CRYPT NEWSLETTER 57
October 1999

Editor: George Smith, Ph.D.
INTERNET: 70743.1711@compuserve.com
          crypt@sun.soci.niu.edu
http://www.soci.niu.edu/~crypt

Mail to:
Crypt Newsletter
1635 Wagner St.
Pasadena, CA 91106
ph: 626-568-1748

Crypt Newsletter articles may not be copied or reproduced in or
on other media, on CD-ROM collections of data, or offered as part
of any database, data survey, information or research service
without prior consent of the editor. Rates based
on word count are reasonable. Queries by e-mail are welcome.


"The commie rat was using this thing to take pictures . . ."
                            -- General Buck Turgidson

"Mister President, this clumsy fool tried to plant that
ridiculous camera on me . . . "
                            -- the Soviet ambassador

>From Peter George's treatment of "Dr. Strangelove"

==========================================================
[Because the next article contains a great deal of media
review, it reprints some material from previous issues.]

LOST IN THE MOONLIGHT MAZE

As we approach the end of 1999, dear reader, you cannot help but
notice that secret cyberwars aimed at the Pentagon seem to be
occurring every day. Although the average citizen sees no trace or
serious bad effect from them, they are there, claim our national
security mandarins.

Russian hackers, Chinese hackers, French hackers -- all are
or could be in merciless combat against the electronic forces of
the Pentagon, looting ill-defined precious national secrets from 
under the noses of our guardians.

And the loud trumpet of terror this month continues to be the
Pentagon's Moonlight Maze.

But first, we'll go back a bit in time, to the first quarter
of 1999, to see how it started.

In the first half of March, Deputy Secretary of Defense John
Hamre claimed the United States was in a cyberwar -- under
attack by hackers.

In a story in the March 1 issue of Defense Week, reporters
John Donnelly and Vince Crawley wrote that John Hamre had
revealed to Congressman Curt Weldon the "details" of an
on-going cyberattack.

"We are at war right now. We are in a cyberwar," John Hamre was
said to have claimed. The secret cyberwar was dubbed Moonlight
Maze.

Although information was vague then, as it is now, the activity
which caused the Pentagon reaction was a slow, extended series of
probes seemingly aimed at an Air Force Information Warfare Center
(AFIWC) server in San Antonio, Texas.  AFIWC -- like most
military sites -- is a high profile target for hackers, mostly
because of the continuing publicity surrounding the agency's
efforts in information warfare.

In addition, the alarms appeared very similar in nature to
warning announcements made by SHADOW, a somewhat publicity hungry
Navy computer security operation with a fancy acronym in Dahlgren,
Virginia, in September of 1998. SHADOW's leader at the time,
computer security administrator Stephen Northcutt, has since
been associated with the private sector and appears from time to
time to announce the approach of various Net menaces. (Most
recently Northcutt has appeared as a pitchman for a computer security
company's services in detecting boobytrapped software
allegedly installed by programmers and the enemies of democracy
under the cover of Y2K remediation. -- See Crypt News 56 for full
story.)

All of this information on Moonlight Maze was in the public
domain by the end of the first quarter of 1999.

David Kennedy of the International Computer Security Association
reflected in a memo to Crypt News at the time: "[Some] details
seem to be ignored in all the [current] 'Pentagon Hacks'
reporting:"

"[Detection of an attack] is a function of one's ability to observe.
[The Pentagon] has dramatically improved its ID capabilities and
[it is] now able to observe what was in all likelihood, already
there."

"Finally, for two years running Deputy Secretary Hamre has made
dramatic announcements of the Pentagon being under attack just as
budget submissions are going in," wrote Kennedy.  "Last year it was
Feb 25, 1998 -- three teenagers and 'the most organized and
systematic' attack DoD had seen.

"So far, none of the [mainstream] reports I've seen have considered
the possibility DoD is social engineering the Congress, media and
public to bolster their Fiscal Year 2000 budget request."

(Note: Coincidentally, on October 8 -- a day after the Moonlight Maze
story broke again -- the Pentagon ran a dog-and-pony
show in Norfolk, Virginia, in which a number of DoD bigwigs including
the chairman of the Joint Chiefs of Staff and Secretary of
Defense William Cohen ballyhooed the opening of a new US military
center for "cyberwar" to be headquartered at Colorado Springs.
"To combat the expanding threat of cyberwarfare, the Pentagon
established a new center on Thursday to defend the United States
from hackers and to plot ways to attack an enemy's computer network,"
read one account of it which ran in the New York Times. "In future
wars, U.S. cyberwarriors will try to disable air defense systems,
upset logistics and infect software [with computer viruses] . . .
according to [an anonymous] Pentagon official.")

After a spate of news stories piggybacking on the Defense News
revelations in March of this year, Moonlight Maze died away for
awhile.

Then, in a London Sunday Times piece published on July 25,
Hamre's "we're in a cyberwar" quote was resurrected once again
to ring the bell for "electronic Pearl Harbor" in a story that
implied Russian hackers were stealing US information treasure via
the Internet.

Entitled "Russian Hackers Steal US Weapons Secrets," the
article breathlessly proclaimed: "The intelligence heist, that
could cause damage to America in excess of that
caused by Chinese espionage in nuclear laboratories, involved
computer hacking over the past six months."

However, it was apparent that a significant part of the US 
military devoted to computer security operations was either
ignorant of the Moonlight Maze secret "cyberwar" or not
particularly interested in it.

In an article that ran in Defense Daily, a trade publication,
two days after the London Sunday Times piece, Navy Captain Bob West,
deputy commander of the Pentagon's Joint Task Force on Computer
Network Defense said: "The odds of the U.S. being attacked on
line by a foreign nation state in some kind of cyberwar in
the near future are probably pretty low."

The London Sunday Times story was pumped up by a great deal of
anonymous government and military sources uttering baleful
warnings. It maintained: "Besides military computer systems,
private research and development
institutes have been plundered in the same operation. Such
institutes are reluctant to discuss losses, which experts claim
may amount to hundreds of millions of dollars."

The London Sunday Times wrote that secret documents had been
stolen but that the US military could not determine what was in
them or which ones, precisely, had been stolen -- which
would seem to constitute a somewhat ludicrous contradiction
in terms.

Further, this information -- claimed the Times -- had been
revealed at a private computer security conference by an employee
of the Space and Naval Warfare Systems Command (SPAWAR).

The Times article speculated that either Russia or China could be
behind the "cyberwar" that only the Pentagon can see because:
". . . Russia's relations with America have reached their lowest ebb
since the cold war because of NATO's intervention in Yugoslavia.
Relations with China have also suffered. An offensive in cyberspace
may be their one way of retaliating without getting into a shooting
war."

The London paper also theorized that Russian organized crime might
be behind Moonlight Maze, and that: "China, Libya and Iraq are
developing information warfare capabilities and, according to one
White House official, 'we see well-funded terrorist groups that
also have such capabilities'."

The London Sunday Times piece set a hallmark by which subsequent
stories in the US media on Moonlight Maze could be judged:

That is -- Moonlight Maze stories become recognizable by their
almost complete reliance upon gossip and speculation; their
complete lack of definition in the who, what and where categories;
repetition, and a stupefying preponderance of anonymous sources
from the Pentagon, intelligence agencies, and/or the private
computer security industry speculating or expostulating for
journalists.

Throughout the latter part of the summer, reporters from the
mainstream media contacted Crypt Newsletter about Moonlight Maze.
The story had taken on a life of its own even though there was
a complete lack of substantive evidence to go by. It was clear that
Moonlight Maze was going to enjoy a second lifetime in the news
and, indeed, a media cascade resulted in the second week of October,
mostly built upon a wave of copycat reporting and inconclusive
statements about the affair made in a Congressional hearing that
week.

All of the reporters contacting Crypt Newsletter for background
on Moonlight Maze during the summer shared one common feature.

They were all working from the exact same script. In addition
to being inspired by the London Sunday Times piece, they all said
or wrote that one "anonymous" source in "the Pentagon" was telling
them that "Russian hackers" working off of the "Russian Academy of
Sciences'" Internet domain were "involved."

This being the case, one could not totally rule out the possibility
that someone within, connected to or formerly connected with the
Pentagon or Department of Defense was attempting to pump
this story into the mainstream U.S. media for the usual
"cyber-scare" purposes.

On September 13, Newsweek's Gregory Vistica "We're In The Middle
Of A Cyberwar" rolled out the old quote attributed to Hamre from the
first quarter of the year.

Vistica's article reported nothing new from the London Sunday
Times, but did republish, unattributed, much of its quote, tone and
phraseology.

"Russian hackers may have pulled off what could be the most
damaging breach ever of U.S. computer security . . ." writes
Vistica.

"This was, Pentagon officials [anonymous, of course] say flatly,
'a state-sponsored Russian intelligence effort to get U.S. technology'
-- as  far as is known, the first such attempt ever by Russia," wrote
Newsweek.

In response to the growing media hubbub created by Vistica's
article, Michael Vatis, the head of the National Infrastructure
Protection Center, was questioned about it in a Congressional
subcommittee meeting on technology and terrorism on Wednesday,
October 8.

Articles immediately resulted from the New York Times,
the Los Angeles Times and Reuters. None reported anything that hadn't
been written about from earlier in the year. All repeated the same
nebulous quote. All, to varying degrees, attempted to make the
case that Moonlight Maze had resulted in the loss of _unspecified_
national security treasure to _unspecified_ parties.

On October 6, "Cyber Blitz Traced To Russia, FBI Says,"
was a story issued by Reuters.

"A major effort to pierce U.S. government and private-sector
computer networks seems to have originated in Russia, a top U.S.
law-enforcement officer told Congress Wednesday," wrote Reuters.

In Moonlight Maze, Vatis said intruders had stolen ``unclassified
but still-sensitive information about essentially defense technical
research matters.''

This was a quote, the substance of which would be repeated in
every subsequent story on Moonlight Maze.

``About the furthest I can go is to say the intrusions appear
to originate in Russia,'' Vatis said.

A Pentagon public relations officer "said the Defense Department
knew of no classified information that had been jeopardized in the
Moonlight Maze intrusions."

On October 7, the New York Times checked in with a story entitled
"Computer Intruders Apparently From Russia, Senate Panel Is Told."

"Intruders who stole sensitive information on Defense
Department weapons during a widespread series of attacks on
government and private computer networks are apparently
based in Russia, an FBI official told a Congressional panel . . ."
wrote the New York Times, referring to NIPC's Michael Vatis.

Lost in much of the overheated coverage on Moonlight Maze was
Vatis testimony before Congress that most computer security
breakdowns can be traced to insiders.

"Senator Robert F. Bennett, a Utah Republican who is chairman of
a special Senate committee that is overseeing Year 2000
efforts . . . [said] 'The challenge of information warfare will be
the No. 1 security issue for the next administration," wrote the
Times.

Bennett, wrote the New York Times, proposed an "electronic FEMA"
to combat cyberterror.

This was completely unremarkable. As readers know, stories about
secret cyberwars and hackers plundering our national treasure tend
to be chock full of suggestions for creating new law enforcement or
military agencies designed to protect us from them.

Also on October 7, the Los Angeles Times filed a front page story
written by DC bureau reporter Bob Drogin entitled, "Yearlong Hacker
Attack Nets Sensitive US Data."

The LA Times' story, while lengthy, was par for the course in that it
produced no new information on Moonlight Maze.

It did state, however, that Wednesday marked "the first public
confirmation of Moonlight Maze." This was, as we have read,
flat-out wrong.

The Los Angeles Times article was, however, quite notable for its
annoyingly excessive reliance on the tactic of using anonymous
sources to pass on innuendo, speculation, hypotheses and half-baked
theories on the matter.

Some excerpts:

" . . . circumstantial evidence points heavily toward a
Russia-based intelligence gathering operation, officials said."

"'There are strong indications and it's our belief, that
it's coming from Russia and that it may be a sponsored activity,'
a senior Energy Department official said."

"Another computer security expert called Moonlight Maze 'the
longest-running and most widespread attack we've seen. It's not
been stopped . . . It's not even clear why. But the consequences
are potentially huge."

"One US intelligence veteran, now a Senate staff member,
said that the Internet has created huge new opportunities, as
well as frightening vulnerabilities, for spy agencies around
the world. 'Think of it . . . You can sit anywhere in the world
now and run a spy operation.'"

"A senior White House official said that the evidence so clearly
points to Russia that it almost seems like a deliberate diversion."

"Other intelligence experts argued that skilled hackers hired
by Russian organized crime elements may be probing for commercially
valuable information."

"Some experts suggested that France, a longtime proponent of
economic espionage, may be the ultimate customer. That theory
also remains unproved, however . . . "

Which would seem indisputable.

Crypt Newsletter asks the reader to pose these questions: Why
are all the "sources" on Moonlight Maze anonymous? Why does the
mainstream media persist in giving them a free ride? Why
cannot anyone say what, precisely, has been stolen? Since when
does a theory or hypothesis about unknown "hackers" constitute
evidence of what is happening?

Why can it not be said precisely what national security interests
have been damaged, if this is so serious?

And why has this news story been repeated from March in the year
with no substantial addition of information?

Crypt Newsletter understands the need to employ anonymous sources
when the leaking of sensitive information might endanger the position of
the leaker. It does not understand the continued abuse
of such a tactic when all that is being "leaked" is the equivalent
of watercooler gossip and insubstantial hypotheses.

There has been one doubting Thomas in the media with regard
to Moonlight Maze.

On September 27, 1999, Federal Computer Week published a story on
Moonlight Maze by reporter Dan Verton.

Entitled "Russia hacking stories refuted," the piece stated
flatly, "DOD sources say U.S. military secrets were not
compromised."

**Bias disclosure**: Crypt Newsletter was a quoted source in
this article.

". . . Pentagon officials and security experts refute claims that
the Russian government officially took part in a computer break-in
that reportedly resulted in the theft of sensitive naval codes and
missile-guidance data," wrote FCW.

". . . a DOD spokesperson called recent media coverage of
[Moonlight Maze] 'a combination of outright fabrications, distortions
and incorrect quotations,' adding that military secrets were not
compromised."

One of the anonymous sources peddling the story of Moonlight
Maze through the summer, "who works for a major Internet domain
registration firm, said he found copies of DOD duty rosters, network
maps and photographs of DOD facilities residing on servers belonging
to [the alleged attackers]," wrote FCW.

"As far as the pictures of DOD facilities and other materials that
sources claim to have found on Russian systems, [Crypt Newsletter]
said that type of material can be found in many places on the
Internet."

On October 9, 1999, the Los Angeles Times published yet
another story on Moonlight Maze entitled: "In Theory, Reality,
US Open to Cyber-Attack -- An NSA test exposed vulnerability of
critical computer systems to hackers; Outside assault proved it."

The piece continued the trend of inexplicably poor reporting
on Moonlight Maze by the Times and Bob Drogin.

In paragraph seventeen, buried near the end of the piece, Drogin
writes: "Indeed, the evidence suggests a certain amount of hype and
hysteria have overshadowed the reality of cyberspace."

It was an inadvertently telling choice of words, for in just the
story's second paragraph -- one of the piece's impact points --
Drogin fell prey to the same phenomenon.

Drogin invoked the Pentagon ghost story of Eligible Receiver -- the
secret DoD wargame conducted two years ago which proponents of
"electronic Pearl Harbor" insist demonstrated the nation could be
flattened by cyberattack.

Drogin wrote: "The [Eligible Receiver] hackers broke into networks
that direct 911 emergency systems."

It was a clear and rather extravagant error.

Appearing in June of 1998 to testify before Congress, Ellie
Padgett, deputy chief of the National Security Agency's office of
defensive information warfare spoke of how Eligible Receiver
addressed the alleged vulnerability of the 911 phone system.

In a _simulated_ exercise, Padgett said, "we scripted
(an) Internet message (that) would be sent out to everybody saying
there was a problem with the 911 system, understanding that human
nature would result in people calling the 911 system to see if there
was a problem."

The working idea in this part of Eligible Receiver revolved around
the hypothesis that many people viewing the message on the Internet in
a newsgroup _might_ panic and phone their local 911 trunk, causing a
jam-up on the line.

"It can probably be done, this sort of an attack, by a handful of
folks working together . . ." Padgett said.

This is an extremely far cry from Drogin's assertion that the
911 system was broken into by alleged Eligible Receiver hackers.
In fact, it has nothing at all to do with breaking into a 911
computer system, whatever that might be.

However, it is consistent, thematically, with the flavor of the
mythology propagated on Eligible Receiver and, now, Moonlight Maze.

In fact, during an interview with Crypt Newsletter in the
summer of 1998 concerning Eligible Receiver, a Pentagon spokeswoman
for the affair asserted "no actual switching systems" were broken
into at any time during Eligible Receiver. She went on to say that
Eligible Receiver had only simulated these attacks on NSA computer
networks set up to emulate potential domestic national systems.

Nevertheless, Drogin also wrote in paragraph two of the Times
piece: "In less than three months, the [Eligible Receiver
hackers] secretly penetrated computers that control electrical grids
in Los Angeles, Washington, and other major cities."

The lead claims in the Los Angeles Times article are the framing
points for a larger discussion on how Moonlight Maze has publicly
proved what the Eligible Receiver exercise secretly demonstrated
two years ago, which constitutes another rather extensive leap
in linking the facts that are known about both.

Drogin quoted from counter-terrorist "czar" Richard Clarke:

"An enemy could systematically disrupt banking, transportation,
utilities, finance, government functions and defense."

The Clarke quotes are functionally identical to the same
statements made for Signal magazine in August of this
year when it was suggested that the Freedom of Information Act
could be "modified" as part of a plan to help protect us from
cyberattack. They add nothing to the actual body of knowledge on
Moonlight Maze.

"It's cheaper and easier than building a nuclear weapon," said
Clarke for the LA Times.

Buried in Drogin's piece was comment by John Gilligan who "directs
information technology and information systems at the [Department of
Energy.]"

Gilligan, while talking about hacker attacks, "[also argued] that
the danger is usually overstated," according to the Times.

"To get access to the electricity grid computers, to start to
shut some of the grid, you have to really work at it . . . To do
a Pearl Harbor, you need a lot of inside information."


EVERYDAY A NEW CYBERWAR: One in a continuing series!

While the US mainstream media obsessed about Moonlight
Maze this month -- mostly unnoticed in the write-ups
was this next small item from the Australian Associated
Press.

"Hackers from US military base attack ASX system" was
the title of an Australian news story on October 3 -- about
unnamed "American hackers" who had tried to break into the
Australian Stock Exchange from a U.S. military base.

Crypt Newsletter can't help but smile at the irony of this
situation and it is purely the milk of human kindness that
prevents it from pointing out too strongly that the Australians
just don't seem to have the same knack for assigning catchy
names to "cyberwars" as the US Department of Defense.

"Computer hackers from a United States military installation had
tried to break into the Australian Stock  Exchange's data base, ASX
managing director Richard Humphry revealed [on October 3]," wrote
the Australian wire service.

"[Humphry] said the attempt from the US military installation
'was  trying to break into our site, but had broken into another site
to achieve that objective.'"

"We were able to trace that back to another country, and to an
installation that was associated with military activities and
accordingly we contacted the defence department and asked that
they advise us the likelihood that this country was attempting
some form of attempted break into our database," Humphry said for
AAP.

"[Humphry] said he had received an assurance that there was
no possibility of the attack being an official attempt to breach
the ASX's security arrangements . . . it was understood the attempt
came from an airbase situated in a western US state."

Those who have been closely following the gossip on Moonlight Maze
in the US media can't help but notice the familiarity of the
pattern: US officials accuse unspecified Russian agencies of
attacking its treasured networks in cyberspace; Russians, taken by
surprise, deny it.

Buried in the Australian news was a comment from a spokesperson
at the Australian Stock Exchange that the cyberwar coming from the
US military site occurred in late 1998. Why this would suddenly
be news in the last quarter of 1999 was not immediately made clear.


ELECTRONIC PEARL HARBOR (WELL ALMOST) IN LIEGE between 1:30
and 3:30 quoth the teenage hacker to the journalist.

The spirit of the times dictates that our national leadership
be preoccupied with the whipping up of public concern over what
the future holds in the way of terrorism.

The threat of any attack, by bioweapons, chemical weapons, computer
viruses, hackers, Y2K programmers -- all get their full measure in
a national media discussion that is about as nuanced as a brisk
shot to the head with a tire iron.

It's no surprise then when a climate is created in which a
variety of kooks, crazies and public nuisances can make everyone
jump through the hoop with this modern equivalent of the crying of
"Fire" in a crowded theater. In 1999, the alarm mechanism is,
by definition, the journalist with access to the international
wire services.

"Hacker Threatens To Leave Country In The Dark," for example, was
the headline of an un-byli
ned story issued by Reuters on Wednesday,
Sept. 29.

"A computer hacker has threatened to break into the
computers of Belgian electricity generator Electrabel Wednesday
afternoon and halt the power supply to the entire country,"
proclaimed the news service in 500-word squib that went around
the world.

``Tomorrow I will leave Belgium without power, and that is not so
difficult,'' an _anonymous hacker_ crowed to a Belgian newspaper.

``Wednesday I will get into Electrabel's computers between 1:30
and 3:30 in the afternoon and shut down all the electricity.''

The Belgian electric company, Electrabel, "said it was taking the
threat seriously but felt that the hacker had little chance of
succeeding."

``There is very little chance that Belgium could be without power,''
said a corporate spokesperson.

No national blackout was subsequently reported.

This story prompted a new addition to the Crypt Newsletter
Joseph K Guide to Tech Terminology:

_cyberwar_: a condition in which electronic conflicts, threats and
absurd claims are reported by the media but not experienced by anyone
else. Anonymous teenagers or employees of the Pentagon tend to be
central players.

Usage: After being forbidden to attend a rave in Antwerp by his
mother, the teenage "hacker" went grumpily to his room and declared a
_cyberwar_ on Belgium by sending a menacing electronic mail
to a local reporter.

A Crypt Newsletter No-Prize is promised to the first reader who
spots a reference to a Belgian-hacker-who-turned-off-the-electricity
in any "official" report from a think tank, intelligence agency,
law enforcement organization, national security studies group,
or Congressional staff member.


FROM THE USED CAR SALESMAN ARCHIVES

The conspiratorial idea that Y2K programmers from foreign nations
have used the Millenium Bug problem as a cover for sabotaging
the software in the United States is not unique to this country.
Used car salesmen using it to promote the sale of some electronic
security service or software are a dime-a-dozen. More notably
examples in the news recently have included Sal Viveros and an
assortment of marketing fluglemen from Network Associates;
Constance Fortune -- a marketing fluglewoman at Science Applications
International Corporation and Terrill Maynard of the National
Infrastructure Protection Center. (See Crypt News 56.)

One of the more amusing pitchmen, Matthew Bevan, hails from the
United Kingdom. Here Bevan appears in a "news" article published
by a Net organ called "Network News," an off-shoot of "VNU
Business Publications."

"Millennium hackers plan [London] assault," is the title of
the story which goes on to state, rather generically,
"The millennium date change will be used as a cloak by hackers and
cyber terrorists to mount attacks against corporate networks,
security experts warned [the last week in August.]

"Ex-hacker turned consultant at Tiger Security, Matthew Bevan,
warned that network managers should expect the worst from
opportunist or planned attacks.

"People don't know who Year 2000 contractors are, so how can they
trust their code? There is proof the Mafia was backing hackers
posing as year 2000 programmers," claimed Bevan for "Network News."

Long time Crypt Newsletter readers will recall that Bevan, along
with an associate named Richard Pryce, were hackers indicted in
England on charges related to network intrusions at the US Air
Force's Rome Labs in 1994.

The infamous Rome Labs hacks -- and by extension, Kuji, Bevan's
alias -- became extensive grist for countless reports and
Congressional hearings on the alleged dangers of "electronic
Pearl Harbor" between 1995 and 1997 when they were finally
superseded for more current strawmen.

While the case against Bevan collapsed in Crown Court and was
eventually tossed out, a Manchester Guardian newspaper reported
of the future ever-so-helpful computer security consultant who
warns of Mafia-subverted software:

" . . . Bevan, who was obsessed with the 'X-Files' and the search
for alien spacecraft, and his 16-year-old accomplice, Richard
Pryce, had achieved a notoriety out of all proportion to their
actions . . . those who have studied the detailed evidence in
the case say that [the pair of hackers'] approach was entirely
haphazard and -- so far as Bevan was concerned -- motivated by
the belief that a captured alien spacecraft, held secretly at the
remote Nevada airbase Area 51 was reality."

Accompanying Bevan in the famous-used-car-salesmen-who-would-be
computer-security-consultants sweepstakes is Israeli Ehud
Tenenbaum.

Courtesy of the CIA's Foreign Broadcast Information Service (FBIS),
Tenenbaum appeared in the June 7, 1999, issue of the Tel Aviv
Globes -- shilling for his services as a computer security
consultant.

Tenenbaum became notorious in 1998 when he and two teenagers
from northern California invaded Pentagon computers in an
incident dubbed Solar Sunrise by the Department of Defense.
At the time, Solar Sunrise, like Moonlight Maze, was presented
as a coordinated attack by "Russian hackers."

"Ehud Tenenbaum, known as the 'Analyzer', still awaiting the
commencement of hearings in his trial following the exposure
of his penetration of the Pentagon's computers, is forming a
computer security company," reported the Globes.

" 'Our idea is very innovative, and is based on the hacker's
point of view', Tenenbaum explained to 'Globes.'"

Yes, quite.

"[Tenenbaum] said he will set up an intelligence system to monitor
the modus operandi of hackers the world over, and thus close the
gap existing between security companies and hackers." [Yes,
him and only a hundred or so others at last count, Crypt 
Newsletter wagers.]

"The young [entrepreneur believes] that many organisations will
purchase [his] future product, including NASA and the Pentagon."

So, if Department of Defense theoretically buys off Tenebaum, does
that mean it can negotiate for a rider in the contract stipulating
"the Analyzer" _not_ abuse its networked systems?

-------------------------------------------------------------
Acknowledgments: Electronic clippings courtesy of David Isenberg
and Steven Aftergood to whom the Crypt Newsletter is mighty obliged.
-------------------------------------------------------------
George Smith, Ph.D., edits the Crypt Newsletter from Pasadena,
CA.

copyright 1999 Crypt Newsletter. All rights reserved.