**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.17 (June 21, 1990) ** ** SPECIAL ISSUE: JUDGE BUA'S OPINION ON MOTION TO DISMISS ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- File 1: Moderators' Comments File 2: From the Mailbag (6 items) File 3: Info World article and response (Mike Godwin) File 4: LoD and the Secret Service (Mike Godwin) File 5: California Law Targets Info Possession as Felonious?? File 6: Hackers in the News (reprint by Adam Gaffin) -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.17 / File 1 of 6 *** *************************************************************** ---------- FTP ---------- The FTP site seems to be working well. The directories are not obvious, but if you send us a note, we can provide the directory chart and info on how to access files if you're having problems. ------------- PHRACK 31 ------------- We have received several questions about PHRACK 31 from people wondering what the connection is between the resurrected issue and previous issues. The lastest issue **IS IN NO WAY RELATED TO THE PREVIOUS!** The former editors had no connection with the current editors and they are not in any way associated with it. Some feel that the new editors should have changed the name or taken a stronger editorial position, and feel the content is not what would have appeared in previous issues. However, others have argued that they find the issues informative and feel it is important to continue the tradition as a way of maintaining a sense of community among the CU. We invite responses on both side. ------------- MAILING LIST ------------- If you have sent us mail but have not received a reply, it means that we cannot get through to your address and the "reply" command doesn't respond to the "From:" line. Just send us another note with several addresses that we can experiment with, and we'll try again. ------------- STUFF TO READ ------------- John Perry Barlow has written the best summary and analysis of recent events that we have read. It's titled "Crime and Puzzlement," and we encourage everybody to read it. We also recommend Dorothy Denning's work as well. She has not yet given us permission to circulate it, but if you're interested, we will send your requests directly to her. ------------- ERRATTA ------------- LEN ROSE: In CuD 1.14, a contributor identified Len Rose as being from New Jersey. The case is in fact in Baltimore. TAP: A reader reminded us that the current TAP, available for the price of a stamp, is not a direct offspring of the original. PHRACK: A typo listed Phrack as originating in 1986. It first appeared in November 1985. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.17 / File 2 of 6 / From the Mailbag *** *************************************************************** ---------------- The following was forwarded from Telecom Digest ---------------- Date: Wed, 13 Jun 90 11:03:34 CDT From: Doug Barnes Message-Id: <9006131603.AA00208@chaos.austin.ibm.com> To: @auschs.uucp:ibmchs!cs.utexas.edu!eecs.nwu.edu!telecom Although I have not been directly affected by this operation, it has loomed very large in my life. I'm an Austin, TX resident, I know many of the principals who *have* been directly affected, and I've experienced first-hand some of the chilling effects that the operation has had on freedom of expression and freedom of association among the usenet and bbs communities here in Austin. First of all, some simple math will tell you that if evidence was seized in 26 places, only a handfull of the seizures have been publicized. In two cases of people I know personally, there was no direct participation with the LoD, equipment was seized, and the equipment owners sufficiently terrified by the prospect of further victimization that they have avoided publicity. Let's face it; even if over $30,000 of equipment has been seized from someone, that's peanuts compared to court costs and possible career-damaging publicity from being connected to this mess. The next layer of damage is to operators of systems even less involved, but who want to avoid having their house broken into, their equipment seized, and their reputation besmirched. (If the SS has come to call, then surely you're guilty of *something*, right?) The solution? Restrict or eliminate public access to your system. And give me a break, Mr. Townson; if a system has any reasonable volume and the administrator has any sort of a life, then that administrator is not going to be reading people's personal mail. It's semi-reasonable to expect some monitoring of public areas, but not on a prior review basis... Then there's the hard-to-quantify suspicion that brews; if being associated with "crackers" can lead to that early morning knock, (even if that association has nothing to do with cracking, say, an employer-employee relationship), then how does that square with freedom of association? Does the operator of a usenet feed have to run an extensive security check on anyone who calls for news? How about the operator of a computer store who hires a salesman? Do any of these people deserve to have their computers, their disks, their manuals, their modems seized because they have "been associated with" a "known" cracker? Although the crackdown has not been as bad as it could have been, allowing the SS to get away with it would set a most unfortunate precedent. Douglas Barnes =========================================================================== Date: Thu, 14 Jun 90 17:08 EDT From: Stephen Tihor Subject: Outreach..advice sought To: tk0jut2 My university already has one summer program for bright high school students but I am looking to see what we can and should do to provide a legitimate opertunity for youngsters who might become crackers to learn and to help socialize their urges to explore and expand their world view without attracting electronic vandals. Although the computer center is receptive to student initiated projects and requests for talks or training on any subject few students take advantage of our offers. Some of our efforts (such as universal email only accounts on request) have been thwarted by the central administration concerns about the potentially hugh costs of the project. We have been proceding more slowly to demonstrate that most members of the university community don't care yet. I am interested in ideas with low $ and personel costs and which will avoid triggering more vandalism or even unguided explorations. Innocent mistakes made by users "sharing resources" have been almost as much trouble as the vandals so we can not simply take the Stallman approach and remove all passwords from the university. =========================================================================== Date: Thu, 14 Jun 90 11:54:57 EDT From: mis@seiden.com(Mark Seiden) re CuD 1.14: <5. What happens, as occasionally does, if an attorney asks the moderators Subject: the Jolnet/Sun Devil story Date: 21 Jun 90 15:04:13 GMT I have a reporter friend who wants to do a story on the Jolnet/Sun Devil situation. Is there anyone out there who has first hand experience. She doesn't need friend of a friend rumours but hard physical contact. Guns in faces of 12 year olds makes great copy. thanks ============================================================================= Pat @ grebyn.com | If the human mind was simple enough to understand, 301-948-8142 | We'd be too simple to understand it. -Emerson Pugh =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.17 / File 3 of 6 / Info World - LoD *** *************************************************************** Newsgroups: news.admin,alt.bbs Subject: Re: Legion of Doom/Secret Service Reply-To: mnemonic@vondrake.cc.utexas.edu.UUCP (Mike Godwin) Organization: The University of Texas at Austin, Austin, Texas In article <564@techbook.com> jamesd@techbook.com (James Deibele) writes: >Interesting paragraph in this week's InfoWorld. In "Notes from the Field," >Robert X. Cringely's column, he writes: > >"Back in February, when AT&T long distance service went down for most of a day, >the company blamed it on a software bug, but it was really a worm --- sabotage >by hackers loosely associated as the Legion of Doom. Members also lifted UNIX >System V.3 source code from Bell Labs and 911 maintenance code from Bellsouth. >But it was disruption of telephone service that got the Secret Service >involved. Many Unix nodes on the anarchic Usenet crabgrass network were seized >by zealous agents tracking down mailing lists." I doubt Cringely is correct about the connection between the AT&T crash and the Legion of Doom prosecutions: 1) The indictments don't mention any connection or criminal liability relating to the AT&T crash. 2) The indictments DO list only counts of wire fraud and interstate transportation of stolen property. (The major "theft" was of an E911 "help" file; the major "fraud" seems to have been that the hackers used pseudonyms--e.g., "Knight Lightning"--and that they concealed the evidence of their logons on remote systems.) 3) None of the so-called "stolen property" (there are legal reasons to question the feds' expansive definition of stolen property here) seems to have been source code. 4) The Secret Service has been apparently been involved in the LoD investigation since long before the AT&T crash. Since the feds are constitutionally required to inform Neidorff and Riggs (the LoD defendants) of the charges against them, the indictment is pretty much of a map of the way the case is going to go--the prosecutors can't surprise the defendants later by saying, "Oh, yes, we're REALLY prosecuting you for the AT&T crash.) If they had any reason to believe that the LoD was involved in such a highly publicized failure of an LD system, it is practically a sure thing that it would have been mentioned in the indictment. Not to mention the press releases that accompanied the issuing of the indictments. There do seem to be a few genuine facts in Cringely's paragraph; e.g., that Usenet is anarchic. --Mike ------------------------------------- MODERATOR'S RESPONSE: We attempted to contact Mr. Cringely, a pseudonym, at Infoworld (415-328-4602). Mr. Cringely was not in, but he did return our call later (but we were not in). We will try to contact him again and print his response. One source who has contacted him indicated that Infoworld has received many calls objecting to the article. Our own information is that Mr. Cringely stands by his sources, but that Infoworld may do a follow-up NEWS story. The unidentified person with whom we spoke said that the purpose of the rumors column was to allow "insiders" to speak without fear of reprisal. But, as Mike Godwin indicates above, there are so many demonstrable factual errors in the story that one wonders whether the editors condone what appears to be fabrication, especially when cynical prosecutors seem willing to grasp any innuendo in order to discredit the CU. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.17 / File 4 of 6 / LoD and SS *** *************************************************************** To: TK0JUT2%NIU.BITNET@cunyvm.cuny.edu From: mnemonic@walt.cc.utexas.edu (Mike Godwin) Subject: Re: Legion of Doom/Secret Service Date: 22 Jun 90 04:39:54 GMT References: <1990Jun21.075439.23016@hayes.fai.alaska.edu> <14050@nsc.nsc.com> In article <14050@nsc.nsc.com> ken@nsc.nsc.com (Kenneth Trant) writes: > In reading all the postings regarding the Secret Service, LoD, & the >C/Hackers I find (maybe in my own mind :-) ) that everyone is jumping to >the defense of the defendants, who it appears have admitted to entering >systems without the permission of the Sysadm's. People seem to always side >against the gov't in favor of the individuals in these types of cases, >unless of course it was they who were the victims. I for one believe that >if they illegally entered another computer, whether to just poke around or >to gather information or material, they deserve to lose all their equipment >and serve some jail time. If they have some much time on their hands to >crack systems let them do community service. Someone mentioned that they >had a hard time believing the estimated amount of the "stolen property", >who cares?. They broke in, they stole, they should lose their equipment and >go to jail. Kenneth, it seems to me that the points you raise here are based on the assumption that we're all REFLEXIVELY anti-government. I for one am not. But if you study how the law is being used in cases like these, you cannot help but worry about the implications such use has for the expansion of government power. First, consider the issue of whether the property was really "stolen." The law defines property interests and stolen property in several ways. These definitions include: 1) whether the rightful owner was deprived of its use (not true in this case), 2) whether (in the case of information), the thief *used* the information himself rather than merely *possessing* it (not true in this case), and 3) whether the thief had some kind of fiduciary duty to the rightful owner (not true in this case). The broad definition of property used by the federal prosecutors here could just as easily be applied to a whistleblower who photocopies government documents and takes them to the press. Second, consider the degree of punishment. Neidorf and Riggs currently must defend themselves against an 11-count indictment. Eight of the counts are for wire fraud, which carries a maximum penalty of $1000 and five years' prison time *per count*. The other three are for interstate transportation of stolen property, with a maximum of $10,000 in fines and 10 years in prison *per count*. Third, consider the breadth of definition in the feds' use of the term "fraud" in the wire-fraud counts: Apparently, the "fraud" in the Legion of Doom prosecutions was nothing more than 1) the defendants' use of handles (common-place in the BBS world, as you should know), and 2) their alleged erasure of evidence that they had ever entered the computers in question. This is a *very broad* application of the crime of wire fraud. Fourth, consider that the original indictment tacked on an 18 USC 1030 charge, which gave the Secret Service jurisdiction along with the FBI. Even though the charge was dropped in the amended indictment (that particular statute requires a federally owned computer or a "Federal interest computer" for jurisdictional purposes), its initial presence justified expanded involvement of the Secret Service in domestic law enforcement. Me, I have no objection to criminalizing unauthorized access to other people's computers. But I object to prosecution of this scale against defendants of this sort, for much the same reason I oppose prosecuting joyriders for grand theft auto. --Mike Mike Godwin, UT Law School |"No interest is good unless it must vest, =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.17 / File 5 of 6 / California Law *** *************************************************************** It appears that under California's recent amendments to Sections 502 and 502.7 of the Penal Code, discussion of certain types of knowledge can be felonious. Although we do not have the final statute (could somebody send us a copy to TK0JUT2@NIU?), the final "mock ups" are ominous. Most of the amended legislation is legitimately aimed at such crimes as theft, malicious data damage, and other acts to which we all object. However, tucked within the proposed statute is language that seems sufficiently vague and ambiguous to warrant concern. A few passages in particular caught our eye. Upper case indicates emphasis that we have added. Sec. 6, 502.7 (a) specifies: "Any person who, knowingly, willfully, and with intent to defraud a person providing telephone or telegraph service, avoids or attempts to avoid, OR AIDS ABETS OR CAUSES ANOTHER TO AVOID the lawful charge, in whole or in part, for telephone or telegraph service by any of the following means is guilty of a misdemeanor or a felony, as provided in subdivision (f):" Most of the provisions seem reasonable. One, however, strikes us as potentially dangerous. 502.7 (a)(5)(b) states: "Any person who MAKES, POSSESSES, SELLS, GIVES, OR OTHERWISE TRANSFERS TO ANOTHER, OR OFFERS OR ADVERTISES ANY INSTRUMENT, APPARATUS, OR DEVICE WITH INTENT TO USE IT or with knowledge or reason to believe it is intended to be used to avoid any lawful telephone or telegraph toll charge or to conceal the existence or place of origin of destination of any telephone or telegraph message; or (2) sells, gives, or otherwise transfers to another, or advertises plans or instruments for making or assemblying an instrument, apparatus, or device described in paragraph (1) of this subdivision with knowledge or reason to believe that they may be used to make or assemble the instrument, apparatus, or device is guilty of a a misdemeanor or a felony, as provided in subdivision (1)." Subdivision (b) of this section indicates that the law applies when a telephone or telegraph communication either originates or terminates, or both originates and terminates, in California. It is not clear whether the law is limited only to communications that "intend to defraud," or extends also to information passed over the lines as well. Given the current liberal extension and use of RICO and anti-drug laws, there is no reason to expect that law enforcement agents will adopt a narrow interpretation. We have already seen the creative use of "fraud" and "theft" (as well as "conspiracy") employed in the prosecution of Craig Neidorf in Chicago. Just as chilling is subdivisions (g) and (h) of this passage. The language in (g) specifics: Any instrument, apparatus, device, plans, instructions, or written publication described in subdivision (b) or (c) may be seized under warrant or incident to a lawful arrest, and, upon the conviction of a person for a violation of subdivision (a), (b), or (c), the instrument, apparatus, device, plans, instructions, or written publication may be destroyed as contraband by the sheriff of the county in which the person was convicted or turned over to the person providing telephone or telegraph service in the territory in which it was seized. Section (h) provides that: Any computer, computer system, computer network, or any software or data, owned by the defendant, which is used during the commission of any public offense described in this section any computer, owned by the defendant, which is used as a repository for the storage of software or data illegally obtained in violation of this section shall be subject to forfeiture. Perhaps we misread the language of all this, but if so, it seems that control agents also have considerable latitude to "misread." But, it seems to say that the MERE POSSESSION of information of, for example, how to make a box, or of an auto-dialer, or of information on altering a telephone constitutes a crime, whether it is ultimately used or not. The language seems quite explicit that communicating information about ANY of these articles is a crime. What does this mean? It seems to mean that if you possess any copy of PHRACK that describes boxing with diagrammed instructions on how to make one, you are potentially at risk for both prosecution and forfeiture of equipment. A counter argument, one that enforcement agents give, is that we should trust the "good faith" of controllers. We have seen, however, that "trust your friendly computer cop" is an oxymoron. Would persons in Illinois who have uploaded a textfile on boxing to California be guilty under this law? It so-appears. Does California have an extradition agreement with Illinois? Should researchers, journalists, and just plain folk start to worry? Looks like you'd better if you possess profane information. Perhaps we are unduly concerned, but it seems that the language of this, if this is what actually appears in the final statute, provides a means to RESTRICT THE FLOW OF INFORMATION, whether used in a crime or not. And this is what all the fuss is about! It is not about hacking, phreaking, carding, or illegal behavior. It is about the free flow of information that seems to be threatened with prosecution, and lots of it. It is about confiscation, forfeiture, or...fill in your own favorite term...the rip-off of equipment of legitimate, law-abiding folk merely for possessing (or worse?) disseminating knowledge. As the California statue reads, even to publish information that could help others learn how to break into a computer is a potential felony. This means a restriction on research, literature, or any other legitimate forum in which presentation of such information is critical. On feature that made Stoll's work so captivating was the detail he provided on the cat and mouse game between himself and Marcus Hess. Should such detail be prohibited under the guise of "protecting the commonweal?" Our point here is that, until recently, there was no organized constituency to oppose the excesses of otherwise well-meaning laws. It is one thing to protect the public. It is quite another to cynically manipulate law in ways that restrict freedom of information. The California law seems akin to formatting the hard drive in order to delete a troublesome file. It fails to distinguish between the nature of computer crimes, and ultimately penalizes those of us who depend on the free flow of information that we, perhaps naively, feel is essential to a democracy. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.17 / File 6 of 6 / Hackers in the News *** *************************************************************** Date: Sun, 17 Jun 90 20:42:39 -0400 From: adamg@world.std.com(Adam M Gaffin) To: tk0jut2%niu.BITNET@cunyvm.cuny.edu Subject: newspaper article The following is from the Middlesex News, Framingham, Mass, 6/17. By Adam Gaffin NEWS STAFF WRITER Scarecrow and Ferret say they're lying low right now - this time the feds seem to be really serious about cracking down on computer hackers. Not that that's what they consider themselves. But the two Framingham-area residents are part of the computer corporate codes to make free phone calls across the country and to Europe as he tries to collect pirated copies of computer games from underground computer bulletin-board systems. Ferret ran one of these "elite" systems, open only to other members of this demi-world, until his computer's hard drive began malfunctioning a few weeks ago. But the pair are cutting back their hacking. On May 7 and 8, 150 federal agents served search warrants in 15 locations across the country in connection with a two-year probe into computer hacking. Four months earlier several people were arrested in a related probe into the electronic theft of a document describing the administration of a 911 system in the South. "I've been very low-key since this whole thing started," Scarecrow says, "I've gone seven weeks without using a (credit-card) code." "This time it has a different ring to it," Ferret said. "This one for me personally, it looks like maybe it's for real. It may be the end of an era." Both agreed to an interview on the condition that they be identified only by the nicknames they use in the computer underworld. It's a world that is hard to enter until you pick up enough skills to prove to insiders that you can hack with the best of them. Scarecrow recalled getting a call once from a local teen who needed some computer help. Scarecrow said he'd help, but on one condition: that the teen crack into a computer network at a large university in Boston and create an "account" that would give Scarecrow access. "And he did," Scarecrow said. Once accepted into the computer underworld, everybody tries to help each other out and often become fast friends - even if they do not know each other's real names and communicate only by computer or long-distance phone call - the two said. "I don't believe in the high prices of software," Scarecrow says, explaining his mania for collecting games for Commodore computers. "Personally, I think it's insane to pay $40 for one game." Yet he admits he has played few of the several thousand games he has collected over the past couple of years. "It's more like a game, just to see how many you can get." He says he has a reputation as one of the fastest collectors in the country - he can get any game within three days after it's been cracked. And in the underground, reputation is everything, the two say. It's how you gain access to the "elite" bulletin-board systems, which now often require three personal references. It's how you get others to do things you either cannot yourself or just don't want to. "I can get anything I need, and I have the means to get it," Scarecrow said. "You do it because you can," he said. "If I can get away with it and do it, why not?" Scarecrow says nobody gets hurt and the phone companies or big businesses pick up the tab for his phone calls, which are often long conference calls with people across the country and the Atlantic, usually at night. "They can afford it," he said. "I don't consider what we do breaking the law," he said. "We sort of push it to the limit. How can you sit there and tell me I'm breaking the law when I see what they did on May 7 and 8? How can the government say I'm breaking the law? They threw the First Amendment out the window." The Software Publishers Association, which represents companies that sell programs, and the Secret Service see it differently. "All the publishers have to sell is an idea, a creation," says Peter Beruq, the association's litigation manager. "A lot of time, energy and effort goes into developing software products. Publishers and their authors should be compensated for that work; it doesn't matter if it's a $40 game or $200 spreadsheet. What's the incentive for someone to create a new software product if they know it's going to be pirated?" "The losses to the American public in this case are expected to be significant," Gary Jenkins, the service's assistant director, said in announcing the May warrants. "The Secret Service takes computer crime very seriously, and we will continue to investigate aggressively those crimes which threaten to disrupt our nation's business and government services. "Our experience shows that many computer hacker suspects are no longer misguided teen-agers mischievously playing games with their computers in their bedrooms," he said. "Some are now high-tech computer operators using computers to engage in unlawful conduct." "No one's out for destruction," Scarecrow said. "We keep ourselves in check more than the government ever could. ... There's a strict etiquette and you have to answer for your actions. Your reputation is all you have." Hackers often design elaborate "demos" - programs with fancy graphics and sophisticated sound effects - to spread the word about hackers gone bad, they said. "Word on anyone can get out within 24 hours," he said. They add there is no shortage of new people coming into the field. "It's nice to see new people coming in, new people taking over, but there's so much to teach," Scarecrow said. "We're old men," Ferret, 22, said. Scarecrow is 26. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= !