CONTENTS NOVEMBER 4, 2000
Click. EASY DOES IT! FBI AGENTS RAID STUDENT'S DORMITORY ROOM BECAUSE HE VISITED A "DEFACED" WEBSITE.
Click. HOW TO HACK INTO MICROSOFT - A STEP BY STEP GUIDE.
Click. FBI agent seeks to tell Clinton, Congress about alleged acts of official misconduct.
Click. BUSH LIED THREE MORE TIMES ON THURSDAY NIGHT.
Click. CLEMENCY PETITION DELIVERED TO GORE.
Date: Fri, 03 Nov 2000 08:53:47 -0500
From: ishgooda <>
Subject: Clemency Petition of over 10,000 signatures Delivered
Ok folks... Here is the tale of tonight's delivery!!!
Fist thing this morning I received a call from the Democratic headquarters here in El Paso. They had chartered busses for all the party elected officials to go see Vice President Gore in Las Cruces. They asked if I wanted to take the bus or if I was going in private vehicle.... So it was the bus for me!!!
When we got on the bus we were given a red ticket. Nobody knew where the seating would be with the red tickets so I kept a white one as well...
When we arrived in Las Cruces I went to one of the secret service agents and asked how they were handling gifts for Vice President Gore. They asked what the gift was and I told them it was some books and CD's. They inspected the package, asked all kinds of questions while inspecting everything. The last thing they inspected was the binder that I put the petition and letters into. One of the secret Service Agents (Paul was his name) asked what was in the folder, I told him it was a petition with signatures from around the world.
He read the petition, read the personal letters to the Vice President, then told me that normally they would give presents to the Vice Presidents staff BUT he would personally deliver this present. He then wrote down my description and all the personal information stuff and let me get into the line for admission.
The Red ticket put me on the football field directly in front of the Vice President. I couldn't complain... only drawback was no place to sit... I spent the next 4 hours standing there waiting for Al Gore's speech. After his speech he came down to do the hand shaking thing, kissed a baby and saw me standing 4 people back in the crowd. I was attempting to get a good close picture of him when he climbed up on the railing, over top of the people in front of me, grabbed my hand and said "Mr. Wild Horse I received your gift, thank you very much." When I looked up I saw Paul (the Secret Service Agent that I had given the briefcase with everything in it to.)
There was 4 letters that came in to me after I had left for the rally. I'm sorry those didn't get included in tonight's delivery. All in all the package was an impressive amount of information. Lets hope that it is used for the FAST RELEASE of Leonard Peltier
Freedom for Leonard Peltier
You help is appreciated
On your left is Docket #76/7-02342 an official record of George W. Bush's legal activities that followed from his DWI arrest in 9/4/76. (Posted at CNN.) Below are excerpts from his 11/2/00 press conference in which he admitted that reports eralier in the evening were correct. As you can see, Bush lied three times, if the docket record is to be believed. He implied that he paid the fine at the police station. The docket record says he paid the fine over a month later, on 10/15/76. He said that there were no legal proceedings of an kind, but the docket says he was scheduled for hearings on 9/16/76 and 10/15/76 and was given two continuances along the way, one to 9/30/76, the other to 10/25/76. The 10/15/76 hearing coincides with the date the fine was paid . He said there was no court hearing. The docket record indicates two hearing dates. He said neither he nor his family took any action after that night. Action of some sort had to be taken with respect to the continuances, the hearings, the paying of the fine, and the return of the $500 bond which one supposes must have been provided so Bush would not have to spend time in jail. Even if Poppy simply cut Junior off, which is unlikely, Bush or a legal representative must have been required to attend the hearing , pay the fine, and have the bond returned. Bush could probably provide some sort of explanation for all of these contradictions, but the fact is he didn't do so during his press conference. Reporters and viewers left the conference thinking that Bush was arrested and taken to the police station where he paid his fine and that was the end of the story, because that's what Bush said or implied. Bush lied.--Politex, 11/4/00
Bush: There's a report out tonight that 24 years ago I was apprehended in Kennebunkport, Maine, for a DUI. That's an accurate story. ...I was pulled over. I admitted to the policeman that I had been drinking. I paid a fine....
Reporter: Could you tell us some more about the night that you spent some time in jail? Did you --
Bush: No, I didn't spend any night in jail there. I did not spend ....
[inaudible question from a reporter]
Bush: No, none at all. None whatsoever. As a matter of fact, I, you know, I tried -- I mean, I -- listen, I told the guy I had been drinking and what do I need to do? And he said, "Here's the fine." I paid the fine and did my duty....
Reporter: Governor, was there any legal proceeding of any kind? Or did you just --
Bush: No. I pled -- you know, I said I was wrong and I ...
Reporter: In court?
Bush: No, there was no court. I went to the police station. I said, "I'm wrong."
Reporter: So you just had a [inaudible]?
Reporter: For the same night.
Bush: Yes, I did....
Reporter: Is there any action that you or your family took after that night?
Bush: No, there's not. I mean, none.
Posted: 02/11/2000 at 06:22 GMT FBI agents raided the dormitory room of Rensselaer Polytechnic Institute computer science student Andres Salomon in Troy, New York on Saturday, after a Register story piqued his interest in the recent New York Yankees' Web site defacement. The agents searched his room and removed three computers, two books, and a collection of notes.
Salomon said he'd visited the defaced Yankees site after learning about it from a friend on line Friday morning. "During a conversation [in IRC] about Microsoft's break in, and how the stolen source code would affect things... a friend mentioned that Yankees.com had also just been hacked (I found out later that he got that information from The Register)," Salomon says in an essay posted at /dev/random.
"I went to the Web page, and discovered that it had, indeed, been cracked... I then began a post-mortem inspection," he explains.
After sniffing about for a while, "I returned to my IRC client, said 'Looks like a DNS hack....' and the conversation went elsewhere. The entire thing lasted possibly five minutes, and occupied no more than three or four lines on IRC."
It was because of this brief exploration, carried out to satisfy his curiosity, that the Feds became interested in him as a suspect.
Salomon had not merely viewed the Yankees.com site with a Web browser which would have connected him via port 80, as it would also have done for hundreds of other curious folks as soon as the story broke. He had connected to different ports, which the Feds interpreted as a possible return visit by the vandal.
"I did blind connects to, at most, five ports (meaning I just telnetted to them, without knowing if they were even open or not), and my session consisted of getting the banner, and possibly typing 'QUIT'. Far less than if I had gone to port 80 and done a couple of GETs... Either way, you're in the logs, and you're transferring data," he observes.
It's certainly not rational for the Feds to be interested in Salomon solely on the basis of his curiosity about the Yankees site defacement after it had become news. In the absence of any further evidence tying him to the site earlier, the FBI's urgent move against him smacks of overzealous law enforcement, and the incontinent issuing of search warrants by judges.
Salomon would hardly have been alone in sniffing around the Yankees' Web site this weekend past. "I bet the real cracker connected to port 80 and admired his work," he observes. "I bet people he told did as well. What about the ton of people that connected to the site after The Register posted the story? They trampled all OVER precious logs," he notes.
"Because I trampled over them in a different [manner], that somehow makes it akin to tampering with a murder scene?"
Salomon was clearly taken aback by the willingness of the US government in general, and Janet Reno's Justice Department in particular, to invade the lives of individuals on very scant evidence.
"The FBI managed to get a search warrant based on logs from a firewall, that showed my IP only connecting, not even logging in, hours after news of the cracking had appeared on news sites. If they can get a search warrant this easily, your data is not safe sitting on your hard drive," he warns. ®
Microsoft's recent sacking at the hands of unskilled malicious crackers has engendered a vast cloud of false scent from company flacks, who in past days have progressively shrunk their damage assessments. According to company sources, the intruders had access for only 12 days, not six weeks as first reported, and did not corrupt any software in development.
Others note that, twelve days or not, the intruders can't have helped stealing the source code for the new versions of Windows ME/2K and Office, and might well have implanted back doors, laying the foundation for easy remote exploitation once the finished products reach the marketplace.
So, were the walls of the castle breached? Was the digital diadem of William Perfidious defiled by the grubby hands of the unwashed? Or did a handful of malicious kiddies manage nothing more than to give the Kingdom of Gates a scare? We don't pretend to know; but we're going to walk you through the likely steps the intruders would have taken, and let you decide how much damage they might, or might not, have done.
Barbarians at the gate
Network security becomes increasingly difficult as point-and-drool cracking tools proliferate. So many painfully easy-to-use appz have been developed in recent years that persistence is now a far more reliable predictor of success than skill: even a newbie cracker can succeed by using pat scripts and casting his nets wide enough.
The Microsoft intrusion was almost certainly not the work of elite hackers; if it had been, we would not now be reporting it. What we're going to detail below is how a fool can (and did) sack the Magic Kingdom.
Everything the newbie cracker needs to break in to the Microsoft Developers' Network is readily available on the Web following a brief search. Here's how you go about it: First, you'll download a Trojan which can be distributed via e-mail. QAZ, which was used in the M$ attack, is a fine choice because it will automatically copy itself throughout shared folders on a LAN. It's a malicious backdoor program masquerading as the familiar Microsoft utility Notepad.
Once activated, QAZ searches for notepad.exe and copies itself in place of the standard Notepad file, while simultaneously re-naming it note.com. The beauty here is that when someone executes their Trojanised Notepad, it also launches note.com, or the original Notepad, so the application appears to behave normally to the user. It then searches the entire LAN for additional copies of notepad.exe to infect.
To get it implanted on a LAN in the first place, you need to feed it to someone dense enough to execute it. It's easy enough to distribute as an e-mail attachment, but not everyone will fall for it. Thus there are two chief obstacles to getting started, neither of which is terribly difficult to overcome.
First there is social-engineering - that is, baiting the victim. The wording of the e-mail message has got to make executing the attached program both desirable and sensible. Presenting it as a software patch or upgrade is a common stratagem, though there are others. Zipping it and naming it PornCollection.zip or DirtyJokes.zip is another.
If the e-mail message makes sense in context of the attachment, and if it's sent to enough potential victims, the combined laws of probability and human nature ensure that some dumb bastard will activate the payload. And with QAZ, you only need one victim; it will propagate on its own.
Your second obstacle is anti-virus software. Not a tough one either, despite all the glowing claims of heuristic genius touted by anti-virus vendors. We took several of the most popular Trojans: Back Orifice, SubSeven, NetBus and Hack'a'Tack, and first verified that our copy of Norton AntiVirus would detect them, both as-is and zipped. We then compressed them using a sweet little developer's tool called NeoLite and ran Norton AntiVirus again.
Not one Trojan was detected, because NeoLite alters the signatures used by anti-virus manufacturers to identify malicious code. Only the Trojan Deep Throat, which we received already compressed by NeoLite, was detected, presumably because it's usually distributed in that form and its compressed signature is known. And the beauty of NeoLite is that it's self-extracting. No third-party software like WinZip need be loaded on the victim's machine for the compressed programs to be executed.
On the inside
Once you've managed to infect a machine on the target LAN, QAZ will e-mail you the IP automatically, activate WinSock and wait for a connection on port 7597. Simply check your mail, connect, and, voila, you're in. We're assuming you have the sense to use a Web-based e-mail account for QAZ to communicate with, which you will have opened with fictitious personal data, and that you know the basics of concealing your computer's IP.
Now you'll need to swim around inside the LAN sharkwise until you find yourself a nice, juicy target. Be patient; as the Trojan spreads, more machines will come on-line for you to connect to. Check them all thoroughly. What you're looking for is a box to which you can connect directly, and which is trusted by your ultimate target - some machine with valuable data on it.
You can pretty well assume that any box containing real treasures will be protected by a firewall. You probably won't be able to connect directly to it with a Trojan, but that's all right. There are other machines on the LAN which your target box will trust. So find out which of the boxes to which you can connect might themselves be plugged into something sweet, like another box with the source code for Win-2K, par example. The strategy here is to leapfrog from machines which you own, to the one you want to own.
Where do you want to go today?
Now you've got access to a machine with interesting, valuable data. Let's say it's on the MS Developers' Network, and contains the source code for Win-2K. What's your next move?
It would make sense to download the code first so that if you're suddenly discovered and shut out, you'll at least have something to show for your efforts. Source code is jealously guarded and of course extremely valuable to Microsoft's competitors. Owning it can be immensely profitable for you, especially if you know a sleazy development house in a country with virtually no piracy enforcement, like in Russia, say, or anywhere in East Asia.
You might also wish to implant malicious code of your own in the source to make it easy to exploit once it reaches market, or, alternatively, examine it closely for weaknesses already coded into it, to get a jump on the competition once it ships. A lot of valuable data gets served up on these products; merely knowing where the weaknesses are before the security industry catches on can lead to considerable riches.
So how difficult would that be? Obviously, profiting from such an intrusion requires skill; though as we've illustrated, getting inside the network is child's play. You might be a dangerous cracker, and one so clever that as part of your social-engineering strategy you've deliberately opted to use common tools and techniques to conceal your true, terrifying capabilities. But then again, you might not.
More likely you're a young fool with virtually no skills and little ambition, snapping up toolz and appz from the Web and feeling your way blindly towards the cracker pantheon. You'll do no harm because you don't know how to do harm, but you'll think quite highly of your insignificant achievements. You'll recall your modest exploits with fondness, boast about them in IRC h4x0r chatrooms hoping to impress some k1dd13 even lamer than yourself, and get busted by one of the hundreds of Feds who regularly hang out in these venues.
And that, more than anything, is what Microsoft is fervently hoping. ®
FBI Director Louis Freeh and Deputy Attorney General Eric Holder have denied agent Joseph G. Rogoskey permission to relay his allegations to Clinton, Secretary of State Madeleine K. Albright and House and Senate committees that oversee the FBI.
In a lawsuit against the FBI and Justice Department, Rogoskey said that as an undercover agent, he "witnessed acts of serious misconduct and violation of federal law by employees of the federal government during the course of their employment."
FBI spokesman Bill Carter said, "We understand all the allegations of government misconduct have long been appropriately addressed."
Now on paid administrative leave, Rogoskey spent 12 years, 1987 through 1998, on top-secret, undercover operations involving some of the government's deepest secrets that are accessible only to specified people.
Rogoskey is barred from telling his lawyer, Stephen Kohn, any details of the operation or the alleged misconduct.
Kohn said he understands only that "it doesn't involve anyone stealing money. It involves what they were ordered and permitted by the government to do in this operation."
Like the FBI, Holder advised Rogoskey by letter that he should report "whistle-blower-type allegations" to internal FBI investigators or Justice inspector general agents who "have the appropriate security clearances."
But Kohn said, "Keeping whistle-blower allegations within the institution that authorized the misconduct does not serve the public interest and raises grave constitutional questions."
Rogoskey first reported his allegations to his immediate supervisor in late 1997, "promptly upon observing them," Kohn said. "We don't know if the FBI has fixed the problem," Kohn said, because Rogoskey has been on leave since the summer of 1998.
Since Rogoskey made the allegations, the FBI has retaliated against him, the lawsuit said.
The suit said this included an allegation of misconduct against Rogoskey, of which FBI investigators cleared him; efforts by superiors "to call into question his integrity"; and recently threatening to fire him for medical reasons if he fails a fitness for duty exam.
The FBI's Carter responded: "Any internal disciplinary or other employment problems Mr. Rogoskey may have experienced are completely unrelated to providing the earlier allegations."
Kohn said: "Fitness reviews are extremely intrusive. They include psychiatric exams, interviews with his wife and examination of his sex life."
A fitness exam was ordered of another FBI whistle-blower client of Kohn's, Frederic Whitehurst, the FBI chemist whose allegations led to an inspector general's finding that the FBI Laboratory engaged in sloppy science and gave biased testimony for the prosecution.
"Even though Whitehurst was found fit, the FBI tried to discredit him with material from the fitness exam," Kohn said.
Kohn said Rogoskey has applied for worker's compensation because two doctors concluded he suffers from post-traumatic stress disorder caused by his work.
"He has work-related injuries because they kept him undercover too long, and from the retaliation," Kohn said.
FBI officials have said that agents who spend long periods undercover can suffer tensions from maintaining dual personalities.
In the lawsuit, Rogoskey asked the U.S. District Court here to decide whether he can transmit his allegations to Clinton, Albright and congressional oversight committees, to bar the government from retaliation and to process his worker's compensation claim instead of ordering a fitness review.