Document Sample
LOVE Powered By Docstoc
					Ref.: CHMP-19                 Computer History Museum / Lecture                         page 1 of 50
                                    Computer Crime #2

                A: -have either pneumonia, or something else, so- so

                I'll try to talk fast and uh.. keep it- keep it quick.

                Uhm.. Since I only heard a few of the remarks so far, I

                ought to point out uh.. I do know about "phone

                freaking", uhm.. I go back in computing to the days of

                an IBM 1620.     I programmed uh.. an Assembler SPSS, and

                even helped write- co-write a FOTRAN 2D compiler for a

                1620.     When I was in high school, my high school was

                the first to have a 1620.                  No disc drive, but had a

                real cool executive uh.. style IBM printer on it, that

                typewriter that was absolutely neat!                           And I still know

                how to clear CORE 1600000030, with little things are

                crossing clear the earth medic tables. Uhm.. Finally,

                uh.. while doing that, I had a great deal of fun, sort

                of fooling around with one of the compilers, which was

                sort of a- a FORTRAN-style compiler.                           So, as to cause

                the earth medic tables to give wrong numbers, uh..

                which I thought was really neat, when I was 14 or 15

                years old.    That, you know, other students would try to

                wri- You know, I'd write programs for them to solve

                their chemistry homework, and show 'em how they- how

                I'd get the right answers, and-but somehow or another,

                I'd throw a sense switch, so they'd get the wrong

                answers.    I thought that was real neat when I was 14!

Computer History Museum                          8/16/10                                Page 1 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                  Computer History Museum / Lecture                          page 2 of 50
                                     Computer Crime #2

                Uhm.. Later on, uhm.. at college, I was uh.. the

                technician to the Electronic Music Studio at the State

                University of New York at Buffalo, and used to fix the

                moge synthesizer, and give this guy Robert Moge <ph>u-

                used to come up, and help build stuff.                            He'd- he'd

                build stuff, and I'd be his technician.                            I'd be working

                next to Robert Moge making these voltage control

                vacillators, that you'd tweak 'em 1 volt, and they'd

                move an octave.         And it was really cool, and the guy

                was really smart, and I learned a lot of electronics.

                And the guy to- who lived down the block from me, Greg

                Clint, thought it was really cool that I knew all about

                oscillators, and he started talking about Quarter

                boxes.     A Quarter box, what's that?                          And he said that,

                "I want an oscillator, that every time you push this

                button, it goes beep, beep, beep, beep, beep."                             And he

                gave me the timing diagrams.                      And it was a photocopy

                out of Bell Telephone uh.. technical journal.                            I said,

                "Oh!      That's easy to do."               Yeah, I'd wire up a couple

                of capacitors, and resistors, and RC circuits.                             And

                make this- this cool uh.. quarter's box.                             And then I

                find out what he's using it for.                         He'd hold it up to a

                pay phone and call the- the weirdest thing is- is not

                like he's making- Greg wasn't like going out and making

                important phone calls?                No.       He'd go to the pay phone,

Computer History Museum                           8/16/10                                 Page 2 of 50
RF#CHMP-19a             – 888-349-3022
Ref.: CHMP-19                  Computer History Museum / Lecture                         page 3 of 50
                                     Computer Crime #2

                call Taiwan to find out what the weather was, and the-

                the operator would say, "Can you put like $5.00 in

                quarters in?"       So, he'd go, flip-blink-blink-"                       Now, it

                was weird, and I kept saying, "Look, this isn't the

                reason for learning electronics!                         This has nothing to

                do with the cool things you can do."                            You're and- and

                he and a bunch of others thought this was the niftiest

                thing, to- to take cool circuits, and use them to serve

                other people's services- steal money from other people.

                There- there's a uh.. fairly trivial circuit that would

                allow people to call into your phone, and never turn on

                the billing.      And uh.. it's a way of getting free,

                incoming long-distance phone calls, so that uh.. It was

                bizarre stuff like this, and you know, I'd- I'd make

                one.      Say, "Oh, yeah, it works."                     And then throw it

                away, and these guys'd just go nuts about it, and say,

                "Oh!      I gotta' have it!             I gotta' have it."            For what,

                so- so as to save like a dollar of your parent's money,

                and it was just bizarre.                  So, I always felt like I was

                on the outskirts of this.                   The technology, I found

                intriguing, but the nature of using it to- to steal,

                to- to do things-           Somehow or another, I always had

                this bizarre something up my back, this- this

                broomstick up my tail end, that said, "No.                           It's- it's

                okay to have fun.           It's cool to do things with things,

Computer History Museum                           8/16/10                                Page 3 of 50
RF#CHMP-19a             – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                     page 4 of 50
                                      Computer Crime #2

                but it's wrong to just steal things and break things,

                and steal other people's things, just cause- "                         Well,

                okay, now, fast-forward into the future, uh.. skipping-

                Oh!       Skipping over to- to at any rate, one time or

                another in grad school. I'm not even gonna' talk about

                that time. It- it- At one time in grad school, I'm

                bicycling from Tucson, Arizona over to- to see the very

                large ray in New Mexico.                   And the bicycle trip takes me

                to Alberqurque, and I had just built, along with two

                other guys, and uh.. a small computer using an 8080,

                from kits.      Uh.. A friend of mine, uh.. at this time,

                you could make 'em out of kits.                         This friend of mine's

                working there, and uh.. he invites us over, and say,

                "It'd be really cool to play around, you know."                         So, I

                go over there, and he's repairing these things.                         It's

                sort of Heath Kits, only it's uh.. a singleboard

                computers, or multiboard, decimal 100 computers.                          I'm

                over there, and uh.. this guy's who's fixing 'em says,

                "Boy!      These people are weird.                     In order to replace an

                unsocketed I- 16 pin integrated circuit, this guy had

                taken a propane torch, and torched the bottom of it, to

                loosen all the pins at once!                       And so, I'm there, and

                we're- we're fooling around doing all this stuff.                          And

                this guy- this guy who previously had been uh.. fooling

                around with Quarters' machines.                         So, we were talking

Computer History Museum                            8/16/10                            Page 4 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                Computer History Museum / Lecture                           page 5 of 50
                                   Computer Crime #2

                <inaudible> in Alberqurque, and things like this, and

                I'm about to hop on my bike.                    And it's a long- It's a

                three-day ride back to Tucson.                      And I meet this guy,

                Bill Gates, in the hallway, who says, "You know, I'm

                writing a- a basic compiler interpreter, or something

                like this, do I want to help him?"                            I think, I would be

                kind of fun, but I'll go back to grad school, instead!

                Uh.. !    Which somehow and another is related to

                computer crime, but I'm not sure how, uhm..!                           Anyway, I

                finished up grad school, and did- did a bunch of

                graduate work in rate of transfer, and 9-gray

                atmospheres, and PDP-11s and CRAYS and CDCs and stuff

                like this.   Anyway, uhm.. I managed to bump around in

                computer- computers and astronomy until somehow or

                another, ended up at Lawrence Berkeley Labs, in the

                mid-80's, uh.. building optical surfaces inside a

                computer, for the world's largest telescope.                           The Keck

                Observatory, which is way, way, way more interesting

                than anything in computer crime, I might add, uhm..

                Anyone who thinks that it's really neat in computer

                hacking, ought to seriously go and imagine designing a

                telescope that has 36 independently supported hexagons.

                Each one of 1.8 meters across, each one an off-axis

                hyperboloid, at absolutely nifty!                        I mean, you want to

                see cool- cool technology, imagine supporting this

Computer History Museum                         8/16/10                                  Page 5 of 50
RF#CHMP-19a           – 888-349-3022
Ref.: CHMP-19                Computer History Museum / Lecture                      page 6 of 50
                                   Computer Crime #2

                mirror that- that's the size of that tabletop on three

                motors, and having to step each one in step sizes of

                about 10 or 15 nanometers, and having capacitive

                sensors on the side, to figure out exactly where each

                one is, to counteract any bending from the supports

                underneath it.      Absolutely nifty stuff!                   Uhm.. On the

                other hand, uhm.. after a while the science and

                engineering uh.. started to take a back seat, and it

                was going ahead to be built, and so I looked around and

                said, I kind of need a job that keeps me in Berkeley,

                because I don't want to move to Hawaii where the

                telescopes are being made- are- are being constructed.

                And so, I went down to the basement of Building 50,

                uh.. Lawrence Berkeley Labs, started working there.

                And two days into working at uh.. Lawrence Berkeley

                Labs uh.. computing center, uh.. one of the other guys,

                uh.. Dave Cleveland comes up to me and says, "You know.

                We got this problem with our accounting system."                        And I

                say "Hm.."   And he says, Well, you're the new kid on

                the block.   You're- you're the local uh.. newcomer to

                the systems' managers group.                    Why don't you look into

                it and see what's going on?"                    And I say, "Sure this is

                kind of neat."      Uhm.. It seems that they had a uh.. the

                old policy was, let's see if we can get as much money

                as possible out of all the users at Lawrence Berkeley

Computer History Museum                         8/16/10                             Page 6 of 50
RF#CHMP-19a           – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                     page 7 of 50
                                    Computer Crime #2

                Labs.     And so, they said, "Let's go and dock every time

                somebody uses any of the- the computers, PC- the

                mainframes, the VAX's uh.. the big works, were then

                considered big sum work stations, Some two's!"                       Uhm..

                And we had just recently installed thick wire Ethernet

                all over the place, and we kept running sort of

                separate billing systems.                  The internal UNIX billing

                system, but we had our own separate one.                       And what uh..

                we'd hired a couple of undergraduates from uh.. the

                University of California to build the database system

                that would uh.. keep track of who spent what money,

                where.    And I had just started working there, and this

                home brew accounting system was dead in the water.                         It

                was floating there uh.. dead, and you know, my job to

                figure out what it was, didn't take long to realize

                that a ticket had come out over the Ether, from one of

                the UNIX boxes, saying that some user named Hunter had

                used about 75-cents, or 80-cents worth of computer

                time.     And that- that user Hunter did not show up in

                the database program.              Uh.. It turns out that they

                don't teach you error correction until your junior year

                at- yeah, it was in California.                       And so uh.. the thing

                crashed, and it didn't take long for me to figure out,

                you know, that's how to fix it.                       So- so I'm there, and-

                and then- to make it a long story longer, uhm.. I'm

Computer History Museum                          8/16/10                            Page 7 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                     page 8 of 50
                                      Computer Crime #2

                sitting there saying, "Well, the problem is that this

                guy Hunter shows up in our ETSEY <ph> password file,

                this is long before there were shadow passwords.                            It

                was when uh.. Robert S. Morris had the brilliant idea

                in the late 70's, early 80's, that the way you want to

                protect passwords is through encryption, and encryption

                alone.      Don't keep them hidden, just encrypt the

                passwords, and that's all you need to do.                        Brilliant

                idea, unfortunately it turned out that at least one or

                two of the crackers who were using our- or were abusing

                our system, were cracking this password file using

                dictionary attacks, which are well-known to most of

                you.      And those who don't know about it, you don't need

                to learn about it anymore, 'cause there's way around

                anyway.      Uhm.. Where was I?                  Uhm.. So anyway, I

                realized that someone was cracking, or hacking into our

                system, fooling around with it, and I'm sitting in the

                back of this very, very boring lecture on galactic wave

                structure, and I realize:                    How's this possible to

                happen?      I'm sitting in the back of the lecture, and I

                realize, somebody must have root privilege to one of my

                UNIX machines.         I'm thinking how that's possible?                     This

                is a weirdness.          And remember, I'm- I'm- How can I put

                it?       Uh.. I'm- I'm little folk.                    You're waving ten

                minutes.      Ten minutes for what?                     Oh, ten minutes uh..

Computer History Museum                            8/16/10                            Page 8 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                  Computer History Museum / Lecture                           page 9 of 50
                                     Computer Crime #2

                So, I'm- I'm little folk here, I'm- I'm- it's not like

                I'm- I'm brilliantly smart or anything about this

                stuff, I learned it on my own as I'm going.                             Uh.. Curse

                me, somebody has root privilege, so, we immediately had

                a choice of, oh!          Should we crack down and nail the

                door shut?     Or should we try to make it so that we

                understand what's happening?                      Well, I natural- Our

                assumptions immediately were that our assumptions, Dave

                Cleveland and myself, and a couple of together people

                uhm.. some extraordinary smart and clever programmers,

                of whom I had the honor of taking credit for most of

                their work, uhm.. We got together, pow-wowed for a bit,

                and said, "Well, let's find out who it is!                             I bet you

                it's some student on campus, who's thumbing his nose at

                us!"      Uh.. The obv- thing- The obviously possibility is

                that it might be a student thumbing her nose at us, or

                that this student might not be on campus, or that it

                might not be a student.                 Never occurred to us, we

                figured all smart UNIX jocks had to be on campus at UC.

                So, we figured it would be a might cool thing to chase

                after him.     So- so one Friday- late Friday afternoon,

                we had a modem bank then, a huge modem bank of 45 to 50

                dialing ports, and uh.. X-25 link.                              We had uh.. a

                butterfly VAX, an old device that connected us to what

                was then called the ARPANET.                      This was way back, you

Computer History Museum                           8/16/10                                  Page 9 of 50
RF#CHMP-19a             – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                      page 10 of 50
                                    Computer Crime #2

                know,     there were Stegosauruses around.                      You had, you

                know-you had- We were 56-kilowatt connected to the

                ARPANET, which again, would later become the Internet,

                or was already.        So, we said this would be a cool thing

                to chase down.       Problem then is, how do you find

                somebody?    How do you see what's coming in?                      We wanted

                to see the traffic coming and going out of system.                           So,

                what I wanted right away was, 45 or 50 printers, not

                just display devices.              I wanted a bunch of printers to

                print all the traffic coming in and out.                        Fortunately,

                that wasn't that- that hard, because back in those

                days- those days, it was commonplace to have- Well, how

                should I put it?           Back in those days, a 2400 baud

                modem was quite rare.              Unlike today, when a 2400 baud

                modem is quite rare. Uhm.. Let's say, uhm.. so- so you

                had a bunch of 1200 baud deck writers.                         You know, the

                first one from the one next to my desk.                        Uh.. The

                second one from uh.. Dave Cleveland's. Another one from

                Wayne Grave's this fantastically brilliant VMS jock.

                And we went around, Ray Partica <ph>, all these cool

                guys, who were real smart.                   Well, you know, I borrowed

                them all.    But after about you know, an hour or so, you

                run out of friends to borrow terminals from, so uh..

                so, you know, I did what I learned in graduate school,

                namely-     It's way easier to apologize later, than to

Computer History Museum                          8/16/10                             Page 10 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                Computer History Museum / Lecture                     page 11 of 50
                                   Computer Crime #2

                get permission in advance.                  Wait around 'til Friday

                afternoon at 5:00, got one of these lab carts, and went

                around and sort of liberating people's Macintosh's and

                PC's and deck writers from around the department.                        Went

                down the basement to build a- Computer crime. I'm

                talking about computer crime.                     When- Is that not the

                subject?   Any way, one of the- so, we set it all up.                         I

                had a thermos of hot minestrone soup, vegetarian down

                to me.    Had a sleeping bag unrolled it in front of this

                uh.. VAX 780, right next to a SUN workstation that had

                been rescued from the Civil War.                       And uh.. next

                morning, the- the assistant director of the department,

                this guy who- who not only had a beard, but he also had

                a tie, uh.. came by.            And he said, "You know, we're

                missing a bunch of things- missing a bunch of hardware

                from around the lab."             Well, I called it all back, and

                noticed that in the middle of the night, somebody had

                logged in, had gone out of our system, disabled our

                accounting program using a whole and a set user ID to

                route program.      Gone out over the ARPANET, broke- broke

                into a military computer at the Huntsville-Anniston

                Army Depot, Red Stone Missile, <inaudible> station.

                Copied this data back over an X-25 link to lord knows

                where, and for the next 11-months we were hot or cold

                or lukewarm, on the trail of some hackers who

Computer History Museum                         8/16/10                            Page 11 of 50
RF#CHMP-19a           – 888-349-3022
Ref.: CHMP-19                Computer History Museum / Lecture                       page 12 of 50
                                   Computer Crime #2

                ultimately turned out to be stealing military

                information and retailing it to- to what- the East

                German STASI and Soviet KGB for quite a few

                Deutschmarks and which were converted along the way,

                into cocaine and various other implements of

                destruction.     Uhm.. I noticed that I have five minutes

                left to spout uhm.. And I've talked about a quarter of

                what I wanted to say.              All of this, I found to be

                revealing.     It was one thing to talk to- see a movie

                about war games, and be on the side of the little guy

                who's trying to upset everything and- and- It was quite

                another thing to be on the receiving end, where

                somebody is going through my personal information,

                printing out my resume, printing out my email and

                copying it into someplace else.                       And to witness this on

                a printout in front of me.                   It was quite another thing,

                to try to call the NSA, the FBI, the CIA, the Air Force

                Office of Special Investigations to try to get them to

                do something, and over and over again hear the

                response, "That's an interesting problem you have

                there, son, but, it's not my bailiwick."                         One of the

                things I learned early on, is all of these

                organizations don't want to work!                         They desperately

                want to make it look like they're working, but they

                don't want to lift a finger!                     They- they the way to get

Computer History Museum                          8/16/10                             Page 12 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                Computer History Museum / Lecture                         page 13 of 50
                                   Computer Crime #2

                a response from the government is to present the

                answer, and try to make it look like they- they

                discovered it.      Uhm.. And so, it took about 11-months

                and a great deal of work, working with North American

                agencies, and ultimately the- the uh.. German Bundes-

                criminal- German Bundespost, and Time Net and other

                groups, to finally find that it was a group of German

                uh.. computer people, who, one of whom was heavily

                employed in computer security work during the day.                             And

                in the evenings felt that it was a profitable, and

                interesting hobby, to break into other people's

                computers, steal- and steal information.                           And at trial,

                he came up to me, in the middle of the- in the middle

                of his espionage trial in February of 1990, and said,

                "Look!    Why are you prosecuting me?                         Why are you

                testifying against me?              I could be thrown into jail!"

                To which- to which I answered to him, in the same way I

                told my friend Greg Flint, when I saw him fooling

                around with quarters- with this Quarters machine,

                something that was technologically sweet.                           So inviting

                and so nifty, my answer is, "Why, yes!                           Of course it is

                technology neat to do this.                   But I feel it is still

                dishonest to do so.           And I might not know what's

                legally right and wrong about theft of telephone

                service, or legally right or wrong about theft of

Computer History Museum                         8/16/10                                Page 13 of 50
RF#CHMP-19a           – 888-349-3022
Ref.: CHMP-19               Computer History Museum / Lecture                         page 14 of 50
                                  Computer Crime #2

                computer service, or right or wrong about theft of

                military and personnel information, but I do know when

                it strikes that-       When somebody's trying to bend that

                broomstick that's in- that's up my back, I do know when

                something strikes me as being wrong, and it struck me

                then, that this was wrong.                 That sooner or later, I had

                an identification with a community.                          Not just a

                community of telephone users, but a community of

                computer users.      It was- it was a time when perhaps I

                knew a half of a percent, maybe 2 percent of the

                ARPANET users, but I identified with them.                          And I

                thought them to be at least my colleagues, if not

                friends.   And I felt it wrong to be breaking in to

                these people's computers, not to mention the systems

                belonging to colleagues of mine, doing science and

                physics.    The Age of Innocence is passed.                         There's-

                what was then, a very, very obscure, poorly known

                technical system, the ARPANET, has involved into the

                Internet, which is a byline now for making money, for

                instant communications, for- for it's hard to find

                sentences that use the word Internet without the word

                revolutionary in them.             Uhm.. And for me, I still

                remember back to this Age of Innocence, and I think,

                "Yeah, it would be neat to recapture some of these

                times, some of these thoughts."                     But they're gone.

Computer History Museum                        8/16/10                                Page 14 of 50
RF#CHMP-19a          – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                        page 15 of 50
                                      Computer Crime #2

                They're gone as much as my days of programming in the

                1620 are gone.         My days in high school.                      And so, what I

                find myself now, is more and more spending time with my

                4-year old and my 5-year old.                        Thank you very much.

                A1: A beard and a tie, no less.                         The nice thing about

                talking last, is to get to write your talk while you're

                listening to the other people.                         And the bad thing about

                it is that you have to, because they say all the things

                you were originally planning to say!                             A while ago, a

                man named Chandler, George Washington University,

                called me up, and said, "I'm going to hold a meeting.

                And he named, you know, some various government people,

                and policy people, and so on who'd come.                            And give you-

                You- you‟re invited with the authority to interrupt at

                any moment."       A little like the Roman Consul in

                miniature.      And that never came off, but I wish that's

                what I had demanded tonight.                       I uh.. drove in the gate

                outside, and I saw the sign that said, "heightened

                security in effect."               It was before- I'd gotten inside

                before I realized this must mean that we're watching

                for Kevin <inaudible>.                 Maybe this is watching all of

                us.       In event, I thought I'd start with a uh.. with my

                list of comments that I wish I could've delivered in

                the middle of other people's talks, uh.. Peter talked

Computer History Museum                            8/16/10                               Page 15 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19               Computer History Museum / Lecture                          page 16 of 50
                                  Computer Crime #2

                about a day uh.. when the message of the day, was the

                password file, due to a screwup in the editor.                           He

                failed to mention there was a- just a must more

                delicious threat to the password file in that system.

                It didn't re- give you cleared memory, or was it disk?

                Probably disk memory of some kind, when you asked for

                memory.   And furthermore, the password table changed

                every night about midnight, and the old one got chucked

                out, you know, on to the list of available space.                             So,

                right after midnight, you'd jack up a giant job, right.

                And now, you probably have the password table somewhere

                in all the space you've allocated.                           But where is it?

                Well, it's very easy to find, you just search for

                yourself.   Right?       You're in the password table, and

                so's your password.          You search for those things.                     You

                find- now, so, it gives you a reliable way of finding

                the password table, just after midnight every night.

                So, you're only 24-hours out of date, password table

                changes fairly slowly.             But, I graduated from working

                on that system, to working on what we believe is the

                world's largest blue box.                You know, we had a PDP-6 at

                the Artificial Intelligence Lab at MIT.                          And it was

                painted deck blue.         So, we programmed it to make a few

                sounds.   I had one little correction I wanted to throw

                in, which is that uh.. you credited Robert uh.. Cliff

Computer History Museum                        8/16/10                                 Page 16 of 50
RF#CHMP-19a          – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                      page 17 of 50
                                    Computer Crime #2

                <inaudible> and Robert Morris was encrypting passwords.

                That dates back at least to Wilkes of Cambridge in the

                50's.     I- I don't know it back any further than that.

                It was certainly done in MULTIX uh.. in the- in the

                mid-60's. Uhm.. Okay.              What I'm going to try to talk

                about-     I'm not a great fan of the concept of computer

                crime.    I don't really doubt it's existence, but it

                seems to me that it- I don't usually- It does not

                usually seem to me to produce a very good analysis of

                the problems, or of the- of solutions.                         And a lot of

                the things I had attended to say, in that respect, are

                sort of already been said.                   I mean, I had planned to

                start out talking about there was an era, and uh.. in

                fact, Don, has a very nice talk he gives about

                crimeoids, uh.. and he- he describes all this

                phenomena.    But there certainly was an era when people

                were being accused of theft of computer services, for

                using their boss's computer for something else.                         Uhm..

                And those accusations typically tended to be rather,

                you know, their financial aspect tended to be rather

                generous.    That is the assumption was named- made that

                the computer was as valuable at every second, as it was

                in the second when you then rented it to the highest

                paying customer.         And to my view, this was one of many,

                you know, early came to my mind as an example, and in

Computer History Museum                          8/16/10                             Page 17 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                Computer History Museum / Lecture                       page 18 of 50
                                   Computer Crime #2

                fact of twisting fairly standard legal concepts, and

                concepts of ethics and values, and so forth, merely to

                take something out of an arena where it had to be

                judged, all right.          And remember, you know, the

                policies about use of office equipment range vastly

                across organizations.             At Sandia, the machinists would

                be fired if they tried to mill their own- you know, a

                head from the cars during lunch.                       Whereas at Stanford,

                the machinists uh.. many of them were encouraged to

                take outside consulting work, in order to keep up with

                contemporary machining problems.                       Right.   And lots of

                these things have vast ambiguities to them.                        And when

                you look at the way judgments are made about these

                things-   Some of the examples have come up tonight.

                Uhm.. When Ho Lee versus John Deutsche.                         When Ho Lee is

                in prison, and friends in Alberqurque tell me he is

                effectively being tortured.                   He's being kept, you know,

                kept from sleeping by having the lights on, and things

                like that.   Uhm.. John Deutsche, I was on a

                teleconference uh.. with him in Washington the other

                day, and basically still doing his job.                         Uh.. They said

                they lifted his clearance.                  He said, "I commiserate

                with him,"   Said, "Don't worry, <inaudible>."                       People,

                you know, look at- look at the crimes- The first, you

                know, the first uhm.. the first family of Internet

Computer History Museum                         8/16/10                              Page 18 of 50
RF#CHMP-19a           – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                        page 19 of 50
                                    Computer Crime #2

                security, I think is the Morris family.                          And look at

                the crimes of the son, and the crimes of the father.

                Uhm.. The younger launched the "Worm".                          Now, I think

                that was a very imaginative piece of work.                          But what

                struck me about it was, that it wa- had imagination

                without resources.           I was working in an organization

                that had resources without imagination. Right.                           That-

                that organization, Northern Telecom.                           And had we had

                the idea to launch the "Worm", it would never have had

                bugs in it, when it went out into the field.                          We knew

                about captive networks!                We had the resources to run

                things in environments where we could control them

                until we got them to vote.                   Now, suppose the first

                people- Now, suppose you add a third ingredient.

                Northern Telecom didn't have any particular malice

                toward- towards the Net, but somebody in the world

                might have.    And I think it is very possible, the first

                time we had seen a "Worm" might have been, you know,

                loosely speaking, from whoever the enemy of the day

                was, the KGB, Specter, bin Laden, etcetera.                          And so I

                think that uh.. Morris the younger, did us in fact a

                tremendous favor.          We failed to profit from that favor,

                and we've treated him rather badly, but he showed us

                the immense vulnerability of a set of resources, on

                which we were coming ever more dependent.                          Now, Robert

Computer History Museum                          8/16/10                               Page 19 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19               Computer History Museum / Lecture                           page 20 of 50
                                  Computer Crime #2

                Morris, Senior is seen entirely differently, right.

                Robert Morris, the elder, they're not quite junior and

                senior. Uhm..      He was the Chief Scientist of the

                National Computer Security Center, and he is- His

                legacy includes many things.                     One of them is the

                password encryption algorithm, that is currently in use

                in UNIX and by adoption, in quite a variety of other

                systems.   That has the effect of limiting passwords to

                8-meaningful characters.                 I believe that if you look at

                break-ins on computers, and in the network all over the

                world, you probably find no other single cause that

                accounts for so much vulnerability.                            Enough said.    A

                few weeks ago, I was at a seminar at Stanford Law

                School, on you know, Internet and Cyberspace and the

                Law, I think it was called.                    And one of the talks we

                had, was from a lawyer from eBay, who was talking about

                people, who as he viewed it, and he was fairly

                persuasive in his argument, were cheating.                           They sent

                out bauds of some kind or other.                        They got into eBay,

                and they find out what the going prices were for

                variou- for various things were.                        And they could make

                use of that information in other locations.                           And he

                described both their technical and their legal attempts

                to shut them down.           In one of those, you know, cases

                where you really wish you'd known it the day before,

Computer History Museum                          8/16/10                                Page 20 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                      page 21 of 50
                                    Computer Crime #2

                the very next day, Dave Farber put on his mailing list

                uh.. reference to a press release about how the Justice

                Department was investigating eBay for anti-trust, for

                exactly this activity.               So, then one is-            This is a-

                You're seeing there a tug-of-war.                         I can't tell you.

                They both- They're fairly persuasive, but certainly the

                self-righteousness with which this lawyer talked, about

                how eBay was being violated.                     And a similar self-

                righteousness on the part of the Justice Department

                uh.. press release on how eBay was being investigated

                because they were doing some- perhaps they were

                committing a crime.            So, why is it that I doubt the

                virtues of the criminal point of view about computer

                activities?      Well, we are at a great turning point in

                the relationship between computers and communications,

                and business.      In the past there were two major

                business channels.           You had a negotiation channel;

                spoken, written, telephone, fax, and things of that

                sort.     And you had delivery channels; trucks, trains,

                ships.    And on balance if you look at it, you required

                much more security on the delivery channel, where

                valuable goods are delivered, than on the negotiation

                channel.    Today, those two channels are being

                integrated, and they're being integrated because

                intellectual property is becoming a larger, and larger

Computer History Museum                          8/16/10                             Page 21 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19              Computer History Museum / Lecture                        page 22 of 50
                                 Computer Crime #2

                phenomenon in our economy.                And now, you can go onto

                the Web, and you can purchase information, and have it

                delivered down exactly the same channel over which you

                negotiated for it.        Uhm.. And you can get

                entertainment, you know, music, movie, videos, customer

                information, credit information, market research, or

                programs, all sorts of things.                    And the most important

                thing in security is the value-                    You look at security

                resources of any kind, the most important security

                issue, is what the value concentrated in those

                resources are.    So, the impact of improving

                communication's' technology, improving computer

                technology, is to draw more and more value into the

                Internet system.      And that dominates every other

                consideration about security.                   Now, there‟s sort of

                basically two approaches to defense.                        One is deterrence

                by denial of objective.             I mean, that‟s roughly what

                modern bank vaults do.            People almost never bring in to

                modern bank vaults, and it‟s rare that they‟re arrested

                trying to, you know, hit at them with a crowbar, you

                know, something of that kind.                   That does happen.        Uhm..

                the other is deterrence by threat of retaliation.                         And

                there are people who favor each approach, and there are

                circumstances in which approach is appropriate.                        If--

                There‟s a lot of mischief, I think, has been done by

Computer History Museum                       8/16/10                               Page 22 of 50
RF#CHMP-19a         – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                   page 23 of 50
                                    Computer Crime #2

                the Cold War and the nuclear standoff because the

                notion of deterrence by threat of retaliation became

                very popular, and somehow over that process people

                forgot that we weren‟t threatening to blow the Russian

                up back because it was the, you know, because it was

                the best thing the one could possibly, <inaudible> do

                it because it was the only thing we knew how to do.

                And this is a domain in which I believe that there‟s a

                lot better hope for security measures, and that the--

                what I see is the knee jerk reaction of group who feel

                that their rights have been violated by some computer

                event, get a law passed against it and think that will

                solve the problem.           And to some degree, of course, it

                does <inaudible> the problem because a certain number

                of the people would be threats to their-to their

                systems or subject to U.S. law, and are afraid of

                getting busted, and do have sufficient resources that

                they can be fined or held reliable or something like

                that.     And we‟ll be the terk.                   But the problem is that

                we live in an era that began in the 1850‟s, 1840‟s,

                1850‟s, 1870‟s with the first international cables that

                vastly expanded by radio and the internet and satellite

                communications and so forth adjust the radius round in

                it, in which border our declining in many of their

                significant.     That‟s not important in the world.                    But

Computer History Museum                          8/16/10                          Page 23 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                  Computer History Museum / Lecture                      page 24 of 50
                                     Computer Crime #2

                information moves in many paths beyond the control of

                boarders.     And so a classical architecture in which the

                military protect the boarder and, you know, the police

                protects the interior and the locked door protects the

                shop front is breaking down.                      And so, we face two sorts

                of things, I have believed in, still believe in this

                little ________ of good deal better localized defense.

                I think that we can improve the security of computer

                vastly, and that so to speak to remove the liability

                from the people who are really responsible for

                protecting their computer systems by and--                          so to

                speak, put it on to the-to the law enforcement agencies

                and the people who might penetrate the computer

                systems, I think creates a false sense of security

                because I think the deterrence will not work against

                many threats that are rising in the world.                         The other

                aspect of the environment that‟s coming up is the

                tremendous popularity of out sourcing.                          And what I‟m

                about to say out cuts the first thing I was going to

                say.      That is to say, my first point is a claim that we

                really now a lot about computer securities primitives

                so to speak, particularly in the cryptographic area,

                but certainly in some logic areas as well.                         Many of the

                mechanisms I know in that way are bypassed by a trend

                in the modern world.              Beautifully exemplified by

Computer History Museum                           8/16/10                             Page 24 of 50
RF#CHMP-19a             – 888-349-3022
Ref.: CHMP-19              Computer History Museum / Lecture                         page 25 of 50
                                 Computer Crime #2

                something, ____________, Head of Laboratory of Computer

                Science at MIT, said at RSA 2000, he said, doctors in

                India will work so cheap that doctors in the U.S. sends

                them recordings of patients interviews, and the doctors

                in India transcribe them and send--                         and e-mail back

                the transcriptions.         Now, you can encrypt the trans--

                you know, the sending of the recording, you can encrypt

                the e-mail coming back.             What would that do to protect

                the patient privacy?          You‟re sending something off into

                a whole different legal system.                    You know, probably as

                effectively very little protection, and currently many

                people are working to allow you to out source all sorts

                of computer activities.             So I think we‟re, you know-- I

                have the strongest feeling both that we know how to do

                computer security, and that not having done the

                homework we knew how to do so far, the world has

                already caught up with us, and we have entered a world

                where we don‟t.     Finally, we have a tug of war going on

                between things, that can be claimed to be criminal on

                one side, and thins that can be claimed to be people‟s

                rights on the other.          There was something I didn‟t take

                very seriously once again on Dave Farber‟s mailing list

                a couple of days ago talking about the--                        how you might

                be prosecuted for reverse engineering and defeating

                uh.. a new Disney uh.. Tarzan that uh.. that won‟t let

Computer History Museum                       8/16/10                                Page 25 of 50
RF#CHMP-19a         – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                        page 26 of 50
                                    Computer Crime #2

                you skip its ads.          Now, I have--                I don‟t--     I‟ve read

                that a little more carefully.                      I read beyond the

                article, I don‟t think this particular one is very

                significant.     Let me close with this one.                        I think, in

                fact, that push and shove will come up at some point.

                Imagine the following, security is a word that codes

                for legitimacy.        So here are two people, both of whom

                can say they‟re practicing security.                           Somebody is

                sending you a first-run movie or something to your T.V.

                And they said, you know, we‟ve gonna be absolutely sure

                you can‟t buy--        the ads are the way you‟re paying for

                this.     So we‟ve gonna make it as inconvenience for you

                as possible.     We have a right to make it inconvenient

                for you not to watch the ads.                      So we have measures what

                those might be for preventing you from video taping it

                or something like that.                And they will be, I think,

                very self-righteous about that.                       Some of the watchers

                would be parents.          The parents would say, “We want to

                preview everything our children see.”                           They would take

                it as a matter of family security to have that level of

                control to not have everybody‟s bare eyeballs up

                against the screen.            So, two minutes, I thought I only

                had five six minutes ago.                  This is internet time.

                There‟s a bunch of other examples of this kind of tug

                of war going on.         Uhm.. there‟s a man name _______

Computer History Museum                          8/16/10                               Page 26 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                        page 27 of 50
                                      Computer Crime #2

                _________, who penetrated European Smart Card system,

                was poo-pooed when he had--                      was asked to demonstrate,

                gave a perfectly in aqueous demonstration and was then

                busted, in an attempt to keep him from-from

                embarrassing the people who had done it, built the

                system.      Uhm.. and the current two cases being fought

                are the reverse engineering, something that was

                traditionally allowed in American uh.. industrial law,

                of first, the DVD protection system.                             And then maybe

                more acutely, the cyber patrol system, which is another

                of these things intended to protect kiddies from

                growing up.

                <audience laughs>

                A:        So, go ahead, think of computer crime.                        I think if

                you look deeper you will find that many instances of

                computer crime are merely instances of somebody having

                succeeded in demonizing one set of interest versus its

                own.      So thank you.

                Q:        Well, I told you we were going to get some very

                different perspectives of the computer crime problem

                that uhm.. we are addressing this evening.                            It‟s

                question time and we would like to have people from the

Computer History Museum                            8/16/10                               Page 27 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                 Computer History Museum / Lecture                         page 28 of 50
                                    Computer Crime #2

                audience would like to ask questions of our

                distinguished panel to come down and use this uhm..

                microphone to do so uh.. since we are uh.. recording

                this whole session.            And uh.. I‟m going to uh.. prime

                the pump here uh.. for a moment and take the privilege

                of uh.. asking the first question, which uh.. may be

                kind of the bottom line type of questions.                           But uhm..

                it seems like uh.. we‟re on the uh.. on the ledge uh..

                that is getting narrower and narrower, and we have a

                choice where the whole uh.. culture of the internet and

                the commercialization is going to fall on the side of

                uhm.. safety, of orderliness and honesty, and that

                there will be enough security and enough honest people

                who will uh.. make uh.. commerce on the internet

                successful.    And we‟ll still have uh.. a growing amount

                of crime, but as with credit card fraud that uh.. Peter

                mentioned, uh.. there‟s uh.. like point sever percent

                uh.. and that‟s acceptable and it makes it uh.. a

                viable, economically viable system.                            Fall off on the

                other side of the ledge and we fall into uh.. chaos

                uh.. and we fall into uh.. degeneration uh.. and we

                fall into a situation where e-commerce is actually

                going to fail and it‟s not going to work.                           Now, uh..

                with three hundred million people currently using uh..

                the internet, which is the latest number that I read,

Computer History Museum                          8/16/10                                Page 28 of 50
RF#CHMP-19a            – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                    page 29 of 50
                                      Computer Crime #2

                uh.. in all of the different cultures, there‟s no hope

                that there will be a single cohesive culture.                         That

                means they‟ll be uh.. many, many thousands of value

                systems all functioning within that same framework.

                Uh.. is this going to de-degenerate fall apart or is it

                going to come together in some way enough to allow the

                successful continuation of uhm.. commerce?                         Uh.. how

                are we going to be enabling commerce with security, or

                are we going to fall behind and failure.                         So my

                question to the panel is uh.. can you uh.. come up with

                a very quick uh.. answer or prediction based on how the

                history of computer crime has gone uh.. to decide uh..

                whether we‟re going to fall on one side or the other

                side uh.. of this issue?

                A:        I don‟t know.        I think it‟s kind of a saw tooth

                phenomenon.      If you look, not at the credit card

                business, but the cell phone business uh.. cell phone

                fraud was getting up over five percent at one point.

                And suddenly they discovered that maybe it was worth

                putting a little technology into it after all.                           Uh..

                the credit card folks haven‟t gotten to that point yet

                because it‟s not a problem.                      Uhm.. I think what happens

                is that uh.. you start building fences where it hurts.

                Uhm.. and I think electronic commerce is the thing

Computer History Museum                            8/16/10                           Page 29 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                         page 30 of 50
                                      Computer Crime #2

                that‟s going to drive a lot of organizations to use

                cryptography and-and maybe some sensible operating

                systems uhm.. where they‟ve never had that incen-

                incentive before.            So uh.. on one hand uh.. cell phones

                are still vulnerable, it‟s just that the uh.. the level

                of attack has gone down a bit because they threw in a

                little uh.. sideband uh.. stuff.                          But they‟re still

                vulnerable.      Now, when the-when the uh.. fraud builds

                up to a point that‟s it‟s really hurting uhm.. somebody

                might say, well, it‟s worthwhile doing something about

                it.       But I-I think the problem today is that uh..

                people are making so much money uh.. irrespective of

                the fact that there‟s not enough security, that it

                doesn‟t matter.          And it‟s--              We‟ve said for years that

                it‟s gonna take some major disaster uh.. but we‟ve had

                minor disasters and it doesn‟t make any difference.

                Uh.. there-there are people who are still running with

                the-the send mail debug option on--                              with their

                ________ host uh.. stuff, radiating to the world

                without their realizing it.                      And uhm.. you know, it-

                it‟s just uh.. the level of ignorance, oblivious,

                stupidity and other related uh.. factors is uh.. is

                enormous.      So some day--               We had mentioned outsourcing.

                Uh.. there is a strong uh.. attempt in the-in the

Computer History Museum                            8/16/10                                Page 30 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                  page 31 of 50
                                      Computer Crime #2

                government, particularly in the military, to outsource

                all of the uh.. system administration.

                <audience laughs>

                A:        I‟ll let you think about that one for a while.


                Q:        <inaudible>

                A:        I think there is no question that e-commerce has

                succeeded and is simply going to continue expanding.                          I

                don‟t know the exact rates or exactly what it will look

                like.      But I think the question, I don‟t know the

                answer to it, we should ask in response to your

                question Don is, are the crime rates that we‟re seeing

                currently, and I doubt the definition of the crime is

                gonna make a lot of difference to this, how do they

                compare with crime rates in successful economies in the

                past?      And I--      It‟s at my conjuncture that you‟re

                going to find that, you know, you look at the piracy on

                the Mediterranean during the Roman Empire.                       And there

                was a lot more at stake, and nonetheless, there was an

                exploding economy that people just plain will-will take

                risks.      It also deserves to be said that the criminal

Computer History Museum                            8/16/10                         Page 31 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                    page 32 of 50
                                      Computer Crime #2

                component of the economy is not often, you know,

                adequately understood.                 And so if somebody comes to

                your house and steals the TV, the poor thief sells it

                to a fence for 50 bucks.                   But that‟s not the

                significant economic impact.                       The poli--    You know, a

                couple of squad cars worth of police come investigate,

                and they‟re costing hundreds of dollars an hour with

                their equipment and so forth, and they get paid. An

                insurance investigator comes and get paid, and a

                locksmith comes and re-repairs your door and gets paid,

                and an insurance adjustor comes and looks things over

                and pays you, and you go buy a new TV set for five

                hundred dollars and so forth.                        So the total economic

                impact is several thousand dollars, only a tiny

                fraction of which was being made by the criminal, most

                of it was being made by legitimate people.

                Q:        But the cost-the cost of what you‟ve described—

                A:        I‟m only describing a fact.

                Q:        I‟m sorry, I see a different cost. Not an economic

                one, but the cost, the emotional cost of the person

                who‟s house, or perhaps even database was broken into.

Computer History Museum                            8/16/10                           Page 32 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                  page 33 of 50
                                      Computer Crime #2

                A:        Oh, I-I fully agree and I‟m not arguing-I‟m not

                arguing, we should value the thief for their

                contribution to the economy.                       I‟m arguing some things

                that are structural in the economy this way is not

                something that‟s likely to go away.

                Q:        The reason for the response is not to recover the

                value of the television, but rather to insure some form

                of dare I say, western justice, whatever that means.

                A:        Just a-a couple of data points, I-I know at the

                camp that things are gonna get much worse before they

                get better.      And a couple of data points, uhm.. in

                reporting on CD Universe uhm.. and talking to the CEO

                of CD Universe, his-his worse business problem was the

                fact that he had to map out entire countries because of

                the high incidence of fraud.                       And, you know, without

                going into which countries they were, there are whole

                areas of the-of the world, whole nations of the world

                where 90 percent, this is a mid-level, small to mid-

                level uh.. e-tailor, who are uhm.. you know, 90 percent

                of the transactions from an entire country were

                fraudulent.      Another data point uhm.. I believe in this

                most recent uh.. <inaudible> Expedia, which is one of

                the, you know, the bright spots in the internet

Computer History Museum                            8/16/10                         Page 33 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                page 34 of 50
                                      Computer Crime #2

                commerce, I think took a charge of three quarters of

                their profit for fraud.                  That‟s a stunning number to

                me.       And I‟m surprised it hasn‟t made uh.. drawn more

                attention than it has. But, you know, that‟s the

                mainstream, that‟s the heart of the business.                    They

                almost lost their entire profitability in the last


                A:        We have a question.              But let me throw in one more

                comment.      There is a really important risk here that

                uh.. is widely under realized, and that‟s the identity

                theft problem, uh.. the use of social security numbers

                and your mother‟s maiden name and stuff like that as

                authenticators.          Uhm.. this is increasing erratically.

                In my book and in-in the online website uhm.. the risk

                achieves, you‟ll find that the-the number of cases of

                this are increasing dramatically.

                Q:        My question is for John __________ uhm.. first I‟d

                like to start by saying I enjoyed your talk entitled

                “Kevin and Me,” which didn‟t mentioned Kevin at all. I

                hope it‟s the beginning of a trend.

                John:          I think that was intentional.

Computer History Museum                            8/16/10                       Page 34 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                page 35 of 50
                                      Computer Crime #2

                Q:        Uh.. I look forward to our talks like that.

                Q:        Uh.. yes, it‟s fitting, perhaps ironic that we‟re

                at the museum of computer history talk when uh.. I can

                think of no other individual who has done more to

                authenticate that history. Uh.. your July 4th, 1994

                article on Kevin __________ uh.. contained many thinks,

                which we now much know are false, such as his break in

                or alleged break in to _______, which never happened.

                And uh.. other things that has now been repeated for

                the last six years in the media as fact, when we are no

                they are all or not.               My question to you is, why hasn‟t

                you--       why haven‟t you issued a retraction and uh.. and

                do you still stand by those claims as you said to Zif

                Davies recently?

                <audience claps>

                John:          Is this an audience or a lynch mob?

                <audience laughs>

                Q:        Kevin couldn‟t be here to defend himself, so—

Computer History Museum                            8/16/10                       Page 35 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                         page 36 of 50
                                      Computer Crime #2

                John:          Well, I-I knew this question would come up.

                I-I really don‟t have a lot to say.                              Uhm.. I just

                simply note the fact that uh.. that the person you‟re

                referring to was uh.. testified before the senate uh..

                several weeks ago where he described himself as a

                social engineer, uh.. who had worked as a private

                investigator for several years.                         Uh.. it‟s my

                understanding that that‟s why uh.. the FBI became

                interested in 1993.              So I think that it‟s sort of the

                heart of your question is that Kevin‟s problem was me.

                Q:        No, that‟ not-that‟s not it—

                John:          I beg to differ with you.

                Q:        It‟s that you printed false things about him, and

                haven‟t retracted them and haven‟t backed them up.

                That‟s my question.              My question is very simple.

                John:          I-I beg to differ with you.                         I did not print

                false things about him.

                Q:        So you are claiming now that Kevin ______ broke

                into _________?

Computer History Museum                            8/16/10                                Page 36 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                page 37 of 50
                                      Computer Crime #2

                John:          I think that‟s what-what you said.

                A:        Well, that‟s what you said in your article.

                John:          The _______-the ______ point is an

                interesting one.           Uhm.. my source on __________ was

                Steven _______         Uhm.. and Steven _________ told me that

                in an interview.           Steven _________, in case you don‟t

                know, was a friend of Kevin‟s in the late 1970‟s and

                early „80‟s.       And that fact actually was reported

                earlier uhm.. than I had reported it in the-in the

                “L.A. Times.”        Uhm.. but I don‟t think that‟s what the

                issue is really.           Uhm.. I think the issue is what was

                going on in the fall of 1993 while he was on probation,

                when he attracted the attention, ultimately of four law

                enforcement agencies.                Why do you think he did that?

                Q:        Why did he want to attract—

                John:          Why were four law enforcement agencies

                interested in what he was doing?

                <audience comment>

Computer History Museum                            8/16/10                       Page 37 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                         page 38 of 50
                                      Computer Crime #2

                John:          Now, the question is, cause there‟s a story

                in the “New York Times” in 1994, in July of 1994, which

                was Kevin‟s problem or was it--                         was it what Kevin was

                doing.      Well, I believe it was what he was dong.

                Q:        What I‟d like to know is then why was the reporter

                who was following him also actively participating in

                the investigation?

                John:          That‟s inaccurate.

                Q:        Joe ______ was reported in two books, two separate

                books, Joe __________ Cellular Technician said—

                John:          That was inaccurate.

                Q:        Two books, they‟re both wrong.                         Joe ________ made

                it up.

                John:          That‟s-That‟s not what Joe _________ said.

                Q:        What about when you talked to John _________--

                <audience comments>

Computer History Museum                            8/16/10                                Page 38 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                          page 39 of 50
                                      Computer Crime #2

                Q:        We‟ve had one question and we‟ve had one answer.

                May we have the next question please?

                Q:        Hi, my name is Steve _______.                          One of the things

                that interest me a lot in life is the nature of the

                word interest.         Now, since I‟m inside this world, I

                tend-tend to mistrust my perceptions, but is it your

                perception that the electricity level in our field is

                high? And what is it that makes the __________ and the

                _______________ of the world come into this stuff and

                stick so hard?         Why are we here and where are all the

                normal people?

                A:        Uhm.. does anybody know a normal person?

                A:        I-I guess that‟s may be directly at me and I-I

                guess I ought to—

                <audience laughs>

                A:        It‟s weird to say it, but I consider myself by and

                large, within a couple sigma of normal.                              And-And I say

                that with a straight face.                     Uhm.. it‟s real easy, any

                or you, anyone in this room can describe things that

                she‟s done that are-that are just completely weird.                                  We

Computer History Museum                            8/16/10                                 Page 39 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                          page 40 of 50
                                      Computer Crime #2

                don‟t think of the gillions of things that we do that

                are utterly <inaudible>.                   But Tim said that, I thought

                I--       Oh, yeah, yeah, it bares on something I wrote in

                my hand earlier, but I‟ll-I‟ll point it out right now.

                Uhm.. somebody called me up six months--                               a year ago

                talking about, how come I‟m not tracking down those

                hackers?      Why am I not cooperating in-in tracking down

                these people doing denial service <inaudible>                              And

                every few months, there‟s this hack--                               computer

                cracker, computer hacker escapade going on, people call

                me up.      And I‟ll say, not interested, chump.                          And

                they‟ll say, “Well, why not?”                        And I say, the first

                time you do something, it‟s science.                              The second time,

                it‟s engineering.            I‟m a scientist.                    The first time I

                caught a hacker, hey, it was research.                              The second

                time, I‟m not interested anymore.

                A:        Okay, next question please.

                Q:        Good evening to the panel here.                          I enjoyed your

                uh.. talk, each one of you.                      Uhm.. my question is, does

                it impress you guys that if you look over the whole

                history of the _________ and computing and so forth

                that really industries have been sort of going for a

                free ride on academia and science?                               And the fact is,

Computer History Museum                            8/16/10                                 Page 40 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                      page 41 of 50
                                      Computer Crime #2

                that when--       when-when business finally gets a hold of

                the technology, which is 20 years old.                           They don‟t add

                enough to it to make it viable for business.                          And so

                that‟s why we have all the problems we have.

                <audience claps>

                Q:        And then when people like ourselves uh.. okay, I‟m

                guilty as charged.             I‟ve never uh.. let‟s see, I‟ve

                never worked in _________ really.                           I‟ve always worked

                for businesses like DEC and Xerox and stuff.                          When we

                try to speak up and say something about it, no, no, we

                can‟t afford to do that.                   Does that happen?         Does this

                sound familiar to you guys?                      And I wanted your

                impressions on this scenario.                        And in particular, don‟t

                you think it would be cool like if people like Cisco

                and the other router companies actually put something

                in so we can find out where the packets are really

                coming from? <laughs>                It‟s--          Am I silly because of

                the fact that, you know, I mean, is there some sort of

                huge technological problem where we can‟t do this over

                like ten, 15 years?              We can‟t find out where, you know,

                I mean, impressions, please?

                A:        You forgot to create the military.

Computer History Museum                            8/16/10                             Page 41 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                     page 42 of 50
                                      Computer Crime #2

                <audience laughs>

                Q:        Oh, yeah, sorry. My prejudice.

                A:        I agree.      Whatever your question was, I‟m not sure

                what it was, but your statement—

                <audience laughs>

                Q:        Well, the question is, do you guys agree with that

                and have you notice that yourselves, you know, along


                A:        The-The internet--                the ________ was designed for—

                as a terrifically wonderful system that worked in-in--

                during the age of innocence.                          And sort of it-it‟s okay

                for the demands being placed on it today, but there are

                major warts in it that people hardly ever talk about.

                For example, there‟s no billing algorithm build into

                it.       But uh.. it‟s absurd that something that we‟re

                paying for, there‟s no way to properly allocate, you

                know, who‟s using it per-per byte, per kilometer, per

                minute.       The-The-          It‟s designed with security sort of

                buttered on to it, rather than built into it. I-I

                thoroughly agree.

Computer History Museum                               8/16/10                         Page 42 of 50
RF#CHMP-19a                 – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                         page 43 of 50
                                      Computer Crime #2

                A:        Well, there‟s several comments here.                        One-One is

                that this--       the _________ was a research vehicle for

                DOD.      Uhm.. I remember years ago uh.. <inaudible> Vince

                _________ and Bob _________ uh.. about the fact that

                uh.. yes, they were doing a lot with alternative

                routing, but they weren‟t really doing a lot with uh..

                with end to end reliability and-and security.                              And the

                answer was always, well, uh.. security is NSA‟s

                problem, and we can‟t into that.                          Uhm.. there‟s some

                uh.. serious problems that-that resulted obviously from

                that, but if you think about the denial of service

                problems uhm.. even the uh.. the most draconian

                security measure tend not to stop it.                             Unless you have

                end to end authentication and-and call back and-and

                handshaking all over the net, which would slow it down

                by a factor of--

                A:        Deny everybody service.

                A:        Deny everybody service, right.                         And uhm.. and so I

                think from a practical point of view, uh.. the-the fact

                that the-the internet, the __________ before it uh..

                were not very secure.                Uh.. was not totally unrealistic

                at the time uh.. with the belief that if you really

                were worried, you‟d use end to end encryption.                              Now,

Computer History Museum                            8/16/10                                Page 43 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                         page 44 of 50
                                      Computer Crime #2

                the problem is that doesn‟t solve the denial of service


                A:        The deterrence comes from the ability to trace the

                packets to their real source.                        That‟s why I mentioned


                A:        Now, those remarks were made--                         were summarized

                before your birth by ______________ who said, what

                crime is the robbing of a bank compared to the founding

                of a bank?

                A:        Next question please?

                Q:        I guess I‟m not exactly clear of how to phrase my

                question.      It‟s more of a feeling of that the--                          I

                mean, I think the one speaker spoke to this, but the

                characterization of computer crime and the idea of

                black hats and white hats, it seems like what we‟re

                forgetting a lot in this is that what we‟re really

                dealing here with is with social issues.                             And where,

                you know, I understand close feeling about the-the

                feeling of invasion of-of self when somebody breaks

                into your computer, and I feel, you know, for myself

                the personal inconvenience for the lost of time of

Computer History Museum                            8/16/10                                Page 44 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                     page 45 of 50
                                      Computer Crime #2

                recovering from an incident, which I had to do in the

                past.      Uhm.. it really seems though are--                      is this

                black and white sort of character that we‟ve given

                things making us view things that are really just, you

                know, rude things to do and inconsiderate, and that

                would in a normal society, you know, in the society we

                interact in and shake hands in cause us to-to merely

                dislike, you know, to refer to them badly, that we‟re

                instead turning into prosecution and putting into this

                legal system, which is as it seems, is-is a form or

                protecting us.         Uhm.. I mean, I-I don‟t want to talk to

                long on this, but my real question is, do we feel that

                we‟re by-by seeing it as crime and punishment as we‟re

                sort of viewing the issue rather one sided, when it‟s

                really a societal problem that often is more things

                that‟s merely rude and not actually evil as it

                sometimes get characterized?

                A:        I think that‟s a very apt comment.                     Uhm.. haven‟t

                read Dusty _______ in the last few years.                         My worth--

                be worth going back to it.

                Q:        The question here was, is it a social problem that

                we technologist are trying to solve, and where are the


Computer History Museum                            8/16/10                            Page 45 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                   page 46 of 50
                                      Computer Crime #2

                A:        Now, there‟s a risk all by itself.

                <audience laughs>

                A:        I-I think one of our biggest faults is that we try

                to solve technological problems socially, and social

                problems technologically.                       Uh.. if you look at uh..

                filtering and-and uh.. you know, spamming and all this

                stuff.      Uh.. congress is very quick to uh.. to pass—

                A:        That‟s a good answer.                   Okay, next question.

                Q:        Evening.      It‟s funny that we just talked about

                social--       I was a social scientist before I became an

                engineer, so uhm.. that‟s-that‟s a whole other story.

                My question is uhm.. well, actually, some of your have

                address this as being no crime, we‟re really not

                committing a crime, we‟re doing reverse engineering.

                How do we approach the new generation of uhm.. I don‟t

                want to use hackers, but the-the malicious users that

                are the 17-year-old kids that are taking advantage of

                somebody else‟s reverse engineering that‟s readily made

                on the uh.. made available on the internet, which is

                then used to go ahead and do something malicious.

                Should there be any responsibility placed on the people

Computer History Museum                               8/16/10                       Page 46 of 50
RF#CHMP-19a                 – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                        page 47 of 50
                                      Computer Crime #2

                that are making that type of code available to the new

                generation of uh.. attackers on the internet?

                A:        What about the next generation?                        And we can do

                something about it in the United States, but with three

                hundred million and a 189 countries, each with it‟s own

                culture, how do we deal with this?

                A:        I guess-I guess I don‟t see it as a problem of a

                new generation or 17-year-olds.                         No, I-I see a great

                deal of promise and joy in 17-year-olds than a

                capability to do things right that previous generations

                haven‟t.      Know the-the distribution of people doing

                good, bad and questionable, I‟m not sure which that is,

                I think is uniformly distributed amongst generations

                and ages.

                A:        It would interesting to see uh.. I guess there was

                a question asked earlier of the audience, how many of

                you were ___________ or how many of you have in fact

                been in uh.. crackers, hackers, smackers, snackers,

                whatever, at some point in your-in your careers.                              Uh..

                but there is a certain benefit uh.. if you really

                wanted to know computer security.                           Uh.. there‟s a

                certain benefit to having had a mentality where you

Computer History Museum                            8/16/10                               Page 47 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                     page 48 of 50
                                      Computer Crime #2

                were able to break things. And when you come to the

                conclusion that those things shouldn‟t have been broken

                or breakable--         sorry.          Uh.. they shouldn‟t have been

                breakable, they should have been designed better in the

                first place.       Uh.. you begin to wonder.                     Now the DVD

                thing was presumably, intentionally designed to be very

                weak so that they can prosecute.                          Think about that one

                for a minute.

                <audience laughs>

                A:        No, I think they just didn‟t care.                     It wasn‟t a

                priority for the people who designed it.

                A:        Well, the problem is ,a big enough hammer, you can

                break anything.          Okay, one last question.

                Q:        Uh.. I‟m interesting actually in _________ talk

                was kind of interesting.                   Uh.. my-my big hot button is

                computer crimes of perception, where uh.. we-we read in

                the paper how in Hong Kong they bust some street dealer

                who just got five thousand copies of Microsoft Word,

                he‟s been selling for a dollar.                         And uhm.. and how this

                represents five hundred thousand dollars of Microsoft

                software, and yet, if it were priced at retail, no one

Computer History Museum                            8/16/10                            Page 48 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                      page 49 of 50
                                      Computer Crime #2

                in Hong Kong would buy Microsoft Software.                          So it‟s

                really on five thousand dollars, and yet it is-it is

                presented as a large crime.                      And when you have

                something like the uh.. all these neat cell phones,

                which are gonna have by the year 2001 a way of locating

                every cell phone where it is or 9-1-1 purposes,

                supposed to be good for you.                       Uhm.. so-so my definition

                of computer crime is whenever a legitimate corporation

                doesn‟t benefit from it, it‟s a crime.                           Uhm.. and-and

                that has nothing to do with justice and legality.                            So-

                So my question for the panel was, is there some way we

                can come up with a objective definition of-of the

                victim.      You know, who-who was harmed in a computer


                A:        Uh.. occasionally law enforcement gets it right in

                the long run.        The Craig Knight ______ case was a

                wonderful example uh.. where uh.. the baby bell uh..

                went after __________ told the justice department this

                was a heinous crime, and that it was worth millions and

                millions of dollars.               Uh.. until the judge discovers

                that he--       that they were selling the document for uh..

                for whatever it was, a handful of dollars.                          Uh.. this-

                this is a very serious problem I think that you‟ve

                raised, And-And there‟s no easy answer to it.

Computer History Museum                            8/16/10                             Page 49 of 50
RF#CHMP-19a              – 888-349-3022
Ref.: CHMP-19                   Computer History Museum / Lecture                 page 50 of 50
                                      Computer Crime #2

                A:        Okay, thank you very much for the questions and

                for our panel.

                <audience claps>

                A:        I‟d like to invite you all to come over to the

                visible storage warehouse and see all of our machines.

                And particularly invite Cliff to come over if you want

                to see a 1620 running again, we‟ve got one.                      For the

                last year, we‟ve had a group of a dozen or more

                volunteers run by Dave Babcock, who‟ve been

                meticulously restoring our 1620, and you can get to see

                if that one instruction program actually still works.

                Thank you all for coming.

                #### End of Computer Crime #2 ####

Computer History Museum                            8/16/10                        Page 50 of 50
RF#CHMP-19a              – 888-349-3022

Shared By: