The Battle for Usenet

by Charles A. Gimon

for INFO NATION

The whole world reads Usenet. Or at least, there are people in every corner of the world who read it. From Jakarta to Johannesburg to Jacksonville, Florida, international discussions cover just about any topic, technical or trite.

The remarkable thing about Usenet is that the workings behind the grand discussion rely on text. A Usenet news server organizes a vast river of text into files and directories, usually on a system running unix. Each article has headers that govern where it's filed, where it's sent, whether it's kept, and for how long. These headers are simple lines of text that are read by the news software. And because these headers are text, Usenet news can be shared between almost any sort of computer using just about any operating system.

The problem with text is that anyone can dink around with it. You don't need access to a compiler; for that matter, you don't really need any programming knowledge at all. Text can be searched using simple tools that are packaged with unix. Getting Usenet to do what you want may be as simple as typing in a bogus header on a message.

Of course, the human factor can be manipulated as well as text. Your message can bounce its way around the world, and if you're lucky it might be read by thousands of users. In Usenet, you can try to extend your reach by technology, or by psychology, or like some of Usenet's more infamous personalities over the years, you can use both.

Consider a non-technological way of projecting your presence: the garden-variety chain letter. A former student at Columbia Union College in Takoma Park, Maryland named Dave Rhodes started a chain letter with the title MAKE MONEY FAST in 1988. Copies of that letter are still showing up in Usenet today, along with a gaggle of imitators, all asking for money in a classic Ponzi scheme, where the original scamsters make money as long as the number of suckers keeps growing. When the bubble bursts, the suckers are left high and dry. Yes, it's illegal, yes, it's annoying, and yes, there's no evidence that anyone on the Internet has ever made a dime this way (although you could populate a small town with people who have lost their Internet accounts after trying this). Still, the phenomenon shows how easily Usenet and its residents can be made to do things, and how difficult such an infection can be to wipe out. The persistence of MAKE MONEY FAST has been compared to computer viruses; you can understand how people would call it a "text virus".

One of the first people to use technological slicing and dicing of Usenet to their advantage was James Perry, a user at world.std.com who is much better known under the alias "Kibo". Put simply, Kibo uses the usenet grep utility to search the entire Usenet feed at his site for his adopted name. If a post has the word "Kibo" in it, it falls in his hopper. He can see every post that mentions him, and follow up if he wants to. This technique gave Kibo the flair of a leprechaun; mention his name, and he appears like magic. He's even inspired a new verb: to "kiboze" now means to search your whole Usenet feed for a word or string of characters.

Several Usenet regulars have taken up Kibo's grepping technique to search for articles related to their personal interests, regardless of which Usenet newsgroup the article was posted to. A more disruptive variation showed up in 1992, when a person using the name Hasan Mutlu started following up articles that mentioned Turkey with strange ravings about "Armenian genocide against Turks". The same person would use several names over the next couple of years; the one that stuck was Serdar Argic.

Serdar Argic wouldn't just search for "Turkey", he would use a script that would suck information out of the article containing the word "Turkey" and plug it into a canned response. If the original post was by Bob Smith, the automatic Argic followup would say "Bob Smith refuses to acknowledge the criminal Armenian genocide!..."--regardless of what Bob Smith might have really said. Whatever automatic reply program Argic was using wasn't terribly sophisticated; it would auto-reply to articles about turkey, the bird, as well as about Turkey, the nation. The volume of Argic autoposts always seemed to balloon up around Thanksgiving.

Some Net watchers assumed that Serdar Argic wasn't even a real person. Efforts to pin him down (in order to complain to his site administrator) were tricky, and the bizarre canned responses looked like something a bit of software would do, as opposed to something a human being would do. This didn't stop less seasoned Usenet users from trying to argue with Argic, which just flooded newsgroups with even more noise. By the end of 1993, some newsgroups such as soc.culture.iranian and soc.history were choked with Argic and Argic-related disorder.

In April of 1994, just as the anti-Argic forces were closing in on his (or "its") last Net connection through Uunet, Argic himself mysteriously disappeared, much to the relief of Usenet's history buffs and poultry farmers. By the way, it was the Turkish government in 1918 that waged genocide against the Armenians: Argic's posts had it exactly backwards.

Just as the Serdar Argic controversy was dying down, a more ominous threat to Usenet's integrity appeared. Persons reading their favorite newsgroup found an advertisement that was completely off-topic in most cases: "Green Card Lottery 1994 may be the last one!...", an advertisement for immigration lawyers Lawrence Canter and Martha Siegel of Phoenix, Arizona. Advertisements have traditionally been a no-no on Usenet, and on the Internet in general. The original acceptible use policy of NSFNet and the policies of most universities and providers disallowed them, and since then they've been a breach of generally accepted netiquette as well.

What made this particular advertisement such an abomination was its scope. It wasn't just in one newsgroup--Canter and Siegel had posted it to virtually every newsgroup in Usenet. Science groups, sports groups, sex groups, Star Trek groups, every group from sci.physics to alt.religion.kibology had a copy of the same ad in them. The precedent was set: for only the cost of Internet access, Canter and Siegel had advertised their law practice to hundreds of thousands of people. By using a unix script to post the ad to every group automatically, they had hijacked Usenet for their own purposes. It wasn't illegal, as far as anyone could tell, and at the time there was no mechanism in place to fix the situation. There was nothing to stop anyone else from doing exactly the same thing. Site administrators were predicting a deluge of these opportunistic ads. Some thought that Usenet itself might drown in the noise.

Desperate Usenet defenders tried a variety of counterattacks. The original site in Phoenix that Canter & Siegel had used was overwhelmed with e-mail complaints. The "Green Card Lawyers" bounced from site to site, broadcasting their ad again and again, getting kicked out of sites and quietly getting accounts on other ones by hiding their identity, until finally they set themselves up as their own Internet provider, where they remain to this day. Some enterprising researchers turned up information about the pair being forced to resign from the Florida bar due to "neglect, misrepresentation, misappropriation of client funds and perjury," others tried to get them kicked out of the Tennessee bar. The two turned out to have fairly little computer savvy: a Phoenix programmer was hired by Canter & Siegel to write the mass-posting script (then curtly told to get lost), and they left their directories world-readable on their machines, so that anyone on the Internet could look in on them (a very basic unix oversight).

Meanwhile, the crisis found its way off the Net and into the mainstream media. Canter & Siegel found themselves in newsweeklies and on CNN. Some mainstream media types who knew nothing about the Internet took the Canter & Siegel side of things at face value, and reported it with a straight face. Martha Siegel used her fifteen minutes of fame to lecture the general public about how the Internet should be regulated--adding insult to injury. The pair even got a book published, telling anyone how to flood the Net with ads just as they had, and set up a company (Cybersell), to help people do it--for a fee. Not only were they unwittingly out to destroy Usenet, they were going to make a buck off it in the process.

The solution that stuck was a technological solution to the technical problem of having the same post repeated across 8000 or more newsgroups. Usenet software allows the author of a message to cancel it, if the author has a change of heart. What happens when the author issues a cancel is that a special cancel message is generated--a text message--that copies from site to site around the world, instructing the news server at each site to cancel that one message. By carefully changing the author's name in the headers, you can issue a "forged cancel", and cancel somebody else's messages. Some of this message cancelling had already been used to clean up the Argic mess; with the Canter & Siegel phenomenon, the process became an art. An anonymous user calling himself "Cancelmoose" wrote a script that would automatically send out cancel messages for Canter & Siegel's massive posting waves, effectively erasing them--a "cancelbot". The advertisements were toast within just a couple of hours.

A lot of people have attempted mass advertising on Usenet since them, some of them through Cybersell, some of them copycats, some of them just clueless. The cancelbot technique has been refined and codified, and the general community of Usenet site administrators have come up with unofficial guidelines as to what is mass-posting and what is not. Cancelmoose is on the record that cancels are done no matter what the content of the mass posting; appeals for sick children get the same cancels that ads for "Skinny Dip Thigh Cream" get. The technique seems to work, and even the Green Card Lawyers have had to admit that advertising on Usenet isn't what it used to be.

(The word that this crisis gave the Internet was "spam"--sending out a mass posting to Usenet is called "spamming". The world comes from a Monty Python sketch, or from the mental image of a brick of spam luncheon meat hitting an electric fan and spattering, depending on who you believe.)

While cancelbots are effective, they still have a lingering uncomfortable feature--no matter how good your intentions, you're still cancelling someone else's posts, and engaging in a minor bit of forgery to boot. In the wrong hands, the technique could be used for all sorts of mischief.

The wrong hands turned out to be the Church of Scientology. Scientology as an organization has a long history of using heavy-handed tactics to silence its critics, especially when those critics are former members. Church officials were none too thrilled when the Usenet group alt.religion.scientology started turning into a forum for critics of the Church, some of them skeptics, some of them former members who are now non-believers, some of them former members who still hold to Scientology's tenets but disagree with how the Church is managed.

The legal premise that the Church of Scientology has been using is copyright infringement: post Church documents, and you get threatened with a lawsuit. With zombie-like persistence, the Church hierarchy has pressed this sort of legal harassment against many people who have spoken out against them on Usenet. In February of this year, Scientology attorneys managed to get a court order against former member Dennis Erlich of Glendale, California which, among other things, allowed them to enter his house (along with the Glendale Police) and search his personal computer files. As Erlich himself put it: "This is not happening in cyberspace. This is happening in my house." Lawsuits are still pending against Erlich, and as the legal bills pile up, a defense fund has been established.

Faced with this sort of hounding, many Scientology critics turned to anonymous remailing services in order to get their message out. As a result, Scientology lawyers turned their attention to the remailer operators. Their most chilling manipulation of the legal system occurred on February 18 of this year, when Church attorneys working through Interpol managed to get Helsinki police to serve a warrant on Julf Helsingius, the operator of the popular anon.penet.fi remailer in Finland. The police could have seized his hardware, but Helsingius managed to satisfy them by giving up the one name that they were looking for--the identity of one anonymous user who had been posting criticisms of Scientology to Usenet. In April, Scientology lawyers continued their campaign of harassment by threatening lawsuits against operators of other remailers, notably Homer Wilson Smith, who was running an anonymous remailer at rahul.net. Mr. Smith, in refusing to turn over records from his remailer to Scientology attorney Helena Kobrin, said that the privacy of his users was "sacrosanct". The remailer crisis may have set some disturbing precedents, particularly in how easily law enforcement officials who know nothing about the Internet can be manipulated. For the most part, the remailer operators have stood their ground in spite of the threats, and the remailers are still operating, including anon.penet.fi.

The current conundrum is that Scientology enforcers have taken up the cancelbot technique to silence critics. Cancel messages are entered into Usenet through security holes in poorly-managed news servers. Instead of cancelling messages that threaten to destroy Usenet as a discussion medium, Church of Scientology "clams" as they are now called are sending out forged cancel messages to erase posts that criticize the Church. These forged cancels, unlike those of the Cancelmoose, are done without the consent of the Usenet site that they're posted from--Church "clams" have to sneak through site security to post them. Tracking down the source of these forged cancels has involved Usenet defenders in some serious detective work. As recently as the first week of July of this year, Ron Newman of MIT traced the source of some Scientology forged cancels to University College in Dublin, Ireland.

Cancelbots can be good or evil, depending on who's using them. While Scientology's reputation on the Net among anyone but true-believers has pretty much turned to mud, the people who have worked to defend Usenet's integrity find themselves caught in a bind--how can you criticize cultists for issuing forged cancels when you might be using the technique yourself? One answer may be to define the question as a free speech issue: you cancel people who are posting noise and trying to drown out discussion, you don't cancel people who are expressing themselves. This point of view still doesn't solve the moral dilemma, after all, one man's signal is another man's noise. The question remains open; meanwhile, the Scientology cancelbot wars continue.

There may be opportunities for very creative disrupters to make even bigger messes on Usenet. Earlier this year, someone got through a security hole at Uunet and posted thousands of garbage messages to the groups alt.2600 and alt.current-events.net-abuse. The body of the messages were random lines from a "quote-of-the-day" program, but the headers contained random character sequences--meaning that you couldn't cancel them by searching for a particular string of characters. It took three days before the source was found and the hole plugged. In this case again, the problem was as much a security problem at a particular site as it was a problem specific to Usenet, but with thousands of possible Usenet sites to break into, a persistent noisemaker with enough time and perversity can still drown out a discussion if they want.

The struggle between order and freedom on Usenet continues, and it's still difficult to tell the white hats from the black hats sometimes. Should individual users be able to cancel their own messages, even if that makes forged cancels possible? Should individuals be able to make their own newsgroups, should new newsgroups be voted on, or should the decision rest with site administrators? Just how big does a mass posting have to be before it can be called spam? What is content, and what is static? Meanwhile, Usenet steams along, in spite of the spammers, scamsters and kooks, still giving the individual a worldwide voice in thousands of discussions. The same ease of use and lack of tight control that makes Usenet vulnerable to manipulation has let Usenet survive all its crises so far, and there's every reason to expect that Usenet will survive the next battle fought over it as well. You could even say that the concern so many people show over the future of Usenet shows that its soul is healthy--Green Card Lawyers notwithstanding.

For more information and current updates, try one of these Web addresses:


FAQ-list for news.admin.net-abuse
Ron Newman's chronicle of Scientology activities on the Internet
Canter & Siegel interview with .net magazine in Britain
The very entertaining net.legends FAQ

Charles A. Gimon teaches an Intro to the PC class at the English Learning Center in South Minneapolis. He can be reached at gimonca@skypoint.com or ay778@freenet.carleton.ca.
Back to my net writings.
Back to my home page.