[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 21 Volume 1 1999 June 5th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our * mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa * Other mirror sites are listed in appendix A.1 Synopsis --------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #21 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #21 In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60 percent of the regional and long distance phone service in New York City and air traffic control functions in Boston, New York and Washington. In 1996, a rodent chewed through a cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours. In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60 percent of the regional and long distance phone service in New York City and air traffic control functions in Boston, New York and Washington. In 1996, a rodent chewed through a cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours. - CNN =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. Bracing for guerrilla warfare in cyberspace (CNN)................ 04.0 .. The hacker from and administrators point of view (system)........ 05.0 .. Retaliation against the FBI continues............................ 06.0 .. Threat to online privacy: The Search Warrant..................... 07.0 .. 2600 in Aussieland bares its teeth at the current clampdown on The Net 08.0 .. Can the CIA break into banks?.................................... 09.0 .. Emmanuel Goldstein Interview .................................... 10.0 .. DOD Unplugs From Net as Another Gov Site Gets Hit ............... 11.0 .. UCITA About to be Approved ...................................... 12.0 .. Japan Follows Australia in Limiting Privacy ..................... 13.0 .. AGNPAC Revealed ................................................. 14.0 .. Bomb Making Info Available, For Nukes! .......................... 15.0 .. Exploit code for remote ipop2d security vulnerability that gives attacker a shell as user 'nobody' 16.0 .. Netscape Communicator 4.x "view-source:" JavaScript based security vulnerability 17.0 .. Vulnerability in Broker FTP Server v. 3.0 Build 1................ 18.0 .. whois_raw.cgi problem............................................ 19.0 .. Linux kernel 2.2.x vulnerability/exploit......................... 20.0 .. New Allaire Security Bulletin (ASB99-09)......................... 21.0 .. sdtcm_convert Overflow Exploits( for Intel Solaris 7)............ 22.0 .. ActiveState Security Advisory.................................... 23.0 .. Exploit in Internet Explorer 5.0................................. 24.0 .. IRIX 6.5 nsd virtual filesystem vulnerability.................... 25.0 .. a practical attack against ZKS Freedom........................... 26.0 .. DoS against PC Anywhere.......................................... 27.0 .. weaknesses in dns label decoding, denial of service attack (code included) (fwd) 28.0 .. Microsoft Worker Raided ......................................... 29.0 .. Is the FBI Missing the Point? ................................... 30.0 .. Norwegian Newspaper Cracked ..................................... 31.0 .. Student Busted for Changing Grades .............................. 32.0 .. FBI Lobbying Group Pushes for EavesDropping Capability .......... 33.0 .. Cons, Cons and more Cons ........................................ 34.0 .. Friday June 4th: FREE KEVIN Demonstrations Today! .............. 35.0 .. Germany Frees Crypto ............................................ 36.0 .. US Congress Demands Echelon Docs ................................ 37.0 .. Windows2000 Already Available ................................... 38.0 .. NetBus Takes #1 Spot ............................................ 39.0 .. [ISN] Police will have 24-hour access to secret files............ 40.0 .. [ISN] Hack attack knocks out FBI site............................ 41.0 .. [ISN] What's a Little Hacking Between Friends?................... 42.0 .. [ISN] New hacker attack uses screensavers........................ 43.0 .. [ISN] Hackers beware: IBM to sharpen Haxor....................... 44.0 .. [ISN] Feds Fend Off HACK3RZ...................................... 45.0 .. [ISN] High-tech snooping tools developed for spy agency.......... 46.0 .. [ISN] Privacy issues have taken center stage..................... 47.0 .. [ISN] Whitehouse to punish Hackers............................... 48.0 .. [ISN] Federal Cybercrime unit hunts for hackers.................. 49.0 .. [ISN] Hong Kong Computer Hacking Syndicate Smashed............... 50.0 .. [ISN] New Tools Prevent Network Attacks.......................... 51.0 .. [ISN] U.K. Crypto Policy May Have Hidden Agenda.................. 52.0 .. [ISN] Tackling E-Privacy in New York............................. 53.0 .. [ISN] Congress, NSA butt heads over Echelon...................... 54.0 .. [ISN] Visa, Wells Fargo Deliver E-Payment Alternatives........... 55.0 .. [ISN] Protocols serve up VPN security............................ =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: Aug19th-22nd Niagara Falls... ................. HA.HA .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls .......................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://axon.jccc.net/hir/ Hackers Information Report Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Kevin Mitnick (watch yer back) Dicentra vexxation sAs72 Spikeman Astral p0lix Vexx g0at security Shouts to tekz from HK for asking nicely in eye-are-see! ;-) and to t4ck for making my night albeit I couldn't stick around for the rest of the comedy routine. hacked star dot star with phf huh? .... ;-)) and the #innerpulse, crew and some inhabitants of #leetchans .... although I use the term 'leet loosely these days, ;) kewl sites: + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.genocide2600.com/~spikeman/ + http://www.genocide2600.com/~tattooman/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ INN Gone? From ProjectGamma http://www.projectgamma.com/news/34.html June 2, 1999, 00:09 Author: WHiTe VaMPiRe Innerpulse News Network (INN) has a message on their Web site stating that it was taken down by order of the U.S. government for transmitting military secrets to the Chinese. The validity of this message is unknown. It could just be another joke perpetuated by s1ko, the Webmaster of INN. Once Project Gamma discovers the validity of the message you will be the first to know. Related links: Innerpulse News Network http://www.innerpulse.com/ ++ Ultratech Hacked by Infiltrators Inc. From ProjectGamma, http://www.projectgamma.com/news/38.html June 3, 1999, 01:13 Author: nexus Ultratech-is.net was recently hacked by a new group on the net named Infiltrators Inc., a new security group formed by "nexus." Officials at Ultratech were alerted to the security breach and have secured the server with the help of Infiltrators Inc. Ultratech's site remained "altered" for approximately 5 hours, and was still undiscovered by admins. The group then removed the altered page and reposted the origional as the admins still did not notice. The site was hacked using a private exploit made by Shiva2000 of Infiltrators Inc. to gain root access. This is the first webpage altered by the group, who was founded May 24, 1999. Related Links: Ultratech website http://www.ultratech-is.net Reported by nexus ++ OpenSEC Mailing List From HNN http://www.hackernews.com/ contributed by cult_hero A new mailing list has popped up called OpenSEC (Open Security Solutions). This list is dedicated to announcing the latest versions of free and Open Source security tools. For more information, Open Security Solutions http://www.opensec.net ++ HIR #9 From HNN http://www.hackernews.com/ contributed by h_i_r HiR E-Zine Crew brings forth Hackers Information Report: Issue #9. Covered in HiR 9: An Operating system comparison (FreeBSD, RedHat 5.2, and NT4), **How to make your own Acoustic coupler**, and all sorts of other goodies and cool stuff. Check it out. HiR Distro Site http://axon.jccc.net/hir/ ++ The New Antidote is Available. From HNN http://www.hackernews.com/ contributed by Lord Oak With more info on Cold Fusion Fixes, Bomb making information on the net, and Social Engineering, Antidote has released its newest issue. Antidote Volume 2 Issue 6 http://www.thepoison.org/antidote/issues/vol2/6.txt Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news we want to read about in a timely manner ... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NO mail this week for posting here! ================================================================ @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * *#21? yep, enjoy ... * * * * * * * * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 03.0 [CNN] Bracing for querrilla warfare in cyberspace ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bracing for guerrilla warfare in cyberspace http://www.cnn.com/TECH/specials/hackers/cyberterror/ 'There are lots of opportunities; that's very scary' April 6, 1999 Web posted at: 2:29 p.m. EDT (1829 GMT) By John Christensen CNN Interactive (CNN) -- It is June, the children are out of school, and as highways and airports fill with vacationers, rolling power outages hit sections of Los Angeles, Chicago, Washington and New York. An airliner is mysteriously knocked off the flight control system and crashes in Kansas. Parts of the 911 service in Washington fail, supervisors at the Department of Defense discover that their e-mail and telephone services are disrupted and officers aboard a U.S. Navy cruiser find that their computer systems have been attacked. As incidents mount, the stock market drops precipitously, and panic surges through the population. Unlikely? Hardly. The "electronic Pearl Harbor" that White House terrorism czar Richard A. Clarke fears is not just a threat, it has already happened. Much of the scenario above -- except for the plane and stock market crashes and the panic -- occurred in 1997 when 35 hackers hired by the National Security Agency launched simulated attacks on the U.S. electronic infrastructure. "Eligible Receiver," as the exercise was called, achieved "root level" access in 36 of the Department of Defense's 40,000 networks. The simulated attack also "turned off" sections of the U.S. power grid, "shut down" parts of the 911 network in Washington, D.C., and other cities and gained access to systems aboard a Navy cruiser at sea. At a hearing in November 1997, Sen. Jon Kyl, R-Arizona, chairman of a Senate technology subcommittee, reported that nearly two-thirds of U.S. government computers systems have security holes. "If somebody wanted to launch an attack," says Fred B. Schneider, a professor of computer science at Cornell University, "it would not be at all difficult." 'There are lots of opportunities' Although "Eligible Receiver" took place in the United States, which has about 40 percent of the world's computers, the threat of cyberterrorism is global. Consider: During the Gulf War, Dutch hackers stole information about U.S. troop movements from U.S. Defense Department computers and tried to sell it to the Iraqis, who thought it was a hoax and turned it down. In March 1997, a 15-year-old Croatian youth penetrated computers at a U.S. Air Force base in Guam. In 1997 and 1998, an Israeli youth calling himself "The Analyzer" allegedly hacked into Pentagon computers with help from California teen-agers. Ehud Tenebaum, 20, was charged in Jerusalem in February 1999 with conspiracy and harming computer systems. In February 1999, unidentified hackers seized control of a British military communication satellite and demanded money in return for control of the satellite. The report was vehemently denied by the British military, which said all satellites were "where they should be and doing what they should be doing." Other knowledgable sources, including the Hacker News Network, called the hijacking highly unlikely. "There are lots of opportunities," says Schneider. "That's very scary." 'The Holy Grail of hackers' President Clinton announced in January 1999 a $1.46 billion initiative to deal with U.S. government computer security -- a 40 percent increase over fiscal 1998 spending. Of particular concern is the Pentagon, the military stronghold of the world's most powerful nation. "It's the Holy Grail of hackers," says computer security expert Rob Clyde. "It's about bragging rights for individuals and people with weird agendas." Clyde is vice president and general manager of technical security for Axent Technologies, a company headquartered in Rockville, Maryland, that counts the Pentagon as one of its customers. The Defense Department acknowledges between 60 and 80 attacks a day, although there have been reports of far more than that. The government says no top secret material has ever been accessed by these intruders, and that its most important information is not online. But the frustration is evident. Michael Vatis, director of the FBI's National Infrastructure Protection Committee, told a Senate subcommittee last year that tracing cyberattacks is like "tracking vapor." 'A lot of clueless people' Schneider says the "inherently vulnerable" nature of the electronic infrastructure makes counterterrorism measures even more difficult. Schneider chaired a two-year study by the National Academy of Sciences and the National Academy of Engineering that found that the infrastructure is badly conceived and poorly secured. "There is a saying that the amount of 'clue' [knowledge] on the Internet is constant, but the size of the Internet is growing exponentially," says Schneider. "In other words, there are a lot of clueless people out there. It's basically a situation where people don't know how to lock the door before walking out, so more and more machines are vulnerable." Schneider says the telephone system is far more complicated than it used to be, with "a lot of nodes that are programmable, and databases that can be hacked." Also, deregulation of the telephone and power industries has created another weakness: To stay competitive and cut costs, companies have reduced spare capacity, leaving them more vulnerable to outages and disruptions in service. Still another flaw is the domination of the telecommunications system by phone companies and Internet service providers (ISPs) that don't trust each other. As a result, the systems do not mesh seamlessly and are vulnerable to failures and disruptions. "There's no way to organize systems built on mutual suspicion," Schneider says. "We're subtly changing the underpinnings of the system, but we're not changing the way they're built. We'll keep creating cracks until we understand that we need a different set of principles for the components to deal with each other." 'The democratization of hacking' Meanwhile, the tools of mayhem are readily available. There are about 30,000 hacker-oriented sites on the Internet, bringing hacking -- and terrorism -- within the reach of even the technically challenged. "You no longer have to have knowledge, you just have to have the time," Clyde says. "You just download the tools and the programs. It's the democratization of hacking. And with these programs ... they can click on a button and send bombs to your network, and the systems will go down." Schneider says another threat is posed not by countries or terrorists, but by gophers and squirrels and farmers. In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60 percent of the regional and long distance phone service in New York City and air traffic control functions in Boston, New York and Washington. In 1996, a rodent chewed through a cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours. "Although the press plays up the security aspect of hacker problems," says Schneider, "the other aspect is that the systems are just not built very reliably. It's easy for operators to make errors, and a gopher chewing on a wire can take out a large piece of the infrastructure. That's responsible for most outages today." 'The prudent approach' Schneider and Clyde favor a team of specialists similar to Clinton's proposed "Cyber Corps" program, which would train federal workers to handle and prevent computer crises. But they say many problems can be eliminated with simple measures. These include "patches" for programs, using automated tools to check for security gaps and installing monitoring systems and firewalls. Fixes are often free and available on the Internet, but many network administrators don't install them. A step toward deterrence was taken in 1998 when CIA Director George Tenet announced that the United States was devising a computer program that could attack the infrastructure of other countries. "That's nothing new," says Clyde, "but it's the first time it was publicly announced. If a country tries to destroy our infrastructure, we want to be able to do it back. It's the same approach we've taken with nuclear weapons, the prudent approach." The U.S. Government Accounting Office estimates that 120 countries or groups have or are developing information warfare systems. Clyde says China, France and Israel already have them, and that some Pentagon intrusions have surely come from abroad. "We don't read about the actual attacks," says Clyde, "and you wouldn't expect to." "The Analyzer" was caught after he bragged about his feat in computer chat rooms, but Clyde says the ones to worry about are those who don't brag and don't leave any evidence behind. "Those are the scary ones," he says. "They don't destroy things for the fun of it, and they're as invisible as possible." @HWA 04.0 The hacker from an administrator's point of view ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Submitted by System (Indonesia) Note: be gentle, this was translated from Indonesian.(ESL) Hacker : An overview from An Admin point of view. by system ( 30 mei 1999 ). Hacker's is an enemy ------------------ Yes, that's true. Hacker's is an enemy for an certain of administrators. Because hacker's to them are very annoyying. They only give an admin a lot of job to do, from just maintenance the network, now plus he must watch the network, find the hole in his network, and finally fix his network. Not even in the case when the hacker's can get in to their network and break / steal / and modify the data's from their network user computers. Being an network adminitrator is not an easy way, not only he must know and understand how the network goes, he also must have the capabilities to fix unknow error or hacker's intruders in their network. [ This is what i call a good qualify admin ]. But, it is not an easy to find that kind of admin. In this world, there are to many admin that only know how to maintenance the network but cannot to find the hole in their network, or even he cannot fix the hole. What they think is " This is not my job, my job is only maintenance the network, i dont know anything else ". Well, this is the type of admin that call the hacker's an enemy, because they only think that hacker only give them a job to do. Hacker's only trying to bring down their network. He never think in the positive way. But, is this true ??? ... Hacker's is a friend. -------------------- Yes, that's true. Hacker's is a friend for a certain of administrator. They give back their passion of working become live again. The hacker's helping them for strengthen their network. An administrator that call the hacker's as their friend is what i call an high dedication of admin. Why ? Because that type of admin didn't think about the job that they must take, but they only think that this is the right time that he has waiting for, it is a time that make their job's not boring again, now they can find out the hole that exist in their network, and finally he can fix the right hole in their network. Do you ever fell how good is when you do what you like ? If you do, that is the right felling that administrator fell too. They think hacker's is not their enemy, but as their friend and their job mate that he must honouring them. Summary ------- - So, what is hackers to you ??? ########################################################################################### Any comment or suggestion are welcome, please send it to system@hackerlink.or.id You also can see it on my website at http://www.hackerlink.or.id/?hack=artikel.htm ########################################################################################### @HWA 05.0 Retaliation against the FBI continues ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Retaliation Against FBI Continues contributed by mortel The cracks of he US Senate web site and DoS attacks against the FBI web site was not the end of the protests over recent FBI actions. Last week the FBI executed up to nine search warrants mostly against members of a group known as gH or Global Hell. At this time HNN is not aware of any arrests that have been made. These actions by the FBI have upset a few people and in retaliation have attacked the US Department of Interior web site. MSNBC http://www.msnbc.com/news/273819.asp Nando Times http://www.techserver.com/story/body/0,1634,54975-87979-624391-0,00.html ABC News http://www.abcnews.go.com/sections/us/DailyNews/computer_hackers990531.html HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html F0rpaxe a group based in Portugal and with close connections to gH has claimed responsibility for defacing numerous web sites over the weekend (see list at bottom) and have also released a statement expressing their view about what has been going on. F0rpaxe Statement FORPAXE TECHNOLOGIES INC. STATEMENT F0rpaxe needs to inform all people what is going on. At this moment and for what we know, F0rpaxe is the only Portuguese group that is executing massive attacks on edu, gov , mil, com,servers. Maybe this is the reason why F0rpaxe is now being wanted by PJ (Portuguese police) and some international organizations like FBI and Interpol. While we had been away for a few days we had watch several events on the Portuguese media whitch in a certain way implicates F0rpaxe. Some newspapers reported that PJ is now doing their homework together with FBI to lock down "Hackers" who aleggely are involved on US hacks. Also PJ is now our BIG BROTHER since they are gathering efforts to make a net surveillence over POrtugual. For what it seems they have the help of Portuguese ISP's like Telapac. Their goal is to track down hackers... In an article of "EuroNoticias" they call hackers to the ones who use trojans to steal accounts (l0l). If PJ thinks that this is their biggest problem then that info about working together with the FBI is a bulshit... Portugal is now passing through serious or hilarious actions.. IF the goal of PJ is to track down people who use trojans to steal accounts then they have to arrest all population. We think that this isn't their main goal since F0rpaxe had been informed that PJ is trying to get solide proofs that we are the responsables for all those hacks. PJ doesn't scare anyone. IF FBI is really working together with PJ then they are doing this only because of us...most certainly to erase us from the system... FBI had been mounting schemes to track us down.... FBI had already tried to pretend being Iron-Lungs to get info about our current hacks, if we still had acess to gov servers, if we had copyed military databases and all that sort of things... The real I-L reported that the fake I-L wasn¥t him. The guy was always asking things and we just ignored...it could be just a lamer trying to get some info about us... But then the attemptives to track us down started: the guy started to contact people who are closed to F0rpaxe ,like some fo attrition staff, in order to get our contact like phone etc... They even asked some of them to phone us.... When they realized that we had discover they started trying to get info from all those who surround us...a few days later an article on a newspapper reported that FBI and PJ were (or are?) working together... We don't know if all this is the truth or only a misunderstanding but one thing we know FBI really want us bad and they will do anything to caught us. We think that FBI doesn't want us just because of all the hacks but to show that they have the authoritie to arrest hackers of other country's. Although they need the permissions of the government and that isn't easy. They should be tired of making American Hackers life miserable and now they want to do the same with us....... As we told before we had been away for a while because things were starting to be pretty badÖ Groups who work on the shadow Some groups just disappear but they don't disappear trully..They start working on the shadow because FEDS are always ready to take them down...We thought that it would't happen that with us but sooner or later we will need to go back to where we belong...to the shadow. We also take this chance to show our support with people who are now facing legal troubles, like I-L, dk, Zyklon.....Kevin and all the others who will face them in the futureÖ gH has also our support. Information in Portugal Portuguese media isnÔt aware of all this.... neither some admins who were hacked and nothing was reported....In Portugal people don't care about what happens...They aren't aware that there are people building an underground system. Ity's just that. On CNN, ZDNET, Wired etc.. they inform what's happening.... In Portugal the media just doesn't give a shit.... Maybe this is the best for us since this will prevent a media hype and PJ and other FEDS won't be after us so soon..but information isn't circulating as it should. People built a bad image of the "hacker". Portuguese media report "hackers" as being the ones who use trojans... Man....they arten't aware of the true meaning of the concept "hacker" They should think about it... Why are we doing this? We agree with some of the things that had been said by some groups. We are always hacking and for what? We hack and hack things whitch can be fixed in 2 minutes. In fact we could have done worse like destroying completely all servers. We can do it if we w ant but hackers are waiting for justice. If FBI doesn¥t stop we won¥t and we can start destroying. We think that FBI should explain what a fuck they are doing. For the moment we won¥t destroy the servers we hack but if it is necessary we can burn alot of servers. For example this gov server could be erased completly. Everyone should think about this, about what¥s happening. Don't make all this a media hype just inform in a simple manner....people need to know. People need to know why all this hacks. People need to know who FBI really is. MSNBC; Tough talk amid new Web assaults White House and federal agencies lay down the law while computer attackers hit another federal Internet site By Alan Boyle, Bob Sullivan and Brock Meeks June 1 — The White House, Pentagon, Justice Department and FBI all addressed a rash of electronic attacks on federal Web sites Tuesday, even as the attackers hit new targets. The protest campaign against last week’s FBI raids on computer users spilled across global cyberspace, from the Pacific to Europe. THE WEB ONSLAUGHT began nearly a week ago, after FBI agents served search warrants on members of the hacker community in Washington state, Texas, California and other areas of the country. The raids — which were aimed at gathering evidence related to past computer intrusions as well as unauthorized use of telephone systems — sparked attacks that forced the shutdown of the FBI and U.S. Senate Web sites last week. After beefing up security, the Senate site is back in service, but the FBI site is still inaccessible. Scores of protest pages have rudely taunted the FBI, and government officials laid down the law at several news briefings Tuesday. “Cyber-security is something the government takes very seriously,” White House spokesman Joe Lockhart said in response to a reporter’s question. “I know that there have been a series of attempts (to break into government computers) with some success, some without success. ... We take it very seriously. We are constantly reviewing and will continue to review the security measures we have.” Last month, a group known as Global Hell, or gH, was implicated in attacks on the White House Web site as well as sites for several Cabinet departments and the U.S. Information Agency. Also last month, Global Hell member Eric Burns, who also goes by the name Zyklon, was indicted in connection with attacks on three computers, including the USIA system. White House Web site shut down Lockhart emphasized that those implicated in the latest wave of attacks were liable to face a similar fate. “For those who think that this is some sort of sport, I think (it will be) less fun when the authorities do catch up with them ... and these people are prosecuted,” he said. At another briefing, Pentagon spokesman Kenneth Bacon said system administrators were briefly limiting Web access Tuesday so they could beef up security. He said such measures would make it “much more difficult” to deface Pentagon Web pages. “It has not been a major problem,” Bacon said. “This is much more protective than reactive. It’s looking to the future to prevent the types of problems (seen) at other agencies.” Federal law-enforcement officials emphasized the harsh criminal penalties that Web intruders could face: Attackers who cause $5,000 worth of damage in one year could be charged with a federal felony that carries up to five years in prison, the head of the Justice Department’s computer crime section, Scott Charney, told The Associated Press. Merely gaining unauthorized access to a government computer could bring a year in jail, but Charney pointed out that the cost of fixing a compromised Web site could mount to $5,000 in employee time alone. A Dallas telecommunications company suffered a considerable loss — perhaps ranging into millions of dollars — because of intrusions that are the subject of the FBI’s current investigation, bureau spokesman Frank Scafidi said. “What we investigate are violations of law,” he told MSNBC. “If a hacker feels that our investigating somebody’s illegal activity is somehow an infringement on that individual’s freedom to do what he wants to do, then there is a basic misunderstanding of the way this country works.” Scafidi said there was “no intention on our part to select a group of people and pick on them. ... They get the first move in this game.” But he also indicated that the justice system intended to have the last word. “When there is a violation ... we will pursue it, and usually we will knock on somebody’s door and maybe take some computer equipment,” he said. Such equipment may have to be held for months or years, to be used as evidence in a trial or during the appeal process, he said. As for the FBI site’s down time, Scafidi said: “That isn’t affecting the FBI’s investigative response in any way. It is a problem for us in that we rely on our Web site as a place for anybody to go and get information on the FBI for any purpose ... so it is a public information resource for us, and since it has been down it has really been affecting a lot of innocent parties out there.” THE LATEST VICTIMS Tuesday’s governmental victim was the General Services Administration, which manages U.S. government property. At least three pages on the Web site for the GSA’s Office of Governmentwide Policy — www.policyworks.gov — were briefly replaced with protest pages. “Our sentence is hacking everything we can as a protest to FBI current actions,” one page read. The hacked pages were accessible for 10 to 15 minutes, said Joe McKay, director of office information systems at the Office of Governmentwide Policy. He said the attacker apparently gained access through a security gap related to file transfer protocol, or FTP. “We’ve terminated all FTP services, and I am issuing on a need-to-use basis new FTP access,” he told MSNBC. The site was working normally Tuesday night, and computer server logs were being analyzed for further clues, he said. “We’re always playing catch-up, it seems,” he said. “It’s important to show (the attackers), ‘Hey, you got us, but we’re OK now.’ ” The hacked pages claimed credit on behalf of a group called Forpaxe, including a member using the handle “M1crochip.” Similar credits appeared on hacked pages placed Tuesday on Web servers at Monash University in Australia and Coca-Cola’s Belgian subsidiary, as well as a page that briefly appeared Monday at the Idaho National Engineering and Environmental Lab’s Web site. The hacked pages indicated that M1crochip lived in Portugal — which others in the hacker community confirmed. Another computer user said to be involved in the current wave of Web attacks reportedly lived in Britain. BACKGROUND ON THE FBI RAIDS Members of Global Hell reported that law-enforcement officials served search warrants last Wednesday in Texas, California and Washington state. AntiOnline, a Web site focusing on the hacker community, indicated that the sweep extended to other states as well. One of the subjects of the search warrants was a contractor working at Microsoft, which is a partner in the joint venture that operates MSNBC. When contacted by MSNBC, the contractor — who uses the online handle “VallaH” — confirmed that nine law-enforcement agents served him with a warrant at his Seattle-area apartment, interrogated him and confiscated computer equipment. He said he was not involved in any illegal activity and surmised that he was implicated by a former associate in the hacker community. FBI agents also contacted Microsoft, said company spokesman Adam Sohn. “This is an active investigation, and there’s not a lot we can say,” Sohn said Monday. “It’s an FBI matter, it’s not a Microsoft matter.” He indicated that FBI agents were interested in computer equipment that VallaH used at Microsoft. “As far as I have been told, we are still in possession of the property. However, we’re cooperating with the FBI in the investigation,” Sohn said. VallaH said he was told not to report for work at Microsoft. “We did ask that his assignment at Microsoft be terminated. I don’t know what his status is with his contracting agency,” Sohn said. MEANWHILE, IN HOUSTON ... In Houston, FBI spokesman Rolando Moss told MSNBC that agents were investigating “allegations of computer intrusions” involving, among others, a teen-ager who uses the hacker handle “Mosthated.” In telephone conversations with MSNBC, Mosthated said that his home was raided at about 6 a.m. CT Wednesday, and that family computer equipment was confiscated. He said his parents were “really mad. ... The computer had all their financial information and stuff on it.” Mosthated’s mother got on the line to read from the FBI’s receipt for the equipment and confirm that she was “really mad.” Mosthated said at least eight other people around the country had been served with search warrants as part of “a huge hacker crackdown.” Four other Houston-area hackers, three in California and one in the Seattle area reportedly received FBI visits. None was arrested, but all had computer equipment confiscated, he said. Media representatives at FBI offices in San Diego and Seattle said they could not comment on the investigation. Do you have a tip related to this story? Please send your suggestions to tipoff@msnbc.com. ABC; Hackers Strike Again Deface Interior Department and Supercomputer Lab Web Sites By Ted Bridis The Associated Press W A S H I N G T O N, June 1 — A spate of high-tech vandalism against the government continued this week, as computer hackers defaced two more federal Web sites and left a taunting note promising to attack other sites because of a related FBI investigation. Hackers from different organizations defaced Web sites Monday for the Interior Department and a federal supercomputer laboratory in Idaho Falls, Idaho, claiming “it’s our turn to hit them where it hurts.” “These are the perils of open government,” said Stephanie Hanna, an Interior spokeswoman. “We try to make as much of the materials of the Interior Department as open and available as possible. The consequence of that is, those who choose to do damaging things can do that.” Messages left at the attacked sites suggest they were vandalized to retaliate against what was said to be the FBI’s harassment of specific hacker groups, including the group that boasted of breaking into the White House site last month. The FBI confirmed it executed four search warrants last week in Texas related to an investigation into allegations of computer intrusion, including one search at the home of a prominent hacker in Houston. FBI Took Down Site Last Week Last week, hackers claiming to be from another group defaced the Web site for the Senate, causing it to be taken offline through the weekend. The FBI also was forced to take down its own Internet site last week after hackers launched an electronic attack against it. It remained inaccessible Monday, along with the Web site for its National Infrastructure Protection Center, which helps investigate computer crimes. On Interior’s Web page, the hackers left a message Monday saying they were “going after every computer on the Net with a .gov (suffix). ... We’ll keep hitting them until they get down on their knees and beg.” At the site maintained by the Idaho National Engineering and Environmental Laboratory, a note threatened the electronic destruction of the powerful computers that “serve” pages on the Internet “if the FBI doesn’t stop.” “We could have done worse, like destroying completely all servers,” the note said. “We can do it if we want, but hackers are waiting for Justice.” Warnings of More to Come In an online interview with The Associated Press, the hacker claiming responsibility for the laboratory attack warned that further FBI investigation would result in more severe damage. The hacker identified himself only as M1crochip, living in Portugal and part of a group calling themselves F0rpaxe. The interview was arranged through a mutually trusted third party. “If FBI doesn’t do anything and doesn’t stop arresting people and making our life miserable, each member of F0rpaxe will discuss an eventual destruction of every single server,” he said. “If that happens, everything goes down.” He added, “We don’t want to proceed that way,” and called the electronic attacks the “only resource” of the hacker community. The FBI in Washington declined comment Monday. Earlier this month, a grand jury in northern Virginia indicted Eric Burns, 19, on three counts of computer intrusion. Burns reportedly is known on the Internet as “Zyklon” and is believed to be a member of the group that claimed responsibility for the attacks on the White House and Senate sites. “Zyklon” was one of a dozen names listed on the hacked version of the White House Web site, which was altered overnight Sunday for a few minutes before government computers automatically detected the intrusion. Burns was accused of breaking into a computer used by the U.S. Information Agency between August 1998 and January 1999. The grand jury also said Burns broke into two other computers, one owned by LaserNet of Fairfax, Va., and the other by Issue Dynamics Inc. of Washington. Nando Times; Two more federal Web sites hacked Copyright © 1999 Nando Media Copyright © 1999 Associated Press By TED BRIDIS WASHINGTON (June 1, 1999 7:40 a.m. EDT http://www.nandotimes.com) - A spate of high-tech vandalism against the government continued this week as computer hackers defaced two more federal Web sites and left a taunting promise to attack other sites because of a related FBI investigation. Hackers from different organizations defaced Web sites Monday for the Interior Department and a federal supercomputer laboratory in Idaho Falls, Idaho, claiming "it's our turn to hit them where it hurts." "These are the perils of open government," said Stephanie Hanna, an Interior spokeswoman. "We try to make as much of the materials of the Interior Department as open and available as possible. The consequence of that is, those who choose to do damaging things can do that." Messages left at the attacked sites suggest they were vandalized to retaliate against what was said to be the FBI's harassment of specific hacker groups, including the group that boasted of breaking into the White House site last month. The FBI confirmed it executed four search warrants last week in Texas related to an investigation into allegations of computer intrusion, including one search at the home of a prominent hacker in Houston. Last week, hackers claiming to be from another group defaced the Web site for the Senate, causing it to be taken offline through the weekend. The FBI also was forced to take down its own Internet site last week after hackers launched an electronic attack against it. It remained inaccessible Monday, along with the Web site for its National Infrastructure Protection Center, which helps investigate computer crimes. On Interior's Web page, the hackers left a message Monday saying they were "going after every computer on the Net with a .gov (suffix). ... We'll keep hitting them until they get down on their knees and beg." At the site maintained by the Idaho National Engineering and Environmental Laboratory, a note threatened the electronic destruction of the powerful computers that "serve" pages on the Internet "if the FBI doesn't stop." "We could have done worse, like destroying completely all servers," the note said. "We can do it if we want, but hackers are waiting for Justice." In an online interview with The Associated Press, the hacker claiming responsibility for the laboratory attack warned that further FBI investigation would result in more severe damage. The hacker identified himself only as M1crochip, living in Portugal and part of a group calling themselves F0rpaxe. The interview was arranged through a mutually trusted third party. "If FBI doesn't do anything and doesn't stop arresting people and making our life miserable, each member of F0rpaxe will discuss an eventual destruction of every single server," he said. "If that happens, everything goes down." He added, "We don't want to proceed that way," and called the electronic attacks the "only resource" of the hacker community. The FBI in Washington declined comment Monday. Earlier this month, a grand jury in northern Virginia indicted Eric Burns, 19, on three counts of computer intrusion. Burns reportedly is known on the Internet as "Zyklon" and is believed to be a member of the group that claimed responsibility for the attacks on the White House and Senate sites. "Zyklon" was one of a dozen names listed on the hacked version of the White House Web site, which was altered overnight Sunday for a few minutes before government computers automatically detected the intrusion. Burns was accused of breaking into a computer used by the U.S. Information Agency between August 1998 and January 1999. The grand jury also said Burns broke into two other computers, one owned by LaserNet of Fairfax, Va., and the other by Issue Dynamics Inc. of Washington. @HWA 06.0 Threat to online privacy: The Search Warrant ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ New Threat to Online Privacy, The Search Warrant contributed by mortel This article gives the impression that some of todays legal practices are a good anti crime thing but judges are handing out search warrants that cover online communications like candy. That email from your doctor is just as much fair game as the one from your secret lover. Judges must be educated so that limits can be placed on these things. A choice quote from the article "AOL is extremely law-enforcement friendly," Ron Horack of the Loudoun County, Va., sheriff's department said, "They don't hold anything back." ABC News http://www.abcnews.go.com/sections/tech/DailyNews/privacy990528.html What We Leave Behind Online Activities Become Open Trail for Authorities By Calvin Woodward The Associated Press L E E S B U R G, Va., May 28 — Go for a walk, drive a car or dance in the moonlight and chances are, no one notices. Journey on the Internet and a trail is left. And police are hot on that trail in a growing number of criminal investigations. Armed with search warrants, police are looking into the online activities of suspects, and sometimes victims, by seizing evidence from Internet service providers and finding material that people online never dreamed would end up in the hands of the law. Private e-mail between lovers. The threatening missives of haters. The true identities of people hiding behind screen names in a medium they thought was the essence of secrecy. Va. Sheriff Helps Get AOL Help “Ultimately, if you break the law, it can be traced,” said investigator Ron Horack of the Loudoun County, Va., sheriff’s department. Horack helps police around the country apply for search warrants to get material from the county-based America Online, the world’s largest Internet service provider with 18 million customers. “I know who you are and where you live,” an anonymous hatemonger e-mailed a 12-year-old girl in Lancaster, Pa. By peeking into the accounts of Internet providers, police can often say the same thing: They know who the threatening people are and where they live. This week federal authorities said they had charged a northern Virginia pediatrician with possessing child pornography after investigating his AOL account and finding at least 22 explicit images sent to him via e-mail over the course of nearly six months. They said they then found more child pornography on his computer. The doctor could not immediately be reached for comment. Wide Powers of Warrant With a warrant, law enforcement authorities can look at the electronic mail and other online communications of people suspected of a range of serious crimes, getting information not just from a home computer but often the company that provides the Internet, e-mail or chat service. They can do the same with victims, in the process seeing mail from people who corresponded with them but had nothing to do with a crime. Everything from humdrum to-do lists to love letters from illicit digital dalliances becomes potential evidence, and eventually a matter of public record. “It is a growing risk to privacy,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, who says police should stick to traditional methods such as stings, informants and forensic evidence, which don’t invade people’s communications. Said Horack: “If they’re going to use the Internet for their crime, we’re going to use the Internet to catch them.” Used in Littleton Investigation Authorities turned to AOL to see some of the online activities of the two high school students who killed 13 other people and themselves in Littleton, Colo., last month. They’ve used it to try to track down some of the copycat threats that have closed many schools since. They took the same route, thus far with inconclusive results, after a woman in Pennsylvania was told in a chat room, “I guarantee you I will hurt you if you don’t listen to me,” and when a man in New York was charged with attempted murder of his wife, who, police say, was having a passionate online encounter her husband happened to see. “AOL is extremely law-enforcement friendly,” Horack said. “They don’t hold anything back.” America Online tells its nearly 18 million customers it won’t read or disclose private communication or personal identifying information except under a “valid legal process.” Most ISPs Have Similar Rules Other major Internet service providers, or ISPs, as well as separate online e-mail services and Internet hubs like Hotmail and Yahoo, say much the same, although the disclaimers may be hard to find in screens of small print. “We have a long-standing policy of cooperation with law enforcement,” said AOL spokesman Rich D’Amato. Communications such as e-mail are disclosed only in criminal investigations and with a warrant, he says. In response to orders in civil cases, AOL may give out information allowing someone’s real name to be matched to a screen name. So if a spouse is found to be having an online affair with someone known only as Heart4U, the identity of that cyberlover might eventually be uncovered in a divorce proceeding. Chat Rooms Not That Anonymous Raytheon Inc. obtained subpoenas to identify 21 people, most of them employees, said to have been spreading corporate secrets and gripes in an anonymous online chat room. It then dropped a lawsuit it had brought against the 21, each identified as “John Doe,” indicating to privacy experts that the company had gone to court in the first place only to learn the identities of the chatters. Four employees quit; others entered corporate “counseling.” Privacy advocates worry that authorities could go on increasingly invasive fishing expeditions. “There are simply many more events that are recorded (online) that would not be recorded in the physical world,” said Rotenberg. “I think it is going to become an enormous problem as people become more and more dependent on ISPs.” Anonymous Options Fight Back Meanwhile, tools continue to be developed to protect anonymity — a site called anonymizer.com, for one, will relay e-mail, stripping out the sender’s identifying information. So far, at least, few warrants going to AOL look like goose chases, an impression formed after a review of the more than 100 that have been filed in Leesburg this year. Most involve alleged pedophiles, stalkers and harassers who have used the Internet to find prey and left evidence of their intentions with victims or undercover police. Horack prepares warrant applications for police from other parts of the country, some so new to digital detective work they need their children’s help to get online. Once they are approved by a magistrate, he takes them to AOL and retrieves the information. It’s almost a full-time job, offered by the sheriff because the company gives such a big boost to the county. Works Well With Pedophile Search The warrants are especially effective against child pornographers, Horack says. “Pedophiles are pack rats. They don’t throw away anything.” Even when they do delete material from their computer, it might be found at the service provider. In the case of the 12-year-old Pennsylvania girl, nothing turned up in the AOL search. Most of the time, something does. For example, police in Hendersonville, Tenn., turned to AOL to see the Internet activity of Dennis Wayne Cope, 47, shot and found dead in a crawl space of his home in February. In an affidavit seeking access to Cope’s e-mail, “buddy list content” and other online activities, police said he had been corresponding online with the estranged wife of suspect Robert Lee Pattee. They also say Pattee’s hand print was found at the scene. Pattee has been charged with first-degree murder. @HWA 07.0 2600 in Aussieland bares its teeth at the current clampdown on The Net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2600.org.au Issues Instructions for Legally Circumventing the Law contributed by webmaster The Australian government is introducing internet content regulation this week despite extensive opposition from free speech advocates and technical advisors. Given that fighting the law itself is now apparently futile, 2600 Australia has critiqued the law and described apparently legal ways in which you can evade it. We're not sure what the fallout from spelling out how to (legally) evade the law will be, but take a look while you can... 2600.org.au 2600.org.au Issues Instructions for Legally Circumventing the Law contributed by webmaster The Australian government is introducing internet content regulation this week despite extensive opposition from free speech advocates and technical advisors. Given that fighting the law itself is now apparently futile, 2600 Australia has critiqued the law and described apparently legal ways in which you can evade it. We're not sure what the fallout from spelling out how to (legally) evade the law will be, but take a look while you can... 2600.org.au http://www.2600.org.au/censorship-evasion.html Interesting reading, check it out. Evading the Broadcasting Services Amendment (Online Services) Act 1999 by Dogcow Reference Links: US Mirror - US Mirror of this document (for obvious reasons) http://members.xoom.com/2600aus/censorship-evasion.html Broadcasting Services Amendment (Online Services) Act 1999 - PDF format http://www.aph.gov.au/parlinfo/billsnet/99077.pdf Broadcasting Services Amendment (Online Services) Act 1999 - HTML format http://www.ozemail.com/~mbaker/amended.html Senate Select Committee on Information Technologies - Index http://www.aph.gov.au/hansard/senate/commttee/s-it.htm Squid - an open source proxy server http://www.nlanr.net/Squid/ NLANR Cache - an open proxy hierarchy http://www.nlanr.net/Cache/ Anti CensorWare Proxy - Masks the URL you're accessing http://ians.978.org/rdrp-c/ Free S/WAN - an IPSEC implementation for Linux http://www.xs4all.nl/~freeswan PGP - International download site http://www.replay.com/menu/pgp.html SSL - Open Source SSL implementation http://www.openssl.org/ FTP by email - instructions ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email BugTraq Mailing List - Web Archive http://www.netspace.org/lsv-archive/bugtraq.html Words filtered by iFilter - Thanks to Danny Yee http://www.anatomy.usyd.edu.au/danny/freedom/censorware/ifilter.html Introduction Australia's citizens are about to be subject to content regulation on the Internet following the introduction of an amendment to existing legislation relating to broadcasting services. This legislation defines certain responsibilities for the ABA (Australian Broadcasting Authority), the OFLC (Office of Film and Literature Classification) and any company or individual providing public access to "Internet content". All rhetoric aside about "big brother" and how this legislation spells the end of free speech in this country, it is acknowledged by most if not all participants in the debate about this legislation that, for a number of reasons it will be very difficult if not impossible to effectively stem the tide of what the government calls "illegal and offensive material". This paper has one aim - to highlight the futility of attempting such content regulation by explicitly describing the legal means by which citizens can evade the provisions within the legislation. Warning I believe that all Australian laws should be in language understandable by ordinary Australians. This paper is my interpretation of the Broadcasting Services Amendment (Online Services) Act 1999 and should not be construed as anything more than this. Just as I believe what you view on the Internet should be your own responsibility, if you choose to follow any of my suggestions here, it's your sole responsibility to deal with any adverse or unforseen consequences of those actions. That said, if you disagree with anything I've said here, feel free to contact me. The means of evasion... I should point out that most of these means of evasion assume that the content you want to access is outside the country and therefore beyond the effective reach of the "take down notices" mentioned in the legislation. Use an alternate proxy network - connect to a different proxy server on a non-standard port Mask web content before entering the proxy network - change some words, change some server names Encrypt the content - they can't regulate what they can't read Encrypt web content before it enters the proxy network Use an encrypted VPN/tunnel for streaming content Distribute content by means of a "company" to your "employees" Offer on-demand, point-to-point email access to content Flood the ABA with legitimate, appropriate complaints Use a "recognised alternative access prevention arrangement" Mirror content so widely as to prevent effective enforcement of the legislation Use an alternate proxy network You should be able to access any content you wish by connecting to a proxy server network outside Australia either directly from your browser on a port other than 80, 3128 or 8080 (the most popular proxy server ports, and the ones most likely being transparently proxied) or using a Squid-like cache internal to your network that accesses a proxy hierarchy outside Australia on a port other than 3130 (the standard ICP port). This assumes that the government does not mandate the use of a packet level filter, regardless of how ineffective one might be at locating banned content in a stream of data passing through it and preventing access to it. If it were to do this, it would most likely be done using an industry standard able to be defined under Part 5 of the legislation. Transparent proxying, for those unsure of it's meaning, is the process of redirecting a users' outgoing web content request through a network switch capable of what's called layer 3 routing. Layer 3 routing enables the network switch to invisibly redirect the web content request away from the intended destination into a proxy server which then fetches the web content for you, assuming it's not been configured to block certain URLs or certain media types (mpg movies, for example). Mask web content before entering the proxy network Assume your ISP uses transparent proxying methods to pass all web content through a filter of some kind. What about masking the web content in some way at the server (aka "internet host") end such that when it passes unhindered through the proxy network, your computer can unmask the information, making it visible to you . A basic example of this, but one that only masks the URL you're trying to access is accessible here. The Youth Alliance against Internet Censorship offers information on software for your computer that can disable a proxy server here. Encrypt the content before it enters the proxy network Above, I mentioned the ability to mask content on the server side before it passes through the proxy network. The same concept can applied to any Internet content using encryption. This could be achieved using a traditional SSL-based transaction between a server and your own computer, by means of a PGP-based transaction with an appropriately configured server, or by using any other form of encryption that prevents decryption by anyone other than yourself. Use an encrypted VPN/tunnel for streaming content A VPN is a Virtual Private Network. It allows physically separate networks to operate in a homogenous fashion by encrypting packets at one particular "endpoint", tunnelling them (sending in a point-to-point fashion) across the internet, then decrypting them at some other "endpoint", protecting the information being passed between the two networks. A typical use of a VPN is by a company with offices in different cities or in different countries. VPN technologies are offered by a number of major networking vendors including Cisco, Bay Networks and Ascend, though usually with a fairly high price tag attached. At a more grass roots level, end users can download and use a product called SSH (Secure Shell) to give them secure network access to UNIX shells and set up encrypted tunnels between two hosts. For Linux users, the kernel comes with tunnelling code built-in and can be made secure with IPSEC patches available from the Netherlands. Distribute content by means of a "company" to your "employees" The legislation allows for information to be distributed to an end-user provided they are within your "immediate circle" and is described in Subclause 9(1-4): 9 Supply to the public (1) This clause sets out the circumstances in which an Internet carriage service is taken, for the purposes of subclause 8(1), to be supplied to the public. (2) If: (a) an Internet carriage service is used for the carriage of information between 2 end-users; and (b) each end-user is outside the immediate circle of the supplier of the service; the service is supplied to the public. Note: If a company makes Internet content available for access on the Internet, and an individual obtains access to the content using an Internet carriage service, the company and the individual are end-users in relation to the carriage of the content by the Internet carriage service. (3) If: (a) an Internet carriage service is used to supply point-to-multipoint services to end-users; and (b) at least one end-user is outside the immediate circle of the supplier of the service; the service is supplied to the public. (4) If: (a) an Internet carriage service is used to supply designated content services (other than point-to-multipoint services) to end-users; and (b) at least one end-user is outside the immediate circle of the supplier of the service; the service is supplied to the public. The thing to note here are the words "immediate circle". Jumping back up in the document to the definition, we note it refers to the Telecommunications Act of 1997. Jumping to the (rather long) definition in that legislation, we find that your "immediate circle" refers to employees if you are a company: Immediate circle SECT. (1) For the purposes of this Act, a person's "immediate circle" consists of the person, together with the following persons: (a) if the person is an individual--an employee of the individual; continued... In theory, using this aspect of the legislation, you could create a company and employ individuals interested in the banned content you have on offer. Far fetched, but apparently possible. The definition, interestingly, would also allow a University to offer banned content to it's employees and students. Offer on-demand, point-to-point email access to content In the early days of the commercial internet, before the invention of the World Wide Web, not everybody had access to the FTP sites that contained lots of information. The way most people got around this restriction/limitation was using a service called ftp-by-email. To use it, you'd send an email to a certain address containing a sequence of standard ftp commands, as follows: From: 2600 Webmaster (webmaster@2600.org.au) To: FTP-By-Email (ftpmail@ftp.sunet.se) open mirror.aarnet.edu.au cd pub/linux/kernel cd v2.2 binary get README quit Following the receipt of this email, any files you had requested with a "get" command would be emailed back to you. A rundown of how this (still) works can be found here. Now, referring to the legislation, we find the following definition of "Internet content": Internet content means information that: (a) is kept on a data storage device; and (b) is accessed, or available for access, using an Internet carriage service; but does not include: (c) ordinary electronic mail; or (d) information that is transmitted in the form of a broadcasting service. and of "ordinary electronic mail": ordinary electronic mail does not include a posting to a newsgroup. Are you thinking what I'm thinking? Assuming the content is not accessible to the public by any means other than point-to-point, user-requested email, you could be very well within the law to offer content that is otherwise banned in any other forum. Flood the ABA with legitimate, appropriate complaints I'll start describing this means of evasion by displaying Clause 26. Take particular note of Subclause 26(2b): 26 Investigation of complaints by the ABA (1) The ABA must investigate a complaint under Division 1. (2) However, the ABA need not investigate the complaint if: (a) the ABA is satisfied that the complaint is: (i) frivolous; or (ii) vexatious; or (iii) not made in good faith; or (b) the ABA has reason to believe that the complaint was made for the purpose, or for purposes that include the purpose, of frustrating or undermining the effective administration of this Schedule. (3) The ABA must notify the complainant of the results of such an investigation. (4) The ABA may terminate such an investigation if it is of the opinion that it does not have sufficient information to conclude the investigation. Okay, so they thought people might flood them with frivolous complaints... Fair enough. But isn't it the case that every site that is not investigated by the ABA remains unregulated and therefore free? I'm sure you can put two and two together on this one. Use a "recognised alternative access prevention arrangement" I'll start this one by displaying two rather lengthy but important subclauses of the legislation, both of which describe possible means to evade content regulation by installing (but presumably not using) one of the currently-available end-user filtering pieces of software. Firstly Subclause 40(4-7): 40 Action to be taken in relation to a complaint about prohibited content hosted outside Australia (1) - (3) Recognised alternative access-prevention arrangements (4) An Internet service provider is not required to comply with a standard access-prevention notice in relation to a particular end-user if access by the end-user is subject to a recognised alternative access-prevention arrangement(as defined by subclause (5)) that is applicable to the end-user. (5) The ABA may, by written instrument, declare that a specified arrangement is a recognised alternative access-prevention arrangement for the purposes of the application of this Division to one or more specified end-users if the ABA is satisfied that the arrangement is likely to provide a reasonably effective means of preventing access by those end-users to prohibited content and potential prohibited content. Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901. (6) The following are examples of arrangements that could be declared to be recognised alternative access-prevention arrangements under subclause (5): (a) an arrangement that involves the use of regularly updated Internet content filtering software; (b) an arrangement that involves the use of a "family-friendly" filtered Internet carriage service. (7) An instrument under subclause (5) is a disallowable instrument for the purposes of section 46A of the Acts Interpretation Act 1901 and Subclause 60(3-8): 60 Matters that must be dealt with by industry codes and industry standards (1) - (2) Designated alternative access-prevention arrangements (3) An industry code or an industry standard may provide that an Internet service provider is not required to deal with Internet content notified under paragraph 40(1)(b) of this Schedule or clause 46 by taking steps to prevent particular end-users from accessing the content if access by the end-users is subject to an arrangement that is declared by the code or standard to be a designated alternative access-prevention arrangement for the purposes of the application of this clause to those end-users. (4) An industry code developed by a body or association must not declare that a specified arrangement is a designated alternative access-prevention arrangement for the purposes of the application of this clause to one or more specified end-users unless the body or association is satisfied that the arrangement is likely to provide a reasonably effective means of preventing access by those end-users to prohibited content and potential prohibited content. Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901. (5) An industry standard made by the ABA must not declare that a specified arrangement is a designated alternative access-prevention arrangement for the purposes of the application of this clause to one or more specified end-users unless the ABA is satisfied that the arrangement is likely to provide a reasonably effective means of preventing access by those end-users to prohibited content and potential prohibited content. Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901. (6) The following are examples of arrangements that could be declared to be designated alternative access-prevention arrangements: (a) an arrangement that involves the use of regularly updated Internet content filtering software; (b) an arrangement that involves the use of a "family-friendly" filtered Internet carriage service. (7) For the purposes of this Schedule, if an industry code: (a) deals to any extent with procedures to be followed by Internet service providers in dealing with Internet content notified under paragraph 40(1)(b) of this Schedule or clause 46; and (b) makes provision as mentioned in subclause (3); then: (c) the code is taken to deal with the matter set out in paragraph (2)(d); and (d) the code is taken to be consistent with subclause (2). (8) For the purposes of this Schedule, if an industry standard: (a) deals to any extent with procedures to be followed by Internet service providers in dealing with Internet content notified under paragraph 40(1)(b) of this Schedule or clause 46; and (b) makes provision as mentioned in subclause (3); then: (c) the standard is taken to deal with the matter set out in paragraph (2)(d); and (d) the standard is taken to be consistent with subclause (2). Now, if you've made it through all of that, you'll note a single key thing - that subject to appropriate industry codes and standards, it may be possible to have an unfiltered internet feed delivered to you if you have an end-user filtering system installed on your computer. The means of evasion here? Turn the filter off. Not exactly rocket science, is it? Mirror content so widely as to prevent effective enforcement of the legislation As with the two previous means of evasion, I will begin by displaying several pieces of the legislation. First up is Clause 36: 36 Anti-avoidance-special take-down notices If: (a) an interim take-down notice or a final take-down notice relating to particular Internet content is applicable to a particular Internet content host; and (b) the ABA is satisfied that the Internet content host is hosting in Australia, or is proposing to host in Australia, Internet content (the similar Internet content) that is the same as, or substantially similar to, the Internet content identified in the interim take-down notice or the final take-down notice, as the case may be; and (c) the ABA is satisfied that the similar Internet content is prohibited content or potential prohibited content; the ABA may give the Internet content host a written notice (a special take-down notice) directing the host not to host the similar Internet content at any time when the interim take-down notice or final take-down notice, as the case may be, is in force. Clause 36 appears to apply to mirrored information or, quite possibly, a website consisting of different layout/text but identical images. I'll now move onto Clauses 46 and 47: 46 Anti-avoidance-notified Internet content (1) If: (a) particular Internet content has been notified to Internet service providers as mentioned in Paragraph 40(1)(b) of this Schedule; and (b) the notification has not been withdrawn; and (c) the ABA is satisfied that Internet content (the similar Internet content) that is the same as, or substantially similar to, the first-mentioned Internet content is being hosted outside Australia; and (d) the ABA is satisfied that the similar Internet content is prohibited content or potential prohibited content; and (e) a code registered, or standard determined, under Part 5 of this Schedule deals with the matters referred to in subclause 60(2); the ABA must notify the similar Internet content to Internet service providers under the designated notification scheme set out in the code or standard, as the case may be. (2) If: (a) particular Internet content is notified to Internet service providers as mentioned in Paragraph 40(1)(b) of this Schedule; and (b) as a result of the application of subclause (1) to that content, the ABA notifies similar Internet content to Internet service providers in accordance with subclause (1); and (c) the notification of the first-mentioned content is withdrawn; the notification of the similar Internet content is taken to have been withdrawn. (3) If: (a) a notification of Internet content is withdrawn under subclause (2); and (b) a code registered, or standard determined, under Part 5 of this Schedule deals with the matters referred to in subclause 60(2); the ABA must notify the withdrawal to Internet service providers under the designated notification scheme set out in the code or standard, as the case may be. 47 Anti-avoidance-special access-prevention notice (1) If: (a) a standard access-prevention notice relating to particular Internet content is applicable to a particular Internet service provider; and (b) the ABA is satisfied that the Internet service provider is supplying an Internet carriage service that enables end-users to access Internet content (the similar Internet content) that is the same as, or substantially similar to, the Internet content identified in the standard-access prevention notice; and (c) the ABA is satisfied that the similar Internet content is prohibited content or potential prohibited content; the ABA may give the provider a written notice (special access-prevention notice) directing the provider to take all reasonable steps to prevent end-users from accessing the similar Internet content at any time when the standard access-prevention notice is in force. Note: The ABA may be taken to have given a notice under this clause-see clause 51. (2) For the purposes of subclause (1), in determining whether particular steps are reasonable, regard must be had to: (a) the technical and commercial feasibility of taking the steps; and (b) the matters set out in subsection 4(3). (3) Subclause (2) does not, by implication, limit the matters to which regard must be had. recognised alternative access-prevention arrangements (4) An Internet service provider is not required to comply with a special access-prevention notice in relation to a particular end-user if access by the end-user is subject to a recognised alternative access-prevention arrangement (as defined by subclause 40(5)) that is applicable to the end-user. The means of avoidance here would be purely and simply mirroring content so widely and in so many derivative (and possibly dissimilar) forms that even the process of generating take-down notices and notifying internet services providers would bog down the ABA and the OFLC. Commentary The intent of this legislation, as stated by the government, was to prevent children accessing "illegal and offensive" material on the Internet. More specifically, they made reference in various forums to pornographic material. My concern is not that responsible adults will be prevented from accessing this material, but that the legislation does not explicitly define what else might be regulated on the whim of a misguided Government minister or influential moral crusader within the ranks of the ABA or OFLC. One example of what might be banned is the BugTraq mailing list. This list contains "full disclosure" discussions of computer software bugs, including in some cases explicit instructions on how to break into computers. What might be easily overlooked in any such government review of this material is the fact that in most cases, such information is accompanied by further instructions on how to secure any vulnerable computers. Another oft-quoted example of how an overzealous filter might exclude important content is in the area of health. Breast cancer. Sexually-transmitted diseases. Contraception. If it's got any of the words filtered by Senator Alston's favoured filtering solution, iFilter (a number of them listed here), chances are your friendly neighbourhood ISP will be told to ban it long before you see it. Conclusion As you can see, there's a number of loopholes in the legislation that our government has pushed through parliament, and most of them allow a mildly intelligent citizen to quite legally evade any form of content regulation. Far from suggesting that this legislation should be heavier-handed than it already is in restricting people from accessing the information they want, I am suggesting that it should have been thrown out by the Paliament on the basis that it is fundamentally flawed and unenforceable. Instead, and without fear tactics or moralist rhetoric, the Government could have instituted a public education campaign informing parents about the need to restrict unsupervised/unfiltered access to the Internet with young children (5-13) and begin a dialogue about personal responsibility and self moderation with older ones (13 and up). As a young person that has grown up in the midst of computers and communication technologies, I believe this would have achieved a much more productive outcome. Feedback Given that this is a layperson's analysis of the legislation, I invite any and all comment from similarly concerned citizens, and in particular citizens familiar with legal matters that may be able to provide further insight. Please feel free to make comments to webmaster@2600.org.au. @HWA 08.0 Can the CIA break into banks? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Can CIA Break Into Banks? contributed by Weld Pond Last week Newsweek reported that the CIA was planning to electronically break into unnamed banks to get at Slobodan Milosevic's money. How realistic is this? Is it possible and if so what are the international implications? MSNBC takes a look at these questions and more. MSNBC http://www.msnbc.com:80/news/274526.asp Newsweek http://www.newsweek.com/nw-srv/printed/us/in/in0922_1.htm MSNBC; Experts argue plan to raid Milosevic’s bank accounts would do more harm than good By Bob Sullivan MSNBC May 28 — It sounded like a Tom Clancy spy novel. Newsweek reported last week that the CIA was planning to tinker with international bank accounts full of Slobodan Milosevic’s money — just another way of getting under the Yugoslav president’s skin. Information warfare experts disagree about the feasibility of such a cyberattack. But there’s little disagreement the U.S. stands to lose much more than it might gain from firing the first volley in such an infomation war. In fact, some believe damage has already been done. THE NEWSWEEK STORY RAISED several issues: What international laws would govern a U.S.-backed attack on a bank in a third-party nation? Is such an attack feasible in the first place? What kind of retaliation might U.S. citizens, and their bank accounts, face? But most important, what does even the possibility of such an attack do to the integrity of international banking systems? The story on the cyberattack — fact, fiction or somewhere in between — could already have put the U.S. at risk, said Kawika Daguio, executive vice president of the Financial Information Protection Association. Banking systems hinge on public confidence. You put the money in; you’re confident you’ll be able to take the money out. If there’s any hint you might not be able to get at your money, you’d withdraw it. Any attack on the integrity of a banking system anywhere — particularly when retaliation seems like such an obvious possibility — chips away at public confidence. “It bothers me because we have had conversations with the defense and intelligence community. We thought this was off the table,” Daguio said. “We’ve had discussions with rather senior policy-makers. We thought they understood the importance of protecting public confidence in the payment system.” But retaliation by foreign agents might be just one source of insecurity for U.S. account holders. There’s another: If the government can and is willing to tinker with foreign accounts, what will stop it from tinkering with mine? Could U.S. agents hijack Milosevic’s money, allegedly stashed away in foreign banks? Yes and no. Experts agree that the CIA has had the know-how to control bank accounts for years, through old-fashioned non-cyber methods, such as coercing bank authorities, or even through legal methods such as freezing accounts. On the other hand, it’s not easy when the target knowns what’s coming. According to MSNBC analyst Bill Arkin, the international community, including UNSCOM, is still trying to get its hands on Saddam Hussein’s assets. And such real-world tactics are a far cry from the cyberwar image of a few CIA hackers sitting at a keyboard moving around money thanks to an Internet connection and some wits. There’s disagreement about how possible that might be. “The audits we have performed tell us [banks] are not invulnerable,” says a security expert identifying himself as Space Rogue. Rogue works at L0pht Heavy Industries, which hires out to hack corporate computer systems to test their vulnerability. “Banks have a little more security in place, but that security is still not at a level where it’s unbreakable.” While money systems aren’t connected to the public Internet, “sometimes they have a modem dangling off for remote access, or they use cryptography, but not correctly,” he said. Others suggest cracking a bank that holds Milosevic money — outside the more traditional methods — is nearly impossible. “I deal in probabilities, and I’ve never seen it,” said a man identifying himself as Louis Cipher, a principal investor in Infowar.com. Cipher is also in charge of security at what he says is the “sixth-largest brokerage in America.” He suggested very few individuals have the skills necessary to “tunnel” from an Internet connection through mainframe systems in banks — in fact, a team of specialists and inside information would be required. “You’d have to be an applications specialist to even navigate to a screen,” he said. “You’re talking well beyond the skills of hackers. It would have to be an insider working with Job Control Language sitting on the mainframe. The only one who would have that ability other than the U.S. government would be organized crime.” And Cipher is skeptical about the U.S. government’s ability to hire and hold the brightest minds in the security industry — since no government agency can match the lure of stock options offered by a high-tech firm. Still, even the possibility of the U.S. using a wired computer to move Milosevic’s money drew swift reaction from information warfare observers. Even hacker groups protested the notion, with a hacker calling himself “sixtoed” setting up a Web page in protest. The reason: Since the U.S. relies more on technology and information than any other nation, it stands to lose the most from such a cyberwar. “I am not one for an information arms race,” said Frank Cilluffo, senior analyst at the Center for Strategic and International Studies in Washington. “We will lose that race.... We’re a hell of a lot more susceptible to retaliation. The defensive implications outweigh the offensive implications.” Anyone can build up an information warfare capability, Cilluffo said. And it’s much more like guerrilla war than nuclear war — it’s easy for the enemy to hide, and there’s no real deterrent. Therefore, retaliation could be swift and indiscriminate. In addition, there is a general principle among security experts suggesting once a system’s security is compromised, it’s much easier to compromise a second time. So the U.S. could very well be paving the way for retribution. WHY NO DENIALS? Fear of such retaliation attempts, or even the perception of such retaliation attempts, drove Daguio to start calling his friends on the intelligence community to complain as soon as the Newsweek story hit. He has yet to receive the reassurance he was hoping for. “If it’s true or it’s just leaks, it’s bad to have the story out there,” Daguio said. “I have yet to have anyone tell me ‘Don’t worry, everything’s OK.’ ... If they haven’t done anything, the most appropriate thing to do is to come out and say they’re not doing it.” The CIA isn’t doing that; a spokesperson told MSNBC the agency couldn’t comment on its activities, but one source familiar with U.S. intelligence capabilities tells MSNBC to be “very skeptical” of the Newsweek story. Meanwhile, opening the Pandora’s box of cyberwar would lead to a series of yet-to-be answered questions. International law isn’t ready to handle such conflicts, says Cilluffo — so if the U.S. broke into a bank in Cyprus, what laws would govern that act? And could the compromised bank sue the U.S. government? “What are the rules of engagement here?” Cilluffo asked. “What is game, what is not game? This may be a harbinger of how we prosecute and wage war in the future.” @HWA 09.0 Emmanuel Goldstein Interview ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HN