**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.15 (December 5, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: Len Rose Indictment in Illinois File 3: 2600 Magazine Response to Atlanta Sentencing File 4: List of Computer Underground Clippings File 5: Computer Crime Laws list File 6: Media and the CU File 7: The Hermetic Underground ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #2.15: File 1 of 7: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: December 5, 1990 ++++++++++ In this file: 1. FTP INFORMATION 2. WITNESSES FOR LEN ROSE'S BALTIMORE CASE 3. ADDRESS CHANGES ++++++++++ +++++++++++++++++++++ FTP Information +++++++++++++++++++++ The current address for the widener ftp site is: ftp.cs.widener.edu The hours have been extended, and a number of files, including IIRG and NIA (Network Information Access), individual state computer crime statutes (eg, Calif, Fla, Ill.) have been added to all three sites. ++++++++++++ Request for Unix Witnesses for Len Rose ++++++++++++ Len Rose is currently planning the defense for his trial in Baltimore in February, and is looking for Unix experts/gurus able to testify about the Unix system. If you can recommend anyone, drop us a note or, better, call Len at (708) 527-1293. ++++++++++++++++ ADDRESS CHANGES ++++++++++++++++ If you are going to lose your account for any reason, be sure to drop us a line so we can delete your name from the mailing list. It reduces bounced mail and helps net traffic. Thanks. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators and others Subject: Len Rose Indictment in Illinois Date: December 5, 1990 ******************************************************************** *** CuD #2.15: File 2 of 7: Len Rose Indictment and News Article*** ******************************************************************** "Innocent Plea in Computer Case: Naperville Man Denies Taking Key Program from Firm" From: Chicago Tribune, December 4, 1990: Sect. 2, p. 7) By Joseph Sjostrom One of the first persons ever charged with computer tampering in Du Page County pleaded not guilty Monday. Leonard Rose, 31, of Naperville, entered the plea before Associate Du Page County Judge Thomas Callum, who set the next hearing for January 14. Rose is charged with gaining access to a computer at Interactive Systems, Inc., a Naperville software company where he worked for only a week last month, and with "removing" a program called AT&T Unix Source Code, which is the basic operating instructions that tell a computer how to receive and use all the other programs. If the case goes to trial, the prosecutor, Assistant State's Atty. David Bayer, will have to convince a jury that Rose removed the source code and that such action was illegal, even though the code remained in the computer from which he allegedly took it. Rose's attorney, Sheldon Zenner of Chicago, expects the case will never get beyond the first of those questions. "Quite simply, he didn't do it," Zenner said. Rose is under federal indictment in Baltimore for copying a similar program from a computer there and putting it on a computer bulletin board, where computer users could copy and use it without paying fees to AT&T. Rose was indicted on November 21 in Du Page County. Naperville police and state's attorney's investigators searched his apartment and confiscated two computers and a number of computer discs. "There were certain commands made on {the Interactive Systems} computer which suggest the source code was copied, or down-loaded {onto another computer}," Zenner said. "So they looked for the source code on Rose's computer, but it wasn't there. So they'll have to try to analyze the commands made on his computer and I expect they'll have an expert testify that, based on his analysis, the code was downloaded {onto Rose's computer}. "But the source code isn't there because Rose didn't do it," Zenner said. "I expect to show the court that a serious mistake has been made." Despite the large number of sophisticated research and business computers in Du Page County, the only other recent prosecution for computer tampering was the case of a woman who used a computer about two years ago to take revenge on an employer for firing her. She was put on probation after admiting that, in a fit of anger, she purged several programs from the company computer before departing the office for the last time. Otherwise, the extent of computer tampering and fraud is impossible to know, though experts say the opportunities for such activities are extensive. (end article) ******************************* {Moderator's note: The story is a fair overview, but there is one major inaccuracy. Len Rose's Baltimore five count indictment *DOES NOT* charge him with "copying a similar program from a computer there and putting it on a computer bulletin board, where computer users could copy and use it without paying fees to AT&T." The federal indictment in Baltimore charges him with two counts of sending a trojan horse login file (which is not, in itself, illegal), and with three counts of transporting a very small portion of a Unix file across state lines. He is *NOT* charged with theft of that program in the indictment. Nor is he charged with downloading it or with placing it on a BBS where it could be downloaded. This portion of the story sounds like information provided by a prosecutor, because the reporter indicated he had not read the Baltimore indictment. ******************************* The following is a voice-transcribed version of Len Rose's indictment of December 3, 1990 (Illinois, Du Page County; Case # 90-CF-2635). The form may not correspond exactly with the original, but it approximates the wording as closely as possible. The status hearing is set for January 14, 1991. ****************** The grand jurors chosen, selected, and sworn, in and for the County of Du Page in the State of Illinois, IN THE NAME AND BY THE AUTHORITY OF THE PEOPLE OF THE STATE OF ILLINOIS, upon their oaths present that on or about the 17th day of October, 1990, at and within Du Page County, Illinois, Leonard Rose committed the offense of Computer Tampering in that said defendant accessed a computer belonging to Interactive Services, a corporation doing business at 1901 S. Naper Boulevard, Naperville, Du Page County, Illinois, and removed a program known as AT&T Unix System without the authority of the computer's owner, in violation of Illinois revised statutes, 1989, Chapter 38, Section 16D-3(a)(3) AGAINST THE PEACE AND DIGNITY OF THE SAME PEOPLE OF THE STATE OF ILLINOIS. (end indictment) ************************ Following is the relevant language of the Illinois Criminal Code (Chapter 38): ************************ 16D-3. COMPUTER tampering s 16D-3. COMPUTER Tampering. (a) A person commits the offense of COMPUTER tampering when he knowingly and without the authorization of a COMPUTER'S owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him: (1) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data; (2) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and obtains data or services; (3) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and damages or destroys the COMPUTER or alters, deletes or removes a COMPUTER program or data; (4) Inserts or attempts to insert a "program" into a COMPUTER or COMPUTER program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that COMPUTER, or any other COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or may alter, delete or remove a COMPUTER program or data from that COMPUTER, or any other COMPUTER program or data in a COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or ma cause loss to the users of that COMPUTER or the users of a COMPUTER which accesses or which is accessed by such "program". (b) Sentence. (1) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(1) of this Section shall be guilty of a Class B misdemeanor. (2) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(2) of this Section shall be guilty of a Class A misdemeanor an a Class 4 felony for the second or subsequent offense. (3) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(3) or subsection (a)(4) of this Section shall be guilty of a Class 4 felony and a Class 3 felony for the second or subsequent offense. (c) Whoever suffers loss by reason of a violation of subsection (a)(4) of this Section may, in a civil action against the violator, obtain appropriate relief. In a civil action under this Section, the court may award to the prevailing party reasonable attorney's fees and other litigation expenses. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: well!emmanuel@APPLE.COM(Emmanuel Goldstein) Subject: 2600 Magazine Response to Atlanta Sentencing Date: Fri, 30 Nov 90 00:23:06 pst ******************************************************************** *** CuD #2.15: File 3 of 7: 2600 Response to Atlanta Sentences *** ******************************************************************** The following article is from the Autumn 1990 issue of 2600 Magazine, The Hacker Quarterly. We encourage its distribution to anyone interested. If anyone needs to get in touch with us, we can be reached at: 2600@well.sf.ca.us or (516) 751-2600. ******************************************************************** Over the past year there has been a great deal of publicity concerning the actions of computer hackers. Since we began publishing in 1984 we've pointed out cases of hackers being unfairly prosecuted and victimized. We wish we could say things were getting better but we cannot. Events of recent months have made it painfully clear that the authorities, above all else, want to "send a message". That message of course being that hacking is not good. And there seems to be no limit as to how far they will go to send that message. And so we come to the latest chapter in this saga: the sentencing of three hackers in Atlanta, Georgia on November 16. The three, Robert Riggs (The Prophet), Frank Darden, Jr. (The Leftist), and Adam Grant (The Urville) were members of the Legion of Doom, one of the country's leading hacker "groups". Members of LOD were spread all over the world but there was no real organization, just a desire to learn and share information. Hardly a gang of terrorists, as the authorities set out to prove. The three Atlanta hackers had pleaded guilty to various charges of hacking, particularly concerning SBDN (the Southern Bell Data Network, operated by BellSouth). Supposedly Riggs had accessed SBDN and sent the now famous 911 document to Craig Neidorf for publication in PHRACK. Earlier this year, BellSouth valued the document at nearly $80,000. However, during Neidorf's trial, it was revealed that the document was really worth $13. That was enough to convince the government to drop the case. But Riggs, Darden, and Grant had already pleaded guilty to accessing BellSouth's computer. Even though the facts in the Neidorf case showed the world how absurd BellSouth's accusations were, the "Atlanta Three" were sentenced as if every word had been true. Which explains why each of them received substantial prison time, 21 months for Riggs, 14 months for the others. We're told they could have gotten even more. This kind of a sentence sends a message all right. The message is that the legal system has no idea how to handle computer hacking. Here we have a case where some curious people logged into a phone company's computer system. No cases of damage to the system were ever attributed to them. They shared information which we now know was practically worthless. And they never profited in any way, except to gain knowledge. Yet they are being treated as if they were guilty of rape or manslaughter. Why is this? In addition to going to prison, the three must pay $233,000 in restitution. Again, it's a complete mystery as to how this staggering figure was arrived at. BellSouth claimed that approximate figure in "stolen logins/passwords" which we have a great deal of trouble understanding. Nobody can tell us exactly what that means. And there's more. BellSouth claims to have spent $1.5 million tracking down these individuals. That's right, one and a half million dollars for the phone company to trace three people! And then they had to go and spend $3 million in additional security. Perhaps if they had sprung for security in the first place, this would never have happened. But, of course, then they would have never gotten to send the message to all the hackers and potential hackers out there. We think it's time concerned people sent a message of their own. Three young people are going to prison because a large company left its doors wide open and doesn't want to take any responsibility. That in itself is a criminal act. We've always believed that if people cause damage or create a nuisance, they should pay the price. In fact, the LOD believed this too. So do most hackers. And so does the legal system. By blowing things way out of proportion because computers were involved, the government is telling us they really don't know what's going on or how to handle it. And that is a scary situation. If the media had been on top of this story and had been able to grasp its meaning, things might have been very different indeed. And if BellSouth's gross exaggerations had been taken into account at the sentencing, this injustice couldn't have occurred. Consider this: if Riggs' sentence were as much of an exaggeration as BellSouth's stated value of their $13 document, he would be able to serve it in full in just over two hours. And the $233,000 in restitution would be under $40. So how much damage are we really talking about? Don't look to BellSouth for answers. In early 1991, the three are to begin their sentences. Before that happens, we need to reach as many people as possible with this message. We don't know if it will make a difference in this particular case if the general public, government officials, and the media hear this side of the story. But we do know it would be criminal not to try. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Subject: List of Computer Underground Clippings Date: Fri, 30 Nov 90 21:41 EDT ******************************************************************** *** CuD #2.15: File 4 of 7: List of CU News Articles *** ******************************************************************** Computer Hackers News Articles Compiled By Bob Krause KRAUSER@SNYSYRV1.BITNET The following is a list of articles that I have found concerning the computer underground in various magazines and news-papers. The list is in chronological order. If you know of an article that should be included in this list or correction, send me the information and I will add it to the listing. Nov 18 '90 Crackdown on computer crime is raising question of computer rights. Chicago Tribune pg.17 Oct 29 '90 Users paying big price for PBX fraud. Network World pg.1 Oct 28 '89 Halting hackers. The Economist pg.18 Oct 15 '90 Target: The Corporate PBX Information Week pg.24 Sept 9 '90 Can invaders be stopped but civil liberties upheld? The New York Times pg.F12 Sept 1 '90 United States v Zod The Economist pg.23 Sept '90 Digital Desperados; hackers indictments raise constitutional questions. Scientific American pg.34 Aug 26 '90 The rights of computer users. Los Angles Times pg.D9 Aug 22 '90 Open sesame; in the arcane culture of computer hackers, few doors stay closed. The Wall Street Journal pg.A1 Aug 20 '90 NY State Police round up hackers. Computerworld pg.99 Aug 17 '90 U.S. Arrests boy, 5 others in computer hacker case. The Wall Street Journal pg.82 Aug 6 '90 Computer anarchism calls for a tough response. Business Week pg.72 Aug 6 '90 Charges dropped against alleged BellSouth hacker. Telephony pg.12 July 30 '90 Hacker trial begins in Chicago. Computerworld pg.8 July 30 '90 'Hacking' crackdown is dealt a setback in trial in Chicago The Wall Street Journal pg.B3 July 21 '90 Crackdown on hackers 'may violate civil rights'. New Scientist pg.22 July 21 '90 Group to defend civil rights of hackers founded by computer industry pioneer. The Wall Street Journal pg.B4 July 10 '90 Group to fight for computer users' rights. Los Angles Times pg.D5 July 10 '90 Computer hackers plead guilty in case involving BellSouth. The Wall Street Journal pg.84 July 2 '90 Hackers of the World, Unite! Newsweek pg.36 May 21 '90 Throwing the book at computer hackers. Business Week pg.148 May 14 '90 Justice failed in refusing to make Morris an example. Computerworld pg.23 May 14 '90 Morris sentence spurs debate. Computerworld pg.128 May 14 '90 Wheels of justice grind to a halt in 'worm' case. PC Week pg.16 May 7 '90 Three-year probation for Morris. Computerworld pg.1 May '90 Just say No Commun