Skip to main content
Podcast Episode: Antitrust/Pro-Internet

EFFector - Volume 1, Issue 9 - We Wuz Hacked!


EFFector - Volume 1, Issue 9 - We Wuz Hacked!

########## |   Volume I         July 26,1991          Number 9    |
########## |                                                      |
###        |                   EFFECTOR ONLINE                    |
#######    |                                                      |
#######    |                                                      |
###        |                                                      |
########## |           The Electronic Newsletter of               |
########## |        The Electronic Frontier Foundation            |
           |                     (                        |
########## |                                                      |
########## |                                                      |
###        |                       Staff:                         |
#######    |             Gerard Van der Leun (        |
#######    |             Mike Godwin (           |
###        |             Mitchell Kapor (          |
###        |             Chris Davis (                |
###        |             Helen Rose (               |
           |                                                      |
########## |       Reproduction of Effector Online via all        |
########## |            electronic media is encouraged..          |
###        |      To reproduce signed articles individually       |
#######    |    please contact the authors for their express      |
#######    |                     permission..                     |
###        |                                                      |
###        |             Published Fortnightly by                 |
###        |    The Electronic Frontier Foundation (      |
effector n, Computer Sci. A device for producing a desired change.

                              WE WUZ HACKED!

As Monty Python has wisely noted, "NOBODY expects the Spanish
Inquisition!" In like manner, nobody expects people to crack their
system in quite the way that they *are* cracked. After all, if you
knew about an unlocked door in your system, you'd lock it. Right? As
soon as you could get around to it, of course.

One of the machines here at is named "black-cube". As you might
suspect, that machine is a NeXT. A remote execution daemon called "rexd"
that runs on the NeXT (and many other machines) has an authentication
routine that is effectively brain dead, and is automatically turned on
with a new installation (NeXT Operators Take Note!). Those who know that
one of the machines is a NeXT, or who might guess it by seeing
the name "black-cube" can exploit the weakness of "rexd" to gain entry
into the system.

On July 1, this happened to us. If you run a NeXT, or even if you don't,
it could happen to you.

The sequence of events, as detailed in Chris Davis' report on the
incident was as follows:
   "At about 1 am on July 1, the NeXT was breached by an intruder using 
the rexd remote execution daemon. The following things happened, in
uncertain but approximate order: 

   "(1) rexd mounted file systems from ''. Only 
that, the local disk, and the /home partition from the Sun were

   "(2) the /etc/inetd.conf internet daemon configuration file was edited, 
as user mkapor, to allow rexecd to be run. 

   "(3) the /etc/ new user program configuration file was edited or 
modified in an unknown fashion as user mkapor (it's possible that only 
the modification date was changed).

   "(4) a file 'rc', a 16K Mach executable, was created in mkapor's home 
directory, as mkapor.

   "(5) the /etc/wtmp file was overwritten with an empty file, removing 
login accounting timestamps

   "User 'mycroft' was logged into at the appropriate 
time, and admits entering the machine, but denies 2, 3, 4, and 5."

We note that "mycroft" was the name of Sherlock Holmes' older brother.
He was said to be even more brilliant that Holmes himself. But it
doesn't take great brilliance to crack a machine, only weak routines,
a certain specific knowledge, and the willingness to wander around in
other peoples' homes without being invited.

The security hole was apparently known to CERT (Computer Emergency
Response Team), but the alert was netcast before we owned the NeXT so
we were not aware of it. We've retired black-cube from active service
and have reviewed all other security programs and measures.

We were very careful to close all known security holes on our principal
machine. We were not quite careful enough to apply the same level of
discipline with black-cube. 

Eternal vigilance is the price of network security.

        "When the 'oppressors' become too strict, we have what is 
         known as a police state, wherein all dissent is forbidden,
         as is chuckling, showing up in a bow tie, or referring to 
         the mayor as 'Fats.' Civil liberties are greatly curtailed 
         in a police state, and freedom of speech is unheard of, 
         although one is allowed to mime to a record. Opinions 
         critical of the government are not tolerated, particularly 
         about their dancing. Freedom of the press is also 
         curtailed and the ruling party 'manages' the news,
         permitting the citizens to hear only acceptable political 
         ideas and ball scores that will not cause unrest." 

                        Woody Allen, "Without Feathers" (Ballentine,1972)


                             by Steve Jackson

     An Austin meeting for those interested in the EFF and its mission
 was held July 19 at the offices of Steve Jackson Games. About 60
 people (50 or so actively interested, and another 10 along for the
 ride) attended to cook hot dogs, drink sodas and beer, and talk
 about Constitutional freedoms in the electronic age.
     The meeting had been publicized almost exclusively over the net
 and local BBSs; some attendees read about it first on the Well. Local
 media were informed, but as far as we know, none mentioned it.
     I introduced the idea of an Austin EFF chapter by pointing out
 that the EFF *has* no local chapters, and one of the first missions of
 an Austin group - if we started one - would be to find out what a
 local chapter was good for.

     Suggestions from the group included:
     * Liaison with local law enforcement groups, both to influence
 their attitudes and to offer expert assistance and cooperation.
     * Liaison with media: offering information, correcting errors,
 and if necessary being ready to go to editorial boards if facts are
 consistently misrepresented.
     * Education and communication with others: speaking at schools
 and club meetings, writing opinion pieces for newspapers, and so on.
     * Education and communication among ourselves. The issue of ``Just
 what ARE the laws regarding sysop liability?" was specifically raised.
     * Direct political action: querying candidates on their stands on
 EFF-related issues, and initiating legislation to preserve civil
 rights in the high-tech age.
     * More organized input into national EFF concerns, especially
 creation of "ethical standards and practices."
     * Recruitment of members for the national EFF.
     * General networking among people with common interests. (Earl
 Cooley, sysop of SMOF - an old and respected, but underutilized, local
 board - volunteered to host a local EFF discussion. SMOF, the `World's
 Oldest Online SF Convention,' can be reached at 512-467-7317.)

     Four people - Bruce Sterling, John Quarterman, Matt Lawrence
 and myself - expressed willingness to serve on a local EFF board
 "provided no one of us has to do all the work." Four seems to be
 about the *minimum* workable number; we'll certainly be looking for
 more organizers.
     Another attendee was a Houston civil-libertarian, representing a
 group of about 20 like-minded computer users; a Houston EFF chapter
 is probably in the offing.
     10 people signed up as national EFF members at the meeting (several
 others had already joined), and many more membership forms were
 distributed. A signup sheet was passed around so that everyone could
 be contacted directly for further meetings. And there will be more
 meetings; the "sense of the crowd" was clear on that. Our four
 volunteers will now have to discuss the next step.

     Thanks go to Loyd Blankenship, for making sure that all the food,
 drink and furniture arrived at the right time and place; to
 Monica Stephens, Mike and Brenda Hurst, and John Quarterman for
 assorted help with cooking, cleanup and publicity; and to everyone
 who brought chairs and food!


                      "Think Globally, Act Locally"

We are really encouraged and a bit overwhlemed by the spontaneous
interest in forming chapters. In several other
individuals offered to help organize local chapters in different parts of
the country. Local activities to promote EFF causes can be a major factor
in civilizing the frontier. Over the summer we will be thinking about
what constitutes a good set of ground rules for chapters and how to
coordinate and support activities from the already-busy EFF office. We'd
certainly like to see more discussion on about possible
roles for local chapters. Thanks to Steve Jackson for getting the ball



      INTERTEXT, an electronic magazine devoted to fiction, is published
bi-monthly by Jason Snell ( 
      Although primarily established as a place on the net to publish genres 
other than sci-fi/fantasy, it does still contain some.  The quality of
the fiction is about that of what you would find in alt.prose.
      Jason welcomes submissions of all genres.  INTERTEXT is also available 
by e-mail subscription and is primarily archived on  

      QUANTA is the electronically distributed journal of Science Fiction
and Fantasy.  As such, each issue contains fiction by amateur authors as well
as articles, reviews, and other items of interest.
      You'll find pretty standard sci-fi/fantasy in QUANTA, with an
occasional gem or two.  The editors of INTERTEXT and QUANTA are
friends and they tend to use some of the same editorial policies: they
publish just about whatever they get and they publish their favorite
writers all the time. QUANTA is much sharper in format than INTERTEXT.
      QUANTA is edited by Daniel Applequist ( Submissions
should be sent to Subscription requests should
be sent to

      PARSONS MESSENGER AND INTELLIGENCER is a fictional small-town 
newspaper consisting primarily of editorials written by the fictional
residents of Parsons, MidWest, USA. The Editor, Jane Smith, is also
      Most of the letters and opinions etc. are stock stereotypes, but
a few are creative and interesting.  It's a fresh idea, but it stales
too quickly.

      THE UNPLASTIC NEWS is a brand new little magazine of quips and 
quotes from anywhere and everywhere. It's published by Todd Tibbetts
(, who is new to the net and hasn't quite figured
out how to effectively distribute Unplastic yet.
      Unplastic's first issue is a collection of fully documented quotes
>from sources outside the net.  I get the impression that Todd wants to
collect brilliant offerings from the net for future issues and mix them
in heavily with the quotes from other sources.  If he can pull this off
successfully, THE UNPLASTIC NEWS will be one cutting-edge pub.

All four titles are available via anonymous ftp from They are
to be found in the Journals Directory.


                      Paraphrased from Time magazine:

President Bush is finally switching from his manual typewriter to a
personal computer, and taking lessons on how to use it. But he hasn't
set his sights too high. "I don't expect this to teach me how to set
the clock on the VCR or anything complicated," says the President.

-- Denis Coskun, Alias Research Inc., Toronto Canada 


                        HACKER HYSTERIA DOWNUNDER
                   by Mike Godwin, Staff Counsel, EFF

I had just begun to think we had been making progress against the
reflexive prejudice that so often afflicts the policy debates about
hackers and computer crime. Then I read Tom Forester's recent
distressing article about the need to "clamp down" on hackers.

It's not that I disagree with Forester about the principle that
computer intrusion and vandalism should be illegal. But I was
astonished at both at the moral simplicity and the factual inaccuracy
of Tom Forester's newspaper column.

The article, "Hackers:Clamp Down Now", appeared in an Australian
newspaper earlier this summer. I had expected a well-reasoned article
from Forester, who co-authored COMPUTER ETHICS: CAUTIONARY TALES AND
ETHICAL DILEMMAS IN COMPUTING (Blackwell / Allen & Unwin, 1990). After
all, it was a book I had reviewed favorably for WHOLE EARTH REVIEW's
Summer 1991 issue.

But "Hackers:Clamp Down Now" turned out to be a potpourri of various
statements and misperceptions regarding hackers that were common in
the American media a year ago and still persist in many quarters. It
was painful and infuriating to see them surface again in Australia.
Especially when written by someone who should know better. 

Among other things, Forester writes:

>Breaking into a computer is no different from breaking into your
>neighbour's house. It is burglary plain and simple - though often
>accompanied by malicious damage and theft of information. 

Yet nothing is "plain" or "simple" about analogizing computer trespass
to burglary. The English common law that informs the British,
American, and Australian legal systems has always treated burglary
harshly, primarily because it involves a threat to the victim's
*residence* and to his *person*.

But computer intrusion in general, and the cases Forester discusses in
particular, pose neither threat. A mainframe computer at a university
or business, while it clearly ought to be protected "space" under the
law, is not a house "plain and simple." The kind of invasion and the
potential threat to traditional property interests is not the same.

Consider this: anyone who has your phone number can dial your home--
can cause an electronic event to happen *inside your house*. That
"intruder" can even learn things about you from the attempt
(especially if you happen to answer, in which case he learns your
whereabouts). Do we call this attempted burglary? Do we call it spying
or information theft? Of course not--because we're so comfortable with
telephone technology that we no longer rely on metaphors to do our
thinking for us.

This is not to say that all computer intrusion is innocuous. Some of
it is quite harmful--as when a true "vandal" runs programs that damage
or delete important information. But it is important to continue to
make moral and legal distinctions, based on the intent of the actor
and the character of the damage. 

Tom Forester seems to want to turn his back on making such 
distinctions. This, to me, is a shameful position to take. 

Forester supported his oddly simplistic moral stance with some odder 
factual errors. Here are some of the more egregious ones. 

>Last year, the so-called 'Legion of Doom' managed to completely 
>stuff up the 911 emergency phone system in nine US states, thus 
>endangering human life. They were also later charged with trading 
>in stolen credit card numbers, long-distance phone card numbers 
>and information about how to break into computers. 

Only a person who is willfully ignorant of the record could make these
statements. The so-called Legion of Doom never damaged or threatened
to damage the E911 system. If Forester had done even minimal research,
he could have discovered this. What they did, of course, was copy a
bureaucratic memo from an insecure Bell South computer and show it to
each other. 

At the trial of Craig Neidorf, who was charged along with Legion of
Doom members, it was revealed that the information in that memo was
publicly available in print. 

Thus, there was no proprietary information involved, much less a
threat to the E911 system. Forester is simply inventing facts in order
to support his thesis. For an academic, this is the gravest of sins.

>Leonard Rose Jr. was charged with selling illegal 
>copies of a US $77,000 AT&T operating system. 

Len Rose was never charged with "selling" anything. His crime
concerned his possession of the expensive source code, which he, like
many other Unix consultants, used in his work. 

>Robert Morris, who launched the disastrous Internet worm, got a 
>mere slap on the wrist in the form of a US $10,000 fine and 400 
>hours' community service.

If Forester had investigated the case, he might have discovered an
explanation for the lightness of Robert Morris Jr.'s sentence: that
Morris never intended to cause any damage to the networks. In any
case, Morris hardly qualifies as a "hacker" in the sense that Forester
uses the word; by all accounts, he was interested neither in "theft"
nor "burglary" nor "vandalism." 

Of course, making such subtle distinctions would only blunt the force
of Forester's thesis, so he chooses to ignore them. 

>Instead, [the hacker] tends to spend his time with the computer, 
>rising at 2pm, then working right through to 6am,, consuming mountains 
>of delivered pizza and gallons of soft drink. 

This is the kind of stereotyping that Forester should be embarrassed
to parrot in a public forum.

>Some suffer from what Danish doctors are now calling "computer 
>psychosis" - an inability to distinguish between the real world 
>and the world inside the screen.
>For the hacker, the machine becomes a substitute for human 
>contact, because it responds in rational manner, uncomplicated by 
>feelings and emotions.

And here Forester diagnoses people whom he has never met. One is
forced to wonder where Forester acquired his medical or psychiatric
training. Of the people whose names he blithely cites, I have met or
spoken to half a dozen. None of them has been confused about the
difference between computers and reality, although it may be
understandable that they prefer working with computers to working with
people who prejudge them out of hatred, ignorance, or fear.

>One day, these meddlers will hack into a vital military, utility 
>or comms system and cause a human and social catastrophe. It's 
>time we put a stop to their adolescent games right now. 

History suggests that we have far more to fear from badly designed or
overly complex software than from hackers. Recent failures of phone
networks in the United States, for example, have been traced to
software failures.

Even if we grant that there are some hackers with the ability to
damage critical systems, the question Forester fails to ask is this:
Why hasn't it happened already? The answer seems to be that few
hackers have the skill or desire to damage or destroy the very thing
they are interested in exploring. 

Of course, there are some "vandals" out there, and they should be
dealt with harshly. But there are far more "hackers" interested in
exploring and understanding systems. While they may well violate the
law now and then, the punishments they earn should take into account
both their intentions and their youth. 

It has been noted many times that each generation faces the challenge
of socializing a wave of barbarians--its own children. We will do our
society little good if we decide to classify all our half-socialized
children into criminals. For an ethicist, Forester seems to have given
little thought to the ethics of lumping all computer trespass into one
category of serious crime.


                   "Twas midnight, and the UNIX hacks
                    Did gyre and gimble in their cave
                    All mimsy was the CS-VAX
                    And Cory raths outgrave.   

                   "Beware the software rot, my son!
                    The faults that bite, the jobs that thrash!
                    Beware the broken pipe, and shun
                    The frumious system crash!"


                            by Rita Rouvalis

The University of Georgia's (UGA) Student Judiciary has recently
sentenced a student to two quarters suspension for e-mailing Athena's
/etc/passwd file to an unauthorized user who wanted to break into the
system. Intense debate ensued when the following post was made to 
>The University will soon be issuing a news release about this incident.
>In the meantime, here is a summary:

>(1) A number of unauthorized users have been using various University
>of Georgia computers. Most of them have left much more of a trail than
>they realized and will be hearing from us. 

>(2) The first person actually caught as part of this incident has now
>been sentenced to 2 quarters' suspension, plus a probated expulsion,
>by the Student Judiciary. This was a U.Ga. student whose name cannot
>be released due to confidentiality of educational records. What this
>student did was mail a copy of /etc/passwd from to a
>"hacker" who had already penetrated another system, and who wanted to
>use a password-guessing program to break into athena. The student was
>fully aware that he was assisting in a break-in. 
> --  Michael Covington, sysadmin UGA
Discussion was muddied considerably by confusion with other threads,
and opinions were posted without factual basis. If one looks at the
facts, one finds the student received surprisingly fair treatment from
the University of Georgia, whether or not one agrees with the actual

Upon investigating an intrusion into one of the AI Lab's machines, the
sysadmin for the AI lab found that the intruder had saved, on disk, a
copy of Athena's /etc/passwd file with an email header indicating it
had come from the student in question's account on Athena. Assuming at
first that either the e-mail header was bogus, or that the student's
account had also been hacked, the Athena sysadmins deactivated the
account. Notice that this was a file saved under an unauthorized
username; no e-mail was ever intercepted.

Upon further investigation, the student admitted to being the
owner/sender of this e-mail message. He also apparently admitted to
being a member of an "elite group of hackers/phreakers," and knowing
that the /etc/passwd file would be used to try to crack Athena.

When the matter came before them, UGA officials felt the needs of the
student would be better served if he/she was brought before the
Student Judiciary instead of filing criminal charges. The only
punishments the Student Judiciary can hand out are expulsion,
suspension, and community service; all proceedings are kept
confidential as required by federal law.

According to UGA Student Judiciary policy, a student can choose either
an administrative hearing, or a student court hearing before three
specially trained students. In either case, the student is assisted by
a trained defender (also a student) and has the right to have other
people present for his defense. The hearing is supervised by UGA's
staff of Judicial Programs and follow the same rules of evidence and
procedure as a courtroom trial. If convicted, the student can appeal
to the Vice President and to the President (which this student has

Despite protests from a few netters about the sentence the student
received, it is clear that the student court carefully considered the
intent and personality of the student when handing down the sentence
-- a consideration not taken in too many hacker cases. Officials felt
that two quarters suspension would effectively remove the student from
the influence of the hackers/phreakers and realign his priorities.
Community service involving computers was not chosen for the express
reason of not encouraging hacking to prove ability.

While some netters may disagree with the sentence handed down, they
should agree that this case was fairly and thoroughly handled by UGA
officials. Their measured deliberation of all the issues involved
should be used as an example in this era of hacker hysteria.

EFFector Online will keep you posted as the case progresses...
Portions of postings by Michael Covington, sysadmin of one of the UGA
machines involved, are reproduced by permission.


                       Letters From The Sun

From: (Michael I Bushnell) 
Subject: Free software and electronic freedom 

There is a convergence of interests between advocates of free software
and the EFF, which I think bears some examination. I think we can
"assist" the government, the police, the media, and the courts by
stressing that what is happening to computers is by no means new. I do
not believe that education (though it will help) can solve our problem.
The people from AT&T who assign $50,000 price tags to login.c and claim
millions of dollars of damage done by Riggs, Darden, and Grant are
completely aware of the real nature of what was done. The same is
certainly true of Apple's claim that irrevocable damage was done by the
distribution of NuPrometheus. We can end, through education, damage to
people like Steve Jackson wrought by overzealous police. But the damage
done by the false claims of knowledgeable people seeking money and
victims will not be ended solely be education.

The possiblility of perjury suits should be considered, of course, but
that is not the only way to end the problem. The computer shares with
certain other inventions several important characteristics: it is cheaper
than older alternatives; it is faster; and it offers new ways of thinking
about the world. The most obvious invention in the past with these
characteristics is the movable-type printing press. Suddenly books could
be published by only a few people, rather than requiring laborious
copying. Printing presses were cheaper than the hundreds of copyists
previously required. And, perhaps most importantly, the availability of
books encouraged people to see the world as somewhat smaller, as
information could suddenly be transmitted more quickly.

Gutenberg's first book was the Bible, published in German translation,
and the Church reacted vehemently to this new "problem". Its monopoly on
Biblical interpretation suddenly ended, and the Church quickly realized
that something "needed" to be done. The index of prohibited books became
its most effective tool. Those who assisted in the production of
unauthorized books (rulers who refused to arrest recalcitrant printers,
for example) would be in turn vilified or even excommunicated.

Even today, in many countries, access to the printed word is difficult
and managed by the state. Those we are fighting must be more visibly
compared with past opponents to free speech. We must be more vocal in
admitting and even pointing out that, yes, the computer is powerful and
dangerous, and in precisely the same ways cheap printing is powerful and
dangerous. We do not believe, in this country, that access to printing
presses should be carefully managed and regulated by the government to
ensure the safe use of this power. Instead, thanks to the wisdom of
Voltaire, and his ultimate victory over Rousseau, we recognize that the
solution to the printing of falsehood is the printing of truth. We must
encourage the same attitude in the public towards computers: that
computers, and associated networks, must be encouraged to grow without
regulation and forced record-keeping. Yes, computers are dangerous. But
they are only dangerous to those who hide in shadows and plot power in
the dark of night, for they are tools for light if available to all. 


"I'm hosed." -- Steve Jobs, after his NeXT machine froze up during a 
demonstration to 500 people at Lotus last year. 



If you support the goals and work of EFF, you can show that support by
becoming a member now. Members receive our quarterly newsletter,
EFFECTOR, our bi-weekly electronic newsletter, EFFector Online (if you
have an electronic address that can be reached through the Net), and
special releases and other notices on our activities. But because we
believe that support should be freely given, you can receive these things
even if you do not elect to become a member.

Your membership/donation is fully tax deductible.

Our memberships are $20.00 per year for students, $40.00 per year for
regular members. You may, of course, donate more if you wish.

>>>---------------- MEMBERSHIP FORM ---------------<<<

Mail to: The Electronic Frontier Foundation, Inc.
         Online Office Nine 
         155 Second St.  
         Cambridge,MA 02141

I wish to become a member of the EFF  I enclose:$__________
                        $20.00 (student or low income membership)
                        $40.00 (regular membership)

        [  ] I enclose an additional donation of $___________



Address: __________________________________________________

Town: _____________________________________________________

State:_______Zip:________Phone:(    )_____________(optional)

FAX:(    )____________________(optional)

Email address: ______________________________

I enclose a check [  ].  
Please charge my membership in the amount of $_____________
to my Mastercard [  ]  Visa [  ]  American Express [  ]  


Expiration date: ____________

Signature: ________________________________________________


I hereby grant permission to the EFF to share my name with 
other non-profit groups from time to time as it deems 
appropriate   [ ]. 

**OUR PRIVACY POLICY: The Electronic Frontier Foundation will never,
under any circumstances, sell any part of its membership list. We will,
>from time to time, share this list with other non-profit organizations
whose work we determine to be in line with our goals. But with us, member
privacy is the default. This means that you must actively grant us
permission to share your name with other groups. If you do not grant
explicit permission, we assume that you do not wish your membership
disclosed to any group for any reason.**

        The EFF is a non-profit, 501c3 organization.
          Donations to the EFF are tax-deductible.

Back to top

JavaScript license information