From hol-owner Tue Mar 7 12:41:32 1995 Return-Path: owner-HOL Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id MAA18868 for hol-out31415; Tue, 7 Mar 1995 12:41:32 -0800 Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id MAA18837 for hol; Tue, 7 Mar 1995 12:41:11 -0800 Received: via =-=-=-=-= from carlson@odin.net for hol@hungary.yak.net (hol) Received: from odin.net (root@omega.odin.net [193.130.116.3]) (fnord) by nando (8.6.5/8.6.5) with ESMTP id MAA18686 for ; Tue, 7 Mar 1995 12:38:48 -0800 Received: from [193.130.116.13] by odin.net with SMTP (8.6.10/1.2-btv) id VAA11088; Tue, 7 Mar 1995 21:51:01 GMT Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 7 Mar 1995 21:33:36 +0100 To: hol@hungary.yak.net From: carlson@odin.net (Steven Carlson) Subject: (HOL) Press Coverage Bloopers in the Mitnick Story Sender: owner-HOL@hungary.yak.net Precedence: bulk Reply-To: HOL@hungary.yak.net I found this one in the Computer Underground Digest. Subscription details are included at the end of this post. =steve= ---------------------------------------------------------------------- Date: Tue, 28 Feb 1995 00:44:29 -0600 (CST) From: Computer Underground Digest Subject: File 1--Press Coverage Bloopers in the Mitnick Story (fwd) ---------- Forwarded message ---------- Date--Mon, 27 Feb 1995 22:33:24 -0800 From--Jason Hillyard By now we've all read about the extraordinary events that led to the arrest of Kevin Mitnick. As usual, the press got some things right, got many things wrong, and occasionally just got weird. I was bothered by many of the misconceptions that were played out in the press. Determined to find out more, I went on manic foraging expeditions through the Web, waded through piles of alt.2600 posts, and wheedled juicy tidbits from some of my hacker friends. The result is this playful yet critical romp through the best of the worst of the Mitnick story coverage. "L.A. Hacker to Waive Extradition" Los Angeles Times, February 17, 1995. "The FBI affidavit filed in the case alleges that Mitnick used his hacking prowess to steal files through the Internet, including cellular phone software developed under a grant from the National Security Agency worth $500,000 to $1 million." Whoa! FBI catches hacker with million dollar NSA software! No doubt this sentence confirmed the fears of paranoid conspiracy buffs everywhere. But the affidavit says no such thing. Rather, it says the hacker copied a file called "Berkeley Packet Filter" which was developed under a grand from the NSA. It says the hacker also copied "cellular telephone proprietary software" from Shimomura's computer. This cellular software was valued at $500,000 to $1 million dollars by Andrew Gross, a system administrator at the San Diego Supercomputer Center. Apparently the reporter tried to compress all this into one sentence, with rather absurd results. "Tight phone restrictions on suspected cyberthief" News & Observer, February 17, 1995. "A federal judge Friday set strict limits on jailhouse telephone calls for the computer pirate accused of stealing billions of dollars worth of corporate information by tapping into electronic networks." Read that again. Did they say billions? According to the FBI affidavit, Mitnick allegedly copied software worth up to $1 million from Shimomura's computer. Where did this billions come from? Perhaps the reporter was confused after writing a story on federal spending. "A Cyberspace Dragnet Snared Fugitive Hacker" The Los Angeles Times, February 19 1995. "Convinced that they could protect their subscribers' privacy, administrators of the Well agreed to work with Shimomura and the FBI, and set up 24-hour monitoring hoping that Mitnick would break into the system to store more purloined files." According to the FBI affidavit, The hacker had root access on The WELL. The WELL states, in their own FAQ on the subject, that the hacker had access to 11 user accounts. There is no way The WELL could protect their subscriber's privacy during the 18 days they let the hacker roam freely through their system. "Hacker case underscores Internet's vulnerability" New York Times, February 16, 1995. "And just a few hours before his arrest, they say, he delivered a last electronic blow that nearly destroyed the Well and the electronic community it served." Mitnick almost destroyed The WELL? Not quite. According to The WELL's FAQ, the hacker erased one accounting file, probably because of a typing error. The WELL was taken down briefly to restore the file and then brought back online. Miraculously, The WELL and the electronic community it serves remained intact. "Hacker case is a challenge as authorities try to retrace suspect's steps in cyberspace" News & Observer, February 17, 1995 "Proving Mitnick was behind the raids on data banks and thefts of at least 20,000 credit card numbers from computer systems across the nation will be a special challenge involving retracing the alleged hacker's steps in cyberspace." Maybe it's just me, but doesn't this make it sound like Mitnick was raiding credit card numbers from computers across the nation? Mitnick allegedly copied one credit card file. This file belonged to Netcom. There is evidence that this file was compromised as far back as last summer. Actually, the Netcom credit card file was kind of a joke in hacker circles. People had posted bits of it on IRC. Maybe Netcom should explain why this information was online in the first place. "Cyber sleuths nab infamous hacker" San Francisco Examiner, February 16, 1995. "Some clues pointed to the hacker's identity, according to the New York Times. For instance, the stolen material found on The Well and other Internet sites included software that controls the operations of cellular telephones made by Motorola, NEC, Nokia, Novatel, Oki, Qualcomm and other companies. That was viewed as consistent with Mitnick's interests. He made a name for himself by hacking into telephone networks." Mitnick and every other hacker on the planet would probably be interested in this kind of cellular phone software. It does not single out Mitnick as a suspect. But wait, the article points to more evidence: "The computer pirate left voice-mail messages for Shimomura after the December theft. One - using what investigators said was a mock British accent favored by Mitnick - said, 'My technique is the best. . . . Don't you know who I am?'" British accent or not, the voice-mail messages are a dubious source. I think they sound more like some hackers goofing off on a conference call than a serious threat from a lone hacker. (Have a listen for yourself. The reference is given at the end of this post.) But nevertheless, the press insists that Mitnick left these messages. I'd like to see some definitive proof. And the article provides this last bit of evidence: "Finally, the pirate was acting with a recklessness that was one of Mitnick's trademarks. At one point during the inquiry, the Times said, the hacker broke into a Motorola Corp. security computer as investigators monitored the raid." Why is this reckless? Because the hacker broke into a so-called security computer? Because investigators were watching? I'd still really like to know how investigators determined that Mitnick was behind the keyboard. I've yet to hear a convincing answer. "Officials Laud Civilian Cyberexperts in Capture of Hacker" San Francisco Examiner, February 17, 1995 "'The vast majority of citizens in cyberspace are law-abiding and interested in helping the government and stopping cybercrime,' said Assistant U.S. Attorney Kent Walker, who helped to coordinate the coast-to-coast Mitnick investigation." I suppose Mr. Walker is entitled to his opinion, but check out his causal usage of cyberwords! I wonder-- if you are caught committing a cybercrime in cyberspace, are you sent to cyberprison? And finally, here's my personal favorite: "Hacker invaded the wrong man's cyberspace" News & Observer, February 17, 1995. "For an unknown reason, agents waited five minutes for Mitnick to answer the door. On Friday, law enforcement officials said it is not their habit to slam down doors on nonviolent criminals." Now that's nice to know. Yet hackers who have been raided in the past often experienced less congenial displays of door-slamming etiquette. Perhaps the FBI has a more conservative door-booting policy than, say, the Secret Service. Gotta go, there's a knock at the door. Only got five minutes to wipe the drive! Additional References John Markoff's story in _The New York Times_: Pictures of Mitnick and Shimomura: The voice-mail messages: Technical details of the attack on Shimomura's machine: ------------------------------ Date: Sun, 26 Feb 1995 22:51:01 CDT From: CuD Moderators Subject: File 8--Cu Digest Header Info (unchanged since 26 Feb, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: Bits against the Empire BBS: +39-461-980493 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu:80/~cudigest COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ --- Steven Carlson Moderator/Publisher - hungary-online Critical Mass Media Inc. Internet trainer, consultant [+361] 133-4647 in Budapest, Hungary carlson@odin.net ############# # This message to HOL@hungary.yak.net # was from carlson@odin.net (Steven Carlson) # # To unsubscribe, send "unsubscribe" to # An announcement-only subscription (less volume) is available # at # Send mail to for more information, # or to if you need human assistance. #############