1994-12-18 - Automated Witchhunt: I’ve been slandered by a script.

Header Data

From: Black Unicorn <unicorn@access.digex.net>
To: postmaster@access.digex.net
Message Hash: 05505972ea37d02ad271f821c1287f5f6bb106b566282bc7be1b798b29a9809f
Message ID: <Pine.SUN.3.91.941218033513.23234C-100000@access3.digex.net>
Reply To: <199412180709.XAA04015@netcom17.netcom.com>
UTC Datetime: 1994-12-18 10:01:23 UTC
Raw Date: Sun, 18 Dec 94 02:01:23 PST

Raw message

From: Black Unicorn <unicorn@access.digex.net>
Date: Sun, 18 Dec 94 02:01:23 PST
To: postmaster@access.digex.net
Subject: Automated Witchhunt:  I've been slandered by a script.
In-Reply-To: <199412180709.XAA04015@netcom17.netcom.com>
Message-ID: <Pine.SUN.3.91.941218033513.23234C-100000@access3.digex.net>
MIME-Version: 1.0
Content-Type: text/plain




On checking my mail early this morning I found this:


> Received: from access4.digex.net by nfs1.digex.net with SMTP id AA24362
>   (5.67b8/IDA-1.5); Sun, 18 Dec 1994 02:10:05 -0500
> Received: from nfs2.digex.net by access4.digex.net with SMTP id AA23077
>   (5.67b8/IDA-1.5); Sun, 18 Dec 1994 02:10:03 -0500
> Received: from netcom17.netcom.com by nfs2.digex.net with SMTP id AA06122
>   (5.67b8/IDA-1.5); Sun, 18 Dec 1994 02:10:02 -0500
> Received: by netcom17.netcom.com (8.6.9/Netcom)
> 	id XAA04015; Sat, 17 Dec 1994 23:09:54 -0800
> Date: Sat, 17 Dec 1994 23:09:54 -0800
> Message-Id: <199412180709.XAA04015@netcom17.netcom.com>
> To: unicorn@access.digex.net, cert@cert.org, emmanuel@well.sf.ca.us,
>         postmaster@access.digex.net, postmaster@access.digex.net
> Subject: Re: Police & BBS...Sundevil revisited in Florida
> From: unicorn (Black Unicorn)
> 
> If you are not aware of the nature of the group alt.2600, I will explain it.
> It is a hacker/cracker newsgroup, containing many illegal messages. A great
> deal of its posters ask questions about or give advice on compromising
> system security, even that of the system they are on. Phone "phreaking" is
> freely discussed, and they explain to each other how to cheat the long
> distance telephone carriers. Pirate ftp and fsp sites are often traded by
> these people, and you should verify that one has not been set up on your
> system, and that the user does not have pirated software in his directory.
> Such could get your entire site shut down. Other verified topics that people
> explain how to do and admit to doing are disrupting irc, spamming,
> mailbombing, shoplifting, disrupting public transportation, and similar
> dangerous and illegal mischief.
> 
> This automated message is sent for two reasons:
> 
> 1) To alert you of a potential threat to your system's security, in the
> cases of users asking about or being told how to attempt to exploit security
> vulnerabilities. Also, the poster may be using a stolen account.
> 
> 2) To alert you that there are crackers on your machine. The account used to
> post from may not be legitimate, or may be stolen (it is _extremely_ common
> with alt.2600 posters to use fraudulently obtained accounts). Or, a post of
> its nature may likely be a violation of terms of a membership agreement.
> And, the user making this post may be preparing to break into yours or
> another system, if they have not done so already. It is suggested that you
> keep a close eye on users who have posted to alt.2600, and to inspect their
> files and email if the posting warrants such and you can legally do so.
> 
> All headers and complete text of original message follow:
> ***************************************************************************
> Xref: netcom.com comp.org.eff.talk:42937 alt.cyberpunk:43019 alt.cyberspace:8271 alt.wired:15428 alt.2600:40781 can.infohighway:2284 alt.pagan:82507 alt.bbs:37526
> Path: netcom.com!ix.netcom.com!howland.reston.ans.net!news1.digex.net!access4!unicorn
> From: unicorn@access4.digex.net (Black Unicorn)
> Newsgroups: comp.org.eff.talk,alt.cyberpunk,alt.cyberspace,alt.wired,alt.2600,can.infohighway,alt.pagan,alt.bbs
> Subject: Re: Police & BBS...Sundevil revisited in Florida
> Followup-To: comp.org.eff.talk,alt.cyberpunk,alt.cyberspace,alt.wired,alt.2600,can.infohighway,alt.pagan,alt.bbs
> Date: 12 Dec 1994 20:56:36 GMT
> Organization: Express Access Online Communications, Greenbelt, MD USA
> Lines: 42
> Distribution: inet
> Message-ID: <3cide4$e5n@news1.digex.net>
> References: <D0FFII.BM4@freenet.carleton.ca> <gradyD0G6xu.A13@netcom.com> <3c94ll$p9t@potogold.rmii.com>
> NNTP-Posting-Host: access4.digex.net
> X-Newsreader: TIN [version 1.2 PL2]
> 
> Tommy Watt - G.W. Technologies (gwtek@rmii.com) wrote:
> : Damn.. . all this reminds me of the bust the local police department did 
> : on my BBS system..
> 
> : Under alligations of hacking, they took ALL my computer equipment, 
> : anything that looked like a computer, anything that couldda been turned 
> : into a computer, and misc. stuff..
> 
> : The warrant is pretty much invalid, on the blank where it says "things 
> : that if found may be seized" is "-- SEE ATTACHMENT 'B'" . . I didnt even 
> : SEE attachment B, and when I asked for it, they said they dont even have 
> : to show me this.
> 
> 
> It's typical to seal this document.
> 
> Unfortunately it's also a tool used for harassment, as you have to go to 
> a hearing to get the document opened, or looked at by a judge who will 
> make a determination as to the legitimacy of the sealed materials and 
> their seizure.
> 
> Guess what the result in your case will be.
> (Left as an exercise to the reader.)
> 
> 
> : This bullshit pisses me off. . .  And now they are saying that if 
> : anything is damaged I can't do shit because my computer equipment was 
> : "laying out unprotected"..  
> 
> Also typical of the type of computer seizures I have seen in past.
> 
> The common practice is to keep the equipment long enough that it's 
> obsolete when you get it back.  Easy to do now-a-days.
> 
> 
> : Andy Goodwin
> 
> -uni- (Dark)
> 
> --
> 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
> 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa    -    wichtig!
> 

** end quotation. **

Obviously, I did not post the portion claiming to be an "automated 
message" and a warning to whomever will listen.  Yet, the post claims to 
be from me.

It seems then that someone is running a process which looks for posts to 
alt.2600, and then automates the above response, original post attached, 
to warn off system admins, fight crime, save the day, etc. etc.
Either that or Lance is bored again.

Does this disturb anyone besides me?

Most obviously, the misattributation is concerning.  Clearly the threat 
of misattributed automated posting is merely one more argument for 
digitally signing each and every message and post.

Less obvious, but perhaps more ominous is the concept itself of automated 
postings that amount to censorship chain letters.  "System Administrator 
A didn't pay attention to this message and refused to snoop into his users 
directories and three weeks later his system was shut down.  System 
Administrator B headed this letter's warning, and saved his access provider 
from certain doom!"  

Look carefully at what this letter says, what it urges system operators 
to do.

1>  Because alt.2600 is occasionally used to trade pirate ftp sites, those 
who post to alt.2600 are probably pirates.  ergo, System Admins. should 
check the directory of any users who post to alt.2600.  If you don't 
snoop, your system will be shut down.

2>  alt.2600 is used to promote shoplifting, and irc disruption.  (No 
relevance is even attempted by the message on this point.)

And the purpose of the letter?

1>  To alert you that this user is probably posting from a stolen 
account.  That the named user is probably a security risk, a 
troublemaker, a political dissident, or whatever else comes to mind.

2>  "To alert you that there are crackers on your machine."  Not that 
there MAY BE crackers, not that crackers are known to be on alt.2600, and 
therefore may be on your system, but that crackers ARE ON YOUR MACHINE.  
If the bald misrepresentation of this statement evades anyone who reads 
this, I simply give up all hope.

3>  That the post may be a violation of the access provider's membership 
agreement.  (As if the automated or manual sender of the message has any 
idea what the membership agreement of my particular provider might be)

4>  The user making this post may be preparing to break into [your 
machine] or another system, if they have not done so already.

5>  To suggest that system admins. "...keep a close eye on users who have 
posted to alt.2600, and to inspect their files and email [if it's legal]."


For those recipients of this message that do not know me, I am an 
attorney, a member of the D.C. bar, and a law abiding person.  The 
allegation that I, by replying to a message crossposted to alt.2600, am a
hacker, a cracker, a shoplifter, a vandal, or whatever other villan of the
week you might choose to insert is absurd.  The above message constitutes
slander, defamation of character, and is entirely untrue in any regard 
to me other than in so far as it indicates my words might have reached alt.2600 
at some time or another.

The content of my original quoted message alone should indicate to any reader
how absurd the "automated posting"'s allegations are, and demonstrate the pure
uselessness of such an approach as of means of accomplishing anything 
more than to annoy, accuse, threaten, and waste bandwidth.

The fact that the automated posting proports to be sent from me almost 
makes whatever hacking I am supposed to have done seem tame.

From a legal standpoint, the automated posting is entirely lacking in any 
basis whatsoever for increased scrutiny of my, or any other account 
address which it slanders.  Directing scrutiny to accounts posting at one 
time or another to "questionable" newsgroups should prompt one to ask 
one's self about the state of free speech in cyberspace, and 
increasingly, in this country.  

What has become of our system that discussion forums, be they on 
"questionable" topics or not, become probable cause for investigating system
users, or rummaging through accounts.

I hereby inform the system administrators on my provider, as well as 
others, that I would consider increased attention to my account, or any 
other based on this sham of an "automated posting," harassment, invasion 
without cause, a violation of several electronic privacy acts, and simple 
witch hunting.  Should I come by any indication that such attention is 
directed to my account, I shall immediately terminate my account with 
Express Access, and pursue what legal action is available to me to the 
full extent possible.

System administrators would do well to inform themselves of the requirements
for intrusion into users accounts, the protections provided those accounts
both by statute, and constitution.

hile anonymous writings, political speech and literary products have a long
and sacred history in the United States, baseless accusations leveled by
anonymous finger pointers do not.

I find the tactic and tone of this automated posting distasteful and 
offensive in the extreme.  I urge system admins at my, and other 
providers, to discourage the use of such automated witchhunts, and expose 
the party/parties responsible for the distribution.  I, for one, would be 
very interested in talking to the individual/s responsible.


-uni- (Dark)  [unicorn@access.digex.net]


073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est
6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa    -    wichtig!








Thread