of our cities, and yet we are allowing this
on the Net.
When discovering suspicious or criminal activity, CyberAngels should record
the date, time and place and nature of the violation and write down the
user's full ID and InterNet address. Mail can be forwarded to
ganetwatch@aol.com, or volunteers may copy and paste information to send.
Please follow our advice and DO NOT attempt to challenge cybercriminals
directly. Simply report the violations to us at Netwatch, and also to the
System Administrators, or Service Providers, of the cybercriminal. Email can
usually be sent to "Postmaster@..." or "Sysop@..." or "Sysadmin@...", or find
out by writing to/calling the company (the cybercriminal's Service Provider)
and asking them who you contact to report a violation.
As far as Web Sites are concerned, w e are encouraging parents to use some of
the new filtering software, that can screen out chosen areas of the WWW.
Organizations like **"Safesurf"** are campaigning for Websites to register
as "child friendly", and are on the cutting edge in helping to develop new
software for parents to regulate their children's access to the Internet. We
fully support Safesurf and are working together with them. Together we
believe that CyberAngels and Safesurf will form an irresistible alliance for
Good on the Net!
6) How will the project develop?
The first stage of our project is to involve volunteers in pressurizing
Internet Providers to enforce their terms of service. This involves the
accumulation of information and the reporting of violations to Service
Providers.
The second stage of our project involves the Police. Information about
crimes will be passed to the relevant Police authorities, particularly Sex
Crime departments and Fraud departments.
For the third stage of our project we will have a section on our Web Site
where we will be offering rewards for information about various
cybercriminals. There will be the equivalent of "Wanted" posters, asking for
further information about people who have already been reported to us, and
whom we have verified as cybercriminals.
7) Is this a US First Amendment Issue? What about Freedom of Speech? Don't
people have a right on the Internet to express their views freely? Are the
CyberAngels proposing censorship?
CyberAngels support the First Amendment of the US Constitution.
We are not trying to abolish free speech, but we believe that freedom of
speech should not be exercised if by exercising it you are violating someone
else's basic rights. For example I could claim freedom of speech to justify
talking sexually and obscenely to a young child - but we all know that that
is wrong. This is not a First Amendment issue. Breaking the law takes
precedence over "freedom of speech". We are all granted our freedom, but not
the freedom to hurt, corrupt, abuse or harass innocent people.
The First Amendment was not written to protect pedophiles. No criminal can
claim "freedom of expression" to justify a crime. Child pornographers on the
Net are criminals and should be brought to justice.
8) The Internet is huge and unregulated. Surely such a project is an
impossible task?
The fact that the Net is impossible to maintain crime-free is no reason for
us to do nothing. Each person does their part. If everyone picked up their
own trash, there would be no need for garbage collectors. The same could be
said of our streets. We are not naively hoping to eliminate crime from the
Net, only to play our part in protecting the innocent majority from the
violations of the tiny tiny minority.
The Internet Community consists of millions of people. That is millions of
potential CyberAngels.
TOGETHER WE CAN MAKE A DIFFERENCE!
9) What kinds of changes would the Guardian Angels / CyberAngels like to see?
a) We would like to see an improvement in User identification. User ID is
impossible to verify or trace back. The very anonymity of Users is itself
causing an increase in rudeness, sexual abuse, flaming, and crimes like
pedophile activity. We the Net Users must take responsibility for the
problem ourselves. One of our demands is for more accountable User IDs on
the Net. When people are anonymous they are also free to be criminals. In a
riot you see rioters wearing masks to disguise their true identity. The same
thing is happening online. We would like to see User ID much more thoroughly
checked by Internet Service Providers.
b) We would like to see Websites registering as "Child Safe" or "Child
Friendly", so that parents can use the new software to restrict children's
access. We support Safesurf in their campaign on this issue.
c) We would like to see Internet Service Providers enforcing their Terms of
Service.
d) We would like to see a worldwide blacklist of known cybercriminals,
circulated to all Providers and regularly updated, so that these people could
be denied access to Internet accounts.
e) We would like to see the whole Internet Community united together to
protect the Net from all crimes and violations.
JOIN US, NOW!
------------------------------
Date: Fri, 27 Oct 95 11:43:28 PDT
From: Barry Gold <barryg@sparc.SanDiegoCA.ATTGIS.COM>
Subject: 2--Re: Attention Spammer: The War Has Started
Instead of using the extra-legal methods so heavily hinted-at in Patrick
Townson's comments, I think we should look at technological methods to
defend ourselves against Spammers. I don't think we can stop them
althogether, but we can probably make their life more difficult and
get rid of all but two classes:
(A) First-time offenders that don't know enough to cover their tracks
(B) A very few, really dedicated and net-wise spammers who won't
give a damn about the law.
Class (A), of course, can be dealt with by traditional methods: e-mail
the ISP and get their account cancelled.
Class (B) will probably require resort to the law, but I think we can
push them to the point where they will have to commit actual crimes in
order to get their spam through - which is why only a very few of them
will remain.
Let me (try to) explain:
The latest round of spam (the "Magazine subscription service") came
from an obviously forged address. In general, the more experienced
spam artists forge the headers of their spam to make themselves harder
to track down. (Which means it takes longer before we can get their
account cancelled.) So, we make this a little harder:
Definitions:
"real site": something with an IP address that is up 24-hours a
day (more or less, allowing for possible down time due to
telecomm problems, software bugs, hardware faults, etc.).
To qualify as a "real site", you must be able to ping it and
open an SMTP connection to it on the standard port (25).
"hop": something that shows up in "received:" headers. Each "hop"
therefore causes either one "received: from... by..." header
or a single pair of "Received: from" and "Received: by"
headers, depending on the mailer daemons involved.
Note that this isn't the same as the IP "hop" involved in the
"hop count", "time-to-live", etc. fields.
Assumption:
A legitimate e-mail address is no more than "n" (say 2) hops away
from a "real site". If it appears to be further away than that,
the probability is that one or more "received:" headers have been
forged to conceal the true origin of the message.
1 hop would be even better, because then we can at least verify
the site names for every message (see below).
1. Mailing lists: two steps:
a) Improve majordomo and listserv to recognize obviously forged
headers and dump the messages. This is a simple change. If the
supposedly "verified" From: line is non-conforming, trash the
message. Some examples include:
. more than one "from" address
. totally ridiculous site names, especially where the
top-level domain (the last one) isn't one of the "standard"
three-letter names or a two-letter country code.
b) A further improvement involves actually verifying the From:
line before sending the message out again. This would be more
work, but would make the spammer's job much more difficult. When
processing a message, majordomo/listserv should open an SMTP
connection to the site shown in the "From:" header. If that can't
be done, the Return-Path and/or Received: headers should be parsed
to find a system that _can_ be connected to.
If the From: site is "real", majordomo/listserv should go further
and verify that a RCPT-TO: will be accepted by the smtpd at that site.
If it isn't real, at least verify that the next-site in the
return-path is acceptable (RCPT-TO: postmaster@site).
2. News: similar two steps
a) a daemon that runs periodically and trashes anything in the
spool directories that has a bad From: line.
b) verify From: lines as above. This might be done when the
message is accepted by nntpd (or uucp, for sites that still use
it). Or the above daemon might do the verify for each message it
scans.
Note that step b) can be improved by cacheing site names known to be
good and possibly even user names at those sites.
So, I can hear you asking, what does all this get us? The spammers
will just put "real" site names and real usernames in their "From:"
headers, right? Then when the software checks it out, the supposed
"From:" site will say "sure, I exist and I've got a user with that
name". And the message will be posted/remailed, and the spam will go
on.
BUT, if we fix things so the spammer can only get a message in with a
real username, then those messages will be much closer to "forgeries" in
the legal sense: a document issued by person B, and purporting to issue
from person A. I'm not a lawyer, so I'm not sure if an ordinary
letter qualifies for this purpose (as opposed to a check, deed,
contract, etc.) but it sure brings them a lot closer to a prosecutable
offense.
And if it isn't currently unlawful, I think we can get the legal
definition expanded without getting the government into
constitutionally questionable areas of regulating free speech. We
don't need the govt telling people what's "on-topic" for a given
newsgroup or mailing list. No regulation of "commercial" speech in
areas dedicated to "non-commercial" use -- and just try getting such a
law through a Congress dominated by commercial interests anyway.
Just a simple rule that makes it a crime to claim to be someone else.
Note that this doesn't outlaw pseudonyms per se. Using an anonymous
account, or one where you've used "chfn" or equivalent to change the
name to something other than what you use for other purposes, wouldn't
be unlawful -- the basic rule still applies: you can use any name you
like, as long as the purpose isn't to defraud others. But pretending
to be some other _real_ person would be a crime -- if not under
current law, then under rules that could be enacted, would be
defensible under constitutional challenge, and wouldn't be excessively
intrusive in our freedoms on the net.
In fact, such a law needn't (and _shouldn't_) mention the network,
computers, etc. at all. It would be unlawful to sign someone else's
name to a letter sent via snailmail, e-mail, netnews, posted on a
supermarket bulletin board, or carved in the bark of a tree
(S.K. -heart- J.S.).
Of course, this still leaves the dedicated few who don't care about
the law, but they will be few and very much on the fringes, _not_ the
big companies that we usually worry about. Just as existing rules
(and social controls) help keep down the number and intrusiveness of
crackers, I think this scheme would keep down the number and volume of
the spam artists.
So, whatdya think?
------------------------------
Date: Wed, 1 Nov 1995 00:34:11 -0800 (PST)
From: Declan McCullagh <declan@EFF.ORG>
Subject: 3--Scientology Attacks Carnegie Mellon University
Reprinted from FOCUS, vol. 25, no. 1, October 1995, page 4:
SCIENTOLOGY ATTACKS CARNEGIE MELLON UNIVERSITY
by Declan McCullagh (declan@well.com)
A flame-war raging on the Internet over the Church of Scientology's
attempts to halt the distribution of its bizarre secret scriptures has
spread to Carnegie Mellon University.
When SCS senior research scientist Dave Touretzky placed a copy of a
Scientology tract on the World Wide Web in August, the church immediately
moved to cancel his netnews posts that mentioned the web pages. It also
faxed printouts of the pages to CMU's attorneys and threatened a lawsuit
over "trade secret violations."
The same day, University Attorney Walter DeForest called Touretzky, who
agreed to remove the 136-page tract from his web site. "DeForest didn"t
know what the legal status was of the court records and copyrighted
documents. He was going to research this. In order to spare CMU and
myself an unnecessary lawsuit, I voluntarily took the materials down," says
Touretzky.
Complicating the problem for CMU was the files' origin. Touretzky's web
site contained documents that were then available to anyone who walked into
the federal court building in Los Angeles. The court documents were later
sealed after attorneys for Scientology successfully argued that copyright
laws prohibiting unauthorized republication apply to the documents.
"This is not an easy area of the law since it combines the Internet with
controversial subjects," DeForest says. "It's normal and appropriate for a
university to respect copyright -- if it exists. It's consistent with
academic freedom."
The threats against CMU are the most recent in a series of lawsuits the
church has filed against Internet service providers, newspapers, magazines
-- and especially against its critics, who argue Scientology is a cult that
brainwashes and blackmails its members and harasses defectors and critics.
"The Church of Scientology has made a practice of suing people who have
been critics of their practices or their tactics. The fact is that these
lawsuits are not meritorious," says Mike Godwin, staff counsel for the
Electronic Frontier Foundation, an online civil liberties group based in
San Francisco.
In August the church sued one of its former members for posting anti-church
information to the Internet and persuaded a federal judge to permit the
seizure of his computer. The church then sued The Washington Post for
reporting on the computer seizure and quoting from public court records.
Ironically, the court documents were generated by Scientology's previous
lawsuit against TIME magazine, which in 1991 ran a cover story calling the
church a "thriving cult of greed and power."
Despite Scientology's best efforts, its religious teachings remain publicly
available on the Internet -- not just because of the efforts of critics and
free-speech advocates, but because network users delight in passing around
the excerpts, which read like one of Scientology founder L. Ron Hubbard's
pulp science fiction novels.
Hubbard's scriptures claim that 75 million years ago an evil galactic
overlord named Xenu solved the galaxy's overpopulation problem by freezing
the excess population and transporting the bodies to Teegeeack, now called
Earth. After the hapless travelers were defrosted, they were chained to
volcanoes that were blown up by hydrogen bombs. Then, Hubbard writes in
Operating Thetan 7: "The Pacific area ones were taken in boxes to Hawaii
and the Atlantic area ones to Las Palmas and there "packaged." His name
was Xenu. He used renegades."
Elsewhere in the scriptures, Hubbard requires church acolytes to go to a
park or a zoo "with many types of life and communicate with each of them
until you know the communication is received and, if possible, returned."
The disembodied spirits of the dead are called "thetans" and supposedly
still haunt mankind, but Scientology offers ways to "audit" them away --
for a price.
Church members pay tens of thousands of dollars and wait years before
they"re "cleared" for this "Operating Thetan" (OT) knowledge. (They"re
required to wait this long. The tracts threaten pneumonia if the mentally
unprepared read the OT texts.)
Now, to the church's dismay, any of the Internet's 35 million users can
peruse the most private -- and lucrative -- teachings of Scientology. The
band of online dissidents understands this. Many are former church members
who became disaffected and left. Some have used a private anti-cult
bulletin board system in Colorado to distribute news on the activities of
the church. Others have relied on netnews.alt.religion.scientology, a
Usenet newsgroup, to disseminate information about Scientology tactics.
If alt.religion.scientology is the front line of the war on the Internet,
then the newsgroup is the Internet's equivalent of a food fight in a school
cafeteria. The attacks on the church flowing through
alt.religion.scientology once prompted a church attorney to try and delete
the newsgroup from every computer on the Internet via an "rmgroup" control
message.
That raised the netiquette hackles of many Internet users and escalated the
online fight from a small-scale battle into a full-scale war. It's one the
church can"t win, says EFF's Godwin. "The church is going to lose.
They"re making so many people angry that they"re succeeding in motivating
people to become critics," says Godwin.
On the WELL, a computer conferencing system in California, Godwin posted:
"If the Church wanted the records sealed, it could have sought that. In
the meantime, copyright interests do not normally trump the public's right
to know the details of court proceedings."
Another participant in the discussion, Jerod Pore, wrote that
alt.religion.scientology is "the site of the most vicious flame-war on the
Net: a flame-war that includes forged cancels of articles, with the
forgeries coming from sites such as the Department of Energy, real lawsuits
being filed to shut people up, death threats, midnight phone calls and the
like."
Other net-skirmishes have touched upon Scientology's attempts to censor
anti-church netnews posts by deleting them from Usenet servers; the
church's threats to sue people who posted the above-quoted lines about
communicating with animals at the zoo; the church's attempt to file
university disciplinary charges against a California college student; the
church's attempt to force Caltech to reveal the identity of one of its
alumni users; and the church's attempt to remove the contents of a web page
maintained by an MIT user.
But perhaps what riled online "netizens" the most was the church's raids on
Finland's anon.penet.fi anonymous remailer and on the Colorado anti-cult
bulletin board system. In both cases, the church was able to seize
information to protect its "trade secrets" under international law. The
secrets in question? Xenu and the galactic conspiracy. On the Internet,
thousands of users every day rely on Julf Helsingus' anon.penet.fi server
to communicate anonymously with other users or post to controversial
netnews bboards under a numerical pseudonym automatically assigned by his
computer. When Scientology and the Finnish police forced Helsingus to
reveal the true name of one of his users, his subscribers on the Internet
realized how vulnerable their identities were.
And more sparks started flying on alt.religion.scientology. Recently, the
41-year-old church has experienced setbacks in its attempts to stifle its
critics. Last month, a federal judge in Colorado upheld free speech claims
and ordered Scientology to return the computers and files seized from two
men who ran an anti-Scientology bulletin board. An ad-hoc group of network
users formed and successfully fought the church's attempts to cancel
netnews posts. On September 15, the judge in The Washington Post case said
she thought the newspaper had acted appropriately in printing the Xenu
excerpts and that Scientology had gone too far in snooping through the
computer they seized in August. She ordered the church to "immediately
return and restore to [the defendant] all seized materials in their exact
original condition." The uproar from the church's raids on computers
worldwide is why CMU's Touretzky became involved. "I realized there was a
great interest in this material and I knew about the forged cancels. I
wanted to further an educational purpose in a way that would be protected
from vandals," says Touretzky.
Even though Touretzky has removed the court records from his site, he
maintains a list of their current locations on the Internet. After
Scientology threatened an Internet service provider in the Netherlands,
Dutch collections of the United States documents sprouted overnight. "Many
of the Dutch sites are copies of my site. My site's still up, but with
hyperlinks to the Dutch sites," Touretzky says.
A member of the Dutch House of Commons has put the materials on his home
page, and the materials are popping up elsewhere. Once Xenu is out of the
bottle, there's no putting him back.
DECLAN MCCULLAGH
For more information, look at: http://www.cs.cmu.edu/~dst/Fishman on the
World Wide Web.
[ screen dump of a Netscape display of the 1991 TIME Magazine volcano cover,
"The Cult of Greed", showing the URL for the Fishman web site. ]
................
FOCUS -- in seven issues a year -- is a publication of the faculty and
staff of Carnegie Mellon University. Many of the articles in FOCUS express
the opinions of individual members of the CMU community; unless so
indicated, they should not be construed as reflecting university policy.
------------------------------
Date: 28 Oct 1995 18:56:54 GMT
From: JeanBernard_Condat@EMAIL.FRANCENET.FR(JeanBernard Condat)
Subject: 4--Head of the French hackers group was a secret service agent...
Bonjour,
In the October 12th issue of "Intelligence Newsletter", I note the
following text that the editor accept to put at the end of this email.
Don't hesitate to send me all your comments related at this fact...
The _Chaos Digest_ from the CCCF was build in this mission by me!
Regards,
-- Jean-Bernard Condat
47 rue des Rosiers, 93400 Saint-Ouen, France
Phone: +33 141238807, portable phone: +33 07238628
JeanBernard_Condat@eMail.FranceNet.FR
========================================================
A Computer Spy Unmasked
For years Jean-Bernard Condat has undoubtedly been France's
best-known computer hacker. Appearing on television talk shows,
launching provocative operations and attending computer seminars, he
founded the Chaos Computer Club France (CCCF) in 1989 as France's
answer to the renowned Chaos Computer Club in Germany. French
journalist Jean Guisnel revealed this week in a book entitled Guerres
dans le Cyberespace, Internet et les Services Secrets (Cyberspace
War, Internet and Secret Services) published by the Editions La
Decouverte (ISBN 2-7071-2502-4) that Condat has been controlled from
the outset by the Direction de la Surveillance du Territoire. A
student in Lyons where he followed music and information technology
courses, Condat was taken in hand by the local branch of the DST in
1983 after committing some "minor misdemeanor." The DST organized his
participation in hacker meetings abroad. Guisnel said that from 1989
onwards "Jean-Luc Delacour, Condat's handler at the DST, decided that
his proteg was ready for bigger and better things." He asked Condat
to start up CCCF, then worked to promote his public image in order
that the largest number of hackers would gravitate towards him. The
DST printed hundreds of T-shirts and thousands of post cards for him.
When Thomson and Pechiney found that hackers were trying to break
into their systems Condat enabled the French counter-espionage
service to trace the intruders. When he was taking part in a
television program in 1991 in which he was to demonstrate how to hack
into a system his handler dictated what he should say in his
earphones. Questioned by Intelligence Newsletter, Condat admitted he
had worked for the DST over a 52 month period and written up 1,032
reports during that time. He claims, however, that he broke with the
DST in 1991 and that he intends to shortly publish an account of what
he calls his "turpitude." Whether true or not, Condat worked for
several years for the SVP company before leaving it a few months ago
to take over a key function: he is now system operator for the France
forum on Compuserve.
Guisnel cites any number of cases of how "Internet is controlled to
the bone" by such measures as turning around hackers, systematically
bugging computer networks and manipulating newsgroups. "If no serious
company should confide its correspondence to the network and if no
government should use it to transmit sensitive information the reason
is that the NSA is watching and that all the network's communications
physically travel through the U.S., and very probably through
computer filters at its installations at Fort Meade, Maryland,"
Guisnel said. He said the conclusion was that advanced encryption
programs like PGP needed to be used if one wants to communicate in a
secure manner on the Internet. Citing the debate raging in the U.S.
over computer security which has made little impact in Europe,
Guisnel called on France to authorize the use of encryption by
everyone and criticized the country's reactionary policy in that
score. He said the attitude, while defensive in nature, was all the
harder to understand because its first consequence was to increase
the vulnerability of French companies, to the benefit of NSA.
------
Copyright 1995 Indigo Publications. All rights reserved.
This news report may not be republished or redistributed, in whole or in
part, without the prior written consent of Indigo Publications.
For more information and sample issues, please mail to
indigo1@dialup.francenet.fr.
------------------------------
Date: Sun, 18 Oct 1995 22:51:01 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: 5--Cu Digest Header Info (unchanged since 18 Oct, 1995)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send a one-line message: SUB CUDIGEST your name
Send it to LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CUDIGEST
Send it to LISTSERV@VMD.CSO.UIUC.EDU
(NOTE: The address you unsub must correspond to your From: line)
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893
UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
JAPAN: ftp://www.rcac.tdi.co.jp/pub/mirror/CuD
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu:80/~cudigest/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #7.86
************************************