Available to children, adolescents, and adults. Additional services include counseling for families and couples and bilingual services. The center also offers psychological testing to all in need. These are set on a sliding scale based on each individual's financial capabilities. If you're looking for assistance in overcoming obstacles and enhancing personal growth, call the Dr. T.J. McShane Center for Psychological Services at 212-346-1730. Once again, that number is area code 212-346-1730. This has been a public service announcement from WBAI 99.5 FM. This is Jose Santiago, News Director at WBAI. We want to thank all of you who have expressed your condolences over the passing of our Program Director, Samori Marksman. Many of you have offered to make financial contributions to the Marksman family, and we now have set up a way that you can do that. If you want to help, you may do so by bringing or sending your check or money order to WBAI Radio, 120 Wall Street, 10th Floor, New York, New York, 10005. Money orders or checks should be made payable to the Samori Marksman Memorial Trust Fund. That address again, WBAI Radio, 120 Wall Street, 10th Floor, New York, New York, 10005. Make your contribution payable to the Samori Marksman Memorial Trust Fund. Thank you for listening to WBAI. Thank you for your support at this difficult time when we mourn the loss of the guiding light that was Samori Marksman. And you're listening to radio station WBAI in New York. Mark, the time is 8 o'clock. Time for Off the Hook. The telephone keeps ringing, so I ripped it off the wall. I cut myself while shaving, now I can't make a call. It couldn't get much worse, but if they could, they would. Bum diddly bum, but I best expect the worst. I hope that's understood. Bum diddly bum! Bum diddly bum, bum diddly bum! Bum diddly bum, bum diddly bum! Bum diddly bum, bum diddly bum! Bum diddly bum, bum diddly bum! Bum diddly bum, bum diddly bum! Bum diddly bum, bum diddly bum! A good evening to everybody. This is a special show as we're offering support for those people out there who may have been affected in a bad way by someone named Melissa. And if you have been affected by this horrible thing, then we ask you to give us a call so we can talk to you. Straighten you out a little bit. 212-209-2900 is our phone number. We'll be taking calls in just a little bit. Of course, as is the tradition for this program, before we take calls, we usually make calls. A little give and take there, you know. And Isaac's joining us today. How are you doing, Isaac? How are you doing? Pretty good, pretty good. But I don't think you're going to be doing pretty good in a few minutes. I won't? No. Actually, for one thing, your mic is not on because I have the wrong one pushed up. Try again. Oh. That's better, yes. Why aren't I going to feel it? Boy, you're in for a rude awakening. I am. So to say, yeah. You know, I really don't like doing this to people. I really don't. People think I enjoy it. I don't. I don't enjoy, you know, showing people the light and waking them up and saying, this is your life, so to say. You're scaring me now. Good, good, because I have to scare you. We must be scared because we're living in perilous times. We're living in times where our very privacy is a commodity, where we have no security. We have no lives of our own. Everything is out there on display. You know, it might as well be the lights on the Empire State Building. You know, they're there for everybody to see. And you, my friend, you're on public display. I don't know. All right, let's, uh, shall we call up the witness? Oh, let's. All right. That's the sound that should strike fear into your heart. You know what's waiting for you on the other end of this, don't you? Isaac has no idea what I'm talking about. I really don't. Yeah. I just walked in here. It's great. It's great. I like doing this to people, even though I don't really enjoy it, but I do like it. Oh, yeah, I imagine. All right, let's make a phone call here. And those of you who can translate, you'll know what these little tones mean. There we are. Now listen. Listen and learn. If you would like to hear the menu options in English, press 1. Don't you love how they don't even identify themselves? Okay. 1. One step closer to fear. Yeah. If you are a prepaid customer, press 1. They still haven't identified. For billing or time-specific questions, press 2. Okay. To report difficulty using your Sprint PCS app... I recognize them. Now we are pressing 2 for account information. And listen to what they say when you press 2. It's rather humorous. Okay. We were unable to recognize your entry. It's like they're covering their ass or something. For verification, please enter your PCS telephone number, including the area code. Okay, now I'll turn down the volume for this, but for verification, enter your Sprint PCS phone number, which half the world knows your number anyway. Now listen to what I find out. Oh, thanks. Listen to this. Here is information about your most recent bill. Your balance of $198.75 is due on April 30, 1999. You have no payment yet on file. You are at the billing account menu. For the number of minutes used since your last billing cycle, press 1 to make a payment or to make... Let's find out how many minutes you've been using. I would, too, actually. This is very useful. You can find out about anybody. This estimate is for the invoice period beginning on April 3, 1999 and ending on May 2, 1999 and is current as of April 5, 1999. Your primary current service plan includes 400 minutes. You have 398 minutes remaining in your primary current service plan. Your off-peak hours and weekend plan includes 500 minutes. You have 470 minutes remaining in your off-peak hours and weekend plan. Our records may not include calls made or received within the last 24 hours. Please hold to go back to the main menu. Okay, now it gets better. It really does get better. I've got the icing on the cake. If you are a prepaid customer, press 1. For billing or account-specific questions, press 2. To report difficulty using your Sprint PCS phone or service or for help with voicemail, press 3. For all other questions, press 4. I'm going to press 2 again. Here is information about your most recent bill. Okay, they're going to go through all that again, but there's... Once I get through that, I think there's another option I can use. I don't think there's any way to skip this, unfortunately. This is a little frightening. It is frightening, but... They didn't use to tell me the amount of minutes I have. Well, the amazing thing is that we went through this all before. Yes. We've warned these people. Okay. Or to make payment arrangements, press 2. For national consumer pricing information, press 3. To receive a fax of a transfer of account subscription... That's the one. Oh, my. Here we go. Press 4. Oh, my. To request a bank account automated debit form, press 1. That's what I want. If you wish to have your Sprint PCS invoice automatically deducted from a current bank account, you will need to complete and return this authorization form. Please enter your fax number, including the area code. Here we go. You entered a fax number of 5-1-6-4-7-4-6-7-7. If this is correct, press 1. Your fax will be sent within 15 minutes. Okay. You are at the billing account. The good thing about that... Let me just straighten out a couple of things here. I'm not getting authorization to deduct things from your bank account, but I'm getting the form that allows me to do that. I do have to write down some numbers that I don't think I have unless I looked at your phone bill. Some kind of authorization sort of account number, which isn't your phone number. But the interesting thing about this... What do you think happens when I get that fax? There's a little attention form. And that form has your real name on it. I would imagine, yes. And I don't know your real name. So this is an opportunity for me to have faxed to me your real name. Unless I get there first. You can't. You can't. That's far away. By finding out your phone number, I can basically go through everybody's phone number on the Sprint PCS network and get all their names. Run my own little information service. This is frightening. It's very frightening. The number, by the way, for those of you interested in pursuing this service, 1-888-211-4727. Those people out there who are customers of Sprint PCS might be interested in this service. Yeah. And I'm not sure what the number for Sprint PCS themselves is. This is above and beyond the previous only receiving the... Isn't it amazing? ...the amount that I owed. That I expected. I was wondering if you were kind of lost in history there. No. But this was very frightening. In fact, you have scared me. Yes. And thanks to Marco for pointing this one out to me. Wow. So that's something right there. Okay, speaking of incompetence in corporate America, a man is suing his employer over voicemail abuse. That's right. A suburban Chicago man is suing his employer for allegedly failing to adequately secure the company voicemail system even after he complained that someone had hacked into the system and was passing offensive messages about him. I hope that this makes other companies look at their systems and say, gee, could this happen with our company? Gary Thompson, 45, said this Thursday from his home in Wheaton. I would be willing to bet most companies haven't even thought of this. Thompson, who is suing both Juul Food Stores and its parent, Utah-based American Food Stores Company, claims that on five occasions beginning in 1996, someone posing as a private investigator hired by the company left false and defamatory messages in the voicemail boxes of hundreds of American Stores employees nationwide. The messages included claims that he had HIV, was a drug user, cheated on his wife with company secretaries, and stole from the company. I started being treated differently immediately after the first message. Work associates stopped shaking my hand, said Thompson. He was on disability leave after suffering what he described as severe depression in the wake of the voicemail attacks. One day, Thompson found a note on the front seat of his car in which the author said they understood he was dying of AIDS and wanted to know how to apply for his reserved parking space. You know, I'd say there's a very definite relationship between the person that did that and the voicemail and the person who wrote that kind of a note because that kind of thing isn't normally done. At least not out here. I don't know about Illinois. Those kind of things start to build up and get to you, he said. No one could know or understand what it's like to be in my shoes. While the law has begun to adapt to issues of privacy and copyright infringement relating to the internet and email, voicemail has produced a similar set of concerns. As technology advances, people are finding new ways of abusing it. The company, though, insists that it reacted swiftly to Thompson's concerns. We believe the allegations are unfounded, said Karen Ramos, a spokeswoman for Juul. The company took immediate action and appropriate action in response to the unauthorized voicemail messages in question. Thompson's lawyer, Maureen Murphy, said companies are responsible for the systems they offer employees. A little more of the burden has to be placed on the company to ensure security against the magnitude of damage that can be done to people with the stroke of a key. It's amazing. You know, I wish they would tell us exactly what it was that happened. You know, was the password changed repeatedly that the person managed to get in because of some sort of default? You know, we're not getting the full details of this, but it sounds like somebody was negligent someplace, somewhere along the lines. Well, you know what's going to happen, though, right? What's that? They're just not going to offer their employees voicemail anymore. You know, maybe that is the best solution, though, because voicemail is such a pain. It really is. Always getting lost in voicemail. You know, you never get anybody on the phone anymore. It's sad. It's out of control. It's totally out of control. Why are we getting feedback? Anybody have any idea why we're getting feedback? I'm going to turn these phones down a little bit. Okay. That might be a little better. Yeah, well, we have a war going on. We have a war over in Yugoslavia and there's all kinds of sites being hacked as a result of that. NATO has said that Yugoslav hackers had broken into its internet homepage and jammed our email system with 2,000 messages per day. NATO spokesman Jamie Shea said service on NATO's homepage had been erratic to say the least since March 28th, the fifth day of the Alliance's bombing campaign against Yugoslavia. It seems that we have been dealing with some hackers in Belgrade who have hacked into our website, he told a news conference at NATO headquarters in Brussels. At the same time, our email system has also been saturated by one We are dealing with macro viruses from Yugoslavia in our email system. Macro viruses? In our email system? From Yugoslavia? Of course. I wonder what the name of that macro virus is? I don't know. A senior NATO diplomat said it was clear how well organized and prepared Belgrade's offensive was. It ranges all the way from organized ethnic cleansing to messing up our website. All those Serbs. Shea added, let me assure you that despite these technical glitches, you will continue to receive updated operation information from this alliance. hacking ability to send a political message. If Milosevic figures out a way to hack a website, that would make him a hacker. I don't think anyway. Yesterday, actually the day before yesterday, a whole bunch of sites got hacked all over the United States and Canada, including the sites for O'Reilly, Playboy, Sprint.net, The Yellow Pages of Canada, Sony Music.com, Son of Canada, Multimedia, and the Son of Canada, Molson. And you know, that's a big one over there. And they all got hacked with the same basic message, which was that there was another injustice going on in the world of hackers. As you read this, the RCMP, Royal Canadian Mounted Police, NASA, and the FBI are persecuting a man in Sudbury, Ontario, with 99 criminal charges. Just what exactly did he do? Well, he was arrested in 1998. Jason Mewhiney. I'm really sorry if I'm mispronouncing that. Mewhiney? I'm not really sure. It could be Mewhiney for all I know. Let's just call him Jason for now. Jason was arrested by the RCMP for allegedly defacing the NASA webpage www.hq.nasa.gov. This arrest was originally attributed by the press to a three-year investigation by the RCMP and FBI. Nothing could be further from the truth. In actual truth, this arrest was a result of hearsay and informants and all kinds of things like that. They even go up so far as to give the informant's name and phone number, which we're really not going to do here in the air. The hack done at NASA was merely a change to one file in the HTML directory, index.html. Perhaps some of you have heard of it. NASA claims it took over 200 man hours for them to correct this situation. Oh, please. This is exactly the kind of thing that you see. Well, besides the fact that it's government work, this is the kind of exaggeration you see that stretched back to the Craig Neidorf case in 1990, where a document for $79,000 was found for $13,000. Kevin Mitnick accused of $80 million in damage and no itemization whatsoever. You see it over and over again. Every hacker case has all these man hours required to fix things. So, basically, are we to believe, according to the website, are we to believe that it takes 200 hours for a team of NASA employees to reinstall one computer and reinstall the contents of that box from taped backup? And that's even assuming... Why are they installing the entire computer? I'm assuming this is a file. I'm assuming that we're assuming they're as paranoid as they possibly can be and are just reinstalling from scratch the entire site. Okay, I could see that. But from what I understand of this web hack, from what I understand of virtually every web hack I've ever seen, the original site index.html is renamed index2.html or something like that. In many cases, in many cases, there is even a link from the hacked page to the real page. Okay, after you finish reading our little spiel, you want to go on to, you know, molson.com or whatever, go ahead. Click on this key. It works. Anyway, according to this site, these numbers are totally arbitrary. If these numbers are accurate, then it's not so difficult to imagine how a tragedy such as the Challenger explosion could occur. I don't like the correlation. Well, nobody does. But if you're going to, if you're going to be all incompetent and exaggerating and, you know, about man hours and things like that, well, that kind of attitude can spread into all kinds of different things. The friendly neighborhood rocket scientists at NASA are obviously fabricating these numbers in order to get the FBI to pursue Jason. $74,000 to issue a couple of commands and replace the altered page. The calculators at NASA must have the zero key stuck or something. $74,000 perhaps, but $74,000, painful reality is that Jason is obviously a scapegoat for NASA's inability to secure their so-called critical website. And for those of you who may find yourself in such a situation, they also issue the command that can fix things for you. MV index.html.bak index.html return. It's the public service. That took a few man hours to put together, too, so a bill will be in the mail. Here's the thing, though. This showed up all over the place. This showed up on websites, a lot of big websites. Molson.com is pretty big, and certainly Playboy is big. There's a site called Horny Rob. I don't even know what that's about, but that was hacked, too. All with the same message, cgocable.net, and as I mentioned, Sony and Sun and Sprint, cs.purdue.edu, ora.com, barbarastreisand.com. Oh, wow. Just to show that nobody is immune from this kind of thing. And, of course, the Yellow Pages in Canada and O'Reilly, you know, the book people. Now, the funny thing is, at the bottom of the page was a link to none other than 2600's own hacked website, and the original hacked page that started the whole controversy. So if you went down to the bottom and you clicked on the picture of the space shuttle that says Free Mowini, or whatever his name is, it connected to our site. Now, for some reason, all the dimwits who did that thought that that meant that 2600 were the people that hacked the site. So we got all this hate mail from all these people saying that they were wanting to connect to Molson and Sony and how could you do this to us and fix my webpage. You know, fix my webpage. I guess they had it as their homepage or something like that. And, you know, we somehow hacked it to their computer by doing this. This goes to show how out of control the whole net realization is. And here's one of the letters we got. As I verify the status of a client's page today, lo and behold, the index page had been changed and a link to this site provided. I can only say that if you believe it is your right to deface the property of others, then your message has absolutely no value. Happy waste of time. Yeah, it's... Well, joyous absurdity to you too, sir. We've gotten all kinds of things. We got one from Australia saying that hackers should be killed, rot in prison for the rest of your life, that kind of thing. You know, you tend to think that perhaps, just maybe, this is emotionally driven. You know, not really based on logic. You know, I get mail all the time from people who say that hackers are nothing but 2-bit criminals that, you know, are nothing. Okay, fine. Let us be 2-bit criminals. And if we're 2-bit criminals, sentence us like 2-bit criminals. And we'll be out of prison in a couple of months like all the other 2-bit criminals. But instead, we're being sentenced like Timothy McVeigh times 10. So, either we're real threats or we're not real threats. Make up your mind. You know, that's a really good pun. A 2-bit criminal, like 1 and 0. Yeah, I'm glad we're finding humor in tragedy like this. It needs to be found. Yeah. Yes, but in addition, we also had April 1st go by. And that brought with it a lot of sites that really didn't get hacked. That's the other thing. Now everybody is jumping on the bandwagon and pretending to hack their own sites, I guess, to get publicity. That's fine. That's fine for things like Hacker News Network because, you know, it's a hacker organization. Security.pine.nl is another hacker organization that got semi-hacked. But get this, artbell.com. Art Bell, you know, that crazy talk show guy out somewhere in the desert. He got hacked. Supposedly he got hacked, but he didn't really get hacked. It was this whole pro-serve message on there. And then after we put the thing on our webpage saying, hey, this site got hacked, he put something on his webpage saying, hey, we fooled 2,600. Well, you know, great. You know, you could say, you could go into a liquor store with a shotgun that's not loaded and you could fool the guy behind the counter real easy, you know, but it doesn't make it right, all right? It's, you can't tell unless there's something in there saying, hey, this is an April Fool's joke that it's an April Fool's joke. It's just, you didn't fool us. Basically, you just made a fool of yourself. Other sites, though, that didn't get hacked, Kipling, the bag people, the clothing people, the people that already are profiting on the name hacker. With the little Moof Baglet thing. Now, here's the thing. They kept challenging people to break into their website. Oh, nobody can break into us. Do you know we got mail, multiple pieces of mail from people with passwords wanting us to break in? Yeah, yeah. They wanted somebody to break into their site, so they mailed everybody they thought could break into their site. Eventually, somebody did. Now, there's a whole big thing on Kipling.com saying, hey, we were hacked, and, you know, expect to get publicity out of that, I guess. We saw this a few months ago with MTV pretending to be hacked, and most recently, there's a new film coming out, Ten Things I Hate About You. Oh, here's one more thing to hate about this film. If you look at their website, which is, it's on movies.go.com slash ten things. I don't know if that's their official website, but that's where you find all kinds of information about it. Looks like a fake, well, it looks like a real high school newspaper, newsletter, web page kind of a thing, and on it, it says, hackers beware. Last night, more hackers broke into the Padua High website and posted more embarrassing photos. To the immature idiots who keep on doing this, do you think this is funny? Also, the fattest chick in school section is very hurtful. The administration has warned that if this stupid hacking doesn't stop, the website will be closed. So on behalf of all responsible students, please stop. Yeah, you see, they're making a joke out of something, but I bet if they really got hacked, they'd be calling the feds and saying all these man hours were wasted. It's pretty silly. Alright, now to the crux of the matter. We all know what happened this past week. A lot of us were deeply affected by it. Some of us were hit pretty badly. I'm talking about Melissa, of course. Yeah, yeah. Isaac, tell us how badly were you hit? Well, she came right at me. Jeez, I didn't know what was happening. It's also painful. I just can't... Okay, that's enough of that. Porkchop's here. Can we figure out where you are? Yeah, fine. How bad were you hit? Let me tell you. I don't know. I just... Alright, so you weren't hit at all either? No, not at all. I just won't fake it. Okay. It's just... nothing. Carl joins us now. Carl, how bad were you hit? I don't use that Microsoft product. You don't use what Microsoft product? Word. Oh, okay. Well, that brings up an interesting point. This only seems to have affected people who do something rather silly, I guess. Carl, why don't you tell us what silly thing these people had to do in order to be affected by this? I know a lot of people wanted to be affected, but they just didn't have... Well, if you want to be affected, you had to, uh, open a particular document with this, uh, particular Melissa macro virus in it, and, uh, when words started up and warned you that there could be a malicious macro in this particular document, you had to accept, you know, or rather acknowledge that you want to run this particular potentially malicious program. So you had to ignore the warnings? You had to ignore the warnings. That is correct. Uh-huh. And, uh, and submit your machine to the... well, to Melissa to Melissa. All right. Now, now, a macro. Now, let's... just all those people out there that just use Unix and, you know, the various mailers there that may never come across something like this. You're in an office environment, undoubtedly, and mail comes in. Why would you want to execute a macro? What can a macro possibly do that's good? Well, some people believe that, uh, that you can extend the functionality of these various Microsoft products by writing little programs you can shove into your documents, and these programs can more or less, uh, I don't know, automate things. You know, read your, uh, read your... read through your address book list, and, you know... Send out mail to 50 other people. And customize your mail, you know. See, I don't... that's what I don't get. What positive thing could be done here? Well, a number of things. You know, potentially, I guess, in Excel, you could maybe, you know, read in this particular file and do all kinds of fancy stuff and kind of generate an Excel document through these particular macros. Well, they say here... Let me read from a story that came off of Federal Computer Week. Federal agencies last week found themselves doing battle with a wildly proliferating computer virus dubbed Melissa. First of all, is it fair to call this a virus? I've actually questioned that myself. It is and it isn't. Um... All it's doing is sending mail. Well, it really depends how you define virus. Um... You know, some people would define virus as a... as, you know, some kind of program that simply replicates itself and... and distributes itself through your computer or through other people's computers. And other people, you know, would, uh... would call this a little more something of the nature of a worm since it leaves your computer, you know, by means of a network and goes to other ones. It really doesn't make a difference. I guess the... probably the best way to categorize it is a malicious computer program. That's really what it is. But, again, malicious. Malicious to me means destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction and destruction from a from a from a from a destruction from a destruction from a liberation liberation from a destruction from a liberation from a destruction from an keep on hitting OK, but what this program does is that it goes into your registry, or if you have an older version of Word, apparently, it kind of goes to the toolbar and disables it for you. It turns off this warning, so every other time you run any other macro, you will not be asked whether or not you want to run it. What if a previous macro has already done this, has turned off security? Would you not get the warning the first time for this one? Well, yeah, that's true. If you've already been infected by such a thing, or if you deliberately turned that off on your own. Do you think a lot of people have deliberately turned it off on their own? Possibly. We all hate those dialogue boxes, you know? No, yeah, nobody wants to hit return all the time, it's a chore, you know? Well, OK, so basically, you think this guy did us a favor? So you don't think he should serve the full 40 years of prison time that he's being... I think 40 years is kind of excessive. What about the $500,000 fine for all the man-hours? I think $500,000 of the fines is kind of silly, if I may. Yes. What did they arrest him on? Well, that's an interesting thing, because it doesn't... I can't really think of a particular law that he violated here, because the people are willingly and actually complying with a... Well, David L. Smith is the guy's name, he's from New Jersey, he's listening right now. He was arrested Thursday night. He faces charges that include interruption of public communications, I don't know who he's conspiring with, conspiracy with a computer, I guess, and theft of computer service, charges that carry a maximum penalty of 40 years in prison and a $480,000 fine. That's silly. It's very silly. He stole computer... That's insane. No, I mean, you know, the fact of the matter is that, you know, no matter how bad of a warning it is, the word gives you a warning, and that's kind of like, you know, it's kind of the analogy would be your little gun has a message on the end of the barrel saying, you know, if you're looking at this and you pull the trigger, you know, your head will be removed. Let's not have gun analogies anymore, because I think they can be misread. Oh, you want a better one? Yeah. When you install Netscape for the first time, you get that silly little thing called a license, where they basically say, like, you can't reverse engineer this, you can only use it on your personal computer, you can't give it to other people, you can't sell it, blah, blah, blah, blah, blah, and, you know, you just kind of click accept and continue on. Well, guess what? That's legally binding. By clicking that button, you are legally bound by whatever they put in that license agreement. So for instance, if they say, you will give us your first born child, then you click accept mindlessly without scrolling through and actually reading. So by clicking OK to the macro, you're accepting David Smith's. That's the way I foresee. That's the way I perceive it. Well, yeah. I mean, you were warned and you actively chose to run the thing. So well, you know, I think the interesting thing is that the only people affected by this, and I think, Carl, you pointed it out last week, the only people affected were not computer professionals. What would you call the people that were affected? I guess they have a name for themselves, and they're office professionals. Yeah, office professionals. And I think that's why this is being taken so seriously, because all these office people had their work disrupted, because they didn't know enough to disable something that should have been disabled. Well, the thing is, whether or not, I don't know, they didn't call anybody, you know, when they had this strange message pop up on the Mac, it comes up in blue, I think it is. It doesn't make any sense to me. Well, it shows us a lot of things, how easily people can be taken advantage of, I guess. On the matter of disrupting communications, the only reason why such a thing happens is because you have, you know, hundreds of SAPs, you know, accepting this, letting this program run on their computer. I would have done this. I think I would have sent something a little bit more interesting for people to read, but it would have been, you know, if you can take advantage of people's stupidity to get something out to millions of people, you know, why not? Educate them at the same time. Tell them how it works. Tell them how to fix it. Since Microsoft, obviously, isn't too interested in doing it. Now, this only affected, according to this Federal Computer Week, the Melissa Macro virus affected computers running Microsoft Word 97, Word 2000, and Outlook. Yeah. Did it affect Macs at all? I don't think so. I don't think it affected Macs because if you, it has some dependencies on the Windows registry here, and it's not quite clear that there's any equivalent on the Macintosh. Again, if you were affected, we'd like to hear from you. We'd like to offer you some guidance, and we won't make fun of you either. 212-209-2900, or maybe just a little bit. Promise. Yeah. No more than usual. 212-209-2900. We'd just like to hear from people who were affected. If we don't get any calls, then we'll know nobody was affected, but I think there were people out there, and I have yet to talk to a single person who was affected by this in any way whatsoever. Well, we all read the articles. I mean, that wasted our time. Yeah, okay. We were affected by the articles and things like that. The federally funded Computer Emergency Response Team Coordination Center, based at Carnegie Mellon University, issued a public warning to government agencies, to the general public, that the virus managed to infect a broad array of agency systems, including a Navy ship off the coast of Guam. You know, what everyone's ignoring is the fact that to get this, somebody had to read some message on some porn site. Now, that's the other interesting thing. I find it's very interesting that there's so many people in this country who have connections to people who read NetNews porn. Let's clear this up right now. Now, David Smith was not actually accused of mailing this to anybody. He simply posted it on Alt.Sex, and people downloaded it, and then they opened it themselves. Is that right? So, I have a lot of pornhounds who do not heed the warning messages of Microsoft Word. So basically, what it took, it took one person, one lecherous person, to basically connect to Alt.Sex, see a file, take it, run it without thinking what the consequences might be. Then, 50 people that he had contact with... Promiscuity. Basically, there's a lesson here to be learned. That's not bad. It could be a sexually transmitted disease. Definitely. Definitely. You know... It's that kind of a virus. That's something that you should include in a message like that, information on sexually transmitted diseases. It's very educational. I don't think he'd be facing this kind of problem right now if there was something educational in the message. But yeah, 50 people then got the message, and then if they were stupid enough to accept it, then 50 of their people got the message and just kept going on and on. He was held on $100,000 bail. According to his lawyer, who is no longer his lawyer, I understand, he's very upset, scared, and nervous. This has been a horrible ordeal. They went in there as gangbusters, local authorities, state police, the FBI. Ted Bundy, that's what they treated him like. But you know what's interesting? Ted Bundy went in? Ted Bundy. What was interesting is that I think it's clear, even though we're saying this guy didn't do anything really bad, that what he did do is worse than anything Kevin Mitnick has been accused of. Yet, this guy got $100,000 bail. He's out on bail. What's the difference here? It's pretty scary. The computer programmer accused of spreading the Melissa virus over the internet has fired his lawyer. David L. Smith on Monday dismissed Stephen Altman, the Brunswick, New Jersey attorney who has represented the 30-year-old New Jersey resident since his apprehension Thursday night. Altman's law office declined comment while Smith was not immediately available. It's not odd for an attorney not to be named while a new law firm internally looks at the case and makes sure there are no conflicts, says Paul Laurie Kett, spokesman for the New Jersey State Attorney General's office. After arresting Smith in Eatontown, New Jersey, the authorities charged him with interruption of public communications, conspiracy to commit the offense, attempt to commit the offense, third-degree theft of computer service, 40 years in prison, $480,000 fine. Starting out in an infected file called List.doc, posted in the Alt.sex news group, Melissa quickly spread whenever a user received and opened the infected file. To spread itself, the virus peered into the address book of PCs running the Microsoft Outlook email client and sent an email to the top 50 entries. After the virus began circulating last week, it hit more than 300 companies and affected more than 100,000 computers, shutting down email for hours at a time. This is the fastest proliferation of a virus to date, said Bill Pollack, spokesman for CERT. The FBI and New Jersey law officials hope to translate the widespread infection of the virus into a hefty sentence for the alleged writer, despite the fact that it did little actual damage. What services do they claim this guy actually stole or defrauded? Man hours. I mean, I think that's what it's all about. Well, didn't you just state he's accused of theft of computer services? Third-degree theft of computer service. I don't know what that means. Probably just clogging send mail. Yeah, it could be something as simple as that. That's silly. It's very silly. Let's take some phone calls. 212-209-2900. Good evening. Hello? Yes, were you affected by Melissa? I was affected by Melissa. Okay. Tell us what happened to you. I didn't receive it, and I felt very left out. Okay. Yeah. I guess we can all bond on that one. Do you know anybody who did receive it? Pardon me? Do you know anybody who did receive it? Actually, I don't know even one person. I guess if they received it, I would have received it as well. Well, most people who know what they're doing with computers, I think, know enough not to accept something like that. And most of us read our mail straight in our systems anyway, in Unix or something like that. Yeah, exactly. So it's not going to affect us. That's the thing. I don't want to get a hype over it, because it's not the first time there was a macro virus. Uh-huh. There's been several, I think. What do you think should happen to this guy? Oh, nothing. I don't know. Maybe a fine. Slap on the wrist. Uh-huh. Not much, really. I mean, he's just playing around. Okay. He didn't really affect anything that costed anyone any money, I don't think. Well, I agree with that. Anyways, we got about, I think, 30 to 40 listeners on MP3 this week. Uh-huh. This is Anakin. Okay, great. Okay. Thanks for calling. Bye. Take care. 212-209-2900 is our phone number. Good evening. You're on the air. Hi, Emmanuel. Were you affected by Melissa? No, I wasn't, actually. I was not. I didn't think you were. Okay, let's move on to the next call. Good evening. You're on the air. Okay. Hi, Emmanuel. Hi. How are you doing? You know, they're all starting to sound the same. Good evening. You're on the air. Hello? Yes, go ahead. Hi. Who's this? All right. Maybe I'm going to go back to Rebel. Good evening. You're on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. I'm on the air. The other thing that I wanted to mention was, I don't know exactly how true this is, but if you watch the local news reports, at least in this area, I'm in New Jersey as well, they said that the way the state police found him was through some quote-unquote old-fashioned phone tracing, and to my understanding, I know some people who have worked at AOL doing like consulting work and setting up equipment for them, that they actually went to the expense of getting caller ID boxes on all their pops so that they log all incoming call numbers. And so actually, the New Jersey State Police didn't have to do much phone tracing at all. If this guy didn't have the wherewithal to dial star 67, then there was no tracing needed. They pretty much had him. Well, you know, even if you do dial star 67, there are ways around that, and if you're inside the phone company, you can still find out the number. Oh, that's true. I mean, I remember you saying a very long time ago about Sprint PCS switches passing caller ID information. Actually it was OmniPoint doing that. Oh, OmniPoint. Okay. So even if you dialed star 67, your caller ID information would still be passed on to the phone because of the fact that the switch always passes it on. It always gets passed on to the end switch. It's just whether or not the switch also knows that you dialed star 67 to just mask it to the ultimate caller, but it does get passed regardless. But what I'm saying is if he didn't dial star 67, they didn't even have to trace him. They pretty much, all they had to do was look at the time, since the account was already flagged, they just had to look at the time that this account was accessed and then see what pop it was from and then just check their logs to see whether or not the guy didn't use star 67. And if he didn't, then they didn't even have to trace him. Surprisingly easy. Now, I'm amazed the guy didn't do it from a web cafe or something like that. So remember kids, your acoustic coupler is your friend. Not that I'm advocating that kind of a thing, but it goes to show how easy it is to trace somebody. And on top of that, there's yet another way he could have been traced. I understand he wasn't actually traced this way, but something known as a G-I-U-D, is it? GUID. GUID, I'm sorry. Oh yeah, I heard about that as well. The fact that the Microsoft Word takes this unique GUID primarily from your MAC address on your NIC card if you have one. Actually after this, I looked through the Visual Studio CDs because someone gave me a piece of email regarding this. And there's this small program in the Visual Studio CDs called GUID Viewer. And you can open up a document and it worked for every kind of Word, I mean, Office document except Access databases, for me at least. And it's amazing the amount of information on there that's like semi-encrypted. If you look at, open up a Word, I mean, I don't want to use the word encryption because that would be too strong for any Microsoft product, but they have your registered name, your CD key, and everything except the first four alphanumeric digits of your MAC address in every single document that you create. Well, the GUID is actually part of Microsoft's amazing little component object model, where basically it's happy little programs drop this 128-bit string at the end of each one of your documents, which, yes, contains part of your MAC address. If you don't have anything in a card, it'll use the last made-up PPP address for if you dial into a provider. And what's the reasoning behind doing this? The reasoning behind doing this, well, Microsoft claims it's a bug, which kind of makes sense because it saves it in the document and it shouldn't be there. And they claim it's a bug. Many people have more devious theories that you can actually track this kind of thing around and that Microsoft maintains a database for all this stuff, whatever else. If you're interested in knowing more about GUID, you can visit a website, thank you Bobcat for this, repository.sumsoft.com slash html slash victorlimadeltabravo97.htm, that's VLDB. This sounds... It's entirely unexciting, but... Well, this sounds sort of similar to what people were talking about with Pentium 3. Is there any kind of similarity between that? The GUID, actually, when you have to have a net-borne code, it becomes kind of important to give these objects, you know, if you're instantiating an object, it becomes kind of useful to give it some information about where it comes from to distinguish it. So while this may be considered a violation of privacy, it actually does have a legitimate use, although putting this kind of information to use for security or other tracking people is kind of, you know, immoral, but it does have a use for you to identify machines uniquely. And the reality is just a MAC address is not good enough, because some networking protocols actually rely on having a single machine have the same MAC address for each one of the interfaces, just like the NS protocols and possibly IPX as well, because that descends from NS. The Pentium 3 has that, as you're probably trying to allude to, that feature that has a serial number on the chip. People have been making a lot of fuss about this, but the reality is for over 10, possibly 15, maybe even 20 years, machines have had unique identifiers on them at any Sun workstation. If you boot the machine, you see the host ID. Likewise, I believe all the Power PCs have been serialized, at least it was told many years ago that that was going to happen. The Pentium 3, I suppose, also has this, but this really isn't too much to be worried about, because the reality is that you control the machine where this number comes from. So just like on a Sun where you can change your host ID if you want to, you know, use someone else's software or license another machine. Cough, cough. But the average user is not going to know how to do this. Yeah, the average user isn't going to do this, but the other thing to keep in mind is that it would be far too expensive for Intel to change their masks for each one of the CPUs they fabricate, so each they have a genuinely unique ID. These unique identifiers are probably stored in the same place the rest of the Pentium microcode is stored, so it would be easy enough for those who are concerned to change it. Okay, thanks for the call. We're going to move on to another caller. Good evening. You're on the air. Hey, how you doing? Okay, how are you? Well, I'll tell you, the first thing about GUID that's very interesting is that Microsoft brilliantly considers just about everything you produce inside their office software to be an object, a com object. So this GUID identifies a macro when you create a macro as an object, and it's actually only statistically unique. It's not really unique. It's only statistically unique, whatever that's supposed to mean. I think it's very interesting, all these things are happening, and you had like the Alvin Tofflers of the world 40 or 50 years ago saying, you know, if this automation thing keeps going and everybody gets hooked in, this type of thing is bound to happen. And I think as about five years ago, working down on Wall Street, I remember hearing from the cracks in the walls of people saying, oh, don't use, by the way, it's not VBScript, but VBA, Visual Basic for Applications, and that's the whole Microsoft visual basic apparatus for manipulating objects inside the office mechanism. But there were buzzings about this, I remember, before the other macro viruses that came out that it was not a safe way of operating, and then when you can transmit this stuff off the net and have people download it and do that, I mean, of course, anyone with a grain of sense that would see list.docs up on a porn Usenet site and downloads it and runs it, I think they deserve what they get, and as much as I hate to say it, I think the guy should be punished for stealing the AOL account. Anything else? Just that? I guess that's it. Okay. Okay. Well, he said his piece and he left, but that is the only crime I can see. Another thing to keep in mind about unwanted data is that Microsoft used a technique called checkpointing to save their documents, which means instead of saving the documents in a structured manner, it kind of identifies which pages in memory have this document and stores it to the disk. So in theory, it can grab all kinds of esoteric information, which happened to be kind of in the general locality of that document. That sounds like the old Prodigy thing a few years ago. One thing it's allowed you to do is if you erase some text and it does its fast save, which is its checkpointing, somebody who just opens this file, a binary editor, can see all this text you erased and really didn't want to send it. So if you start your message out like, I hate you, I hate you, and erased it realizing that's probably a little too, you know, offensive, and that'll get stored in that document, you know, in many cases. A lot of people don't realize the evil things computers can do. Even worse than GUI do. Good evening. You're on the air. Yeah. Hello. I'm calling about your encryption. My encryption? No. Well, actually, Isaac was talking about encryption at the 2600 meeting. I was. Are we encrypting our meetings now? Well, we found Melissa at the meeting, though. We found Melissa? We found Melissa. Melissa is the stripper in Florida that the virus was allegedly named after. We're trying to track her down. Yeah. Within 15 minutes, we managed to track her down at the 2600 meeting and got very bored with it. I don't know if that's really her. We'll try calling again. Yeah. Yeah. I was trying to find out a website that you can learn more about cellular encryption at. Cellular encryption? Yeah. Because you were talking about how you could break it. You were talking about how you can break cellular encryption? Yeah. Aren't I evil? Well, you certainly are. Yeah. That's what I talked about at the 2600 meeting. And to tell you the truth, I don't have a site offhand. If you email me, I can send you some stuff, either that or I'll put some stuff on my website at ctech.org. But other than that, I don't really have anything offhand. You know any password sites? Password sites? Yeah. What kind of passwords? The obvious ones, like for pay and other things. Well, let's see. There's God. There's... Hold on. Let me go back to my hacker's script here. Yeah. Sex, I think, is one of them. Sex, money, power, God, and something else. Yeah. Yeah. Okay. Good luck with that. All right. Let's take one more phone call, then we're out of here. Good evening. You're on the air. Hello? Yeah. Speak up, please. Yeah. Hi. This is Password Matrix. How are you doing? Okay. Were you affected by Melissa? Well, yes, I was. You were? Yeah. Melissa and... Wow. ...and my principal announced it over the PA speaker, and it was a real big hype, and all the students were talking about how their computers were all infected by the Melissa virus afterwards. I bet none of the students got it. I bet none of the students got it. Seven AOL counts. I bet none of the students got it. Only the teachers and the principals got it, I'll bet. Well, I got a lot of students that got it, actually, a lot of my friends. Really? Mm-hmm. And what kind of systems were they using? They were using this at school? No, they were using their... all their home AOL accounts were getting it. Really? Yeah. I'm beginning to see where this epidemic was localized now. Yeah. Mm-hmm. Yeah. AOL schools, offices, things like that? Mm-hmm. That's... Well, okay, so now, as somebody who was sort of affected by this, what do you think should happen to this guy? Oh, I think he should just be, you know, let free. He didn't really do anything bad, really. But you saw yourself, you saw the turmoil, the tragedy, the heartbreak, and even after seeing that, you say this guy shouldn't be held in prison or fined half a million dollars or anything like that? Well, I suppose he should be fined, but all he really... he really just wrote something. I don't think it should be... I don't think any of that type of stuff should be punished, even though most people think I'm totally wrong, but it's just like he just wrote something. It's not his fault that it's all over the web, and it shouldn't be illegal just to write something and put it up for people to use. Yeah, that's a good point. How's the recovery process going over there? Is everybody sort of pulling together? Nobody really know what it did. The study hall teacher was there when they made the PA announcement, and I was like, well, does it send email? He's like, no, it totally like formats your C drive and everything. Yeah, yeah, misinformation, that's the first symptom here. Hey, thanks for calling and for letting us know. Isaac, closing remark. I just recalled a reasonably good website for this kind of stuff that the previous caller was talking about. Okay. www.jya.com. It's called the Cryptome. They log articles from every day related to cryptography, cryptology, and all that super happy, fun stuff. All right, great. Have a good night. Thanks, Isaac, for coming in. Thanks, Portchop, for stopping by. Thanks, Carl, for coming in. And thanks to everybody out there for calling in as well and talking about the Melissa virus. Hopefully, we've learned something from this. We'll be following this case, see what they do to this guy, and of course, we'll be updating you on future cases and past cases too as we continue to follow Kevin Mitnick's saga. Until next week, Manuel Goldstein for Off The Hook. Good night. The telephone keeps ringing, so I ripped it off the wall. I cut myself while shaving. Now, I can't make a call. It couldn't get much worse. But if they could, they would. For Billy Bond, for the best. Expect the worst. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood. I hope that's understood.