Mitnick, spin doctors, and culture clash (Strick)

To: HOL@hungary.yak.net
Subject: /n@Nd0/ Re: (HOL) Press Coverage Bloopers in the Mitnick Story 
Date: Tue, 07 Mar 1995 22:43:21 -0800
From: strick at The Yak 

Regarding Steve Carlson's recent posts about Mitnick:

Someone on the 'eniac' mailing list pointed out the depths of corporate
spin-control that emerged in the wake of Mitnick.

Two really blatent examples were press releases from Netcom --
congratulating themselves on their role in apprehending Mitnick -- and
an amazing one from the cellular phone industry -- congratulating
themselves on their security, because they caught this guy.  They
didn't even name Shimomura in either press release.

Netcom was only involved because they were so thouroughly infiltrated
by hackers -- I've heard rumors about this for months, and I suppose
it goes far deeper than just Mitnick.

And apparently Shimomura had to fly to Raliegh, North carolina, to show
the cellular company's own security people how to trace the cellular
phone calls.  Cellular phones have zilch for security -- protocols
like "guess a random number" usually pass for "authorization".
Where's the hack in that?

A lot of the bad press about Mitnick will be due to whom he chose as
enemies.  He hacked netcom, the well, Shimomura, and other friends of
mine here and there on the net.   The group that wants to be known as
"the good kind of hackers" -- the people who were kind of calling a lot
of the shots on the net in the past -- were his targets.  So you don't
get a lot of people standing up for him, or pointing out that he wasn't
all that bad -- the way people stood up for Phiber Optik, for
instance.  (And Phiber's picture is back in a recent special issue of
Scientific Americian about the Net).  If they really put him in jail
for a long time, that'll set a precident for lots of bogus hacker
cases, too.  We've seen cases where students are thrown out of school
for printing out the password file.  (The UNIX password file is where
you find out people's email addresses.  The passwords are all
encrypted, so you can't use them.  If you really wanted to try to
decypher them, you wouldn't print them out -- you need them in
electronic form for you crack program to grind on.)  These bogus
cases are now going to get a lot worse.   Phiber only got one year
in jail -- but after Mitnick, Phiber might have gotten a much worse sentance.

I agree with Steve that Mitnick is far from being the dangerous type of
hacker.  I have accounts on both netcom and the well, so Mitnick should
have my credit card numbers.  Does this frighten me?  Not really.  Not
compared to the hundreds of gas station attendants, waiters, bookstore
people, airline agents, etc. that have my credit card numbers.
Mitnick liked to break into the "good guy's" computers.  Others want to 
get rich from credit card fraud.  I'm having a dispute with a company 
in New York right now that shipped me a computer that I didn't order.

These hackers like Shimomura and Mitnick and Phiber (and myself) --
we're more like journalists -- we're in it for the story, to learn how
it all works, and we tend to expose the vulnerabilities honestly,
rather than try to jump in at the end and take all the credit for
something, or lay all the blame.

But who is "the Internet's worst nightmare"?

It's governments.   Clueless, powerhungry politicians that will decide
that they know what is best for the net, and try to regulate or order
or sanatize it.  When they read this recent spew of clueless articles
declaring that "the internet is too difficult to use and doesn't really
have any good information anyway" I wish they would believe it, and
just go away and leave us alone.


				strick

To: Hungary-Online@hungary.yak.net
Subject:  Mitnick's vindictive charactor 
Date: Wed, 08 Mar 1995 18:41:11 -0800
From: strick@yak.net 

# such a stern sentence.  People have to look past this latest incident, to the
# full pattern of how Kevin works, his vindictive nature, and his disregard for
# society, to see why this individual needs to be kept away from society for our
# own and his own protection.

His own protection?  Give me a break.  

Okay, so I'm playing devil's advocate here.
This opinion will not be popular with a lot of people, but I would
like to see people convicted of actual, demonstrable Bad Things, 
instead of the tomfoolery cited in this article.


Join me in looking at this with litle context...


# and steal $200,000 worth of data from a San Francisco corporation.

$200,000 worth of data?    What does that mean?

Was that number fabricated by the same accountants that came up with
the >$100,000 valuation of the $12.50 E911 administration pamphlet 
in the Steve Jackson / Craig Neidorf / Legion of Doom case?

# Suddenly, his probation officer found that her phone had been disconnected
# and the phone company had no record of it.

hee hee...  yes, a typical phreak prank.  Nobody died, no elderly
people were bilked out of their retirement funds, no innocent people
went to jail or were executed, nobody used a third world country for
fighting a war, nobody was denied economic opportunity or the chance to
make something of their lives, nobody lied to congress, nobody
subverted the democratic means of government for their own economic
gain, etc.  Really, put this in context.  They're calling this guy
dangerous?

# A judges credit record at TRW Inc. was inexplicably altered.  Police computer 
# files on the case were accressed from outside.  A new warrant for Mitnick's 
# arrest was issued, accusing him of breaking into TRW's computer, but he fled 
# to Israel.

lots of random accusations, no real proof.  i could think of many
others in the computer underground that would become curious about this
judge, this police computer, the previous probation officer, etc.
There is some element of truth, beyond the media hype, in hacker's
revenge (cf. Sterling's book, below).

Why do companies and police have such lousy security?
How are normal people supposed to defend their reputations and 
criminal records from this kind of tampering?

I'd put TRW in jail, personally, for collecting this kind of personal data,
selling it as truth, but not securing it.   People worship computers
without understanding or dealing with the risks.  That's the real 
danger to society in all of this -- and it's the kind of danger that
some of these more devious, more Robin-Hood-ish hackers are exposing.

These hackers are functioning as journalists, leading society to
understanding what is being done to them.

[ and no, I don't participate in the black/white game of cracker/hacker.
Both the "computer underground" and Steven Levy's (the book "Hackers") 
+ Glenn Tenney's (the "Hackers Conference") communities call 
themselves hackers and are called hackers, and I'm not the only person 
that is a member of both, and sees the value of having both. 
Read the "About The Author" section at the end of Kevin Kelly's 
(editor of [W]I[R]E[D] magazine) book _Out_Of_Control_.  He describes
the highly respected Hackers Conference without shying away from
the term "outlaws".   _Out_Of_Control_ is an *excellent* book,
by the way.  ]

# Upon his return, there were new charges filed in Santa Cruz, accusing Mitnick
# of stealing software under development by Microport Systems, and federal

Ignoring the legal contradicitons in the pharse "stealing software", 
who hasn't infringed a little software copyright here or there?

# On Thursday, Mitick, now 25, was charged in two new crimpinal complaints
# accusing him of causing $4 million damage to a Digital Equipment Corp.
# computer, stealing a highly secret computer security system and gaining

huh?  again, what the hell is $4 million of damage?  The computer was
worth $4 million, and it no longer works?  I kinda doubt it.

# access to unauthorized MCI long-distance codes through university computers
# in Los Angeles and England.

Classic hack/phreak behaviour.  A drop in the bucket to MCI. 
Hopefully he picked large univesities that won't notice it either.

# makes it a crime to gain access to an interstate computer network for
# criminal purposes.

So they don't even find something honest to convict him of.
They pick a bogus law about "access to an interstate computer 
network for criminal purposes."

Huh?  Such a dangerous person, and all they can get him on is
"access a computer network" for "criminal purposes"?  

No real henious crime they can point to?  Nobody other than 
Very Large Corporations that lost Phenominal Amounts of Money
that probably won't withstand further scrutiny?

# He faces a maximum of 20 years in prison and a $500,000 fine.

This man will be convicted to 20 years on the basis of pure hype --
on the Thought Crime of having Criminal Purpose.  

Why can't we do better than that?  

It sure makes me suspicious, and not of Mitnick.


# Los Angeles police are trying to determine what other damage Mitnick 
# may have done with his computer terminal, Black said.

Just make something up!


		in the words of Rich Stallman,

		Happy Hacking!

			strick



p.s.  other required reading on the topic:  _The_Hacker_Crackdown_
	by Bruce Sterling.  You can FTP it; Bruce liberated it himself.  
	(actually, his deal with the publisher was that he would give
	them 50% of sales if they'd allow him to publish it 
	electronically!)

Subject: Re: (HOL) Yes. Markoff sucks. 
Date: Thu, 09 Mar 1995 14:32:33 -0800
From: strick -- henry strickland 

THUS SPAKE gabor@sbei.com (Gabor Fencsik):

# Even if you find Markoff's
# language too hyperbolical for your taste, do you consider Mitnick's 
# and Shimomura's activities morally equivalent?  Or can you detect
# any difference?  Just wondering...

Personally, I certainly see the moral differnece, and I don't mind
Mitnick being charged with a crime, and convicted.  If he repeated
broke into yak.net, I'd certainly feel the same.

But my bottom lines were

        -- if he's so bad, why can't he be charged with Doing A Bad Thing,
           instead of an "U S interstate network + criminal intent" 
           thought crime.  A crime past, instead of the possibility
           of a crime future.

        -- 20 years is disproportionate to the sentances commonly given
           people in the U S that do other Actual Bad Things that I 
           enumerated

        -- even if Mitnick is scum and guilty as hell of actual bad
           things, this sets precedent in the public view for others
           young hitech type people to be convicted to many years for
           thought crimes, with only hype as evidence



Thinking more about it, how did Shimomura learn to track down
cellular phone calls, without vioilating exactly the same law? 

Listening to cellular phone frequencies has been a crime in the U S for
a couple of years now.   And Shimomura must have done it at least once
recently, before teaching the cops how to do it.  And it's almost
impossible to escape the "interstate commerce" loopholes nowadays.


This is not a proper way of distributing justice.      strick