Computer underground Digest Wed July 14 1993 Volume 5 : Issue 52 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cpyp Editor: Etaoin Shrdlu, Senior CONTENTS, #5.52 (July 14 1993) File 1--Subjective opinion (Paul Ferguson Responds to #5.51) File 2--Update on 2600 Case File 3--BBSes Carrying CuDs File 4--Re: CRYPT Newsletter Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud aql.gatech.edu (128.61.10.53) in /pub/eff/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 13 Jul 93 20:05:52 EDT From: fergp@SYTEX.COM(Paul Ferguson) Subject: File 1--Subjective opinion (Paul Ferguson Responds to #5.51) Mr. Thomas (and readers of CuD), While my first instinct was to not post any response to your scathing series of highly volatile articles (albeit, on a highly volatile subject, Cud 5.51), I reconsidered after a colleague reminded me that, unfortunately, silence on my part may be misinterpreted as some form of admission of guilt. I do regret that this instance has created such a stir, but I do not apologize for the attention brought upon the AIS system which ultimately resulted in the removal of commented virus disassemblies from public access. Without launching into a dissertation about the harm caused by virus code (both compiled executables and reverse-engineered disassemblies), I would like to make a couple of points which are commonly taken for granted or disregarded altogether. The debate will obviously continue on virus eXchange systems, which name they have been given due to the availability of virus disassemblies, creation tools and the likes. (All of which were available on AIS.) I get the distinct impression that we have not heard the last on this topic. Far from it, I'd wager. On one hand, we have those who argue that virus exchange (Vx) BBSs do not further the spread of viruses and efforts to curtail their activities are akin to stifling freedom of expression and the flow of information. On the other hand, we have those who argue that Vx BBSs most certainly aid in the spread of computer viruses simply because they allow live computer viruses, source code and disassemblies to be freely exchanged as would youngsters trade baseball cards. However, baseball cards do not inflict damage, but many times viruses do exactly this, in the hands of an unwitting or inexperienced computer user. Let's examine, for a moment, some points on both sides of the argument. Pro Vx o Individuals in favor of Vx claim that they have seen no evidence that virus exchange systems have contributed to the spread of viruses. o Proponents of virus exchanges claim that by making viruses and disassemblies available to their users, they are providing them with the tools necessary to understand how computer viruses work. Similarly, once this information is understood, they also claim that it contributes to the overall enhancement of the computer security knowledge-base of their users. o Many advocates of Vx systems claim that attempts at stemming the flow of computer viruses is an idealism which should be protected under freedom of expression and freedom of information concepts. Con Vx o Figures reflected in statistics compiled by virtually all computer security and antivirus organizations, show a dramatic increase in the number of computer viruses within the past three years. Since Todor Todorov's Virus eXchange BBS in Bulgaria (which was the first of its kind in the world), the number of "underground" systems which mimic Todorov's system has risen. And so has the number of viruses. Exponentially. Sara Gordon has documented quite a bit concerning the impact of these systems; I'd recommend her paper(s) on the subject which she has presented on several occasions. o Viruses and disassemblies which are made available on these systems are a potential danger. While live viruses present a more immediate threat in the wrong hands, disassemblies can be considered even more of a danger (in most cases) because of their ability to be easily modified, recompiled and redistributed as undetectable variants of existing viruses. These instances have happened with increasing frequency and can be directly attributed to Vx systems and virus creation groups such as Phalcon/Skism, YAM, NuKe and ARCV. o With the availability of virus creation "kits," such as the VCL, PS-MPC and the G-squared, even "wannabe" virus writers with little or no skill at all can make viruses and distribute them at their leisure. o While it should be realized that this type of activity cannot be stopped completely, we must acknowledge the fact that Virus exchange systems _do_ contribute to the spread of viruses. Virus exchanges _do_ contribute to the propagation of new and undetectable viruses. Access to live viruses and disassemblies are not necessary for gaining knowledge and understanding how they work. A basic understanding of assembler language and some practical examples (including Ralf Brown's compendium) would suffice. Can there be a common ground on this issue? Probably not. The computer virus arena is filled with complex and diversified idealisms on the subject. I consider myself a proponent of freedom of information, but I also believe there are limits to one's freedom. In fact, I'm most fond of the adage,"The freedom to swing your fist ends when it meets my face." In other words, one's right to a particular freedom ends where it infringes on someone else's rights for safety or privacy, in this instance. And the government should certainly not allow systems which participate in these type of questionable activities to function within their realm of responsibility. Simply the appearance of government sponsorship tends to lend some form of legitimacy to the activities in question. Proponents of virus exchanges remain unconvinced that making live viruses, source code and disassemblies available endangers end-users. I'm convinced that not all instances do cause damage, but I'm also convinced that many times, it has done exactly this. In the case of the AIS BBS, it was operating under the auspices, whether explicitly or implied, of a Federal Office, namely the US Department of Treasury. The point in all of this is not necessarily what AIS did, but rather, how it was done and the apparent moral "high ground" of legitimacy it portrayed by being an apparatus of a United States Government office, financed (in part) with taxpayer money. I admit that I am dismayed that people do not see the problem here. I certainly claim no "moral high ground" on the issue. I took what I thought was the best venue of approach, which was to bring this topic out of the shadows and into the forefront for discussion. Unfortunately, the discussion was brief, the actions behind the scenes were apparently swift and apparently, I've been portrayed as some type of computer stool-pigeon who can't stand to see something "successful" succeed. Actually, my part in this entire scenario is actually very small, although rumor and innuendo would suggest otherwise. In an ideal world, we all share the freedom to express our concerns and ideas in an open forum. Although I may not agree with what you may say, I would give my life for your right to freedom of expression. However, let's not confuse concepts of freedom of expression and reckless computing (my opinion, implied). After reading my thoughts on the matter, reasonable deduction is an exercise left to the reader. To briefly address some selected points made in Cud 5.51: Jim Thomas writes (in File 1 -- Introduction to the AIS BBS Controversy) - "Perhaps the anonymous accusers are correct: Some types of information may pose a risk if abused. But, in an open democracy, the potential for abuse has been neither a necessary nor a sufficient justification to silence those with whom we disagree." I am flattered that you suggest I actually have enough clout to personally silence AIS, if that is the gist. I took the liberty of making it public knowledge, while concurrently voicing _my_ opinion about its merits. This street goes both ways. Most of us are painfully aware of the numerous virus underground systems around the world, yet the attention is focused on a solitary system run by an employee of the U.S. Treasury Department. Why is that? I suggest that most who squeak the loudest in opposition to my anonymous (hardly) posting are either a.) not familiar with the amount of damage, in both manhours and dollars, caused by computer viruses each year, b.) overly radical proponents of information exchange who care not what damage may result in said exchange, or c.) banging their drum just to bang their drum. (Please note the use of the word "most" in the statement above.) Jim Thomas again writes (in File 6 -- Media, Anti-virus personnel, Ethics, and AIS) - "Let's keep some facts straight. 'Mr. Smith (Kouch)' did *not* 'nail Clancy's coffin.' Paul Ferguson and his friends did with anonymous inflammatory posts and with other posts that irresponsibly suggest illegal and 'underground' activity." I'll address this directly, since it is obviously your opinion, not fact, as you seem to imply. In fact, I think you should have used "opinionated" instead of "inflammatory," but that is your prerogative. I find it odd that after so much "underground" exposure as was afforded AIS in the months preceding my "anonymous" post, not an eyebrow was raised. Perhaps Kouch's publication is truly "underground" catering specifically to hush-hush underground circles of computer vandals? I don't think so. Perhaps Cud is truly an "underground" publication? I think not. So where's the beef? One "anonymous" post, strategically placed razed the house of cards. Mr. Thomas makes one excellent point, however, in the midst of the remaining text - "It's said that some people, angered at this affair, are planning to retaliate against those judged responsible. This would be an ethically bankrupt response." At least we can agree on this point. One final note, for what its worth. I did not post the forwarded article to damage Clancy's reputation or to prove any particular political point. Personally, I have nothing to gain by the results. I do not foolishly sally forth and and do someone else's bidding in hopes of gaining favor. I do not publish software which would be directly or indirectly beneficial to myself, especially anti-virus software (I have done extensive work in assembly and have reversed-engineered viruses since their appearance, however). I posted the article because I believe it is a conflict of interest for any governmental agent to openly make viruses and disassemblies available, regardless of intent. If only one instance of damage resulted directly from the virus-related material available from AIS, then that is one too many and I would happily rest my case. What happened to the hacker ethic? I seem to recall a "no damage clause" which still echoes in my mind, especially with the advent of this fiasco. "Damage?" "Damage," you say, "What Damage?" "AIS only made it available -- they're not responsible for what is done with it!" Now that I think about about it again, I'm really "not sorry." Cynically, Paul Ferguson | "Confidence is the feeling you get Network Integrator | just before you fully understand Centreville, Virginia USA | the problem." fergp@sytex.com | - Murphy's 7th Law of Computing Quis Custodiet Ipsos Custodes? ------------------------------ Date: Tue, 13 Jul 1993 14:33:44 EST From: David Sobel Subject: File 2--Update on 2600 Case UPDATE ON 2600 CASE The Secret Service recently admitted that it possesses six previously unacknowledged documents relating to the break-up of a 2600 meeting at Pentagon City Mall last November. In conjunction with that admission, the agency has filed an affidavit executed by the Special Agent in Charge of its Washington field office. The affidavit, which is re-printed below, provides the most detailed explanation yet of the Secret Service's role in this affair. The most important parts of the affidavit appear to be paragraphs 22-24, which state that "the Secret Service received information from a business indicating that that business' PBX had been manipulated," and that the business provided the agency with "certain information concerning the individual(s) who had entered the system." Based on these statements, here is the best guess of what happened: 1) the "victim business" had some reason to believe that the individual involved had some relationship to 2600; 2) the business passed this information on to the Secret Service; 3) the Secret Service knew that people associated with 2600 met at the mall on a regular basis; and 4) the Secret Service recruited the mall security personnel to identify the individuals attending the monthly meetings. The litigation of CPSR's FOIA case against the Secret Service is proceeding, and new information will continue to be posted as it is obtained. CPSR is a national organization of individuals concerned about the impact of computer technology on society. The best way to support CPSR's work is to become a member. For more information, write to . David Sobel CPSR Legal Counsel dsobel@washofc.cpsr.org ================================================================ UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA Computer Professionals ) for Social Responsibility, ) ) Plaintiff ) ) Civil Action No. 93-0231 v. ) ) United States Secret Service, ) ) Defendant ) PUBLIC DECLARATION OF WILLIAM F. BURCH, SPECIAL AGENT IN CHARGE, UNITED STATES SECRET SERVICE, WASHINGTON FIELD OFFICE I, William F. Burch hereby depose and say: 1. I am the Special Agent in Charge (SAIC) of the United States Secret Service (hereinafter Secret Service), Washington Field office having held this position since January 24, 1993. I have been employed as a Special Agent of the Secret Service since January 20, 1969. 2. I am providing this declaration in connection with the above-captioned civil action arising under the Freedom of Information Act (FOIA). The purpose of this declaration is to address matters raised by the plaintiff in Plaintiff's Memorandum in Opposition to Defendant's Motion for Summary Judgement and in Support of Plaintiff's Cross-motion for Summary Judgement (hereinafter Plaintiff's Memorandum). [1] 3. This declaration is provided for the public record and is somewhat limited, as the records which are at issue in this case were compiled by the Secret Service in the course of a criminal matter which is currently open and ongoing. I have, however, also provided a separate and more detailed declaration for in camera review by this Court. 4. In my position as the Special Agent in Charge of the Washington Field Office, I am aware that plaintiff submitted to the Secret Service a FOIA request for information in the possession of the Secret Service which concerns "the breakup of a meeting of individuals" associated with the "2600 Club" at the "Pentagon City Mall in Arlington, Virginia on November 6, 1992." 5. In January of 1993, my office received a written request from the Secret Service's Freedom of Information and Privacy Acts (FOI/PA) Office asking that my office search its records to determine if it maintained information concerning plaintiff's FOIA request. 6. Pursuant to this request my office realized that it was maintaining records concerning an ongoing criminal matter and that these records might contain information which was responsive to plaintiff's FOIA request. 7. It was then directed that a copy of all records concerning this criminal investigation be provided to Secret Service headquarters. 2 8. In May of this year I was asked to provide an in camera and a public declaration concerning the underlying criminal investigation and the records concerning that investigation which related to plaintiff's FOIA request. 9. In the original draft of these declarations I noted that they referred only to certain newspaper articles and two specific records. Through my discussions with the "case agent" assigned to the underlying criminal matter, I was, however, personally aware that my office maintained certain additional records which appeared to concern plaintiff's FOIA request. 10. Upon further review I found that inadvertently copies of certain records which were in the possession of my office and which appeared to be responsive to plaintiff's FOIA request were not in the possession of the Secret Service FOI/PA. 11. Copies of all records maintained by my office which records concern plaintiff's FOIA request, and which records were in the possession of my office at the time this office's original search for material responsive to plaintiff's FOIA request,l have now been provided to Secret Service headquarters. ------------------------ 1 The underlying criminal investigation has continued and, therefore, additional records have been compiled by the Secret Service in regard to that investigation. 3 12. Additionally, a record by record, page by page comparison has been made of the information maintained in the Washington Field Office, which information was in the possession of the Secret Service at the time of my office's original search for information responsive to plaintiff's FOIA request, with the copies of the records which have now been provided to Secret Service headquarters. This comparison showed that these two groups of records are now identical. 13. The records which concern plaintiff's FOIA request, with the exception of the newspaper articles, had been provided to the Secret Service fron a confidential source and had been compiled for law enforcement purposes. 14. The information contained in these records was compiled in order to identify and to further investigate individual(s) who are considered to be possible suspect(s) in a criminal investigation being conducted by the Secret Service, which investigation relates to a violation of Title 18 of the United States Code, Section 1029, and/or 1030, "Fraud and related activity in connection with access devices," and "Fraud and related activity in connection with computers." 15. More specifically, the Secret Service has reason to believe that the suspect(s) in this case had gained access to a Public Branch Exchange (PBX) owned by a private company and manipulated that PBX so as to enable the commission of several tens of thousands of dollars of telephone toll fraud. 4 16. It is my understanding that at the request of my office the records at issue in this case, with the exception of the newspaper articles, were withheld from release due to the ongoing nature of the enforcement proceeding, as to release the information could constitute an invasion of the privacy of certain individuals, as the records at issue had been provided to the Secret Service by a confidential source, and as to release the records would reveal the identity of confidential sources. 17. I have been advised that plaintiff is now claiming that the Secret Service's action in withholding these records was improper. In particular, I have been advised that plaintiff is alleging that the records have been improperly withheld as the Secret Service does not have the authority to conduct investiga- tions in the area of computer crime, and, as the Secret Service is not conducting a criminal investigation, but "'merely engaging in a general monitoring of private individuals activities' .... or conducting an inquiry 'for purposes of harassment'." Plaintiff's Memorandum, page 5. 18. While I am not an expert in the proprieties of releasing or withholding information under the FOIA, as the Special Agent in Charge of the Secret Service's Washington Field office, I can provide relevant information concerning the Secret Service's investigative authority and the underlying criminal investigation through which the records in question came into the possession of the Secret Service. 5 19. The Secret Service is a criminal law enforcement agency which operates under the provisions of Title 18 of the United States Code, Section 3056. Under Section 3056, Subsection (b), the Secret Service is specifically authorized to detect and arrest any person who violates federal criminal laws relating to coins, obligations, and securities of the United States and foreign governments, electronic fund transfers, credit or debit card fraud, false identification documents or devices, false identification documents and devices, and certain laws relating to financial institutions. Additionally, pursuant to Title 18 of the United States Code, Sections 1029 and 1030, the Secret Service is specifically charged with the authority to investigate offenses concerning fraud and related activity in connection with computers and/or access devices. See Title 18 U.S.C. 1030(d), Fraud and related activity in connection with computers ("The United States States Secret Service shall ... have the authority to investigate offenses under this section."). Contrary to plaintiff's argument, the Secret Service does, therefore, have clear statutory authority to conduct criminal investigations relating to computer fraud. 20. With regard to plaintiff's allegation that the Secret Service was "merely engaging in a general monitoring of private individuals' activities" .... or conducting an inquiry "for purposes of harassment," (Plaintiff's Memorandum, page 5), I would state that there is absolutely no truth to plaintiff's suggestion. 6 21. The records which are at issue in this case were provided to the Secret Service by a confidential source and were compiled by the Secret Service for law enforcement purposes -- the identification of possible suspect(s) in a criminal investigation and the further investigation of the suspect(s). 22. In connection with its law enforcement responsibilities, the Secret Service received information from a business indicating that that business' PBX had been manipulated and that as a result the business had been the victim of long distance telephone toll fraud. 23. The victim business provided the Secret Service with information which might lead to the individual(s) who had manipulated the system or utilized the manipulated system to steal telephone time. 24 The victim business had access to certain information concerning the individual(s) who had entered the system, but could not directly identify the individual(s) involved. It was, through a follow-up investigation and an attempt to identify the individual(s) who had committed this fraud, that the Secret Service came into the possession of the information which is at issue in this case. 25. The details of the law enforcement proceeding which underlies this matter are set out in my in camera declaration. I believe, however, that the generic facts as described above show 7 that the records which are at issue in this case were compiled by the Secret Service for valid law enforcement purposes. 26. I am aware that plaintiff is arguing that the records at issue have been improperly withheld as the records consist of information which is already known to the subject(s) of the investigation. To the knowledge of the Secret Service, however, this is not correct. At this time the Secret Service has no reason to believe that the suspect(s) in its investigation, or the plaintiff in this case, are aware of the nature of the Secret Service's investigation, who is under investigation by the Secret Service, what information is in the possession of the Secret Service, or who has provided information to the Secret Service in regard to this matter. 27. I am also aware that the plaintiff argues that "the shopping mall was clearly the source of the records being withheld." Again contrary to plaintiff's argument, to date there has been no public statement that the "Mall" is the source of the information which is being withheld. 28. Additionally, the Secret Service recently contacted the source to determine the position of the source in regard to this matter. At this time, the source reiterated the source's original position and understanding that the fact that it had provided certain information to the Secret Service would not be revealed. 8 29. Further, the records at issue also contain information concerning a second source of information which source has since provided information to the Secret Service in regard to the underlying criminal case. 30. Due to the nature of the investigative work conducted by the Secret Service, this agency must protect from exposure the sources which the Secret Service utilizes to gain information in the course of its criminal investigations. In the course of its investigative function the Secret Service routinely receives information from various sources with the understanding that, unless the source is needed to provide testimony or records in a criminal trial, the fact of that source's cooperation will not be revealed to the public. Further, information is often provided by a source with the understanding that at the time of a criminal trial a subpoena will be issued to protect the fact of the earlier cooperation of the source. Therefore, if such confidential sources are compromised by premature exposure, the result could have a chilling effect on the law enforcement function of the Secret Service in that, in the future, such sources would be less cooperative with the Secret Service, and federal law enforcement in general. 31. It is, then, reasonable and necessary that the Secret service preserve its relationship with confidential sources by protecting from release information which would expose the cooperation of such sources with the Secret Service. 9 32. As I have attempted to describe above, the records which are being withheld in this case are records which were compiled by the Secret Service for law enforcement purposes. Further, the release of the records could result in interference with an open enforcement proceeding, an invasion of the personal privacy of third parties, reveal information provided by a confidential source and compromise the future cooperation of a confidential source, by revealing the cooperation of those sources with the Secret Service. My office has, therefore, requested that the records involved in this matter continue to be withheld. I declare under penalty of perjury that the foregoing is true to the best of my knowledge and belief. /Signed/ William F. Burch Special Agent in Charge Washington Field Office 10 ================================================================= ------------------------------ Date: Wed, 7 July, 1993 21:43:12 CDT From: CuD Moderators Subject: File 3--BBSes Carrying CuDs We receive a number of letters, faxes, phone calls, and psychic vibes each week from non-net users asking how CuDs can be retrieved without Internet access. We will periodically run BBS numbers where ya'll can obtain CuDs. Canadian readers are especially interested in Montreal, Toronto, and Vancouver boards, so we'd like to receive some numbers to pass. The CuD header lists a variety of world-wide outlets for CuD. We encourage U.S. readers to call RIPCO (312-528-5020), The Works (617-861-8976), or Rune Stone (203-832-8441). +++++++++++++ Date--Tue, 6 Jul 93 21:19:42 CST From--bazooka%podbox@CS.UTEXAS.EDU(Bob Anderson) Subject--BBSes that carry CuD Dear CuD, Thanks for being there! Here's a listing for you of another BBS that has CuD available. BBS name: Pair O Dice BBS numbers: 1.512.451.4610 @ 300 - 2400 baud 1.512.451.7117 @ 2400 - 14400 baud BBS hours: 24 hours BBS location: Austin, Texas, USA Pod both subscribes to comp.society.cu.digest and also keeps current and past issues online in it's gfile area as well as various other ezines that deal with the computer underground, art and virtual culture. We specialize in original computer graphics and are also a dialup site for the OTIS image collection. We have also just received permission from the Smithsonian to stock images from their PHOTO1 collection. Pair O Dice is an official Info Site for EFF-Austin and the sysop is a long time member of the EFF. We offer about 75 newsgroups, publicly subscribe to a few mailing lists, have a good selection of online games and carry basic support programs for the Amiga as well as important programs for the Mac and MS-DOS users such as PD graphic viewers and convertors. The system is run on an Amiga and uses the CNet bbs software and Amiga UUCP. ++++++ From--ehunt%bsc835@UUNET.UU.NET Subject--CuD Carrying BBS Date--Mon, 5 Jul 93 14:31:55 CDT BBS Name: The MATRIX BBS Phone: 205-323-2016 - 2400 bps only 205-323-6016 - V.32/V.32bis/HST only (no 2400) 205-458-3449 - V.32/V.32bis only (no 2400) 21 total incoming phone lines Hours: 24 CuDs from Volume 2 to current online. All issues of EFFector Online. All issues of Quanta and InterText (ASCII only). CuD and EFFector Online available for DL on first call. 15 hour complimentary subscription given to all new callers, but takes 1-2 weeks for activation. Home BBS for the American BBS Association (ABBSA) Over 130,000 files available in addition to CuD and EFFector Online. Most major PC based echonets as well as an Internet Email feed and small assortment of UseNet newsgroups. Located in Birmingham, Alabama. +++++++ From--Chuck Frieser Chuck Frieser's BBS, in Beverly, Mass, carries CuD online through the ReadRoom Door (written by Michael Gibbs of The Infomat BBS). Chuck's board number is (508) 927-6712. ------------------------------ Date: Mon, 12 Jul 93 09:04:36 EDT From: morgan@ENGR.UKY.EDU(Wes Morgan) Subject: File 4--Re: CRYPT Newsletter >Date--Mon, 21 Jun 93 21:18:31 EDT >From--Urnst Kouch <70743.1711@COMPUSERVE.COM> >Subject--File 5--Fear and Loathing--On the Virus Code Trail at AIS > >((Urnst Kouch is editor of CRYPT NEWSLETTER. Additional details on the >background of the incident and those involved can be found >in CRYPT NEWSLETTER #16)). I'd like to make a public apology to Urnst Kouch and the authors/editors of CRYPT Newsletter. After reading an interview with Urnst Kouch in a previous issue of CuD, I made several comments about both him and CRYPT Newsletter. A kind individual (who shall remain nameless) sent me a sample copy of CRYPT, and I found that the excerpts printed in CuD were in no way represen- tative of the editorial slant of the newsletter as a whole. In fact, I found it both comprehensive and well-written in all respects; if subscriptions are available via email, I'd greatly appreciate the ad- dition of my address to the subscription list. (I don't cruise the BBSs as much as I once did; a new daughter tends to cut down on one's time online.) Again, I offer my apologies to Urnst and his associates. I may not condone every position presented by individual articles, but my com- ments about CRYPT were "way out of line." Please consider my earlier comments retracted, and feel free to either delete my previous com- ments in your archive files or append to them this apology/retraction. --Wes Morgan ------------------------------ End of Computer Underground Digest #5.52 ************************************