1994-03-03 - Re: on international transmissions

Header Data

From: rarachel@prism.poly.edu (Arsen Ray Arachelian)
To: hughes@ah.com (Eric Hughes)
Message Hash: 6ed6a38eabd48b2657bd0e3ac38366d0a56c603a0497117de89df534ca90ef11
Message ID: <9403030719.AA18965@prism.poly.edu>
Reply To: <9403012200.AA08101@ah.com>
UTC Datetime: 1994-03-03 07:31:57 UTC
Raw Date: Wed, 2 Mar 94 23:31:57 PST

Raw message

From: rarachel@prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 2 Mar 94 23:31:57 PST
To: hughes@ah.com (Eric Hughes)
Subject: Re: on international transmissions
In-Reply-To: <9403012200.AA08101@ah.com>
Message-ID: <9403030719.AA18965@prism.poly.edu>
MIME-Version: 1.0
Content-Type: text


<<And finally, I have written so much only to point out that legality
and enforceability are two very different things.>>

Another scenario.  Suppose Person A has a unix account they don't
use very often.  Say once every few months.  Suppose person X
is a hacker and breaks into Person A's account.  Person X then
sets up a small program that acts as a remailer, *BUT* in a very
specific way.   This remailer looks for a particular message,
specifically the requested cryptographic software sent from
person B who is a crypto author.   Person X is outside of the
USA and has grabbed many many accounts and has installed
similar programs on each machine, which strip out all headers
of forwarded mail, and encrypt/stego all traffic through
them.

Person X wants to get his hands on a new, but very strong
cypher or interesting program that he doesn't have.  So
through his captured accounts whose profieles match person
A's, he manages to set up the transaction and receive the
software.

The remailer programs have a very specific code in them
that when triggered will remove all trace of their existence
within the captured accounts.  (ie: the program rm's itself
and overwrites the original .login file to the one person X
has hacked.)

In other words, he gets his hands on the software, sends
the kill code to one mailer which sends it on to the next
and kills itself, all mailers die.

The resulting trail is a long, but quickly disappearing one.
Nevermind that the odds are that Person X willbe caught
before he manages to set up his "network" and all that.
Cliff Stoll is/was an exceptional sniffer with a lot of
time on his hands talking to deaf ears until he talked
through a megaphone and was taken seriously.

The law in theory has been broken.  In practice, Person
C, F, and N, are pretty much out of luck, unless they
get some other breaks leading to person X. :-)

Now suppose that Person A = Person X.  Would you say that
person A has an aliby that his account had been hacked in
and he wasn't aware of it until a few months later his
password mysteriously appeared in 2600 or Phrack or
elsewhere and a few people told him of the "breech"
of security? :-)

Okay, that's it, time for me to get some sleep.  Too
many theoretical, useless schemes.  A true sign of
sleep deprivation.
 




Thread