F R E Q U E N C Y: inside the hacker mind FREQ21 MAY 2002 ============================== 1. “Intimidation” 2. Inexpensive Eight-Oh-Two-Eleven Networking 3. Vying For Privacy 4. Storing Files Without a Trace 5. The Reality of Online Radio 6. Crime and Punishment in the Digital Age 7. Lessons From cybercrime.gov 8. On the Inside – Netopia Routers 9. Random Stuff From the Net 10. Crosstalk 11. Closing Arguments 12. Crew ============================== "When you do the common things in life in an uncommon way, you will command the attention of the world." - George Washington Carver (1864-1943) 1. “Intimidation” It’s often been said you can tell a lot about a company by the way they treat their customers. When presenting yourself as a business you have an obligation to treat your customers with respect, dignity, and a friendly face. You might not be required to do so, but few will argue that you inherit that responsibility. This responsibility is not only directed toward customers however, but to the public at large as well. If they have questions or comments, you must listen. A company that does listen, is one that continues to provide the best service possible. A company which does not listen, or worse yet, insists on intimidating their customers and the public at large, will soon crumble. Never has corporate intimidation been such a popular pastime than in the field of technology. Today, companies from all over the globe can insist upon, and in some cases force people to behave in the manner in which they see fit. You want to call your friend down the street? You need to obey the rules set forth by the phone company. You want to go onto the internet? You must follow the guidelines provided by the ISP. Of course there are always people that will tell you, “If you don’t like the terms, find a different provider.” Let’s stop and think about that for a while. How many phone companies do you have to choose from? Sure when it comes to long distance you have virtually millions to choose from (by way of 101 numbers), but how many can you have as your main provider? The names AT&T, MCI, and Sprint come to mind. Each has their own rules and regulations, but for the most part, each will screw you over in their own way. The same can be said for nearly every other phone company out there, all of them find a way to get as much money out of you as possible. Basically, if you don’t like how one company is screwing you over…you can get screwed over another way at a different company. In the end though, you’re still bound by the rules of the phone company…and they will enforce those rules at all costs. For example, you want to find out how many modems are in your local area via wardialing. Here you’re using your phone in a perfectly legal way, to dial numbers. Only after doing so, the phone company realizes you called well over a thousand numbers sequentially. This, as they say, is where the shit hits the fan. You get a call from telco security, demanding you either stop or get disconnected. And that’s if you’re lucky, most times they’ll just cut you off without thinking twice. Play by the rules, or you’re gone. We’ve seen this same type of intimidation from Arkansas’ Cyberback Internet. In recent months, Dash Interrupt was banned for port scanning a local university. The reason? Hacking. Below is the paragraph regarding account abuses as found on Cyberback’s own website, www.cyberback.com: Spamming, Mail bombing, and Denial of Service, Hacking/Cracking/Attacking. Spamming, Mail bombing, and Denial of Service (DoS) attacks, Hacking & Cracking will not be tolerated and will result in the cancellation of your account. Spamming includes unsolicited commercial emailings (UCE) via email, cross-posting advertisements to multiple news groups, chain-letters, or other postings that are not related to the newsgroup subjects, unsolicited messages to IRC chats or other chatrooms, and any other activity that may be considered spamming by the general Internet community. Mail bombing is the act of sending multiple email messages in a short amount of time with the intent of filling up someone's mailbox. DoS attacks are the attempt to knock someone offline or render their internet connection or computer unusable. DoS attacks may also be illegal under current Federal Law. Hacking/Cracking includes any attempt to gain unauthorized access or use of another computer system or running programs or BOTs to exploit vulnerabilities on such systems. Aside from the wonderful English (Spamming includes unsolicited commercial emailings (UCE) via email) this shows us several things, the most ironic thing being what their definition of hacking is. The thing is, Dash never “attempted to gain unauthorized access.” He merely saw what ports were open at a nearby school. In fact, one could argue that visiting the school’s website (port 80) is a type of port scanning…after all, he’s checking to see if port 80 is running. Being banned however, is not that big of a surprise. What was surprising, was the way Cyberback dealt with our request for a few comments on the matter. You may remember we wrote in and mentioned we were writing an article on incidents similar to this, and within days we received an angry letter saying that there was no evidence to support the existence of our publication, and how pretending to be someone we weren’t was a crime. Nice huh? Yes we used a pseudonym for our name (legal), and yes we altered the name of our company slightly (HM Productions rather than Hackermind Productions, done for obvious reasons but still perfectly legal) but the response was something completely uncalled for. Big business at it again, and this time the big business isn’t even one of the Fortune 500 companies! A small internet service provider, who could have easily said “no thank you”, chose to intimidate a legitimate member of the press with vague threats. So what if we chose not to be listed in the Library of Congress? If we had been, they would have simply fed us a commercial about how great they are. A simple “no thanks”, would have been sufficient…but no. Feel free to read the letter for yourself in Freq17. It’s something that’s seen far too often these days, big business stepping on the little guy just because the little guy has no way to fight back…or so they think. Of course, businesses aren’t the only ones intimidating people. Public schools, universities, and yes, even places like your friendly public library may all use these techniques to “handle the masses.” They scare you into doing what they want you to do (Ever been threatened by a principal, even though he had no authority whatsoever to do anything to you? Ever been ordered by your university to write a letter promising to pay your tuition?) As hackers we know the value of communication, and what better way to communicate than via the internet; where your message can reach the world in a matter of seconds. Phone companies, ISP’s, and other organizations all have the ability to push you around…why shouldn’t you push back? Be creative, use your brains, and we can all beat them at their own game. Don’t be shy, call these people and ask them about their policies. Question them at every turn until something finally changes. If we don’t make a stand, we’re just going to keep getting intimidated. –screamer ============================================================================= 2. *** Inexpensive Eight-Oh-Two-Eleven Networking *** by: Dual_Parallel This article will show you how to build a secure, inexpensive, 802.11b network for Internet sharing. This article will assume the reader has a high speed Internet connection (cable or DSL), basic knowledge of Windows networking, and at least two computers. Looking at the back of any 802.11 networking adapter box will show a wireless network using a high speed Internet connection, nodes with appropriate adapters, and most importantly, an expensive wireless router. Creating a network following this article will eliminate that expensive router. First, you will need at least two Windows machines. The network discussed here will be Win98-based. Choose the machine, probably the lower end of the two, that will be the proxy server (and that's the key - instead of using an expensive router, you're going to build a proxy server). Most 802.11 adapters will require a P150 or better, but a P133 should do just fine. Next, you'll need an 802.11 network adapter for each machine. You could buy PCMCIA/PCI adapters or PCI cards, but instead buy USB adapters. Here's why: If you have a laptop, and wish to go wardriving, the USB adapter will eliminate the need for an external antenna - it is the antenna. Also, buying a USB adapter alone costs about the same as a PCMCIA card, and definitely less than a PCMCIA card with a PCI adapter. Look for a used USB adapter, and/or watch for sales at your favorite office or electronics superstores. Setup your hardware by installing an ethernet card in the proxy server, and configuring it for the high speed Internet connection. More than likely, your cable/DSL connection will use DHCP, DHCP for WINS, and have DNS disabled. Now install the USB adapter for your proxy, and configure it as 10.0.0.1 with a subnet mask of 255.255.255.0. Install the other adapters with IPs of 10.0.0.2, 10.0.0.3, etc., with the same mask. This takes care of the hardware. All of the software required for this network is free. Head to http://www.analogx.com, and download and install AnalogX Proxy and AnalogX PortBlocker on the proxy server. Read the refreshing READMEs, and make any fine adjustments. You'll probably won't need to though; Proxy and PortBlocker's pre- configurations should suit just about anybody. With the proxy server set up, all that's left is to configure the programs on the remaining nodes to use the proxy for Internet access. I will walk you through the configuration of a few common programs. For the following programs to work, you must turn on the HTTP and FTP services in AnalogX Proxy. Internet Explorer: 1. Select Tools, Internet Options. 2. Click the Connections tab. 3. Click LAN Settings... 4. Check "Use a proxy server..." and enter Address: 10.0.0.1, and Port: 6588. Winamp: 1. Right click in Winamp. Select Options, Preferences... 2. Under Setup, select the "Using LAN Internet Connection" radio button, and enter 10.0.0.1:6588 in the HTTP proxy box. WS-FTP: 1. Under Session Properties, click the Firewall tab. 2. Check the Use Firewall box, and enter 10.0.0.1 for the Host Name, and enter 21 for Port. 3. Select the Proxy OPEN radio button under Firewall Type. And that's it. If you have trouble: 1. Reboot/shut-down all nodes, restarting the proxy server first. 2. Double-check TCP/IP configurations. 3. "Update" the wireless adapter configuration. 4. Turn off other firewalls, like ZoneAlarm. With free software, and hardware that's inexpensive or laying around in your lab, this wireless network will perform as well as any network using a router. dual_parallel http://www.oldskoolphreak.com ========================================================================== 3. *** Vying For Privacy *** By: Lucid Dreamer Not long ago Screamer spoke of the problem of Social Security numbers being present on college IDs. This is a problem that exists at many different colleges. I don't see it as just a mere number. I opted not to have this number on my driver's license so why can't I have the choice of whether or not to have it on my ID. This hit me in class the other day. I saw my friends ID on the table in plain view. At that point I became concerned with my ID. I said to myself if they will not give me a choice then I'd remove the number from the ID. I just clamped down the ID to a table. Then I proceeded to cut around the number in a rectangle shape. (Design up to you) After that you can take the knife and pick away at the numbers. Then after all the numbers are gone you can fill the void with some cardboard of the same color. You could even change your number if you so desired. I know this shouldn't have to be done but it's one way to preserve privacy. ========================================================================== 4. *** Storing Files Without a Trace *** By: JayX Recently I read an article in 2600 called “Hacking From A Ram Disk” which detailed how hackers could hide their data in ram (as opposed to their hard drive) so that it could be easily deleted and completely wiped from their machine. What the article neglects to mention however, is that this forces you to lose all your precious files! We can all understand why someone wouldn’t want to be found in possession of certain files, but completely wiping them out seems like a bit of a waste. To solve this problem, I highly recommend you find a nice FTP server somewhere out there where you could store your files without worry. Of course, you don’t want to store files under your name…it kind of defeats the purpose. Instead, I’d like to present a few ways to set up remote file servers that you could gain access to later, should the need arise. As always, it’s important to remember that this will do you no good if you don’t completely format your hard drive (hell, why not smash the damn thing if the man comes knocking). The reason for this is simple; even if your files are stored somewhere else, it’ll be trivial to learn what machines you had access to via your log files. So, for safety’s sake, you might want to take the ram approach and prepare your computer to be wiped out with one pull of the power cord. With that done, you need to focus on finding a place to put your files. Joe Shmoe down the road might have a vulnerable Linux box running, and if you’re lucky you may be able to stash some files on the machine and wipe out the logs to make it look like Joe was the one that put them there. I can’t guide you through getting root, or even getting in, but with so many vulnerabilities out there you should have no trouble getting room. Or, if Joe’s on your local area network you could use the infamous ettercap technique and simply watch him for a while. When Joe telnets out, snag the user and pass and see if it doesn’t work on his own machine, odds are it will. With root access, you can enable FTP (if it’s not already open) and use his machine as a storage facility. However, one thing to keep in mind is that Joe’s IP may change, in fact, it probably will. This can be particularly troublesome, especially when you want quick access to your files. This is easily solved through a basic shell script and crontab file. First, copy the login screen you receive on Joe’s machine and paste it into a new text file. Edit the login screen so that something barely even noticeable is different, for example: REGULAR LOGIN: BlueCap Linux 2.4.15 (blueboy) login: ALTERED LOGIN: BlueCup Linux 2.4.15 (blueboy) login: Notice in the second login the word BlueCap is changed to BlueCup (yes, an obvious bust on Red Hat). With this new file created, save it as anything you like and place it into the /etc directory under a non-suspicious name (read: h@x0r is a bad idea). Now create a script that will mv your file (with the altered login) into the /etc/issue.net file (where /etc/issue.net is the normal login screen users receive when telnetting to your machine). Create the script like so: #!/bin/bash cp -rf /etc/yourfile /etc/issue.net exit Tricky huh? I know how to program better stuff, you gotta believe me! Anyway, name the script whatever you want and stash it someplace (for the purposes of this article, we’ll assume /etc). Now, find Joe’s crontab file and add the following line to it: 0 * * * * /etc/scriptname Insert the name of your script where it says “scriptname” (duh) and save the file. Now, the crontab file should cause your script to run once every hour…thus ensuring the login screen remains the same. Unless Joe reformats, checks the crontab file, or notices the error in the login name you should be in the clear. This means that whenever you want your files, all you need to do is scan the network for the messed up login screen (this is to ensure you’ve got the right box). Yes, you still have to scan for the proper ip, but let’s be honest, how many people on a particular network actually have telnet? In fact, how many actually have Linux? If you’re using a machine on a consumer cable network, the answer is not many. (It would be easier to just install a back door on Joe’s machine, something with a high port number. This way you can merely scan for that port number and login, but to be honest a modified login screen would get past me much more easily than an odd open port. The choice is up to you.) OK, now Joe’s storing our files. Remember to name them something that would blend right into the rest of the environment, preferably as hidden files. While not one hundred percent reliable, this could only help in the event of a raid. You could do this to numerous other machines on the net, but the same techniques would apply there as well…just remember that they’ll probably have better security. Another great place to look are webservers, those usually have a ton of free space (considering most people only put up text and a few graphics). Just remember that you’ll want to have root on these machines, as it makes covering your tracks much easier. To conclude, I’d like to say that there’s no reason you should lose all your files just because your hard drive or ram gets wiped out. CDR’s and DVDR’s are quickly becoming the standard for remote storage, but they hardly provide any security. For their security to be effective, you’ll need to hide them in a remote location…but how easily could you get to them? If you wanted to use one of them, you’d need to travel to the files and bring them back…and that’s not logical. The methods I have suggested may help you get around this, but as always I want to stress they may get you into even more trouble. For that reason, I ask that you strongly consider the consequences of your actions. There are other techniques for saving your files while keeping a clean trail, but I’ll save those for another article. Page 2 --> 5. *** The Reality of Online Radio *** By: Screamer Chaotix Online radio is something to be cherished, and not only for its pure entertainment value. It’s one of the last avenues that corporate America hasn’t taken control of, and thus allows anyone to speak their mind however they see fit. The radio waves belong to the people, but corporate America now has all but complete control over them. This means you’re force fed whatever it is they want to sell you: Britney Spears, P. Diddy, N’Sync, or any other number of media-created superstars. You think you really have a choice as to what you like? You think alternative music is really alternative? Think again; you’re consuming what the big record labels want you to. You’re a pawn, and they can move you anywhere they like. Unfortunately in recent years this has grown out of control, especially with the RIAA now attempting to have complete control over what you listen to. With help from the DMCA, they’re slowly but surely attempting to shutdown free speech and free minds. Why else would they force independent stations online to pay for every song they play, and every listener that hears it? So they have control over what you hear, and the power stays in their hands. We now have a chance to change that. With your own online radio station or show, you can spread your word and play whatever you like. Whether you choose to play music, news reports, or simply talk, the choice is yours. In recent years I’ve seen numerous shows come and go, but seldom do any last for more than a few weeks. I’ve already written an article about how to start your own show, but now I’d like to write one that gives a better understanding of the realities behind it. Contrary to how this sounds, this article is not designed to discourage anyone from creating their own show. Rather, it’s meant to open a few eyes and give people a clearer comprehension of what they’re getting themselves into. With a little luck, this article will help someone start a show and keep it running for years to come. Let me begin by discussing something we all want, but have so little of…money. Yes, you will need to spend some of the green stuff here and there, but not as much as you think! I’m constantly being blown away by websites asking users for contributions and donations simply because they can’t figure out how to get things for free. If you’re reading this right now, you’re probably a hacker…use your head! No, I didn’t say do anything illegal, I said use your head. Like Scrooge McDuck says, “Work smarter, not harder.” With hundreds of resources available online, you should have no trouble finding a way to get everything you need for free, or at least as cheap as possible. If anything, the most you should have to pay is your monthly internet bill and 20 bucks a year for a website. Head over to phpwebhosting.com for some good site rates, and you’ll get a lot of storage as well. Your connection will have to be pretty good to broadcast live (above 56K), but there’s always the option of playing a recorded show. Live365 will allow you to do this, but yes, you now need to pay them. I suggest you search around for the best way to host your station and/or show, you’re bound to come across something. If not, and if you have a strong connection, run your own server using shoutcast! Next, time and resources. A few people suggested on the Hackermind.net web board that we air the show two times a week, or make it two hours once a week. Yes, time is a large factor in airing one hour-long show each week, but even more than that it’s resources. People never seem to understand how much effort goes into that one single hour. We need to find interesting things to do, figure out what we’re going to say, search for news items, think up commentary on those news items, plan out the structure of the show, set up all the streams and equipment necessary to broadcast, and hope it all works out in the end. To do this more than once a week is ridiculously difficult, and would only result in dull shows where we do nothing but talk. Keep in mind, when you have an online radio show you make NO MONEY WHATSOEVER. Similar to mod making in the gaming community, doing a show is a labor of love, which brings us to the next reality of online radio. Criticism. You critique, I critique, everyone critiques. When we hear or see something, we feel the need to give our opinion about it. This is perfectly fine, and is usually welcome. But for every person with a legitimate, friendly suggestion…you’ll have that person who loves to do nothing but shout obscenities from the comfort of IRC. After a while you realize how childish they are and block it all out, but when you first start your online show it might hurt. Just remember, people are always going to bust your balls when you have the guts to actually go on the air and do something. Maybe it’s jealousy because you have the guts to do it and they don’t, maybe it’s immaturity running rampant, or maybe it’s something else altogether. Whatever it is, you’ll need to keep your head held high and understand that some people have opinions and ideas that could help your show in the long run. But if they come at you and yell “You suck! You fucking amateur!!!” then they are NOT helping, regardless of how much they say they are. Keep in mind, saying “You fucking suck, you need to hack shit on the air you cocksucker!” (In case you haven’t caught on, I keep track of some of the emails I receive) is not a valid opinion. It’s a childish rant that should be ignored. However, when people come to you and say “Hey so and so, I think it would be really cool if you did less of this on the show, and more of that.” That’s something to listen to, something that may help better your show in the long run. Bottom line, treat your listeners with respect, until they give you a reason to lose that respect. And if you get that one brat in IRC (especially if you’re hosting a hacker show) feel free to prove they know nothing at all (it’s funny how some people will believe that whole 700mhz cell phone thing). Aside from criticism, you’re bound to struggle with something else, and this may ruin your show faster than anything else. You realize the show is actually a lot of work, and sometimes you just don’t feel like doing it. The most important thing to remember in times like this is not to lose your head. We all have bad weeks, we all feel tired, and we all lose interest…but is it worth giving up your whole show for? Sadly, many people do just that. They broadcast for a while, but when only 7 people are tuning in they give it up. Or when they find themselves not enjoying it as much, or perhaps downright losing interest in it…they drop out. No one is going to force you to do your show, but don’t throw it away because you don’t feel like doing it one week. I’m not ashamed to admit there have been lots of times when Hackermind was the last thing I wanted to be doing Thursday at 10pm, for any number of reasons. But in the end I always tough it out, and remember that I’m not only doing it for me, I’m doing it for the people that tune in. I have listeners, and therefore I have responsibility…but let’s not get carried away. To conclude this article, I’d like to leave the reader with a feeling of relaxation, rather than stress. Your show should be enjoyable, never take it too seriously. If you feel like skipping a week here or there, go right ahead. Sure your fans will demand you make one, some may even threaten to stop listening altogether if you don’t. Trust me, missing an episode or two is not that big of a deal. And even more importantly, make the show the way YOU think it should be made. Always listen to suggestions you may receive, but never let them force you into anything you don’t want to do. You’re the host, you’re the one that will be with the show until the end, so if you’re not having fun…what’s the point? There’s a lot more to online radio, but those things you’ll have to learn for yourself. Lastly, I’d like to thank all the broadcasters out there who do their thing and keep internet radio alive. Free speech is the key to free minds, and the world is a better place because of you. –screamer ========================================================================= 6. *** Crime and Punishment in the Digital Age *** By: Sad is Tic Crime seems to have taken on a new meaning in this digital world in which we all live. Nowadays it’s possible to commit grand theft by copying software, downloading the wrong file, or viewing the wrong source. What’s even more ironic are the punishments people face for these “crimes.” Many are sentenced to house arrest, some to prison time, and some get screwed over completely (ie: Kevin Mitnick). Explaining why these horrible injustices occur is impossible, almost as impossible as explaining why someone has to go to prison for ten years for having a bag of dope. Regardless of how you feel about drugs, or any of the crimes I’m about to lay out, just ask yourself one question…does the punishment fit the crime? Today, the most serious crimes are the ones that piss someone off. Yes you heard right, the crimes that piss someone off. That someone is usually a big business or federal agency, and if you need proof take a look at the whole Napster situation. People traded music and were opened up a world of new sounds, and for the first time they were able to decide what they liked and didn’t like. The RIAA had lost control…and that pissed them off. Suddenly they realized they no longer had the ability to force certain songs down your throat, because you could listen to entire CD’s and see if they were worth your money. Independent music grew, with bands finally being able to share their sounds with the world. This of course, hurt the futures of N’Sync, the Backstreet Boys, and Pink. The power had shifted (and in actuality, still belongs to) the people. That’s why trading music is such a big deal these days, worthy of even making a show on the Disney channel about a girl who downloads too much music and puts her favorite record store out of business (yeah, right). Propaganda like this is being spewed everywhere you turn, and those that know nothing about technology are forced to believe it…because they have no way of learning the truth. Sadly, it doesn’t end there. Even the most mundane act has suddenly become a national emergency in the wake of 9/11 (And no, I’m not some anti-American terrorist lover. Like all other Americans I was sickened by the events of 9/11 and blame the terrorists, not our country for the events.). The smallest things have suddenly put people in an uproar, and with the cry for justice comes the loss of freedoms. Suddenly hacking a website is considered terrorism…because the government now has a reason to make the two equals. Surveillance is also up, everywhere you go you’re bound to have cameras looking down at you. Whether you’re walking through the park, the mall, or any other favorite hang out spot…you’re being watched by someone. How is this legal? Simple, you can do anything on public property…and that means you can be watched on camera. Should you step off public property, the only place you can land is on private property…and there it’s even easier. Do something they don’t like, and you’re certain to be swooped down upon. This big brother-like society does not have to be, but it won’t go away anytime soon. With people like Janet Reno and John Ashcroft telling the American public what those evil computer hackers can do, we’re certain to see these outrageous injustices continue to grow, in both number as well as severity. What can you do? What hackers do best…watch the watchers. ======================================================================== 7. *** Lessons From cybercrime.gov *** [The following are several reports from cybercrime.gov in regard to hacker cases. We thought it would be amusing to let the government speak for itself by printing their own press releases. Our comments immediately follow each article.] United States Attorney Steven M. Biskupic announced today that a federal grand jury had returned a 13-count indictment charging Joseph D. Konopka, d.o.b. 6/24/76, of Green Bay, Wisconsin with 9 different violations of federal law relating to conspiracy, the destruction of energy facilities, the destruction of telecommunication facilities, the disabling of air navigation facilities, the arson of buildings, trafficking in counterfeit goods, intercepting electronic communications and causing damage to a protected computer. Count one of the indictment alleges that Konopka conspired from February 14, 1998 to January 25, 2001 to injure or destroy communication facilities, energy facilities, air navigation facilities and buildings used in interstate commerce. The indictment also alleges 53 separate overt acts that Konopka conspired to commit with others in furtherance of the conspiracy. The indictment alleges that these overt acts caused approximately 28 power outages and approximately 20 other service interruptions affecting in excess of 30,000 power customers and causing damages in excess of $800,000. This crime is punishable by up to five years in prison and a $250,000 fine. Counts two and three of the indictment charge Konopka with damaging the property of energy facilities located in Green Bay and Markesan, Wisconsin. This crime is punishable by up to five years in prison and a $250,000 fine. Count four of the indictment charges Konopka with disabling an air navigation facility in Ledgeview, Wisconsin. This crime is punishable by up to 20 years in prison and a $250,000 fine. Counts five and six of the indictment charge Konopka with interfering with the working and use of telecommunication systems located in Oxford and Kaukauna, Wisconsin. This crime is punishable by up to 10 years in prison and a $250,000 fine. Counts seven and nine of the indictment charge Konopka with using fire to damage buildings using interstate commerce and located in Algoma and Shiocton, Wisconsin. This crime is punishable by 5-20 years in prison and a $250,000 fine. Counts eight and ten of the indictment charge Konopka with using fire to commit the federal felony offenses alleged in counts seven and nine of the indictment. This crime is punishable by an additional 10 years in prison and a $250,000 fine. Count eleven charges Konopka with trafficking in counterfeit goods, namely, “Electronic Arts” software. This crime is punishable by 10 years in prison and a $2 million fine. Count twelve of the indictment charges Konopka with causing damage in excess of $5,000 to a protected computer owned by an internet service provider known as “Ultimate Fun World 2". This crime is punishable by 5 years in prison and a $250,000 fine. Finally, count thirteen of the indictment alleges Konopka intercepted electronic communications between customers of two internet service providers known as Ultimate Fun World and Infinity Technology. This crime is punishable by 5 years in prison and a $250,000 fine. This case was investigated by the Milwaukee Division of the Federal Bureau of Investigation and other federal and local law enforcement agencies including the Federal Bureau of Investigation in Chicago, the Bureau of Alcohol, Tobacco and Firearms, the Kewaunee County Sheriff’s Department, Brown County Sheriff’s Department, Shawano County Sheriff’s Department, Door County Sheriff’s Department, Outagamie County Sheriff’s Department, Oconto County Sheriff’s Department, Marquette County Sheriff’s Department, Green Lake County Sheriff’s Department, Adams County Sheriff’s Department, Marinette County Sheriff’s Department, Winnebago County Sheriff’s Department, Fond du Lac County Sheriff’s Department, Manitowoc County Sheriff’s Department, Ripon Police Department, Sturgeon Bay Police Department, Green Bay Police Department, University of Illinois-Chicago Police Department and Chicago Police Department. This case is being prosecuted by Assistant United States Attorney Stephen A. Ingraham. The public is cautioned that an indictment is an initial charging document and does not, in and of itself, create an inference of guilt. An individual is presumed innocent until such time, if ever, as the government establishes his or her guilt by competent evidence beyond a reasonable doubt. ~~~~~~~~~~~~~~~~~~~~ [Notice how setting fire to buildings, an obvious crime, is punishable with a 250,000 dollar fine…while piracy of video games comes to 2 million! Why are their priorities so out of whack?! Plus, why wasn’t this on the news? With so many power outages and serious criminal acts, it’s a wonder why we haven’t heard of this until now…could it be because it wasn’t deemed “interesting” enough by the powers that be? Setting fires is old, hacking into computers is where it’s at.] COLUMBUS – Gary J. Piedmont, age 51, of Reynoldsburg today was sentenced to community confinement and one year of probation for using a law enforcement computer system to find out whether or not an arrest warrant had been issued for an acquaintance. Gregory G. Lockhart, United States Attorney for the Southern District of Ohio; and Lori Cummins, Acting U.S. Marshal for the Southern District of Ohio, announced the sentence handed down today by U.S. Magistrate Judge Terence P. Kemp. According to a statement of facts presented before sentencing, Piedmont checked the National Crime Information Center computer nine times in May 2000 to see if an arrest warrant had been issued for Melodie Lynn Calomeris, also known as Melodie Lynn Stillwell. Piedmont met Calomeris, the statement of facts says, when he was a supervisor at the Franklin County Corrections Center and Calomeris was housed there pending her transfer to a federal facility. During Calomeris’ initial supervision on release from federal custody, Piedmont allegedly employed her as a housekeeper. “The Probation Office was in the process of issuing an arrest warrant for Calomeris for violating her supervised release,” Lockhart said. “The Marshals Service and the Franklin County Sheriff’s Office investigated and found that Piedmont had used the system to check on the warrant.” Piedmont is no longer employed by the Franklin County Sheriff’s Office. He will serve 30 days community confinement in Alvis House, one year probation, and ordered to pay a $5,000 fine. Lockhart commended the U.S. Marshals Service for the investigation and thanked the Franklin County Sheriff’s Office for their cooperation in the investigation. News releases are available at www.usdoj.gov/usao/ohs. ~~~~~~~~~~~~~~~~~~~~~~~~~~ [30 days community confinement, one year probation, and a 5,000 dollar fine…for what you ask? Hacking into the FBI’s NCIC, no no…for merely accessing it when he wasn’t supposed to. Police officers commonly check with the NCIC to see what suspects currently have warrants out for their arrest, but because this gentlemen did it for a personal reason he must now be punished. No harm, no foul…not in this case. By looking at data he had legal access to, he must now be punished. Yeah, that’s fair.] ~~~~~~~~~~~~~~~~~~~~~~~~~~~ CHICAGO – A Massachusetts man was sentenced to 18 months in federal prison for leading an international computer software piracy ring whose members and associates conspired to infringe the copyrights on thousands of software programs worth over $1 million, Patrick J. Fitzgerald, United States Attorney for the Northern District of Illinois, announced today. Robin Rothberg, 34, of Newburyport, Mass., was sentenced yesterday in U.S. District Court in Chicago. Rothberg was one of 17 defendants indicted in May 2000 for conspiring to pirate copyrighted software through an international organization known as “Pirates with Attitudes,” an underground group that disseminated stolen copies of software, including programs that were not yet commercially available. Those programs were available to the defendants through a hidden Internet site that was located at a university in Quebec, Canada. Twelve of the defendants, including an Aurora, Ill., man, were members or leaders of Pirates with Attitudes. The remaining five defendants were employees of Intel Corp., who supplied computer hardware to the piracy organization in exchange for obtaining access for themselves and other Intel employees to the group’s pirated software. Fourteen defendants, including Rothberg, pleaded guilty in the case, and he became the 12th of those to be sentenced. A 15th defendant, Christian Morley, of Salem, Mass., was convicted of conspiracy after a jury trial last year and he was sentenced last month to two years in prison. The two remaining defendants, Mark Veerboken and Kaj Bjorlin, are fugitives believed to be living in Belgium and Sweden, respectively. ‘This is one of the most significant investigations of copyright infringement on the Internet ever conducted by the FBI, and one of the first to be prosecuted under the “No Electronic Theft,” or “NET” Act, which penalizes copyright infringement, even in the absence of a profit motive,” Mr. Fitzgerald said. He announced the sentencing with Thomas J. Kneir, Special Agent-in-Charge of the Chicago Office of the Federal Bureau of Investigation. In sentencing Rothberg, U.S. District Judge Matthew Kennelly said that he had “engaged in organized theft” and played a supervisory role in the conspiracy. On April 19, Judge Kennelly sentenced 11 other defendants, many of whom cooperated with the government and received sentences ranging between three and six months of either community or home confinement, combined with up to five years of probation, fines of up to $5,000, and 200 hours of community service. Thomas Oliver, of Aurora, was sentenced to six months of community confinement with electronic monitoring, three years of probation, and a $5,000 fine. In addition to Morley’s two-year prison term, another defendant, Jason Slater, of Sunnyvale, Calif., was sentenced to eight months in prison, followed by six months of community confinement. At the April 19 sentencings, Judge Kennelly described the conspiracy as “an elaborately organized and longstanding theft scheme.” Two remaining defendants who pleaded guilty and are cooperating, Steven Ahnen, of Sarasota, Fla., and Justin Robbins, of Lake Station, Ind., are scheduled to be sentenced on Aug. 28. The Pirates with Attitudes, or “PWA,” were an underground group of individuals who met and communicated with each other over the Internet, and whose sole purpose was the unauthorized distribution of copyrighted software. PWA members set up private Internet sites around the world to which members uploaded stolen software and from which, in return, they were permitted to download software programs. PWA members and leaders communicated with each other in real time on private Internet Relay Chat (IRC) channels known as “#tude” and “#pwa.” In those channels, leading members met to vote on inviting new members to join, as well as promoting existing members to more senior positions. PWA members also communicated using group e-mail addresses provided by Rothberg. PWA’s members were assigned specific roles, including, for example, “crackers,” who stripped away the copy protection that often is embedded in commercially-released software (such as valid serial number requirements, built-in time limitations, and hardware-based copy protections that limit the computers on which particular programs will run); “couriers,” who transferred software to PWA, “packagers,” who tested and prepared programs for release by couriers, and “suppliers” who funneled programs from major software companies to the group. PWA maintained numerous File Transfer Protocol (FTP) sites for the transfer of software files and stored libraries of pirated software on each of these sites. These sites, also known as “warez” sites, were configured so that they were accessible only to authorized users entering through known Internet Protocol addresses. Members of the public did not have access. During the conspiracy, which extended approximately from 1996 to 2000, PWA was operating 13 different FTP sites. One of those, Sentinel, which was the focus of the indictment, was PWA’s longest-running site and one of its most reliable. It first came on line in late 1995 and was in operation until the FBI took it down in January 2000. Through a confidential informant, the FBI was able to gain access to Sentinel and viewed an index of thousands of pirated software titles, all of which were copyright protected. Investigators then traced the server that was being used to support the site to the University of Sherbrooke in Quebec, Canada, where individuals were using the server without the university’s knowledge or authorization. Once confronted by the Royal Canadian Mounted Police and the FBI, these individuals cooperated and provided information about Sentinel. Rothberg controlled access to Sentinel, and over the course of its operation, he allowed more than 100 users to download the pirated software available there. Users were required, in return, to either upload software or otherwise contribute to PWA’s activities in order to maintain their access. A significant portion of the software available on Sentinel consisted of high-priced utilities, but there were also thousands of examples of every kind of software on the market: operating systems, applications like word processing programs, data analysis programs, communications programs, graphics, and games including, for example, programs published by Microsoft, Adobe, Norton, Oracle, IBM, Lotus, Macromedia, and Novell. Over the course of Sentinel’s operation, in excess of 30,000 different software programs were pirated and uploaded to the site. Also as part of the conspiracy, former Intel Corp. employees Brian Riley, Tyrone Augustine, Brian Boyanovsky and John Geissberger, arranged in December 1998 to supply hardware for the operation of Sentinel. At that time, Sentinel’s storage capacity was insufficient for the number of software programs being uploaded by PWA members, and Rothberg met the Intel employees on the Internet and learned from them that they could provide hardware for a piracy site. Rothberg, Boyanovsky, Riley and Augustine agreed that Intel employees would be given access to the software available on Sentinel in exchange for sending Intel hardware to the site operators in Canada to expand Sentinel’s storage capacity. Another ex-Intel employee, Gene Tacy, configured servers within Intel to make the software available to other employees. All of the illegal activity by the five Intel workers was done without Intel’s knowledge or consent. The government is represented by Assistant U.S. Attorneys Lisa Griffin and James Conway. # # # # United States v. Rothberg, et al., 00 CR 85 Convicted members of Pirates with Attitudes: Robin Rothberg, also known as “Marlenus,” (9/11/67), 34, of Newburyport, Mass. Diane Dionne, aka “Akasha,” (4/11/61) 41, of West Palm Beach, Fla. Steven Ahnen, aka “Code3,” (4/13/58) 44, of Sarasota, Fla., Christian Morley, aka “Mercy” (4/13/73) 29, of Salem, Mass. Justin Robbins, aka “Warlock,” (2/10/76), 26, of Lake Station, Indiana. Jason Slater, aka “Technic,” (4/28/70) 31, of Sunnyvale, Ca. Todd Veillette, aka “Gizmo,” (11/21/59) 42, of Oakdale, Conn. Thomas Oliver, aka “Rambone,” (7/14/65) 36, of Aurora, Il. Mark Stone, aka “Stoned,” (3/24/66) 36, of Fountain Valley, Ca. Jason Phillips, aka “Corv8,” (11/9/70) 31, of Plano, Tex. Former Intel employees also convicted of the conspiracy: Brian Riley, (1/31/70) 32, of Portland, Oregon. Tyrone Augustine, (5/13/71) 30, of New Rochelle, New York. Brian Boyanovsky, aka “Boynger,” (6/26/75) 26, of Aloha, Oregon. John Geissberger, (5/15/62) 39, of Knoxville, Tennessee. Gene Tacy, (11/13/74), 27, of Hampstead, New Hampshire. ~~~~~~~~~~~~~~~~~~~~~~~~~~~ [Hidden internet site? Since when is anything connected to a worldwide network “hidden?” Oh, they were open only to people that knew the “Internet Protocol” address…the public did not have access. Um, excuse me…if google.com can find it it’s not hidden. They say “an elaborately organized and longstanding theft scheme,” I say “people trading files on the net.” But, the people you see above will now face legal punishment for their crimes. Yes, there are people being murdered every day…it’s so comforting to see what the legal system is most concerned about. How long will it be before you KaZaA users are targeted? Imagine every man, woman, and child who’s ever used file sharing software suddenly being faced with these same punishments. You, your friends, and your family will all be facing time in prison. Does sharing files warrant that?] Page 3 --> 8. *** On the Inside – Netopia Routers *** Netopia R910 v4.8.4 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... You always start from this main screen. -------------------------------------------------- WAN Ethernet Configuration Enable PPP over Ethernet: Off Address Translation Enabled: Yes Local WAN IP Address 0.0.0.0 TO MAIN MENU NEXT SCREEN Set up the basic IP attributes of your Ethernet Module in this screen. --------------------------------------------------------- WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile... Delete Connection Profile... ATMP/PPTP Default Profile... Scheduled Connections... Configuration Changes Reset WAN Connection: Yes Establish WAN Connection... Disconnect WAN Connection... Return/Enter for WAN line configuration. From here you will configure yours and the remote sites' WAN information. -------------------------------------------------------------- System Configuration IP Setup... Filter Sets... IP Address Serving... Date and Time... Console Configuration... SNMP (Simple Network Management Protocol)... Security... Upgrade Feature Set... Logging... Return/Enter to configure Networking Protocols (such as TCP/IP). Use this screen if you want options beyond Easy Setup. -------------------------------------------------------------------------- Utilities & Diagnostics Ping... Trace Route... Telnet... Disconnect Telnet Console Session... Trivial File Transfer Protocol (TFTP)... Restart System... Revert to Factory Defaults... Send ICMP Echo Requests to a network host. ---------------------------------------------------------------- Statistics & Logs WAN Event History... Device Event History... IP Routing Table... Served IP Addresses... General Statistics... System Information... ------------------------------------------------------------------ Quick Menu Connection Profiles Line Configuration IP Setup Add Connection Profiles IP Address Serving Setup Change Connection Profiles IP Filter Sets Delete Connection Profiles Static Routes Network Address Translation ATMP/PPTP Default Profile Scheduled Connections Add Scheduled Connection Change Scheduled Connection Delete Scheduled Connection Console Configuration TFTP SNMP Setup This menu allows you to visit most configuration screens. ------------------------------------------------------------------------- Quick View 1/12/2002 07:59:58 PM Default IP Gateway: xxx.xxx.xxx.xxx CPU Load: 1% Unused Memory: 610 KB Primary DNS Server: xxx.xxx.xxx.xxx Secondary DNS Server: xxx.xxx.xxx.xxx Domain Name: None Provided ----------------MAC Address--------IP Address--------------------------------- Ethernet Hub: 00-00-xx-xx-xx-xx xxx.xxx.xxx.xxx Ethernet WAN1: 00-00-xx-xx-xx-xx xxx.xxx.xxx.xxx Current WAN Connection Status Profile Name----------Rate--%Use-Remote Address-----Est.-More Info------------ VPN QuickView LED Status PWR-+----EN WAN-----+----------------------------+--EN--+--------LEDS--------- LNK RDY CH1 CH2 DATA | '-'= Off 'G'= Green G - G Y - - | 'R'= Red 'Y'= Yellow ============================================================================ 9. *** Random Stuff From the Net *** $finger @well.sf.ca.us [well.sf.ca.us] The following includes information on only those WELL users who have specifically chosen to make information about themselves publicly available. For help contact . Login Name TTY Idle Login Time Where alyn Alyn Kelley *pts/1 1:39 May 12 13:47 adsl-64-175-238-193. arturner Alan Turner pts/18 May 12 08:55 209-120-200-112ppp.a davidz David Zalatimo *pts/57 16 May 12 11:22 sustran-u60.cisco.co doctorow Cory Doctorow pts/28 1:06 May 12 13:07 user-105nd1o.dialup. duck Robert Lauriston *pts/51 May 12 15:18 rlauriston.rdsl.lmi. filmmag Mikki Halpin pts/35 50 May 12 14:31 TC4-dial-67-195.olds flash flash gordon md pts/12 3 May 12 14:48 adsl-216-103-252-31. jmcarlin Jerry Carlin pts/61 7 May 12 15:18 12-233-13-136.client joshb Joshua Berezin pts/22 29 May 12 10:34 12-224-159-7.client. justpat Patrick Di Justo pts/30 May 12 15:03 209-122-240-7.s642.a komet Kristen Huntley pts/49 May 12 15:39 user-1121e5t.dsl.min lynette Lynette Webb *pts/10 2:27 May 12 13:18 12-233-198-125.clien miclan Racheline Maltese pts/50 May 12 15:11 cerebrus3.brainlink. mike Mike Perez *pts/11 1d May 8 20:21 12-236-92-207.client mlm Melanie Merritt pts/4 5 May 12 01:35 dnvr-dsl-gw9-a199.dn mnemonic Mike Godwin pts/33 6 May 12 15:24 207-172-96-51.c3-0.s nondas Nondas Voll pts/55 1 May 12 15:41 209.157.142.13 peachst L. Vaughn pts/26 May 12 15:44 adsl-63-198-32-42.ds pstemari Paul J. Ste. Marie *pts/41 May 12 10:36 dhcp024-209-001-106. techgirl Kate Schram pts/9 4:32 May 12 09:59 tot.transmit.com wharfrat Joseph L. Logrippo pts/27 27 May 12 14:38 adsl-66-127-185-106. xanthian Kent Paul Dolan pts/31 35 May 12 14:31 198.207.153.205 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $host –l –v –t any sdsc.edu rcode = 0 (Success), ancount=4 Found 1 addresses for ns1.sdsc.edu Found 1 addresses for ns1.ucsd.edu Found 1 addresses for dns2.itd.umich.edu by extra query Found 2 addresses for ns0.sdsc.edu Trying 132.249.40.25 sdsc.edu 14400 IN SOA ns0.sdsc.edu hostmaster.sdsc.edu( 2002050902 ;serial (version) 3600 ;refresh period 1800 ;retry refresh this often 604800 ;expiration period 3600 ;minimum TTL ) sdsc.edu 172800 IN NS ns0.sdsc.edu sdsc.edu 172800 IN NS ns1.sdsc.edu sdsc.edu 172800 IN NS dns2.itd.umich.edu sdsc.edu 172800 IN NS ns1.ucsd.edu sdsc.edu 14400 IN TXT "San Diego Supercomputer Center" sdsc.edu 14400 IN TXT "P.O. Box 85608" sdsc.edu 14400 IN TXT "San Diego, CA 92186-5608" sdsc.edu 14400 IN TXT "10100 Hopkins Drive" sdsc.edu 14400 IN TXT "La Jolla, CA 92093-0505" sdsc.edu 14400 IN TXT "858.534.5136" sdsc.edu 14400 IN TXT "32 53' 07\" N 117 14' 20\" W" sdsc.edu 14400 IN TXT " (within 35 square meters)" sdsc.edu 14400 IN TXT "Questions to consult@sdsc.edu" sdsc.edu 14400 IN TXT "or hostmaster@sdsc.edu" sdsc.edu 14400 IN MX 10 postal.sdsc.edu sdsc.edu 14400 IN MX 20 billthecat.sdsc.edu sdsc.edu 14400 IN A 132.249.20.100 ========================================================================== 10. *** Crosstalk *** >Frequency, You guys had said you wanted to make a documentary just like Freedom Downtime, why not make one about Hackermind? I wouldn’t mind seeing what goes into making the show, hell maybe it’ll help me get my own up and running. Anyway that’s just an idea. [Acidic] REPLY> Actually we’d love to make a documentary (preferably on a cause a bit less commercial than one about Hackermind), but there are several things going against the idea. First off, many people who contribute to Hackermind are spread out all throughout the country, leaving us with no way to come together and actually make something. Secondly, you have to ask yourself “who’s going to see it?” when you make something like this, and will it justify the enormous cost (time wise as well as financially) in the end. With our limited resources there’s really little chance of us getting it into any film festivals, even if we did come up with an interesting idea. And, supposing we did get it submitted, who would see it? Would listeners from Germany or even California come to New York City to watch a Hackermind documentary? Doubtful. Then again, we love trying new things. After all, we’re hackers, we love to experiment. So yes, maybe someday we will have the means and we can finally make one. Until then, you can check out our shameless, self-promoting “minidocs” (miniature documentaries) focusing on HAN II and H2K2. We’re going to make them the best quality that we possibly can, and put them up for the lowest cost possible. >Frequency, When will Freq21 be out? [Jonze] REPLY> …any day now. >Frequency, I know you guys are pretty begging for articles but before I send mine in I want to know if you’ll print it. It’s basically a true story about an online battle I had with a few friends of mine. All of it was planned, but I just thought it might make an interesting read, would you put it in the next issue of Freq? [Laser Eye Surge] REPLY> We’re interested in anything hacker related, but the only way we can decide whether it will get printed or not is by reading through it. Generally articles are printed if they are fun to read and don’t have topics that have been beaten to death (of course, new perspectives on old topics are perfectly fine). ========================================================================== 11. *** Closing Arguments *** I just saw another one on TV; an ad for one of those online brokers...you know, the people that give you "real time streaming" to all your favorite stocks and help plan your portfolio. It's actually kind of ironic to see something like that. How could a company like Datek go on television and basically encourage people to put their trust into something so insecure as the internet? In a nutshell, they're saying people should trust their computer and the network it's connected to handle all their data reliably. Am I mistaken, or does this sound like a really bad idea? The people that use this software probably know zilch about computers, so how difficult would it be to view their shared directories...or stick a trojan in their machine...or possibly even DoS them to death while they're doing their trading? Pretty easy, but not because of all those evil hackers out there. People, yes people and not only hackers, love to play around on the internet. To many, it's nothing but a big playground full of possibilities. But as we've seen in recent years, these technological pranksters are quickly becoming unwelcome. Is it fair? Should hackers and curious people alike (perhaps you feel they're one in the same anyway) be punished because of what they "could" do, or because of the "threat" they pose to the business world? Undoubtedly the majority of people reading this will argue that it is not fair: the internet should be free to any and all. However, others argue that it is indeed free to any and all, but that this does not give anyone the right to "go after" someone else. Here we see how the realities of the online world and the real world collide. People still consider hacking to be the same as "attacking" one's physical property, unless the hack in no way involves experimenting with someone else's machine, network, or software (basically any hack done on your own private LAN with your own handwritten software). Hackers see the internet as a virtual world. Businesses, politicians, and our justice system see it as just another part of the physical. But in order to be fair, we must forget the fact that 99.9% of those businesses, politicians, and members of the justice system know little more than how to use AOL. So what exactly is the internet? Is it an electronic frontier comprised of 1's and 0's that anyone with a little know-how can explore? Or is it an extension of the real world, where people should "know better" before they go and look around? There's really no way to answer that in one article, so for now let's just assume you have your own opinion on the matter. What can be stated though, are several arguments from both sides. Hackers (which for our purposes comprise anyone who likes to play around with the internet and sees computers more as toys than anything else) will insist that the computers of the world are connected their machine, and are therefore just another node in the expansive universe of the internet. Businesses and other authorities will maintain that their machines are connected to the internet to allow them to conduct business more efficiently, and thus no one has the right to go anywhere near them. Both are valid arguments, but they depend on personal opinions. And this leads us to a very touchy debate...should people accept the risks of the online world before connecting to it, or should everyone else simply "know better" and not do anything they wouldn't like? For example: Company A sets up a website to attract more customers, but in a matter of minutes they're getting portscanned to hell and back. This, of course, is a very violating feeling. How dare people attempt to look for vulnerabilities, how dare they "go up to a house and see which windows are unlocked", etc etc. Company A was only trying to get some more business by using technology, but now all these know-it-all's are looking up it's skirt. Let us now look at it another way. Joe Smith, the fun loving kid down the street with a great knack for computers, sets nmap to run all night. Using the -iR flag, his machine scans random IPs on the internet. Eventually, it reaches the address of Company A and checks for any open telnet ports. One port is open, and the next day Joe telnets to it for fun. He doesn't try to get in, after all he doesn't want to face prison for the next 50 years. He just sees what it says and runs a few more scans to get an idea of how the network is laid out. In both cases we see the "innocent" perspectives of both sides. You may be asking yourself however, what if Joe WAS trying to gain access? What if he was like the 5,000,000 other script kiddies out there who scan for vulnerabilities and then run the exploit they found on Bugtraq? Here we see something hackers have been arguing for a while; no one has the right to break the law, but the punishment should fit the crime. If Joe did run an exploit, odds are he would see it work, get scared, and never come back. No damage done, no harm caused. Yes, Joe broke the law by gaining access, but should he face years in prison? Now that we've questioned the hacker side, let's turn around and question the business side. Company A does not deserve to have their site defaced or their files deleted, but can we honestly say they have the right to not be scanned? Do they have the right to be immune from entry attempts? Many say yes, because privacy is something we're granted under the law. What many don't realize however, is that we're dealing with a worldwide network. One that spans the globe is not bound by any one country's laws. With this in mind, should Company A have protected itself better, or perhaps not gone online at all? Face it, when you jack in to a worldwide network, you're going to get scanned. People are going to play around with your machine, your software, and your connection. This does not give them the right to do so, but there will never be a way to stop everyone in the world from exploring (no matter how inhuman the laws become). And maybe that's good, because playing around and doing damage are two very different things. You wouldn't walk through the Amazon rainforest because you know it's dangerous, maybe people should start thinking twice before putting their machines on the internet. It's nice to live in that dreamworld where one country's laws protect us online, but the net reaches far beyond our physical laws. You think you can stop that kid in New Zealand from portscanning your computer? Sorry, as unfair as it sounds it won't happen. Maybe he doesn't have a legal right to play with your machine, and maybe that anaconda doesn't have a right to eat you...but you're the one that walked into the situation. To conclude, there are some thing's that have no business being online, and putting them there is downright foolish. While this doesn't give anyone a right to attack you, you must realize the consequences of your actions. Regardless of what you consider the internet, be it playground, business environment, or both, there's nothing that can be done about the way it works. And even more so, there's nothing that can be done about the curious side of human nature. And with that, we bring to an end another issue of Frequency: Inside the Hacker Mind. Remember, please send article submissions to screamer@hackermind.net. We've received a few, but still need to rely on our friends to get articles in. If we didn't, there would be no Frequency. And folks, they're getting tired of doing all the work, so send in those articles! –screamer =============================================================== 12. *** Crew *** Editor in Chief – Screamer Chaotix Webmaster – Dash Interrupt NT Specialist – Unreal Network Administrator – Leland D. Peng Writers – Dual_Parallel, Lucid Dreamer, JayX, Sad is Tic Cover Concept/Design/Layout – Dash Interrupt Shout Outs – Dante (we’ll never forget ya), The Lone Gunmen, Kyanite Kageri, Scarface WRITE FOR FREQUENCY! Send articles to articles@hackermind.net SUBSCRIBE TO EQUAL ACCESS AND TUNE INTO HACKERMIND! Visit www.hackermind.net for details. [Quotes to Think About] "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato (427-347 B.C.) "Talent does what it can; genius does what it must." - Edward George Bulwer-Lytton (1803-1873) "Facts are the enemy of truth." - Don Quixote - "Man of La Mancha" WWW.HACKERMIND.NET