[Cybertalk logo] Copyright (c) 1995 by Timothy C. Barmann. This article is intended for personal viewing only and may not be re-distributed in any form. Please e-mail link requests.

May 28, 1995

Was that really
the Gov on line?

By Timothy C. Barmann

Was that Governor Almond whizzing by on the information superhighway? Has he really been taking time out between budget meetings to surf the Internet?

A public message posted in the Internet newsgroup called "alt.rhode_island" was signed by none other than "Linc" himself. And the electronic return address was the Rhode Island State House.

(Alt.rhode_island is one of thousands of "newsgroups" found on the Internet. They are discussion groups similar to those on computer bulletin boards.)

Someone in that newsgroup wanted to know if the governor or other state legislators were on-line. That's when this message appeared:

"I've been reading this group with interest over the past two weeks. I guess you can say I've been lurking. All I have to say is keep up the good work and don't be afraid to tell your representatives what you think. - Linc."

The electronic return address on the message was "almond@ri.statehouse.gov."

Mary Thomis, who posted the original query looking for legislator's e- mail addresses, saw the message and tried sending the governor an e-mail message of her own.

But she ran into trouble.

"I tried e-mailing to 'almond@ri.statehouse.gov', and my mail was returned. Is this address incorrect?" she wrote in alt.rhodeisland.

'Lurking' is inside talk

Michael Umbricht also saw the message, but he suspected it was a hoax.

Umbricht, who works with computers as planetarium coordinator for Roger Williams Park, noticed some peculiarities with the e-mail address and the wording of the message.

"You could have at least gotten the domain name right," he wrote in the newsgroup.

What Umbricht was referring to is the part of an Internet e-mail address after the "@" symbol that usually identifies the organization from which the message originated. In the "Almond" e-mail address, the domain is "statehouse.gov."

Umbricht noticed that the domain was different from other Rhode Island state government domains he remembered seeing on the Internet.

Also, Umbricht thought the word "lurking" in the message was a giveaway as well. Lurking in Internet jargon means to read messages in a newsgroup but never to post your own. It seemed unlikely to Umbricht that the governor would be aware of that term.

". ..Pretty hip lingo for the Gov," Umbricht wrote.

In fact, Umbricht was right. The governor didn't send the message, the governor's office confirmed. And the electronic return address on the message isn't real.

How could someone pull off such a prank?

Pretty easily.

Anyone can play

Anyone with a direct Internet connection and readily available software can do it, said Bob Fayne, head of technical support for Intelecom Data Systems, an East Greenwich-based Internet access provider.

If use a "SLIP" or "PPP" account, which allow a home user to connect to the Internet, all you have to do is configure your software with a phony e- mail address, Fayne said, as this hoaxer apparently did.

What's more, a prankster could use a real e-mail address that belongs to someone else. And if it's done right, there would be no way to tell it was a forgery.

An article published in Boardwatch Magazine, a national bulletin board publication, describes how to send e-mail to make it appear as if you were Vice President Al Gore.

It's so easy to do that you don't have to be a programmer, a genius or "even barely awake" to be someone you're not on the Internet, writes Jack Rickard, the author.

"You could alter national politics with a few choice messages from the right people to the right people," Rickard writes. "Or drive Tipper (Gore) into a frenzy."

Rickard, who is editor of Boardwatch, writes that he's not advocating fraud; he's simply pointing out that the Internet is - by design - an open, public network that is easily misused.

". ..Let me set your mind to rest about security on the Internet," he writes. "There IS NO SECURITY ON THE INTERNET and I don't think there can be."

Fayne of IDS said methods of electronic mail delivery in use today on the Internet were established in the 1970s "by scientists to communicate with other scientists."

"(It) was designed before there was a concern for everyone being 100 percent honest," he said.

Tamper-proof e-mail

It is possible to make e-mail tamper-proof. There is software that can attach a "digital signature" to e-mail so the recipient can verify who sent it, Fayne said.

One such program called PGP, which stands for Pretty Good Privacy, is available for free for non-commercial use on the World Wide Web at http://web.mit.edu/network/pgp.html

But these programs are not in common use and they have to be used by both the recipient and the sender.

Fayne said the best way to combat e-mail forgery is to be aware that it exists and to use common sense.

"If you get a message from a friend you've been sending messages to for 30 years, and they have a complete personality switch, don't believe it," he said.

And sometimes the forger leaves behind a trail.

In the "Almond" message, Fayne noticed part of the message called the "path" indicated it originated not from the State House, but from a computer at American University in Washington, D.C.

Jim McIntosh, manager of systems software for American University, confirmed that the message was posted from one of the school's student computer labs. He said the university could trace the student who was logged in at the time the message was sent.

But we may never know who sent the phony message. In similar situations, McIntosh said, students have claimed they had just "forgotten" to log off from their terminals, allowing others to send forged e-mail with their accounts.

While this message was a fake, don't assume all others signed by Governor Almond are - he does plan to go on line. (See related article.) And there are a least three Rhode Island legislators who have real e-mail addresses:

U.S. Senators John Chafee (senator_chafee@chafee.senate.gov) and Claiborne Pell (senator_pell@pell.senate.gov), and Rhode Island Secretary of State James Langevin (secstate@osfn.rhilinet.gov).


9/17/95: Governor Almond is online and has his own areas on Rhode Island Horizons and the Ocean State Free-Net. Click here to read that story.

Computer calendar

A series of technology seminars keyed towards non-profit organizations will be held June 6 at Boston University. Among the seminars: A Boston Computer Society Guide to Getting Good Things Cheap (or Free), Introduction to the Internet for Non-profits, and Opening Doors of Opportunity in the Communications Age.

To get a conference information packet or to register for the seminars which are $20 each, send e-mail to The New England Nonprofit Quarterly at 75271.2626@compuserve.com, or call (508) 226-3664.

Timothy C. Barmann is a Journal-Bulletin staff photographer. His column will run every other Sunday on the Online page. Comments about this column or suggestions for future topics can be sent to him via e-mail at tim@cybertalk.com.