[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 22 Volume 1 1999 June 26th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://packetstorm.harvard.edu/hwahaxornews/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Note: * * This issue covers events from June 6th thru June 26th so don't be too * rough on me, I know this is a weekly production but I had to do 3 wks * in only a few days so forgive some of the bad formatting. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #22 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #22 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. AntiOnline crosses the line...................................... 03.1 .. More Questions Raised about John Vranesevich and AntiOnline ..... 04.0 .. The Difficulties of Reporting the Underground.................... 05.0 .. Mitnick Demonstrations Deemed a Huge Success .................... 06.0 .. New Trojan/Virus, PrettyPark .................................... 06.1 .. The rampage continues ........................................... 07.0 .. Eight Arrested in California (Piracy)............................ 08.0 .. 278 Internet Cafes Disciplined .................................. 09.0 .. Forbidden Knowledge Issue #5 .................................... 10.0 .. f41th Issue 6 ................................................... 11.0 .. Antidote Vol2 Issue 7 ........................................... 12.0 .. Will the Allies Drop CyberBombs on Milosevic? ................... 13.0 .. Melissa Suspect Still not Charged ............................... 14.0 ..*ToorCon '99 Security Expo --------- DATE CHANGED! -----------.... 15.0 .. ISS Gets Free Advertising ....................................... 16.0 .. Accounting Firms also get Free Advertising ...................... 17.0 .. Analyzer Starts Computer Security Business ...................... 18.0 .. $2.9Bil in Piracy in The US...................................... 19.0 .. Congress and NSA tangle over Echelon............................. 20.0 .. Emutronix Phone Hacking Products releases new Mach emulator...... 21.0 .. Is That Spelled With a "PH" or an "F" ........................... 22.0 .. The Demonizing of the Hacker .................................... 23.0 .. More Email Worms/Trojan ......................................... 24.0 .. Stanford Searches for "Hacker" .................................. 25.0 .. Mitnick Demo Pictures now Available.............................. 26.0 .. Does Cracking Affect Consumer Confidence? ....................... 27.0 .. Worm.ExploreZip is Causing Massive Damage ....................... 28.0 .. Don't Forget About BackDoor-G, it is Still Around ............... 29.0 .. MS Antritrust Trial Looks at Security ........................... 30.0 .. Web Defacements Hindering Open Government ....................... 31.0 .. Worm.ExploreZip Continues its Rampage ........................... 32.0 .. Senate web site hacked again(!).................................. 33.0 .. Mitnick Sentencing Hearing Rescheduled .......................... 34.0 .. Russia Looks to Beef Up its Version of Echelon................... 35.0 .. Company Claims CyberAttack by Competitor ........................ 36.0 .. LA set to Allow Internet Voting ................................. 37.0 .. CCC Camp Shapes Up .............................................. 38.0 .. Hong Kong Makes Major Piracy Bust ............................... 39.0 .. Ernst & Young Profile ........................................... 40.0 .. What is Your Privacy Worth? ..................................... 41.0 .. BSA Tactics Condemned by UK ..................................... 42.0 .. US Allows 128bit SSL Into Japan ................................. 43.0 .. Terroist About to Cause Electronic Chaos ........................ 44.0 .. Major Remote Hole Found in IIS .................................. 45.0 .. Outlook Express 4.5 Email Bug ................................... 46.0 .. Major Pirates Convicted ......................................... 47.0 .. Fear of Y2K Raises Security Concerns ............................ 48.0 .. Israeli Banks Thwart Attempted Cyber Break-In ................... 49.0 .. Navy Wants Tighter Network Security ............................. 50.0 .. IIS Hole Continues to Make News/Fix Available ................... 51.0 .. World Braces for International Day of Action .................... 52.0 .. ECD Targets Mexican Government .................................. 53.0 .. Cyber Attacks in Australia Double ............................... 54.0 .. SmartCards Next Stop for Internet Crime ......................... 55.0 .. Internet Was Designed without Security .......................... 56.0 .. Original Apple I On the Auction Block ........................... 57.0 .. Microsoft Calls eEye Irresponsible .............................. 58.0 .. Has the FBI Overreacted? ....................................... 59.0 .. Printer at Spa War Compromised ................................. 60.0 .. Popular Singapore Sites Defaced ................................. 61.0 .. DOD Says its CRAP! (Mustn't be Scottish) ........................ 62.0 .. DOE Still Unsecure ............................................. 63.0 .. Terrorists Use the Net ......................................... 64.0 .. Beat the CIA at their own game? - crypto sculpture cracking ..... 65.0 .. Pirates of Silicon Valley ....................................... 66.0 .. .mil hacker cartoon ............................................. 67.0 .. If Software Breaks Who is Liable? . ............................. 68.0 .. Trinux Release 0.61 ............................................ 69.0 .. Australia Looks to Increase Local Police Powers ................ 70.0 .. Aussie Gov Downloads Porn ...................................... 71.0 .. Software Glitch or Security Breach ............................. 72.0 .. Viruses Cost Companies Big Dough ............................... 73.0 .. B4B0 Issue 8 Released. ......................................... 74.0 .. f41th Issue 7 .................................................. 75.0 .. DOD Considers New Network ...................................... 76.0 .. NCIS Calls For National Computer Crime Squad ................... 77.0 .. !Hispahack Found Not Guilty .................................... 78.0 .. asahi.com Defaced ............................................... 79.0 .. NSTAC Releases Reports ......................................... 80.0 .. FBI This Week .................................................. 81.0 .. Cartoon Hackers?? (From HNN rumours section) .................... 82.0 .. Nuke Labs Stand Down ........................................... 83.0 .. X-Force Down Under is Hiring ................................... 84.0 .. More Canadian RedBoxing from HackCanada with the RIO ............ 85.0 .. SecureMac is Now Open .......................................... 86.0 .. Microsoft Demands Privacy ...................................... 87.0 .. Pentium III has 46 Bugs ........................................ 88.0 .. 'War' Against FBI Continues .................................... 89.0 .. Singapore Officials Arrest Two ................................. 90.0 .. GSA Looking for IDS ............................................ 91.0 ..+Theres Money in them thar videos! (DEFCON WEBCAST) .............. 92.0 .. Kasparov Defaced? .............................................. 93.0 .. Russ Cooper Interview .......................................... 94.0 .. Thanks-CGI Defaced With Its Own Script ......................... 95.0 .. *ToorCon Date Changes --------- DATE CHANGE! ----------......... 96.0 .. Gov Vulnerable Due to Lack of Training ......................... 97.0 .. Need skewled in juarez?: Teeside University Offers Degree in Warez 98.0 ..+FREE DefCon WebCasts ........................................... 99.0 .. Old Modem Flaw Still Haunts Users ............................... (... some modem users may be disconnected at the end of this ezine ;) 100.0 .. Another government server cracked today ......................... 101.0 .. MailMan.cookie attack ........................................... 102.0 .. misfrag.c nasty piece of code from P.A.T.C.H .................... 103.0 .. Double-byte code vulnerability, MS Security Bulletin ............ 104.0 .. 50 Ways to defeat your IDS....................................... 105.0 .. 50 reasons IDS systems work by Ron Gula.......................... 106.0 .. June 15th: Bruce Schneier's Cryptogram........................... 107.0 .. pop.c pop-2, remote exploit by smiler............................ 108.0 .. afio: security hole in 'afio -P pgp' encrypted archives.......... 109.0 .. C-Mail SMTP Server Remote Buffer Overflow Exploit................ 110.0 .. CIAC Bulletin J-044: Tru64/Digital UNIX (dtlogin) Security Vulnerability 111.0 .. The IIS4 eEye security advisory and threads as mentioned previously 112.0 .. BO server flooder sends random spoofed udp's to the attacker...... 113.0 .. frootcake.c revisited............................................. 114.0 .. gin.c spoofs packets containing + + + ATH0 which causes some modems to hang up 115.0 .. IIS Remote Exploit (injection code)............................... 116.0 .. ActiveX security revisited........................................ 117.0 .. denial of service attack against NT PDC from Win95 workstation.... 118.0 .. Microsoft win2k PASV vulnerability................................ 119.0 .. useradd -p stores cleartext passwords / shadow-980724............. 120.0 .. UID 65536 and shadow-19990307 root compromise..................... 121.0 .. big brother in your cc(!) ........................................ 122.0 .. TCP MD5 option problem (router DoS)............................... 123.0 .. tcpdump 3.4 bug? (DoS)........................................... 124.0 .. [ISN] A mouse that roars? ........................................ 125.0 .. [ISN] Product Review: NOVaSTOR DataSAFE........................... 126.0 .. [ISN] Technology a threat to right of privacy Silicon Valley...... =--------------------------------------------------------------------------= RUMOURS .Rumours from around and about, mainly HNN stuff (not hacked websites) AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: Aug19th-22nd Niagara Falls... ................. HA.HA .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ ...............http://www.l0pht.com/ NewsTrolls .......................http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://axon.jccc.net/hir/ Hackers Information Report Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia Qubik ............................: United Kingdom system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Kevin Mitnick (watch yer back) Dicentra vexxation sAs72 Spikeman Astral p0lix Vexx g0at security Ken pr0xy Astral and the #innerpulse, crew (innerpulse is back!) and some inhabitants of #leetchans .... although I use the term 'leet loosely these days, ;) kewl sites: + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ PacketStorm Security's site has MOVED, update your links to http://packetstorm.harvard.edu/ ++ Spikeman's DoS site is no more, it has been removed from the Genocide2600 servers, there are no immediate plans to revive the site but Spike says he hasn't ruled out the possibility completely and has had an offer to host the site from another provider. Mucho thanks to Spikeman for directing his efforts to our cause of bringing you the news we want to read about in a timely manner ... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================================ Delivered-To: dok-cruciphux@dok.org Received: (qmail 11079 invoked from network); 14 Jun 1999 03:48:22 -0000 Received: from md.egroups.com (207.138.41.139) by physical.graffiti.datacrest.com with SMTP; 14 Jun 1999 03:48:22 -0000 Received: from [10.1.1.23] by md.egroups.com with NNFMP; 14 Jun 1999 04:48:18 -0000 Mailing-List: contact a-s_mag-owner@egroups.com X-Mailing-List: a-s_mag@egroups.com X-URL: http://www.egroups.com/list/a-s_mag/ Delivered-To: listsaver-egroups-a-s_mag@egroups.com Received: (qmail 3968 invoked by uid 7770); 14 Jun 1999 03:43:43 -0000 Received: from ah-img-2.compuserve.com (HELO hpamgaab.compuserve.com) (149.174.217.153) by vault.egroups.com with SMTP; 14 Jun 1999 03:43:43 -0000 Received: (from mailgate@localhost) by hpamgaab.compuserve.com (8.8.8/8.8.8/HP-1.5) id XAA29122 for a-s_mag@egroups.com; Sun, 13 Jun 1999 23:43:42 -0400 (EDT) Date: Sun, 13 Jun 1999 23:43:11 -0400 From: "Armageddon." Sender: "Armageddon." To: A-S subscribers Message-ID: <199906132343_MC2-793F-3C4B@compuserve.com> MIME-Version: 1.0 Content-Disposition: inline Subject: [a-s_mag] Important : A-S Meet-up date. Content-Type: text/plain; charset=ISO-8859-1 Hi, There has been a change to the date of the A-S meet-up, as you probablly read in A-S14 we said the date would be the 24th of July. This has had to be changed as its be discovered that its not actually going to clash with Compulsion as we planned. The new date is : 31st of July. I'll be re-uploading A-S14 correcting this in the magazine to soften the blow of readers who have the wrong date. Those who contacted us via email will all be contacted with the new details and posts will go out on the news groups and in as many other magazines that we know have readers who planned to attend as we can possibly get to. Sorry if this date change causes you problems, on the bright side however I can confirm that after the first A-S Meet-up we plan to hold one every month there after on the last Saturday of each month. In A-S15 we'll publish literally ALL the details we can find that you might need to know for the meet-up, including a selection of venues for accommodation and all their contact details. Cheers -Armageddon Editor of A-S Mag / HNC. http://www.antisocial.cjb.net http://www.hack-net.com ------------------------------------------------------------------------ Make the News Come to you! FREE email newsletters sent directly to your in-box USAToday, Forbes, Wired, and more. Sign-up NOW! http://clickhere.egroups.com/click/316 eGroups.com home: http://www.egroups.com/group/a-s_mag http://www.egroups.com - Simplifying group communications @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /*Well several problems kept me from producing the newsletter for the last couple if *weeks so this is a 'make-up' release covering June 6th-26th 1999. Some areas may *have been glossed over in order to keep the issue down in size,we'll be back to *"normal" (whatever that is) next week... meanwhile have fun. * *Issue #22 June6th-26th * *BTW The reason ZDNet articles are not reprinted here is because they are using some *funky method to defeat cutting and pasting of their text using framesets and shit if *anyone knows a way to grab the text (source doesn't work either for some sites) let *me know and i'll be most thankful... Cruci. * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 03.0 AntiOnline Crosses the Line ~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by whoever After garnering intense media coverage (CNN, C|NET, WIRED, etc.) over his extremely early reporting of the MOD and gH attacks, John Vranesevich of AntiOnline has used that spotlight to further his own agenda. Now he has admitted to nurturing a hatred of hacking and the underground as a whole and at the same time aiding and abetting criminal acts, "Many times, I knew about these instances before hand, and could have stopped them." AntiOnline Statement A Change In Our Mission An AntiOnline Editorial Friday , June 04 1999 In the past, a hacker was an individual who literally had to spend years to learn the inner workings of computer technology, programming, and hardware. Only then could he begin to explore possible vulnerabilities, and develop, for himself, ways to exploit those vulnerabilities, and more importantly, ways to patch them. Through out these years of learning, the hacker would develop a certain respect for the technology that he was studying, and a certain level of maturity would inherently develop as well. Now, in present day society, with point and click utilities abound, a younger, less mature, less knowledgeable, and less respectful, generation of "hackers" have come to life. That's a quote from an editorial that I wrote in September of last year. Now, only 7 months later, we've seen things get even worse. When I started AntiOnline 5 years ago, it was a way for me to share with others the fascinating things that I myself was learning. The wonders of technology, how it could be used as a tool, how it could be used as an incredible way to learn, meet new people, and indeed, make the world a smaller and more understanding place. Since then, AntiOnline has grown to levels I never dreamed possible. I'm fortunate enough to be working full time on the site, I have my own office, equipment, and T1 line. The resources I have at my disposal are still small and modest, but I've come a long way from where I was a year ago, running AntiOnline out of my parent's living room. Unfortunately, I've found myself looking in the mirror with disgust these past few months. Looking back, I've seen myself talking with people who have broken into hundreds of governmental servers, stolen sensitive data from military sites, broken into atomic research centers, and yes, people who have even attempted to sell data to individuals that presented themselves as being foreign terrorists. I've seen people change the medical records of individuals in our armed services, and delete the work of tens of thousands of people that resided on large ISPs. Many times, I knew about these instances before hand, and could have stopped them. I felt at the time, that I was serving a larger good by simply writing up information that I knew about these instances, and posting them on AntiOnline for the world to read about. I felt that the incidents would be learning experiences, and that they would help technology to evolve, even if it was only in some small way. To me, the important thing was not telling the world the "who", but the "why" and the "how". I tried to stand in an invisible realm between the hacker culture, and main stream society. A realm which I now see does not exist. Looking back, I see those years as being not beneficial to anyone but myself. Those years acted as an educational experience for me. A time for me to learn about the "mechanics of the gun", but more importantly, a time for me to learn about the "people that pull the trigger". In the past 7 months, I have seen things go from bad to worse. Incidents are becoming more frequent and more serious. To some degree, things are in a state of anarchy. I now feel that I am in a position to help serve, even if in some very small way, the better good. A little note to the Federal and Military Authorities that read this site: I feel that I have been lax in my duties as a citizen to some degree. But, little known to the rest of the world, I have been working behind the scenes to change that. For the past few months, we've been working with an Air Force contractor to help them develop the "profile of a hacker". AntiOnline, as an organization, plans on taking that to an even higher level as the months progress. Several of you have already signed up for access to our knowledge base, including individuals from: The US Congress, The DISA, The Air Force, The Navy, and several police and computer forensics organizations. You will be given access information within the next week. A note to these organizations as a whole. I know that often times my exact position and role has been confusing. Let it be confusing no more. I hope that over the next few months, the level of trust between my organization and yours can continue to grow, and I hope that AntiOnline becomes a valuable tool in the fight against "CyberCrime". Now, a little note to the thousands of hackers that read this site: You yell and scream about freedom of speech, yet you destroy sites which have information that disagree with your own opinions. You yell and scream about privacy, yet you install trojans into other's systems, and read their personal e-mail and files. You truly are hypocrites. All of these grand manifestos that you develop are little more than excuses that you make up to justify your actions to yourself. Actions which you know are wrong. Actions which do not serve anyones interests but your own. Let me just say, that you've had free reign over things this past year or so. I know that some of you are playing what you feel is a game. A game that you think you are winning. Some of you sit back and laugh at organizations like the FBI. You make sure that you provide enough information to make it obvious who you are, yet are careful not to provide enough information to actually have it proven. I have been watching you these past 5 years. I know how you do the things you do, why you do the things you do, and I know who you are. Yours In CyberSpace, John Vranesevich Founder, AntiOnline As a side note, AntiOnline will be taking no press inquiries into this matter. Questions regarding this change in policy will not be answered by phone. Send all questions or comments to jp@antionline.com -=- A special report has now been released that details the close ties that John Vranesevich of AntiOnline has with the evil doers of the underground. This report claims that John Vranesevich actually paid individuals who later broke into web sites and then gave him 'exclusive' reports. This report is highly suggested reading for any journalist or reporter who has ever questioned Mr. Vranesevich about anything. It is also suggested that 'customers' of the AntiOnline Knowledge Base read this report and be familiar as to the type of person that is supplying this information. And finally any law enforcement officer who is investigating the whitehouse.gov or any other MOD cracks should absolutely read this report. AntiOnline Crosses the Line http://www.attrition.org/negation/special/ (Go here for full links and info) AntiOnline crosses the Line 6.7.99 INTRO: John Vranesevich is the founder of AntiOnline [www.antionline.com]. During the past five years, AO has grown from a five megabyte hobby web site, into a multi domain business venture with hundreds of thousands of dollars in venture capital. AntiOnline now claims to be the number one security resource on Internet. Despite this growth and development, AntiOnline has been under continual fire from critics and friends alike. Serious questions have been raised to the methods of reporting, staff background, journalistic integrity and business practice. Since AntiOnline has become a commercial entity (02-22-99), the site has released 67 pieces (some news articles, some 'specials'). Of these, 12 have been found to contain serious errata. So of the 'reporting' that AntiOnline has conducted, close to 20% has been inaccurate. Recently, information has come to light that suggests a far more serious agenda exists at AntiOnline. In the past, AntiOnline had two incidents that brought them into the spotlight, and put them on a journalistic pedestal so to speak. The first was centered around two teenagers in Cloverdale CA, and one adult in Israel that was known as "Analyzer". AntiOnline got the scoop that these three (and others) were responsible for compromising hundreds of military and government servers. Through repeated interviews and communication, AntiOnline managed to hype up these attacks which lead to them being described as "the most organized and systematic attack the Pentagon has seen to date." A short while later, it was discovered that this threat was nothing more than a group of mostly teenagers breaking into low security machines.(1) The second spotlight shone on AntiOnline after several exclusive stories and interviews with a group calling themselves "The Masters of Downloading". AntiOnline reported that the members of this group were responsible for compromising hundreds of "high security" Department of Defense computer systems, and stealing files they said were "obtained from the classified Defense Information System Network." Interviews between AntiOnline and the cracker said "I think international terrorist groups would be interested in the data we could gain access to.." Media outlets such as ZDNet unknowingly drew comparisons in the two stories. ZDnet said in one article(2) "The alleged hack - which follows a highly publicized attack on Pentagon computers by an Israeli hacker known as the "Analyzer" and his associates -- would be a major escalation of "informational warfare" on government computers." From all appearances, AntiOnline was single handedly responsible for a significant amount of the media sensationalism. Not only had AntiOnline driven the media hype behind the stories, they put various government and DOD organizations on full alert preparing for the fallout these attacks would cause. There is new information coming to light suggests that AntiOnline had a more integral part in the generation of their news. That the typical journalist/contact relationship did not exist, and in fact, AntiOnline may have been responsible for creating some of the news to report on. With these recent allegations coming to light, the ATTRITION staff and several associates set out to find out the details and foundations of the assertions. OUR GOAL: To prove Masters of Downloading (MOD, headed by a hacker named so1o) was paid by John Vranesevich/AntiOnline to hack www.senate.gov or another high profile site in order for AntiOnline to break major news. To further establish that AntiOnline employs active and potentially malicious hackers. REQUIREMENT: To prove this, we must first prove several points. allegation evidence ---------- -------- so1o is on Antionline payroll proof.1 (Email) so1o == Chris McNab proof.2 (Email) so1o is an MOD member proof.3 (Comparison of MOD/CZ hacks) proof.5 (IRC chat with so1o) AO reported on it first proof.4 (AntiOnline reports) ADDITIONAL: On June 3rd, 1999, John Vranesevich released an editorial titled "State of the Union". This piece calls into question the true relationship between Mr. Vranesevich and Chris McNab (a.k.a. so1o). The relevant text and concern it raises, coupled with the time of this editorial and subsequent information presents a more damning argument. On June 4th, 1999, John Vranesevich released a more dramatic and disturbing editorial titled A Change in Our Mission. To most of his readers, this was no doubt surprising, but expected. For a smaller group of us, the timing of this article suggests much more. On the afternoon of June 3rd, an individual questioned Mr. Vranesevich about his ties to so1o. When challenged, Vranesevich begins to deny his involvement with McNab. This denial comes after mail explicitly stating he WAS funding McNab, and after working with McNab on an AntiOnline "exclusive" on the MOD hacks. The following log and comments illustrate the denial and further backs our goal. CONCLUSION: One would hope that high ethical standards are above the law and are in effect with ANY media outlet. It seems that isn't true. Not only has AntiOnline descended into the realm of unethical journalism and business practice, they have done it while thumbing their nose at the Internet. As if they can commit these practices with impunity, John Vranesevich taunts "Well, it would take a lot more than an act of congress to get AntiOnline shut down =) I could always ship the site off to England ;-) That's another good thing about the Internet. The laws of one land don't hold true in them all ;-)". This was written as a reply to one comment in the AntiOnline mailbag on 7-13-98. As if this is not bad enough, Vranesevich has recently gone on to admit to some of his deeds. In a "change of mission statement" released on 6.4.99, he goes on to say "Many times, I knew about these instances before hand, and could have stopped them." The information presented above is more than adequate proof that John Vranesevich is funding an active hacker to break into high profile sites. The motivation for this is to increase the awareness and therefore the profitability of his web site AntiOnline. He pays people to break into sites in order to report on it as an 'exclusive'. Folks.. 1 + 1 still = 2. Direct comments or questions to: staff (staff@attrition.org) * Any instance of [snip...] is strictly removing unrelated material. Anything relevant to our argument or anything that would affect our allegations were left. What we do is no different than what JP does to his 'mailbag'. Except we leave in material that would possibly weaken our argument. His mailbag gets clipped to include only the material he wants to deal with. * Permission from Bronc and Ken was given to include the email here. @HWA 03.1 More Questions Raised about John Vranesevich and AntiOnline ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th from HNN http://www.hackernews.com contributed by Bronc Buster The rhetoric continues. Did he or didn't he? John Vranesevich has posted a rebuttal to the original attrition.org report that claimed he funded crack attempts. The rebuttal is more of a personal attack than a response to the allegations. Wired Online and Telepolis have written articles that try to shed some light on the situation. Bronc Buster has written an open letter to John Vranesevich that asks some very pointed questions. Questions that I think everyone would like an answer to. Attrition Report on John Vranesevich http://www.attrition.org/negation/special/ John Vranesevich Rebuttal http://www.antionline.com/cgi-bin/News?type=antionline&date=06-07-1999&story=brian.news Wired Online http://www.wired.com/news/news/culture/story/20062.html Telepolis- German http://www.heise.de/tp/deutsch/inhalt/te/2921/1.html Open letter from Bronc Buster http://www.hackernews.com/orig/broncjplet.html The Wired article and JP and Bronc's letters follow: Wired; Hacker Pundits Squabble by Polly Sprenger 12:15 p.m. 7.Jun.99.PDT A Web site addressing computer hacking issues has accused a computer security pundit of paying individuals to break into Web servers in exchange for exclusive coverage of the stories that result. John P. Vranesevich, editor of computer security magazine and resource center AntiOnline, denies the charges. Vranesevich is well known in the hacking and cracking community. He is often called on by news media, including Wired News, to provide perspective on Web site break-ins, viruses, and other security issues. A report by the group Attrition.org, released Monday, accuses Vranesevich of paying hackers to break into sites, thus guaranteeing him an exclusive on the stories. "We've never paid for a story," Vranesevich said. "We don't even pay our reporters for stories. [The allegations] are flat-out libelous and there's no proof to it. It's an attempt to destroy, defame, and discredit me." Vranesevich's detractors were already inflamed over his recent apparent shift in allegiance. On Friday, Vranesevich posted an editorial on his Web site that stated he was working with the Air Force and other government agencies to help track down crackers. "A little note to the thousands of hackers that read this site," Vranesevich warned, "I have been watching you these past five years. I know how you do the things you do, why you do the things you do, and I know who you are." His warnings have stirred the ire of attrition.org, led by Brian Martin (who goes by the name Jericho). Martin said he has been following Vranesevich's case for more than a year. Martin based his claims on two emails that allegedly show Vranesevich had a business relationship with "So1o," the hacker accused of breaking into senate.gov last year. Vranesevich said the emails displayed on Martin's site "never existed." Another chronicler of the computer security underground said that Vranesevich's reputation is less than pristine. "He has made a lot of enemies over the years," said Space Rogue, editor of the Hacker News Network. "This particular accusation has been unproven for awhile. It's been thought that this has been going on for some time, that he was paying people or was in league with them." Space Rogue cited one particular revelation in Vranesevich's Friday statement. "Many times, I knew about these instances [site hacks] beforehand, and could have stopped them," Vranesevich wrote. "That basically for me solidifies everything in the attrition report," Space Rogue said. Vranesevich said that he has never been popular with the underground hacker culture because of what he's done to expose it. "I often say that they hack a site first and make up a manifesto second," Vranesevich said. He points to his press citations in recent weeks, which include mentions in The New York Times, ABC News, and CNN. He also said that government agencies such as NASA rely on him to provide data on hacker profiles. But while Martin accuses Vranesevich of using his fame as a platform to prosperity, Vranesevich says he doesn't charge those agencies for access to data and will probably keep the information free of charge forever. "I think my track record speaks for itself," Vranesevich said. "I'm proud of how I've accomplished and what I've accomplished." JP's rebuttal AntiOnline Responds To Allegations Monday, June 7, 1999 at 11:51:56 by John Vranesevich - Founder of AntiOnline First off, for those of you that haven't read it, Brian Martin's Attrition website has today posted allegations that AntiOnline funded the Whitehouse.gov and Senate.gov hack so that we would have news to cover (However, I'm sure most of you have read it by now, because of organizations, and I use the term loosely, like the Hacker News Network). Needless to say, when I went forward with the statement that AntiOnline was going to help in the fight against malicious hackers, I expected some backlash from the hacker community. A few dozen extra hack attempts a day, some synfloods. Maybe I'd find myself with a $10,000 phone bill. But, they've apparently chosen something far more creative. First off, let me say this. Brian Martin (aka Cult_Hero) was raided by the FBI in connection with being a suspected member of the HFG (The group that hacked the New York Times), and Erik Ginorio (BroncBuster) is known, and admits, to breaking into dozens of sites (he calls himself a hacktivist). The fact that these two could think, or at least think up, some grandiose scheme which involved AntiOnline bankrolling hackers, is not surprising. They have both lived their lives trying to break, and evade, the law. For some reason, Brian Martin has become obsessed over AntiOnline. His website has dozens and dozens of pages of what he calls "errata" that he's written about it. He takes information posted on our site out of context, then criticizes us because of it. Many people have written in asking why we never posted any response to all of the allegations he has on his site about us. Personally, it's because I felt that I didn't need to justify myself, or my actions, to someone who is currently under FBI investigation, and who has never done anything for the security scene other than criticize others. I actually feel bad for him. The fact that he spends such a large portion of his life trying to "bring down" others using lies, deceit, and twistings of the truth, is sad in my eyes. As for these allegations that I paid people to break into government sites so that I could write a story. Let me just say, that such claims are so far fetched and preposterous, I'm not even going to respond to them on a point by point basis. It seems that almost all of the criticisms that I receive from people like Brian Martin revolve around money. He says in his "allegations" about AntiOnline that "During the past five years, AO has grown from a five megabyte hobby web site, into a multi domain business venture with hundreds of thousands of dollars in venture capital." Is that what he's so upset about? That I've made a ton of money? Well, let me put his mind at ease. The point in fact, is that I don't now, nor have I ever in my life, had a lot of money. Our venture funding wasn't in the amount of hundreds of thousands of dollars. I am not ashamed to say, and in fact, I'm very proud to say, that our original funding was in the amount of $75,000. I am very proud of the levels I have taken AntiOnline to with very little resources, and a lot of hard work. On average, I put in 17 hour days working on the site and related matters. At the age of 20, I'm trying to build a life long career for myself. So, to people like Mr. Martin, let me just say that anything my site has accomplished has not, and truly couldn't have been, from me throwing money at it. It came from my love for what I do, and my willingness to put in the time it takes to accomplish my dream. In a way, I take these allegations that have come against me as a sign that I'm on the right track with what I'm doing. If people like Brian Martin weren't yelling and screaming about me, I guess I'd take that as a sign that I'm off the beaten path. If people like Brian Martin didn't see me as a threat to them, they wouldn't be yelling. So, I'm going to view these recent allegations as a job well done letter from the malicious hackers of the world. I have always lived my life in a way which I was proud of, and I will continue to do so. I will NOT allow people like Brian Martin and Erik Ginorio to cause me to constantly be taking some sort of sick defensive on my site (Which is probably what their intentions are). That's not its purpose. So, if they come out with some new allegation, like I have secrets plans to assasinate the president with a herf gun or something, you won't find a response to them from me here. As a matter of fact, you won't find a response from me at all. I will let the work that I put forth, and the actions that I take in my daily life, be my response. Yours In CyberSpace, John Vranesevich Founder, AntiOnline Bronc's open letter; An open letter to John Vransevich (aka JP) 07 Jun 1999 from: Bronc Buster bronc@2600.com subject: in regards to the allegations at http://www.attrition.org/negation/special John Vransevich (aka JP), The staff of Attrition.org, a few other individuals, and I have been working over the last few weeks to peice togeather a complex web of clues. These clues were leading us to something we have suspected for a while; something that could tarnish the entire hacker community. What if someone, a reporter, was funding a known criminal to commit crimes so that they might have an inside scoop on the story? Not only would this be unethical, but illegal, and dangerous for us all. Several people have been asking how Antionline.com (AO) has had such an inside scoop on breaking stories, before anyone else regarding big hacks that you have reported on. We have begun to make a theory, based upon facts as to how we think this is happening. Here are a few simple YES or NO questions regarding these allegations and their impact.. 1) Because you had reported, in the past, the exclusive reports and interviews on how Masters of Downloading (MoD) had hacked(?) DISA and were alledged to have taken software off their server, it is obvious you knew who the person was who had comitted this crime. His handle is so1o (aka Chris McNab). You have admitted to this openly. Knowing this, you then started funding a company ran by Chris McNab to make some sort of security program. This you have also openly admitted to. Now Chris McNab, by your own admittance, comitted the crime of breaking into several Government servers and ultimatly defacing www.senate.gov. If you were funding this person, and you knew he was a criminal, not only who has comitted crimes in the past you knew about, but had crimes, such as the senate.gov hack, planned out that you knew about before hand, and he then gave you an exclusive on the story because he was getting money from you (regardless if he still is), doesn't this, in your mind, equal a totaly unethical, not to mention illegal, way to get a story? 2) On your site, you openly admit to prior knowledge of crimes that were comitted that you may or may not have reported on. This is illegal. Do you think this fact, combined with the fact that you, in some fashion, were supplying a known criminal (Chris McNab) with money is an ethical way to run your site/business? 3) In your response to the revealed allegations againt you, you posted on your site, there was no link provided (to attrition.org) so that anyone interested, who may see this on your site but not know about the allegations, to see both sides of the story and come to their own conclusions. Attirtion.org posted many links to your site, so that people could see both sides. Sense you posted a response, don't you think it isn't fair to your readers, to at least let them judge for themselves this matter? 4) Do you think that by making personal attacks against the people behind these allegations, and against the sites that are covering it, that the serious issues raised have been answered or at least addressed? 5) Do you in any way feel obligated to provide any answers to: a) The people making these allegations? b) Your readers and supporters? c) The hacking/security community in general? 6) Last but not least. Do you think anything positive can be gained by the hacking community by your actions in these matters? I personally think that your response to the criminal charges against you was childish and immature at best, and this matter warrents a serious reply. Slinging mud, and voicing your opinion about people is no way to counter facts. These are felonies, and invlove not only local, but federal laws. This is a serious matter, and like so many of the poor kids you cover who get busted, it appears you will not take it seriously until you too have been arrested and charged. Bronc Buster bronc@2600.com June 9th , a statement from OSAII Admissions Mike Hudack Editor-in-Chief The same day that a Wired News article about the Attrition special report accusing AntiOnline of unethical and even criminal practices came out, I spoke with John Vranesevich on the phone. The Wired News article quoted Vrasenevich (JP) specifically denying the existance of two e-mails which were used as evidence in the Attrition article. JP said the e-mails "never existed," according to Polly Strenger, author of the Wired News article. In my discussion with JP, however, he said "I was quoted out of context in those e-mails." I queried him further, asking him whether those e-mails really existed. He said "the e-mails existed but I was quoted totally out of context -- what I said was in jest." In a conversation hours later, however, he quickly backtracked, saying the e-mails were "manufactured, possibly from several e-mails." He said they were his words in the sense that "words taken from two pages in a book and made to look like a paragraph are the authors words. They´re still manufactured." This obvious contradiction between what I was being told the first time and what he had told Wired News wasn´t the end of it however. He went on to warn me not to "write articles against individuals or other sites. It doesn´t help your relationship with the mainstream -- I learned that the hard way." This statement was obviously a warning not to say anything about our conversation. He went on in his contradictions, however. In the Wired News article, JP is quoted as saying that the allegations against him are "flat-out libelous." In the telephone conversation, however, JP admitted that "the allegations weren´t really libelous. If anything they were borderline." He did say, however, that it was up to his "lawyer as to whether to pursue legal action." The clear dicotomy between his earlier statements to Wired News and his statements to me wasn´t the most fascinating issue, however. What was much more fascinating, as Polly Strenger said was "why didn´t he just say he was quoted out of context? That would have made a lot more sense." Later, in an open letter to JP, Bronc Buster called JP´s response to the allegations "childish" for attacking the individuals raising the allegations and not the allegations themselves. In his reponse, JP not once mentions that he was quoted out of context. Rather, he accuses Jericho and Modify (two authors of the allegations) of being subjects of an FBI investigation. He not once addresses the allegations being levelled against AntiOnline and himself. OSAll carefully weighed whether to come forward with JP´s statements, and has decided that it has an ethical obligation to do so. Any questions about this coverage, its fairness or OSAll´s relationship with either Attrition.org or AntiOnline.com should be directed to the editor, who can be contacted at editor@aviary-mag.com or by phone at 203-335-7100. @HWA 04.0 The Difficulties of Reporting the Underground ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by Space Rogue In light of all the media attention that hackers have gotten over the last few weeks it is apparent that most reporters and journalists are having a difficult time in accurately reporting the computer underground. While no one is claiming that it is easy, HNN editor Space Rogue takes a look at some of the more common pitfalls in this new Buffer Overflow article. Buffer Overflow http://www.hackernews.com/orig/buffero.html 05.0 Mitnick Demonstrations Deemed a Huge Success ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by Freaky, phar, and Silicon Monk Last Friday at 2pm in front of federal courthouses in over 16 cities people who could no longer sit down while excessive punishment was dealt by an overreaching government, gathered together to protest the large number of injustices perpetrated during the trial of Kevin Mitnick. At the demonstrations in Philadelphia a large paper mache Liberty Bell was displayed. Reba Mitnick, Kevin's grandmother was present at her local demonstration. In New York a skywriter wrote FREE KEVIN over Central Park and in San Francisco low flying airplanes carried FREE KEVIN banners. FREE KEVIN http://www.freekevin.com Mitnick Demonstartions - Pictures Here http://www.2600.net/demo/ CNN http://cnn.com/TECH/computing/9906/04/BC-INTERNET-HACKERS.reut/index.html Wired http://www.wired.com/news/news/politics/story/20053.html ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2270517,00.html Salon http://www.salon.com/tech/log/1999/06/04/mitnick/index.html Wired; Pro-Mitnick Demos in US, Russia by Polly Sprenger 3:00 a.m. 5.Jun.99.PDT In 15 American cities and Moscow, demonstrators staged protests Friday against the continued imprisonment of Kevin Mitnick, jailed after pleading guilty to seven counts of wire and computer fraud. "Just don't call him a 'celebrity cracker,'" growled Macki, the Webmaster for 2600, the hacker group and magazine that organized the events. Armed with yellow "Free Kevin" stickers and flyers describing Mitnick's case, Macki and nearly 20 other Mitnick supporters battled the miserable San Francisco wind to fight for the cause. "We're getting the word out to the worldwide and national consciousness about [Mitnick's] sentencing," said Marc Powell, a pink-haired member of the local hacker collective New Hack City. Clad in an "I [Heart] Feds" T-shirt, Powell said that although his own cyber-tomfoolery has been strictly within the law, he sympathized with Mitnick's imprisonment. As far as protests go, Mitnick's demonstration was relatively low-key. The attendees cheered as a low-flying airplane went by trailing a banner that said "Free Kevin Mitnick -- www.freekevin.com," but after seven or eight more passes, the enthusiasm waned. Some in the group had followed Mitnick's plight from the beginning, but others were just there to be part of an anti-government staging. Robin, a self-proclaimed anarchist and network administrator with a partially shaved head and a plethora of piercings, said he was in attendance because it was a strike back at the government. But others, like Perry McNulty, said Mitnick was a study in civil rights. "It's not just a hacker in jail," said McNulty, who has followed Mitnick's case for about a year. "A lot of civil rights have been violated. It could happen to any one of us." Salon Kevin Mitnick supporters plan rallies - - - - - - - - - - - - BY KAITLIN QUISTGAARD June 4, 1999 | Since his 1995 arrest for wire and computer fraud, famed hacker Kevin Mitnick has been behind bars. In March a judge sentenced him to a 46-month prison term after he pleaded guilty to a handful of the 25 charges filed against him. But on Friday, demonstrators in 15 U.S. cities and Moscow plan to protest what they see as the unjust treatment of Mitnick and ask for his parole to a halfway house. "The guy's been in there for something like four years and four months," says Emmanuel Goldstein, editor of "2600: the Hacker Quarterly." (Actually, 2600's Kevin Mitnick Lockdown Clock put it at exactly 4 years, 3 months, 16 days, 11 hours, 19 minutes and 41 seconds at that moment, but who's counting?) It's a heavy sentence for just looking at other people's software, says Goldstein: "The federal government is using him to send a message." "Even if Kevin were guilty of everything he was charged with," the 2600 site says, "the fact remains that there was no documented damage, no evidence of malicious activity, and nothing to suggest that Mitnick profited in any way by reading the software he is accused of accessing." The journal says it has uncovered letters showing that companies like Sun Microsystems and Nokia have claimed a combined total of $300 million in damages resulting from Mitnick's hacks. "This is a case of corporate vengeance, aided and abetted by a federal government seeking to intimidate hackers," the 2600 site argues. "We think Kevin Mitnick's suffering has gone on way too long." 2600 is encouraging demonstrators to meet at federal courthouses across the country and the U.S. Embassy in Moscow. The protest will coincide with the monthly 2600 meeting, which brings hackers together in various cities on the first Friday of the month. ("That way the people who spy on us have to spread themselves thin," says Goldstein, explaining the same-time, multiple-locations approach.) On June 14 a judge will formally sentence Mitnick and determine the damages he owes. The hacker group hopes to influence the court to go lightly on Mitnick. "The judge has the opportunity to sentence him to a halfway house," says Goldstein, "which is a whole lot better than a prison with murderers and rapists." salon.com | June 4, 1999 - - - - - - - - - - - - About the writer Kaitlin Quistgaard is an associate editor for Salon Technology. @HWA 06.0 New Trojan/Virus, PrettyPark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by nvirB A new virus/trojan, PrettyPark arrives as an email attachment and then resends itself to users listed in the windows address book, it may possibly repeat this as often as every 30 seconds. It also attempts to log into IRC channels to deposit information. Opinions vary as to threat level of this new virus. At last report it had only been seen in France. MSNBC http://www.msnbc.com/news/276805.asp ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2270411,00.html MSNBC PrettyPark: Part worm, part Trojan Anti-virus companies unearth worm/Trojan that reportedly e-mails PC’s Windows Address Book every 30 seconds By Joel Deane and Michael Fitzgerald ZDNN June 4 — Anti-virus companies said Friday that W32/PrettyPark, a new e-mail worm program with Trojan horse characteristics, poses a potentially high risk to Internet users on Windows-based systems. Weigh in on PrettyPark New Back Orifice-like Trojan found CIH virus set to strike again Melissa spawns more offspring E-mailed wolves in sheep's clothing ALTHOUGH ASSESSMENTS OF PRETTYPARK’S capabilities vary, and damage reports are sketchy, anti-virus firms advised Friday that users update their anti-virus programs to guard against the worm/Trojan, which was discovered as early as May 12. Anti-virus company Panda Software said PrettyPark, which is also known as Pretty Worm, reaches users’ computers as an attached file in an e-mail message, just like the Melissa virus. Once executed, PrettyPark installs itself in the infected system, then sends messages with an attached copy of itself to addresses listed in the Windows Address Book. PrettyPark hits Windows users hard Panda said PrettyPark attempts to connect to an Internet relay chat server from a list of 13 possible servers, then send a message to a chat user — enabling the author of the virus to gather data on and monitor affected workstations. PrettyPark can then be manipulated as a Trojan horse, Panda said, to obtain data such as the list of available disks and confidential information such as logins and Internet connection passwords. Panda Software U.S. executive director Pedro Bustamante said Friday his company had replicated the “potentially high risk” worm/Trojan in its European anti-virus lab. “It could potentially be very high risk,” Bustamante said. “The interesting thing about this new Trojan is that, unlike Melissa, it doesn’t send itself once; it sends itself every 30 seconds.” Trend/Micro, Symantec and Network Associates reported Friday that they have been unable to duplicate PrettyPark. In a virus alert, Network Associates said PrettyPark was low risk. Trend/Micro director of technology Dan Schrader said the anti-virus company’s customers reported PrettyPark’s auto-spamming, but “can’t confirm the auto-spamming function.” “We’ve seen 40 incidents in the last 48 hours. All the incidents so far have been in France,” said Schrader, adding that PrettyPark was similar to the notorious Happy 99 executable that struck earlier this year. Schrader said PrettyPark has the potential to spread widely — if it can in fact automatically send itself to everyone in a user’s address book. But, because Trend/Micro has been unable to replicate this auto-spam capability, and because it so far seems to be centered in France, Trend/Micro suspects that someone may have spread it by hand. Symantec, Trend/Micro, Panda and Network Solutions have all posted anti-virus updates to cover PrettyPark. Luke Reiter of CyberCrime contributed to this report. @HWA 06.1 The rampage continues ~~~~~~~~~~~~~~~~~~~~~ June 8th 1999 From HNN http://www.hackernews.com/ PrettyPark Continues its Rampage contributed by nvirb PrettyPark the latest virus/trojan/worm is quickly spreading around the world. The virus arrives as an email attachment. Then after it is executed it hides behind a screen saver to mail out copies of itself and to connect to an IRC channel. In a quote given to MSNBC, Steve Trilling of Symantec said, "This virus took months to write, and its creator put a great deal of effort into it." MSNBC PrettyPark hits Windows users hard Victims of e-mail virus increase 2,000 percent over the weekend, Symantec reports By Shauna Sampson, ZDTV ZDNN June 7 — PrettyPark, a French e-mail virus, got a tremendous boost from home PC users this weekend. Anti-virus software maker Symantec said it has observed an increase of 2,000 percent in apparent victims since Friday. THESE VICTIMS OF THE VIRUS, which is being described as a worm with Trojan capabilities, are likely Microsoft Windows users who are being sent to a custom Internet relay chat channel without their knowledge. Once there, victims’ personal data — ranging from e-mail address book lists, operating system preferences and registration numbers, passwords, and form data (including stored credit card information) — can be potentially retrieved from the victim’s PC without their knowledge by the virus writer. PrettyPark is the first known worm with Trojan capabilities and its very own custom IRC channel. “This virus took months to write, and its creator put a great deal of effort into it,” says Steve Trilling of Symantec. Consumers are being hit harder by the virus because they are less likely to update their anti-virus software than large companies or businesses and are more likely to open and run executables sent by what appears to be family or friends. Malicious ‘worm’ spreading in e-mail The virus is spread when PC users open an attached e-mail program file named “PrettyPark.EXE”. When executed, it may display the Windows 3D pipe screen saver while it creates and sends duplicate files of itself to e-mail addresses listed in the user’s Internet address book. PrettyPark will run this routine every 30 seconds, without the user’s knowledge. It will also connect to the custom IRC channel while the PC owner is on the Internet or reading e-mail while connected to a remote server. So far only Windows-based systems seem to be vulnerable, the virus is definitely spreading and anti-virus software manufacturers are expecting to see more victims in the IRC chat rooms. In order to protect themselves from PrettyPark and other viruses, PC users should update their anti-virus software and avoid opening e-mail attachments. Researchers are trying to determine if other e-mail programs, such as Eudora and Lotus Notes, are vulnerable, presently the Mac and Linux operating systems do not seem to be affected. In a related story C|Net takes a look at the technology behind the Anti-Virus products available today. C|Net http://www.news.com/News/Item/0,4,37458,00.html Battling the unknown virus By Tim Clark Staff Writer, CNET News.com June 7, 1999, 1:35 p.m. PT Antivirus software makers are recycling some old tricks to combat computer viruses proliferating over the Internet. The technique, called "heuristics," checks for suspicious commands within software code to detect potential viruses. Heuristic techniques can detect new viruses never seen before, so they can keep malicious code from spreading. An older method, called signature-scanning, uses specific pieces of code to identify viruses. Both methods have down sides. Heuristic techniques can trigger false alarms that flag virus-free code as suspicious. Signature-scanning requires that a user be infected by a virus before an antivirus researcher can create a patch--and the virus can spread in the meantime. Most antivirus vendors use both techniques. "It's time for the industry as a whole to look at different approaches," said Roger Thompson, technical director of malicious code research at ICSA, a for-profit trade group for computer security vendors. "The time-honored method of signature scanning is a little worn and weary given new viruses coming out." Aladdin Knowledge Systems, which just added heuristics-based technology to its line of antivirus technology, claims it can snare 85 percent of the new viruses without many false alarms. The recent Melissa virus showed that heuristics are not foolproof, as some viruses slip through the antivirus screen and must be fought with the traditional methods. Melissa was a macro virus that spread quickly because it self-replicated, sending email from the infected machine to recipients in that user's address book. Melissa illustrates why macro viruses worry antivirus researchers. "Melissa was trivial technically and important strategically," said ICSA's Thompson, mainly because it demonstrated the kinds of disruptions a computer virus can cause, he said. "Macro viruses are easy to create and easy to modify," said Carey Nachenberg, chief researcher at Symantec's antivirus research center. To combat viruses like Melissa, heuristics are a must, he said. Macros are a simple programming language used to build templates in Lotus Notes or Microsoft Excel. Because of their simplicity, they can be used to create macro viruses, said Chris Christiansen, security analyst at International Data Corporation. "There are rumored to be numerous automated applications that automatically generate macro viruses," said Christiansen, saying they are available on Web sites used by malicious hackers. "An unsophisticated user could write a macro virus or take a corporate macro and corrupt it, then replace a legitimate macro." Today antivirus researchers are closely watching another virus -- the Pretty Park virus, which is currently circulating in France -- that posts passwords and other identifying data to Internet chat sites. So far, it's a low level alert because its self-replicating function apparently doesn't work. Overall, a higher percentage of macro viruses could be caught, said Alladin chief technology officer Shimon Gruper, at the cost of more false alarms. "Not everything gets caught, so you still need a rule to catch it," said Susan Orbuch, spokeswoman for Trend Micro. "When there was a lot of fear about Melissa variants, we quickly put together some heuristics to combat it." @HWA 07.0 Eight Arrested in California ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by st1p3r 15,000 mass produced pirated copies of Microsoft applications where confiscated and eight people where arrested during a raid in Southern California last Thursday. They have been indicted on 45 counts of counterfeiting, conspiracy and money laundering. Nando Times http://www.techserver.com/story/body/0,1634,56660-90472-643309-0,00.html Microsoft program counterfeiters arrested Copyright © 1999 Nando Media Copyright © 1999 Associated Press LOS ANGELES (June 5, 1999 5:12 p.m. EDT http://www.nandotimes.com) - Eight people have been arrested in a counterfeiting scheme that police said churned out 15,000 phony copies of Microsoft computer programs every month. The Southern California residents were arrested Thursday, a day after being indicted on 45 counts of counterfeiting, conspiracy and money laundering. All are expected to enter pleas Monday. Five other people also were named in the federal grand jury indictment, including three who were arrested in February and freed on bond, the U.S. attorney's office said Friday. The ring pressed counterfeit CD-ROM disks of Windows 98 and other popular programs, printed bogus "certificates of authenticity" and then packaged and sold the disks overseas, authorities contend. Authorities in February raided several warehouses and seized a room-sized CD-ROM replicator. Also seized were color printing presses, packaging machines and other counterfeit items that Microsoft officials estimated were worth about $56 million on the retail market. @HWA 08.0 278 Internet Cafes Disciplined ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by Anonymous Public Action Number One, has been launched jointly by the city of Shanghai China's police force along with commercial, telecommunications and education authorities to standardize the city's public Internet cafes. Only 350 of the cities estimated 2000 internet cafes are authorized to do business. The crackdown has resulted in fines and warnings for many establishments that do not control users forays into cyberspace Nando Times http://www.techserver.com/noframes/story/0,2294,56247-89863-639407-0,00.html Shanghai tightens hold on Internet cafes Copyright © 1999 Nando Media Copyright © 1999 Reuters News Service SHANGHAI (June 4, 1999 12:11 p.m. EDT http://www.nandotimes.com) - Chinese boomtown Shanghai has disciplined 278 unregistered Internet cafes in a crackdown on uncontrolled forays into cyberspace, the official Liberation Daily reported on Friday. The move was aimed at "standardizing the city's public Internet cafes" where customers can sip coffee and surf "the Net," the newspaper said. A city government official said some of the unregistered cafes would be fined while others would be given a warning. The crackdown, described as "Public Action Number One," was launched jointly by the city's police and commercial, telecommunications and education authorities. Shanghai now has more than 2,000 Internet cafes but only 1,500 of them have applied to register and only 350 are authorized, the newspaper said. Local authorities have tightened control of information vendors around the 10th anniversary of the Beijing crackdown on dissent on June 3-4, 1989, when the army shot its way into Tiananmen Square to end seven weeks of pro-democracy protests. Late last month, Shanghai ordered local paging stations and computer information vendors to stop disseminating political news temporarily, including news downloaded from the Internet. China has seen explosive growth in the use of the Internet in recent years but the government has also viewed it as a potential threat to its authority. There are now an estimated two million Internet users in China and some experts predict the number of Web surfers could top 10 million by next year. @HWA 09.0 Forbidden Knowledge Issue #5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by Anonymous Issue Five of the increasingly improving Forbidden Knowledge e-zine has been released. It features articles on Memory and Addressing Protection in Multiuser Operating Systems and some other very interesting topics. Check it out at the main site or at Packetstorm. Forbidden Knowledge http://www.posthuman.za.net @HWA 10.0 f41th Issue 6 ~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by D4RKCYDE d4rkcyde has kept its work up and released issue 6 of the H/P ezine f4ith. The zine contains good h/p technical information and is available almost twice a month. Back issues are available. Issue 6 http://darkcyde.system7.org/files/faith/faith6.txt f41th 11.0 Antidote Vol2 Issue 7 ~~~~~~~~~~~~~~~~~~~~~ June 7th 1999 From HNN http://www.hackernews.com/ contributed by lordoak The newest issue of Antidote has been released with articles on PC Anywhere, Netscape, and much much more. Check it out. Antidote Vol2 Issue 7 http://www.thepoison.org/antidote/issues/vol2/7.txt 12.0 Will the Allies Drop CyberBombs on Milosevic? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 8th 1999 From HNN http://www.hackernews.com/ contributed by erewhon A well researched, no FUD, article that goes against the normal hype and sensationalism. William Larkin backs up HNNs earlier assessment of last weeks Newsweek reports of cyber attack against the bank accounts of Milosevich. A previous unseen transcript of a conference from the Air Force Association has allowed the Washington Post to conclude that Yugoslavia's bank accounts are probably pretty safe. (It is a welcome change to see good journalism now and again.) Washington Post http://www.washingtonpost.com/wp-srv/national/dotmil/arkin.htm The Good News on Forgery By William M. Arkin Special to washingtonpost.com Monday, June 21, 1999 "The decade begun in Kuwait ends in the skies over Serbia. No American government will, in the near future at least, simply assume that it has the military power needed to impose its will...." Thus retired Gen. John M. Shalikashvili grumbles about the "difference between being the greatest ... power in the world and omnipotence" and warns of the emergence of a "passive" and "isolationist" America as a result of the war in Yugoslavia. "The United States will be withdrawing from its aggressive leadership position not solely because it wishes to," says the former Chairman of the Joint Chiefs of Staff. "It will be withdrawing because it has seriously lost the trust of many of its NATO allies." Why? Besides committing insufficient military power in Yugoslavia, the air war, he says, is "not going to force a Serbian capitulation." The Shalikashvili essay, "The World After Kosovo," began circulating via e-mail about three weeks before Belgrade's withdrawal from Kosovo. It is a forgery. "Someone has stolen my name," Shalikashvili told the Seattle Post-Intelligencer, which revealed the fabrication on the final day of Operation Allied Force. Stolen, and Forwarded "This has been a major embarrassment to me," says a West Point graduate, after he circulated the Shalikashvili essay to his classmates. Like many other military observers, he received the commentary via e-mail. "I innocently passed along the article that had been forwarded to me clearly marked as being written by Gen. Shali from a network of senior retired military officers – a normally credible source!" As compliments and complaints alike poured in from friends and former aides, General Shalikashvili, who retired in October 1997, discussed with Defense Department spokesman Ken Bacon whether the electronic screed should be denounced from the Pentagon podium. They decided not to bring attention to the fake. Then Shalikashvili got a call from Deputy Secretary of State Strobe Talbott, who was asked by Finnish President Marti Ahtisaari whether the article might not complicate negotiations with President Slobodan Milosevic. Shalikashvili decided to go public: "I was hoping that it would go away, but this thing doesn't seem to be dying," he says. Floss, Dance, Don't be Fooled I know what you're thinking: The Internet has struck again. Faster than a speeding bullet an individual's identity has been stolen. An irresponsible and unregulated medium has perpetrated fraud and deceit. We've seen this time and again with the Web: Disgraces like Pierre Salinger's flogging of "intelligence" documents dealing with the TWA Flight 800 accident that turn out to be nothing more than conspiratorial drivel plucked from the Web. The "Floss, Dance, Don't Be Fooled" MIT commencement address that wasn't delivered by Kurt Vonnegut. The Internet does indeed have the capacity to amplify and duplicate what is real, as well as what is not. Yet for all the copying and forwarding and quoting of Shalikashvili's impostor discourse amongst a cyber-savvy network of retired generals and veterans who increasingly use e-mail as a lifeline, what is interesting is that the comments never really circulated outside of closed community. A check of Web-wide discussion group search engines (Deja.com, AltaVista, Forum One, Remarq) found that the essay was never sent to a single newsgroup. On the Web, there is only a single posting: on the FreeRepublic site ("The Web's premier conservative news discussion forum!"). Even here, where the retired military officer who distributed the essay described it as "the story of the current JCS members who have been silenced by the White House intimidation machine," the piece was quickly rejected. The same day it was posted, May 28, three participants identified the work as fraudulent. The system works! A Good Day for Bombing "The World After Kosovo" is a very good forgery. There is no obvious inflammatory language; it is a plausible viewpoint that someone could associate with a retired high-ranking officer. The news media, like the Web, proved less promiscuous than its popular reputation in running with the supposed dissent. When Pulitzer Prize-winning reporter Seymour Hersh received the e-mail from a recently retired two-star general, he was also warned that it may or may not be authentic. Hersh read the words with interest, but he says he would never have done anything with the file, including forwarding it, without contacting Shalikashvili first. Tom Ricks, the Pentagon correspondent for the Wall Street Journal, also received the Shalikashvili piece, in spades. "About 50 military officers credulously forwarded the 'Shali piece' to me," Ricks says. Ricks's newspaper made itself famous in January when it quoted from the e-mail of an Air Force general bragging about the bombing of Iraq. "It's a good day for bombing," the officer wrote. But after his utterances proved fair game for the mainstream media, the general, tail fin between his legs, told the Journal that he probably should have chosen his words better. E-mail has since proven a nettlesome medium for the closed world of retired and active duty officers. But before the Internet gets the blame, it should be made clear that the Shalikashvili episode is an embarrassment for a network of otherwise worldly military specialists who were fooled by the prose and perhaps even blinded by their own anti-Clinton animus. Though many questioned the authenticity of the retired general's words, they copied and forwarded the essay, Drudge-style. It was hardly a precision military formation. William M. Arkin can be reached for comment at william_arkin@washingtonpost.com © Copyright 1999 The Washington Post Company @HWA 13.0 Melissa Suspect Still not Charged ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 8th 1999 From HNN http://www.hackernews.com/ contributed by Scores Still free on $100,000 bail, David L. Smith has still not been officially charged with a crime. He has been accused of spreading the Melissa virus which rampaged through the countries computer networks within days of its release. A spokesperson for the defense claimed that they are just waiting on the DA. ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2271206,00.html @HWA 14.0 ToorCon '99 Security Expo ~~~~~~~~~~~~~~~~~~~~~~~~~ DATE HAS CHANGED FOR THIS EVENT SEE SECTION 95.0 June 8th 1999 From HNN http://www.hackernews.com/ contributed by h1kari ToorCon will be held on August 7-8 in San Diego, California. It is being billed as a computer security convention hosted by the San Diego 2600 Meeting to help educate and inform the public on computer security related matters. ToorCon will feature: Speakers, Lectures, Hands-on Demonstrations, InstallFests, Root Contests, and raffles. HNN Cons Page http://www.hackernews.com/cons/cons.html @HWA 15.0 ISS Gets Free Advertising ~~~~~~~~~~~~~~~~~~~~~~~~~ June 8th 1999 From HNN http://www.hackernews.com/ contributed by lamer Here's a nice 'adverticle' for ISS. ISS must be really wonderful because they have "tangled" with cDc, that horrible hacker group that makes Microsoft's life "miserable". I don't suppose it's possible that MS makes its own life miserable by putting out 3rd rate software? Nah. And I don't suppose it is possible that the author of this article did any research other than contacting ISS? Nah. US News http://www.usnews.com/usnews/issue/990614/14hack.htm @HWA 16.0 Accounting Firms also get Free Advertising ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 8th 1999 From HNN http://www.hackernews.com/ contributed by Even lamer Not to be out done by ISS and the X-Force, Deloitte & Touche and PriceWaterhouse Coopers get there own adverticle detailing their joint venture the new cyber-"fraud squads". C|Net ISS Gets Free Advertising http://www.news.com/News/Item/Textonly/0,25,37419,00.html Accounting firms fight cybercrime By Dan Goodin Staff Writer, CNET News.com June 7, 1999, 4 a.m. PT URL: http://www.news.com/News/Item/0,4,37419,00.html The dramatic growth in computer-perpetrated crime has not been lost on big accounting firms, which smell a growing profit center in helping clients protect themselves against online trespassers. In the past six months, both Deloitte & Touche and PriceWaterhouse Coopers have formed new cyber-"fraud squads" to investigate crimes and evaluate security systems. The other big accounting firms, as well as IBM and smaller private investigation outfits, are also jumping into the game. "We think there are significant unmet needs," said Bill Boni, director of Price Waterhouse's cybercrime investigations group, which was created earlier this year. "It's certainly going to be an area of interest for all the large accounting firms." The reason for the interest is simple: Incidents of fraud and other crime perpetrated online are on the rise. Putting a number on the increase is difficult, since many incidents go unreported. One of the most useful measuring sticks, however, comes from annual reports released by the Computer Security Institute, which surveys 521 security practitioners from corporations, banks, government agencies, and universities. Last year, 32 percent said they reported serious incidents to law enforcement agencies, nearly twice the number as three years ago. Meanwhile, 55 percent said that company insiders gained unauthorized access to computer networks, and 30 percent reported intrusions by outsiders. The San Francisco-based group estimates that computer security breaches cost the respondents more than $123 million last year, and worldwide may cost businesses tens of billions of dollars, according to Richard Power, the organization's editorial director. "With the rise of the Internet and the transaction of e-commerce, corporations and government agencies are far more open to attack then ever before," Power told CNET News.com in an interview. "There are all kinds of new ways to make money through computer crime." That's where accounting firms come in. For a host of reasons, companies whose online security has been breached frequently prefer to take their problems to private investigators rather than law enforcement agencies. "Some [law enforcement agencies] have taken aggressive stances, but even in Silicon Valley you will find that most of the senior officials in police departments are not that sensitive to high-tech matters," said John O'Laughlin, director of worldwide security at Sun Microsystems. "Most of them are not up to speed in dealing with high-tech issues." Companies are also hesitant to go to authorities out of fear the matter will generate negative press. "Some of these companies don't want to admit that they've been compromised," said assistant U.S. attorney Chris Painter, who investigates high-tech crime. A benefit of taking a crime to private investigators is that companies can learn all the facts before deciding whether to take the matter to court. "They keep control of their information," said George Vinson, former head of the FBI's computer intrusion team in San Francisco and now practice leader for Deloitte & Touche's fraud and forensics team. "So many times [companies] are interested in settling something civilly rather than seeing it splashed on the A-1 page" of the local newspaper. The bulk of Vinson's work so far has been investigating claims of copyright infringement. Typically, that means comparing the source code of a client's software against that of a suspected infringing copy. Vinson also investigates people suspected of using the Internet to manipulate a company's stock price and tracks employees who misappropriate a company's trade secrets. The accounting firms also assess clients' security systems to make sure they are not vulnerable to attacks. The work is similar to what Vinson did while at the FBI. In 1996 his group brought down more than 20 Internet users in 10 states who used chat groups to trade software titles made by companies such as Adobe and Microsoft. And with more and more companies transacting business online, the demand for computer forensics services is only expected to continue, said Sun's O'Laughlin. "I don't think there's any question the e-commerce is here to stay," he said. "You're going to see that it's pretty vulnerable to fraud and abuse and [companies] want to get ahead of the curve." @HWA 17.0 Analyzer Starts Computer Security Business ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 9th 1999 From HNN http://www.hackernews.com/ Analyzer Starts Computer Security Business contributed by Code Kid Analyzer (Eric Tenenbaum) is still awaiting the final outcome in his trial in Israel after he was accused of breaking into the Pentagon computer systems. While waiting he has teamed up with three college students and hopes to raise 4.5 to 5 million dollars to create a security software package. Israel Business Globe http://www.globes.co.il/cgi-bin/Serve_Archive_Arena/pages/English/1.2.1.2/19990607/1 Tuesday , Jun 8, 1999 Sun-Thu at 18:00 (GMT+2) Headlines Exclusive: Analyzer Founds Computer Security Start-Up By Ronny Lifschitz Ehud Tenenbaum, known as the "Analyzer", still awaiting the commencement of hearings in his trial, following the exposure of his penetration of the Pentagon’s computers, is forming a computer security company. Tenenbaum’s partners are three students currently completing their studies in electronic engineering. The new company is negotiating with potential investors, and plans to raise $4.5-5 million for the purpose of developing a security software package, that will be able to monitor hackers’ activities. The other partners are Sharon Shani, Gil Bar-Noy, who was chairman of the students’ negotiating team in the tuition fee battle with the government, and another student, who prefers to remain anonymous. At the beginning of 1998, the three set up Webber Communications, a company which engaged primarily in the construction of Internet sites and consultation to Internet companies. "Our idea is very innovative, and is based on the hacker’s point of view", Tenenbaum explains to "Globes". "Our product will be able to adapt itself to the hackers’ evolving methods, and upgrade itself". Tenenbaum refused to give details of the type of security software the company is to develop, but said that he and his partners, who served with the IDF Intelligence Corps, will set up an intelligence system to monitor the modus operandi of hackers the world over, and thus close the gap existing between security companies and hackers. The young entrepreneurs believe that many organisations will purchase their future product, including NASA and the Pentagon. See accompanying feature: Analyzer II. Published by Israel's Business Arena June 7, 1999 @HWA 18.0 $2.9Bil in Piracy in The US ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ June 9th 1999 From HNN http://www.hackernews.com/ $2.9Bil in Piracy in The US contributed by Sinbad The Software Information & Industry Association has released a report that claims that the US is responsible for $2.9Bil worth of software piracy. The top ten cities alone represented $1Bil of that money. New York City was named the worst offending city with a piracy amount estimated at $259 million. It is kind of interesting how they come up with these numbers. Wired http://www.wired.com/news/news/business/story/20091.html Software Information & Industry Association http://www.siia.net/news/releases/piracy/6.8.99-Piracy-Release.htm Wired; ~~~~~~ Cities Singled Out for Piracy Wired News Report 4:15 p.m. 8.Jun.99.PDT Ten major metropolitan areas in the United States were responsible for more than US$1 billion in losses to software piracy in 1998, according to a study released today by the Software and Information Industry Association. New York, Los Angeles, and Chicago topped the list. Peter Beruk, vice president of the association's antipiracy program, said the cities were singled out because they feature the highest concentration of white-collar workers. The study estimated the losses for the New York metropolitan area to be $259 million, followed by that of Los Angeles with $159 million. Chicago was close behind with more than $112 million in losses. Beruk estimates that one in every four business software applications in use across the United States is an illegal copy. According to the SIIA report, the total loss throughout the US to software piracy in 1998 was $2.9 billion, a sizeable chunk of the $11 billion loss worldwide in 1998. - - - Brokers, beware: Online trades grew a record 47 percent to 500,000 a day in the first quarter, boosted by a strong stock market and the increasing appeal of Internet brokerages, an influential industry analyst said on Tuesday. "Online trading firms now appear to be penetrating the mass markets, not just the techno-philic early adopters," said analyst Bill Burnham, of securities firm Credit Suisse First Boston, in a research report. Almost 16 percent of all stock trades now take place in cyberspace, he added. "If the fourth quarter of 1998 was a record quarter for the industry, then the first quarter of 1999 was quite simply a complete blowout," Burnham said. Online trading grew at 34 percent to 340,000 a day between the third and fourth 1998 quarters. Online brokers, who two years ago handled, on average, just 95,500 trades a day, have been growing at a rapid pace, thanks in part to heavy advertising. Investors also keep flocking to Internet brokers because of low commissions -- an average $15.75 a trade -- and ease of use. The top five US Internet brokers -- Charles Schwab, ETrade Group, Waterhouse Securities, Datek Online, and Fidelity Investments -- had a 71.3 percent market share, up from 67.5 percent a year ago, Burnham said. ETrade and Ameritrade Holding, the No. 6 Internet broker, grew fastest in the first quarter, each processing at least 60 percent more trades than in the fourth quarter. - - - News Corp. invests in PlanetRx: PlanetRx.com, an online pharmacy, said Tuesday that it had raised an additional $50 million from private investors, including media company News Corp. News Corp. -- which owns companies such as 20th Century Fox, the Fox television network, and several newspapers around the world -- said PlanetRx.com's offerings would fit in with its plan to combine Fit TV, America's Health Network, and AHN.com into a new online health service. Other investors in this round of financing included ETrade, Tenet Healthcare, HealthSouth, and LVMH Group. The sizes of the individual investments weren't disclosed. PlanetRx.com plans to use the funding to advertise heavily, the company said. Reuters contributed to this report. Software Information & Industry Association; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For Immediate Release Contact: Peter Beruk, VP, Anti-Piracy Programs, 202-452-1600, ext. 314, or pberuk@siia.net Keith Kupferschmid, Intellectual Property Counsel, 202-452-1600, ext. 327, or kkupfer@siia.net Software & In