I was disgusted and horrified to read that PGP had been removed from soda, and gratified to find that it had been returned. However, your experiences with CERT are not unique. As could be expected of any agency directly funded by Air Force Intelligence, CERT is a genuinely ugly organization which needs to be stamped out. Frankly, it's a menace to society. Examine their acronym. Computer Emergency Response Team. What a fucking joke! Excepting the Morris Worm, can you name a SINGLE Computer Emergency which CERT has halted? It is simply an organization to keep the crypto-fascists wired into the net. I will assume, as you did not say otherwise, that you do not know the name of the CERT person who reported you, for whatever ridiculous reason. This is standard practice for CERT; it's customary for them to hide behind a shield of anonymity for the purpose of attacking people. My life was severely disturbed three years ago due to similar anonymous tips from CERT, and I have yet to discover the identity of the CERT person who tipped off the authorities to me. CERT is yet another agency which is freed of Constitutional restraints for a vague and undefined 'public good.' If distributing PGP, legal in the entire Free World except for the US, is a "Computer Emergency," then I'm a fucking Republican. Combat this so-called Computer Emergency Response Team wherever you see the tendrils of its evil influence. ---- Robert W. F. Clark "Be sand, not oil, in the machinery rclark@nyx.cs.du.edu of the world." Gunter Eich clark@metal.psu.edu
Clark Reynard writes about CERT:
I will assume, as you did not say otherwise, that you do not know the name of the CERT person who reported you, for whatever ridiculous reason. This is standard practice for CERT; it's customary for them to hide behind a shield of anonymity for the purpose of attacking people.
My life was severely disturbed three years ago due to similar anonymous tips from CERT, and I have yet to discover the identity of the CERT person who tipped off the authorities to me. CERT is yet another agency which is freed of Constitutional restraints for a vague and undefined 'public good.'
My life wasn't affected in a serious way by CERT, so far as I know, but I do have a funny story to tell. At a Bay Area party for hacker types in December, 1988, I was talking to a guy with longstanding computer security connections. He looked at me strangely and said something like "Well, Tim, your name just came up in Washington on a list of the most dangerous hackers in the country." I laughed it off and asked him why--after all, I'm not considered to much of a programmer by anyone _I_ know. He wouldn't elaborate, just looked at me strangely. (It was a funny story because I could other people at parties that I was on a "Most Wanted" kind of list, and yet I knew they couldn't actually pin anything on me as I literally hadn't done anything except draw some obvious conclusions about the implications of modern crypto techniques, such as Chaum's anonymous systems, and had written and talked about it.) This fellow had been in at the founding of CERT, and was at the first D.C. meeting in early December (shortly after the Morris worm). As he'd also been at hackers gatherings where I had talked about digital cash and "crypto anarchy" (my "Manifesto" was written earlier in 1988 and passed out to a few people), I had some suspicions that it was *he* who had volunteered my name for this list they were compiling. An obvious overstatement of my danger, and I never heard anything more about it. But I've always thought about this, and the other lists of subversives they must be generating. No, I won't give his name, as I can't prove anything and to speculate would be "narcish" McCarthyism. Just keep in mind that even hackers may have their own agendas and their own consulting arrangements with crypto and security groups, both private and government-run. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.
Excepting the Morris Worm, can you name a SINGLE Computer Emergency which CERT has halted?
cert was organized in reaction to the morris worm, and was not involved in its prophylaxis. i am disappointed to hear these stories about cert, but encourage others with tales to tell to step forward. this is a real eye-opener. peter
i am disappointed to hear these stories about cert, but encourage others with tales to tell to step forward. this is a real eye-opener.
I just had to deal with a minor crisis caused by CERT. They contacted the domain-admin for the *.fi domain, saying they had been informed that the anonymous ftp archive at anon.penet.fi was being used to distribute illegal copies of software. They did *not* contact me directly, nor my service provider. The last time anon.penet.fi was shut down was exactly because of somebody contacting the domain-admin, who happens to be a person working for a competitor to my service provider. Fortunately I could tell them that anon.penet.fi didn't even run ftp at all, easily verifiable by trying to ftp from anon.penet.fi. They did apologize profusely, but somehow that doesn't quite... julf
Umm, I thought CERT was a purely commercial organization, rather than a government one... did I miss something? _Mark_
i am disappointed to hear these stories about cert, but encourage others with tales to tell to step forward. this is a real eye-opener.
I just had to deal with a minor crisis caused by CERT. They contacted the domain-admin for the *.fi domain, saying they had been informed that the anonymous ftp archive at anon.penet.fi was being used to distribute illegal copies of software. They did *not* contact me directly, nor my service provider.
[...]
Fortunately I could tell them that anon.penet.fi didn't even run ftp at all, easily verifiable by trying to ftp from anon.penet.fi. They did apologize profusely, but somehow that doesn't quite...
Disturbing pattern that CERT contact people about hosts which perform actions contrary to the wishes of some MIBS. Or is that just paranoia ? I doubt the NSA/FBI/any_other_government_agencies would be crying if either anon.penet.fi or soda were taken off the net...
i am disappointed to hear these stories about cert, but encourage others with tales to tell to step forward. this is a real eye-opener.
I just had to deal with a minor crisis caused by CERT. They contacted the domain-admin for the *.fi domain, saying they had been informed that the anonymous ftp archive at anon.penet.fi was being used to distribute illegal copies of software. They did *not* contact me directly, nor my service provider.
How is it that Cert (which to my knowledge is an organization run by Carnegie-Mellon in Pittsburg,PA (USA)) should come to have any influence on a domain in finland? They are not to my knowledge a gov't organization although they may be funded by some.. hmm. Doesn't their name stand for computer EMERGENCY response taskforce or something like that? They should have no business bothering you unless you requested some kind of assistance from them, IMHO. The same goes for the berkeley site... I'd definitely be interested in hearing who they think they are working for and under whose authority they are becoming netpolice.
computer EMERGENCY response taskforce or something like that? They should have no business bothering you unless you requested some kind of assistance from them, IMHO.
I personally like being contacted by an organization trying to tell me that someone might be misusing my computing resources. [in no way speaking for NASA] -- J. Eric Townsend jet@nas.nasa.gov 415.604.4311 CM-5 Administrator, Parallel Systems Support | personal email goes to: NASA Ames Numerical Aerodynamic Simulation | jet@well.sf.ca.us PGP2.1 public key available upon request or finger jet@simeon.nas.nasa.gov
I personally like being contacted by an organization trying to tell me that someone might be misusing my computing resources.
how would you feel about an organization telling your boss that your actions were contributing to the abuse? that is certainly how the message was received at soda, and in earlier, similar circumstances, at penet, as well. peter
J.E.T. writes: i
computer EMERGENCY response taskforce or something like that? They should have no business bothering you unless you requested some kind of assistance from them, IMHO.
I personally like being contacted by an organization trying to tell me that someone might be misusing my computing resources.
Certainly that may be so.. but in this case they didn't merely tell 'you' with a simple note, instead they did atleast 2 things which really are bothersome and overstepping common 'courtesy' of merely informing 'you': 1) Instead of going directly to the owner of the directory in question or the administator of the host they jumped over 'your' head and went to the domain administrator. I can see going to a site administrator if they had reason to believe the owner of the directory was doing something illegal.. but then again they have no authority to make/enforce/etc any kind of laws. They were just plain out of line. Consider this example (and I'll give them the benefit of doubt here that someone really did complain to them and they aren't on some witchhunt of their own): I am Cert and Mr Von Karman has emailed me to say that a /jet/Enigma-cypher-code directory appears to have illegal software of some kind.. so I send up my email.. not to you.. but to Goldin, the new NASA head that I believe this directory owned by you has illegal software on it. Well that is a good way to put some bad marks on your record even if you do prove it untrue to your boss.. maybe you had just removed the evidence before he checks out your acct.. either way he shuts down your net access for a while..'just to be sure', and look out next time you want a promotion.. can't be to safe.. you might be a security risk! 2) They didn't check the system out before hand and blatantly said as much.. what kind of service to you is that? my friend met a guy who knows bigfoot..but certainly you don't see me bothering the people who own the land where bigfoot is supposed to live. 3) They want to confiscate logs from the system.. That sure as heck isn't any of their business.. 3) other complaints which I'll file for now. --- ------------------------.------------------.-----------------.- Tim Oerting | |insert disclaimer| Computer Consultant | U. of Washington |I speak 4 myself | School of Law | <Seattle> |..blah..blah.. |
participants (8)
-
Clark Reynard -
Darren Reed -
eichin@cygnus.com -
jet@nas.nasa.gov -
Johan Helsingius -
peter honeyman -
tcmay@netcom.com -
TJO