**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.16 (December 10, 1990) ** *> SPECIAL ISSUE: "ATLANTA THREE" SENTENCING MEMORANDUM <* **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) GENERALIST: Brendan Kehoe (BRENDAN@CS.WIDENER.EDU) ARCHIVISTS: Bob Krause / Alex Smith USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The following is the prosecution's sentencing memorandum submitted to the judge. Although it specifies that the defendants were cooperative and requests a "downward" departure from the sentencing guidelines, it nonetheless requests prison time. In our view, the sentence was unduly harsh, and the memorandum reflects a number of substantial inaccuracies, distortions, and questionable arguments in making the claim that prison is necessary. In the next issue of CuD (2.17), we will print two responses to this memo, including that of the EFF. The first issue of EFF NEWS, the official newsletter of the Electronic Frontier Foundation, will be distributed this week. More detailed information on this, including how to obtain it, will be in the next issue. The sentence was imposed Friday, November 16, 1990. Robert Riggs received a sentence of 21 months incarceration. Franklin E. Darden, Jr., and Adam E. Grant each received 14 months incarceration (seven months of it to be served in a half-way house). All were additionally required to pay $233,000 each in restitution, but all are responsible for the full sum of about $700,000 should any of the others default. For a complete discussion of the sentence, see John and Barbara McMullen's article in CuD 2.14. ******************************************************************** IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION UNITED STATES OF AMERICA : : CRIMINAL ACTION v. : : NO. 1:90-CR-31 : ADAM E. GRANT, a/k/a The : Urvile, and a/k/a Necron 99, : FRANKLIN E. DARDEN, JR., a/k/a : The Leftist, and : ROBERT J. RIGGS, a/k/a : The Prophet : GOVERNMENT'S SENTENCING MEMORANDUM AND S.G. SS 5K1.1 MOTION Now comes the United States of America, by and through counsel Joe D. Whitley, United States Attorney for the Northern District of Georgia, and Kent B. Alexander, Assistant United States Attorney for the Northern District of Georgia, and shows the court the following: From September 1987 through July 21, 1989, the defendants regularly broke into proprietary telephone computer systems, stole access information, distributed that information toothers throughout the country, and, in the process, regularly used unauthorized long distance/data network services. In all, they stole approximately $233,880 worth of logins/passwords and connect addresses (i.e., access information) from BellSouth. BellSouth spend approximately $1.5 million in identifying the intruders into their system and has since then spent roughly $3 million more to further secure their network. Although the government is going to recommend a downward departure from the Sentencing Guidelines, the three defendants are clearly criminals who have caused a significant amount of damage - 1 - and should be punished accordingly. Moreover, the computer "hacker"{1} world is watching this case very closely, and the Court should send a message that illegal computer hacking activities will not be tolerated. In this sentencing memorandum the government will describe the investigation in the case, summarize some of the evidence that would have been presented at trial, and describe the defendants' cooperation. Finally, the government will emphasize the role this case has played and will continue to play in curbing abuses in the hacker community. I. _THE INVESTIGATION_ In June of 1989, a computer threat and a computer intrusion sparked a massive federal investigation into the computer hacking activities of a self-proclaimed elite group of roughly 20 hackers called "Legion of Doom." The threat involved an anonymous all to an Indiana Bell security representative from a computer hacker. The hacker, who has since been identified as an associate of the defendants, will e called "John Doe" for purposes of this memorandum. John Doe said that five telephone switches (telephone company computers that route calls) would be programmed to shut down the telephone system throughout the country. AT&T investigators conducted a nationwide search and discovered "logic" ________________________ {1}The government uses the term "hacker" to describe a person who uses computers for criminal activity. The Court should note, however, that the term "hacker" can also be used to describe legitimate computer users. At one time all computer users were known as "hackers," and some computer users still identify themselves as "hackers." - 2 - bombs" (time delayed programs) in AT&T computers located in Colorado, Georgia, and New Jersey. The logic bombs were programmed to shut down service in portions of those states. Aside from the hacker logic bomb threat, a June 1989 intrusion into the BellSouth network also prompted the federal investigation. A computer hacker broke into the BellSouth network and rerouted calls from a probation office in Delray Beach, Florida to a New York Dial-A-Porn number. Although creative and comical at first blush, the rerouting posed a serious threat to the security of the telephone system. If a hacker could reroute all calls to the probation office, he or she could do the same to calls placed to this Court, a fire station, a police station or any other telephone customer in the country. Again, none of the three defendants are implicated in this dangerous prank, though an investigation of the intrusion ultimately led investigators to the illegal activities of the three defendants and other members of a self-proclaimed elite group of hackers called the Legion of Doom. The Legion of Doom is described in a hacker "magazine" article filed separately as _Government Exhibit A_. In mid-June 1989, BellSouth{2} assembled a major security task force consisting of 42 full-time employees to investigate the intrusions. It assigned the employees to work 12-hour round-the- clock shifts for nearly a month. To BellSouth's credit, the management decided to go public with the intrusions by alerting the ________________________ {2}For purposes of this memorandum, "BellSouth" also refers to Southern bell Telephone and Telegraph Company and BellSouth Advanced Network, subsidiaries of BellSouth. - 3 - United States Secret Service{3}. On June 21, 1990 {sic}, a confidential "hacker" informant admited that "The Urvile" in Atlanta (defendant Adam Grant) had provided him with the access information necessary to break into the BellSouth computer network. Based on that evidence and further investigation, this office and the Secret Service arranged for a court-authorized dial number recorder ("DNR") (i.e., pen register) to be placed on the telephone lines of defendants Adam E. Grant, Franklin E. Darden, Jr., and Robert J. Riggs. From July 11 through July 21, 1989, a pattern emerged showing that all three defendants were making outgoing calls and "looping" the calls around the country and into the BellSouth computer network. "Looping" is a system hackers use to transfer their calls through a number of telephone companies and data networks (e.g., Telenet) to gain free telephone service and to avoid detection by the authorities. The defendants would often start their loops by patching into the Georgia Tech computer system, courtesy of access numbers provided by defendant Grant. After looping the calls, defendants used unauthorized connect addresses and logins/passwords to break into the BellSouth system. Connect addresses are the computer equivalent of a street address and logins/passwords are like keys to houses (computers) on the street. The DNR records ________________________ {3}All computer systems using modems (telephone computer links) are susceptible to computer hacker break-ins, but most companies do not "go public" when break-ins occur for fear of bad publicity. Unfortunately, when companies pretend such problems do not exist, other companies develop a false sense of security with regard to hacker intrusions. Fortunately, BellSouth took the public route. - 4 - also revealed that the defendants were speaking with one another and with backs from all around the country. Once BellSouth pin- pointed the break-ins and determined that the hackers were downloading BellSouth information (i.e., stealing information and copying it into their own system), the Secret Service had enough information to obtain a search warrant. On July 21, 1989, the Secret Service executed search warrants on all of the defendants' residences. At the same time, the Secret Service executed a search warrant in Indiana on the home of the "John Doe" hacker mentioned above. That hacker has since been charged and convicted on computer fraud charges. During the searches, the Secret Service uncovered thousands of pages of proprietary telephone industry information, hundreds of diskettes, a half-dozen computers and reams of incriminating notes. After BellSouth and the Secret Service analyzed all the evidence and interviewed the defendants and other hackers, the government was able to piece the case together and seek an indictment from the grand jury. II. _THE EVIDENCE_ A. _What the Evidence Generally Shows_ If the case had gone to trial, the evidence would have shown that defendants Grant, Darden and Riggs used a variety of methods to break into the BellSouth telephone systems. To start, they and other Legion of Doom ("LOD") members would go "trashing" or "dumpster diving" (i.e., scavenging through dumpsters) behind BellSouth offices, usually in the dead of night. They took memos, - 5 - printouts, and other documents. Additionally, when back at their personal computers, they created hacking programs to break into the BellSouth systems and obtained access information from fellow hackers. Using all of these tools, the defendants broke into over a dozen BellSouth computer systems. Once in the systems, the defendants would scan the files for information they wanted to steal and get into other computer systems of other entities, including Credit Bureaus, hospitals, banks{4} and other private corporations. Among other information, the defendants downloaded BellSouth passwords and connect addresses which they could later use to return into the particular system they were scanning or to get into other systems. Defendants also downloaded subscriber information on individual customers. By getting subscriber information, the defendants could change customer services (e.g., call waiting) and obtain access to Credit Bureau information. Defendants Grant and Darden also figured out how to wire tap telephone calls using a BellSouth computer system called LMOS. Darden admits monitoring friends' calls, but claims to have only done it with the knowledge of the friends. Evidence recovered from Grant's dorm room indicates that he monitored calls as well. The government has no direct evidence that defendant Riggs monitored calls, though the Secret Service did recover LMOS access information in the search of Riggs' residence. ________________________ {4}During a meeting with the Secret Service, defendant Grant admitted breaking into a bank in the State of Texas and altering deposit records. - 6 - The defendants and other LOD members freely exchanged information they stole from BellSouth. Although it does not appear that defendants themselves used this information to transfer any money to themselves, they clearly exploited the services of the telephone companies and data networks when making and receiving hundreds of hours of free long distance service. During the course of the conspiracy, the defendants and other LOD members illegally amassed enough knowledge about the telecommunications computer systems to jeopardize the entire telephone industry. During one interview, defendant Darden nonchalantly revealed that the defendants could have easily shut down telephone service throughout the country. The defendants freely and recklessly disseminated access information they had stolen. By doing so, they paved the way for others to easily commit fraud. For instance, in early 1989, Adam Grant introduced defendants Robert Riggs and Frank Darden to a 15- year old hacker, already identified as "John Doe." Based largely on the information from the defendants, John Doe managed to steal approximately $10,000. Basically, Doe used the information from the defendants to reroute calls, enter Credit Bureaus, and have Western Union ire money from credit card accounts captured from the Credit Bureau records. Defendants claimed that they never personally profited from their hacking activities, with the exception of getting unauthorized long distance and data network service. At the very least, however they should have foreseen the activity of people - 7 - like John Doe, particularly in light of articles on computer hacking, stealing and fraud which they collected and authored (some of which are described in Section B below). Defendants disseminated much of their knowledge and stolen information posting the information on electronic bulletin board services ("BBS's"). A BBS is a computerized posting service allowing hackers to post messages to one another, usually 24 hours a day. Most BBS's around the country are perfectly legal and allow legitimate computer users to communicate with each other. The LOD created a BBS named "Black Ice," however, primarily to foster fraudulent computer activities. Excerpts from the Black Ice BBS are filed separately hereto as _Government Exhibit B. A review of the Black Ice printouts reveals that defendants all realized that braking into the telephone computer systems was illegal and that they took precautions not to get caught. Of great concern are the frequent references to law enforcement and national security computer systems. B. _Specific Examples of Items Recovered from Each Defendant_ A brief review of some of the evidence recovered from each of the defendants' residences during the July 21, 1989, searches will shed further light on the criminal nature of their conduct. Please bear in mind, however, that what follows is a description of only a very small portion of the immense amount of material recovered from each defendant. 1. _ADAM E. Grant_ --Hundreds of telephone numbers, connect addresses, logins/passwords, and loops for various Bell - 8 - computer systems. -- Files on how to hack voice mail, how to hack Bell company passwords, war dialing programs, time bombs, Georgia Tech computer accounts. -- Articles and tutorials on a number of topics. The articles outline information about a topic, while tutorials outline how-to steps to accomplish specific objectives (e.g., stealing access codes). Grant had articles and tutorials on hacking into the telephone system, building blue boxes (i.e., devices that simulate computer tones and allow free telephone access), using "loops," using Telenet, getting "root" access to BellSouth systems, (i.e., free run of the system), planting "trojan horses" into UNIX (a trojan horse is essentially a time lapsed computer program and UNIX is the computer system used by BellSouth). Some article/tutorials titles include "Building Blue Boxes," "How to Rip off Pay Stations," "Hacking Telco Outside Plant," "Hacking Satellite Transponders," Defeating the Total Network," "UNIX Security Issues," and "UNIX for the Educated" by Urvile. -- One article specifically addressed malicious damage to and slowing down of a UNIX system. This article is noteworthy because it includes details on how to bring a central office of the telephone system "to its knees" by inserting a program to continually make directories on a disk until the switch (i.e., BellSouth office computer that routes phone calls) runs out of disk space. -- Three letters to Grant from Georgia Tech complaining about his abuse of the system. The letters, attached as _Exhibit C_, indicate that Georgia Tech was very concerned about Grant's abuses of their system. -- Credit Bureau report on Bruce Dalrymple. Grant tutored the former Georgia Tech basketball star and broke into the Credit Bureau to get Dalrymple's credit history. Grant and the other defendants essentially had the power to review millions of citizens' credit histories by breaking into Credit Bureaus. -- Numerous phone numbers of military installations. -- Detailed information on LMOS, the system through which Darden and Grant tapped into other parties' - 9 - computer systems. -- AT&T Mail access numbers. -- MCI credit card access numbers. -- Telenet system addresses. -- List of user accounts on the Georgia Tech computer system. 2. _FRANKLIN E. DARDEN -- Hundreds of telephone numbers, connect addresses, logins/passwords, and loops for various Bell computer systems. -- Files on Secret Service interrogation methods, computer-related laws/arrests, methods to defraud long distance carriers, and social engineering (getting information by pretending to work for the phone company). -- Articles and tutorials on blue and silver boxing, hacking voice mail systems, tapping a neighbors' phone, blue boxing, "military boxing" installing small transmitters on neighbors' terminal boxes. Titles of some of the articles included "How to Make Flash Bombs," "Hacking Voice Mail Systems," Hacking the Hewlett-Packard 3000 Computer," and "Art of Blue Box Construction." -- Extensive information on LMOS, including tutorials and handwritten notes concerning illegally wire tapping telephone lines. -- Sprint codes and Telenet addresses and passwords. -- Unauthorized Credit Bureau reports on other individuals stolen from CBI. -- Information on credit card fraud using Western Union. Interestingly, the John Doe mentioned above spoke with Darden many times concerning computer information and ultimately devised a credit card fraud scheme using Western Union Wires. -- A listing of credit card fraud laws in Michigan. - 10 - -- UNIX tutorial by The Urvile. 3. _ROBERT RIGGS_ -- Hundreds of telephone numbers, connect addresses, logins/passwords, and loops for various Bell computer systems. -- File on "netcatch.c" a program designed to eavesdrop on computer-to-computer communications. -- Articles and tutorials concerning hacking passwords, understanding telephone security systems, and understanding voicemail systems. The articles tutorial titles included "Hacking COSMOS Part 2," "BellSouth's central System for Main Frame Operations," "MVS from the Ground Up" by Riggs, and "UNIX Use and Security from the Ground Up" by Riggs. -- The E911 file. This file which is the subject of the Chicago indictment, is noteworthy because it contains the program for the emergency 911 dialing system. As the court knows, any damage to that very sensitive system could result in a dangerous breakdown in police, fire, and ambulance services. The evidence indicates that Riggs stole the E911 program from BellSouth's centralized automation system, AIMSX. Riggs also managed to get "root" privileges to the system (i.e., free run of the system). Bob Kibler of BellSouth Security estimates the value of the E911 file, based on R&D costs, is $24,639.05. -- Handwritten note listing Riggs' top three goals: "Learn LMOS" {the system connected to monitoring phone lines}; "Learn PREDICTOR" {the BellSouth mechanized system concerning maintenance of telephone systems outside of the main office}; and {Learn C Programming" {computer programming}. -- Sprint access information -- Password hacking programs. -- Urvile's COSNIX tutorial (a how-to lesson relating to breaking into a BellSouth system). All three defendants obviously stored significant amounts of information in their home relating to illegal activities. In - 11 - fairness to defendant Riggs, however, the Court should know that Rigs had less evidence of illegal activity than Grant and Darden. Apparently, defendant Riggs temporarily ceased illegal computer activities after his computer fraud conviction in North Carolina and parted company with some of his records. Eventually, however, he again started to break into the BellSouth computer systems. By the time of the search on July 21, 1989, rant, Darden and Riggs were breaking into bellSouth computer systems and other computer systems at will and were routinely downloading information. III. _DEFENDANTS' PRIOR CONDUCT_ All of the defendants have been "hacking" for several years. Defendant Riggs, however, is the only one with a prior conviction. That conviction is described in _Government Exhibit D_ (filed separately). IV. _DEFENDANT'S COOPERATION AND THE GOVERNMENT'S RECOMMENDATION OF A DOWNWARD DEPARTURE_ All three defendants have provided significant cooperation that has fueled further investigation into the activities of a number of computer hackers around the country. In light of the substantial assistance each defendant has provided, as described below, the government movees for this Court to make a downward departure pursuant to S.G. 5K1 in the amount of three levels for defendants Grant and Darden and two levels for defendant Riggs. A. _Cooperation of Adam E. Grant_ 1. July 21, 1989 - After the search of his residence, Grant gave a statement to the United States Secret Service. He was - 12 - not forthcoming and generally denied any wrongdoing. By the time he pled guilty, however, Grant had realized the severity of the crime and was very forthcoming with helpful information. 2. July 16, 1990 - Grant spent approximately 2-3 hours meeting with Assistant United States Attorneys from Chicago regarding the Craig Neidorf Case. Grand provided valuable information to assist in the prosecution of the case. Grant agreed to testify, though when the prosecutors called him at the last minute to fly to Chicago, he declined because of his school schedule. Ultimately, the Chicago office did not need him to testify. 3. August 9, 1990 - Grant met with a number of Secret Service agents and representatives of BellSouth to discuss all aspects of the investigation in Atlanta and divulge information about other members of the Legion of Doom. The meeting lasted more than 8 hours and Grant provided a substantial amount of helpful information. Special Agent William Gleason says that Grant was very cooperative. 4. October 8, 1990 through October 10, 1990 - Grant traveled to Detroit, Michigan to meet with investigators and a prosecutor there regarding the investigation of a fellow Legion of Doom member. While there, he testified before the grand jury. According to Assistant United States Attorney David Debold, Grant was cooperative. 5. October 12, 1990 - Grant met for approximately 4 hours with BellSouth security officers. He discussed a number of - 13 - matters, including what he believed could be future hacking efforts against BellSouth and measures BellSouth should take to protect their system. - 14 - B. _Cooperation of Franklin E. Darden, Jr._ 1. July 21, 1989 - After the search of his residence, Darden provided a very detailed statement to the United States Secret Service describing his activities and the activities of the Legion of Doom. Based in part on that statement, the Secret Service and BellSouth were able to further their investigation into the identities and illegal acts of other members of the Legion of Doom. 2. July 24, and July 28 - Darden volunteered to meet and did meet with the Secret Service and the undersigned counsel and thoroughly answered all questions posed to him. Particularly in the early stages of cooperation, Darden provided more helpful information than any defendant. 3. July 1990 - Darden traveled to Chicago and spent three days waiting to testify and occasionally meeting with Assistant United States Attorneys. The Chicago authorities called him one morning during work, and Darden flew to Chicago by that evening. Although Darden did not have to testify, he was ready and willing to do so. Also, he had met with the Chicago prosecutors a week or so earlier in Atlanta. 4. August 7, 1990 - Darden met in the Atlanta field office of the Secret Service with Secret Service agents, BellSouth representatives and other investigators. The meeting lasted most of the day. According to Special Agent William Gleason,Darden was very forthcoming and provided valuable leads for other cases. 5. October 1990 - Darden traveled to Detroit Michigan - 15 - to meet with investigators and the prosecutors there regarding the investigation of a fellow Legion of Doom Member. He also testified before the grand jury. According to Assistant United States Attorney David Debold, Darden was very cooperative and offered evidence that will be very useful in prosecuting the Detroit hacker. C. _Cooperation of Robert J. Riggs_ 1. July 21, 1989 - After the search of his residence, defendant Riggs provided a very detailed statement to the United States Secret Service describing his activities and the activities of the Legion of Doom. Based in part on that statement, the Secret Service and BellSouth were able to further their investigation into the identities and illegal acts of other members of the Legion of Doom. 2. May 23, 1990 - Defendant Riggs met with Chicago Assistant United States Attorneys and the undersigned counsel to discuss the case generally and the activities of other Legion of Doom members. Mr. Riggs provided helpful leads in pursuing other hackers. 3. July 17, 1990 - Riggs met again with two Assistant United States Attorneys from Chicago who were in Atlanta and spent several hours discussing the prosecution of Craig Neidorf and related computer hacker matters. The prosecutors found Mr. Riggs' statements very helpful. 4. July 1990 - Riggs traveled to Chicago and was there for several days before his testimony in that case. The testimony - 16 - was somewhat helpful, though the prosecutors felt defendant Riggs was holding back and not being as open as he had been in the earlier meeting. 5. August 8, 1990 - Riggs met in the Atlanta field office of the Secret Service agents, BellSouth representatives, and other investigators from around the country. The meeting lasted roughly 5 hours. According to Special Agent William Gleason, Riggs was less forthcoming than either Darden or Grant and seemed to have more of a problem recalling details. He did, however, provide some helpful information. 6. October 13, 1990 - Riggs traveled to Detroit, Michigan to meet with investigators and the prosecutor there regarding the activities of a fellow member of the Legion of Doom. He also testified before the grand jury. According to Assistant United States Attorney David Debold, Riggs was helpful, but Mr. Debold had a difficult time prying information from Riggs without asking very specific questions. Mr. Debold said he did not know whether Riggs was evasive or simply quiet. Defendant Riggs strikes the undersigned counsel as an unusually quiet and pensive person. Throughout the investigation, he has been cooperative, but because of his nature, he sometimes comes across as uninterested and evasive. The bottom line is that he provided helpful information that furthered several investigations around the country, though his assistance was not as substantial as that of Grant and Darden; hence the recommendation of only a two-level departure. - 17 - V. _DEFENDANTS' MOTIVATION_ All three defendants belonged to the self-proclaimed elite group of hackers called Legion of Doom. As described in _Exhibit_ _A_, 15 members of this group lived in cities throughout the country and used personal computers and modems to break into a host of other computer systems. Their main motivation: To obtain power through information and intimidation. Basically, they wanted to own "Ma Bell." In their quest for power, the defendants and other LOD members in the group fixated on the telephone industry for two reasons. First, the telephone industry has one of the most complicated and challenging computer systems in the world. Second, telephones link all computers throughout the world to each other and a mastery of the telephone system would allow the defendants to break into computer systems virtually anywhere. The defendants and other LOD members engaged in an arcane game of technological one-upmanship. Whoever could break into the most systems and steal the most information would be considered the superior hacker. For instance, LOD members were designated at certain levels (e.g., The Urvile, Level 8) to reflect their degree of expertise. Once the defendants figured out how to master a computer system, they would often assert their bragging rights by documenting their methods of break-ins and sharing the information with hackers around the country. Although each defendant claims to have carefully restricted access to the information, there could be no realistic safeguards. From the start, the information was - 18 - stolen and, by definition, no longer safeguarded. Moreover, the defendants commonly made the information available to all hackers who happened to access the computer bulletin board service they were using. A case in point is John Doe of Indiana who stole the approximately $10,000 by using information provided by the defendants. In essence, stolen information equalled power, and by that definition, all three defendants were becoming frighteningly powerful. VI. _THE GOVERNMENT'S RECOMMENDATION AND THE NEED TO SEND A MESSAGE_ _TO THE COMMUNITY_ Computer hackers around the country are closely following the outcome of this case in light of the probated sentence of the last federally prosecuted adult criminal hacker, Rober Morris, Jr. Any sentence that does not include incarceration would send the wrong message to the hacking community; that is, that breaking into computer systems and stealing information is not really a crime. As the Court may recall, Mr. Morris created a computer virus which began multiplying out of control and infected hundreds of computers around the country. The case garnered national attention because it was one of the first computer fraud prosecutions to focus the public's eye on the very real dangers of computer hacking. Computer bulletin board services (BBS's) around the country were buzzing about the _Morris_ case. For instance, two printout pages of one BBS, filed separately as _Government Exhibit E_, will - 19 - give the Court an idea of how closely hackers follow these matters. A hacker named The Mentor noted that if Morris was sentenced to do time, "it'll be a *very* bad precedent." Another hacker, Eric Bloodaxe, responded "Hell, maybe it IS time to start doing all the terrible things I always had the capabilities to do..." A hacker named Ravage commented that he heard the prosecution had had a hard time showing Morris' malicious intent and noted that if that was true, "I doubt he will get any time. Probably a fine, community service, or probated time." The Urvile (the hacker name used by defendant Grant) aid, "The virus will hurt us (the hacking community) a tremendous among in the future." He went on to say that "even if the courts are lax on him (orris), which is the only silver lining i can think of, then security on all systems is going to increase. we don't need that. not one bit." The government does not have ready access to any printouts from BBS's following the Morris sentencing, thought hackers and computer experts recall general hacker jubilation when the judge imposed a probated sentence. Clearly, the sentence had little effect on defendants Grant, Riggs, and Darden. The undersigned counsel met with each of the three defendants, and all three have been very cooperative and remorseful. The defendants, however, have literally caused BellSouth millions of dollars in expenses by their actions. Moreover, they knew throughout their hacking activities that they were engaging in illegal conduct as they broke into untold numbers of telephone and non-telephone computer systems. Because of that conduct and the - 20 - message that the hackers around the country need to hear, the government strongly urges this Court to include incarceration as part of the sentence. The government will make a more specific recommendation at the time of sentencing. Respectfully submitted, JOE D. WHITLEY UNITED STATES ATTORNEY KENT B. ALEXANDER ASSISTANT UNITED STATES ATTORNEY 1800 United States Courthouse 75 Spring Street, S.W. Atlanta, Georgia 30335 Georgia Bar No. 008893 - 21 - ******************************************************************** ------------------------------ **END OF CuD #2.16** ********************************************************************