IMPORTANT! (Re: Forged cancels through US Dept of Energy computer?)

[Please forward this information.]

[sci.energy added to newsgroups list since a lot of DOE-people read that newsgroup -- I should know, I worked at LLNL until a month ago! Notice the follow-up discussion newsgroups of a.r.s., news.admin.net-abuse.misc, and news.admin.misc.]

Hello,

Ron Newman posted the following about tracking down the forged cancellations of posts made to alt.religion.scientology, including some that were obviously done in Fair Use to discuss Church of Scientology doctrine and practices. This is a clear case of an attempt to stifle Freedoms of Speech, Expression and Religion on Usenet and the Internet. It may also be electronic wire fraud.

Furthermore, it looks like the forgery was accomplished using the resources of a US-DOE computer, a clear Federal offense, both for misuse of Federal property and for probable Electronic Wire Fraud. Big-time-bad mistake!

If this is shown to be true, then the FBI should now have good reason to get involved, even if the perpetrator(s) decide not to do this mistake again. I urge those here with any FBI contacts to forward this information to the FBI.

And I guess I'll just have to e-mail my computer security friends at LLNL (I have several), who work closely with DOE (particularly since winken at LLNL appears in the path of the forged cancellation message). DOE is *very* sensitive about misuse of their computers, *very* sensitive --> *VERY* sensitive^^2. I hope I made this clear how sensitive DOE is about misuse of their computing resources, especially to propagate the Federal crime of electronic wire fraud, not to mention the stifling of the Freedom of Speech guaranteed by the U.S. Constitution. DOE does not want bad publicity either -- they've been rocked recently by the bad publicity of misuse of their computers, notably the person at LLNL who stored large numbers of pornographic images on an LLNL computer. It was quite an embarrassment and they don't want to repeat that again.

I urge the appropriate organizations within the Church of Scientology (CoS) to issue a statement condemning this illegal action and to support law-enforcement in tracking down the perpetrator(s). Otherwise, many on the Internet are beginning to believe that the illegal forged cancellations are being done with the approval and even the support of CoS. I'm sure CoS doesn't want such rumors to continue to be circulated about the Internet -- these rumors may even end up in court someday. In fact, a refusal by CoS to issue a statement on this is (in my opinion only) a tacit approval of the illegal actions of the perpetrator(s). I'm sure CoS does not want to be viewed in that light.

Jon Noring

(This post also being forwarded to the news media.)

*****************************************************************************

In article rnewman@cybercom.net (Ron Newman) writes:

>It appears that the latest forged cancels have been sent through
>a computer at the headquarters of the U.S. Department of Energy,
>a machine known on BITNET as "doevm" and on Internet as
>VM1.HQADMIN.DOE.GOV .
>
>This machine runs what I'll call a "semi-open" NNTP server. The
>server will accept connections from any machine on the Net, but
>restricts the commands that it accepts. It will not accept ARTICLE
>or POST commands. However, it will accept IHAVE, and that's most
>likely how these cancels got sent.
>
>I suspect that there are many, many systems throughout the Net
>that are configured this way. If we shut down one of these, the
>Cancelbunny is likely to just shift to another. It might be a
>better idea for a friendly system administrator to leave one of
>these systems open, and carefully trace where the forgeries are
>being IHAVE'd from.
>
>Below are the two cancels as seen at MIT, followed by a test forgery that I
>transmitted through this server.
>
>-------------
>Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!news.moneng.mei.com!howland
>.reston.ans.net!news-e1a.megaweb.com!newstf01.news.aol.com!uunet!in1.uu.net!news
>.nyc.pipeline.com!news.intercon.com!udel!uwm.edu!lll-winken.llnl.gov!osi-easr2.e
>s.net!doevm!btnet!peernews.demon.co.uk!odesi.com!noman
>Newsgroups: alt.religion.scientology
>From: noman@odesi.com
>Subject: cmsg cancel
>Control: cancel
>Message-ID:
>Date: 9 Jul 1995 23:09:45 -0400
>Organization: Odesi
>Lines: 2
>
>CANCELLED - COPYRIGHT/TRADE SECRET INFRINGEMENT
>
>--------------
>Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!news.moneng.mei.com!howland
>.reston.ans.net!news.sprintlink.net!uunet!in1.uu.net!panix!news.intercon.com!ude
>l!uwm.edu!lll-winken.llnl.gov!osi-easr2.es.net!doevm!btnet!peernews.demon.co.uk!
>odesi.com!noman
>Newsgroups: alt.religion.scientology
>From: noman@odesi.com
>Subject: cmsg cancel <020350Z10071995@anon.penet.fi>
>Control: cancel <020350Z10071995@anon.penet.fi>
>Message-ID:
>Date: 10 Jul 1995 02:02:19 UTC
>Organization: Odesi
>Lines: 2
>
>CANCELLED - COPYRIGHT/TRADE SECRET INFRINGEMENT
>
>--------------
>Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!news.moneng.mei.com!uwm.edu
>!lll-winken.llnl.gov!osi-east2.es.net!doevm!marcab.com!xenu.org!who.is.this.gov!
>test
>Newsgroups: alt.religion.scientology
>Subject: test of another open NNTP port
>Date: Tue, 11 Jul 95 05:52:12 -0500
>Message-ID:
>From: somebody@clam.org
>Lines: 6
>
>This is a test to see if the open NNTP port on the BITNET
>host "doevm", which is the same as the Internet host
>"VM1.HQADMIN.DOE.GOV", allows me to transmit a forged post
>to alt.religion.scientology via the IHAVE command.
>
>This messages was actually sent by Ron Newman .
>
>----------------
>If you look at the headers on news.uu.net, the Paths appear more similar:
>
>head
>Path: in1.uu.net!news.nyc.pipeline.com!news.intercon.com!udel!uwm.edu!lll-winken
>.llnl.gov!osi-easr2.es.net!doevm!btnet!peernews.demon.co.uk!odesi.com!noman
>Newsgroups: alt.religion.scientology
>From: noman@odesi.com
>Subject: cmsg cancel
>Control: cancel
>Message-ID:
>Date: 9 Jul 1995 23:09:45 -0400
>Organization: Odesi
>Lines: 2
>
>head
>Path: in1.uu.net!panix!news.intercon.com!udel!uwm.edu!lll-winken.llnl.gov!osi-ea
>sr2.es.net!doevm!btnet!peernews.demon.co.uk!odesi.com!noman
>Newsgroups: alt.religion.scientology
>From: noman@odesi.com
>Subject: cmsg cancel <020350Z10071995@anon.penet.fi>
>Control: cancel <020350Z10071995@anon.penet.fi>
>Message-ID:
>Date: 10 Jul 1995 02:02:19 UTC
>Organization: Odesi
>Lines: 2
>
>head
>Path: in1.uu.net!news.moneng.mei.com!uwm.edu!lll-winken.llnl.gov!osi-east2.es.ne
>t!doevm!marcab.com!xenu.org!who.is.this.gov!test
>Newsgroups: alt.religion.scientology
>Subject: test of another open NNTP port
>Date: Tue, 11 Jul 95 05:52:12 -0500
>Message-ID:
>From: somebody@clam.org
>Lines: 6
>
>--
>Ron Newman rnewman@cybercom.net
>Web: http://www.cybercom.net/~rnewman/home.html
-- OmniMedia | The Electronic Bookstore. Come in and browse! Two 9671 S. 1600 West St. | locations: ftp.netcom.com <a href="/pub/Om/OmniMedia/books">/pub/Om/OmniMedia/books</a>South Jordan, UT 84095 | and ftp.awa.com /pub/softlock/pc/products/OmniMedia 801-253-4037 | E-book publishing service follows NWU recommendations.