Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 03 Issue 15
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 3, Issue #3.15 (May 2, 1991) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto
GAELIC GURU: Brendan Kehoe
+++++ +++++ +++++ +++++ +++++
CONTENTS THIS ISSUE:
File 1: Moderators Corner
File 2: CU in the News
File 3: EFF/SJG Sue Secret Service, Bill Cook, Tim Foley, et. al.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
(2) cudarch@chsun1.uchicago.edu;
(3) dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission. It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground. Articles are preferred
to short responses. Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Contributors assume all
responsibility for assuring that articles submitted do not
violate copyright protections.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Moderators
Subject: Moderators' Corner
Date: May 2, 1991
********************************************************************
*** CuD #3.15: File 1 of 3: Moderators Corner ***
********************************************************************
The "CU in the News" stories have piled up, so this issue is devoted
to clearing some of the longer files that were bumped from previous
issues. Just in case you missed the following news blurbs:
++++++++++++++++++++++
CONGRATS TO NEWSBYTES
+++++++++++++++++++++++
NEWSBYTES, an invaluable source of computer-related information,
was awarded the "Best On-Line Publication" by the Computer Press
Association. Newsbytes publishes approximately 30 technology-related
stories daily on GEnie, and is also carried on America OnLine,
NewsNet, Dialog and foreign wire services. It is supported by 18
reporters in bureaus world-wide, and reaches an audience of
4.5 million.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++
Anti-Encryption Bill
+++++++++++++++++++
%Snuck into the language of a federal anti-terrorism Bill was the
following small section. If passed, the Bill would require
those who write encryption programs to leave in a "backdoor" that
would allow decryption for "law enforcement" purposes. This would
defeat the purpose of encryption. Apparently the FBI was pushing
for passage of this section. Information and up-dated discusssions
can be found on The Well in Sausalitoito (Calif) and in RISKS Digest.
Thanks to Mike Riddle for his contribution%.
102ND CONGRESS; 1ST SESSION
IN THE SENATE OF THE UNITED STATES
AS INTRODUCED IN THE SENATE
S. 266
1991 S. 266
SYNOPSIS:
A BILL
To prevent and punish domestic and international terrorist acts, and for
other purposes.
DATE OF INTRODUCTION: JANUARY 24, 1991
DATE OF VERSION: JANUARY 24, 1991 -- VERSION: 1
SPONSOR(S):
Mr. BIDEN (for himself and Mr. DECONCINI). . . .
%About 450 lines of death penalty and anti-terrorism discussion
omitted%
Subtitle B-Electronic Communications
SEC. 2201. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW
ENFORCEMENT.
It is the sense of Congress that providers of electronic
communications services and manufacturers of electronic communications
service equipment shall ensure that communications systems permit the
government to obtain the plain text contents of voice, data, and other
communications when appropriately authorized by law.
%A substantial lobbying effort may be needed to block this, which
many see as a potential threat to privacy rights%.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Various
Subject: The CU in the News
Date: May 1, 1991
********************************************************************
*** CuD #3.15: File 2 of 3: The CU in the News ***
********************************************************************
From: the moderators' <72307.1502@COMPUSERVE.COM>
Subject: BBS estimates
Date: 19 Apr 91 02:54:22 EDT
One of the dilemmas facing researchers covering the Net is estimating
how many small BBSs exist at any given time. Thankfully there is no
national registration of systems, but still it is useful to have some
idea of the type of impact BBS regulation (either by decree or de facto)
could have. I recently found some more estimates of the number of BBSs and
modems in this country.
+++++++++++++++++++++++++++++++
Source: "Modem Mania: More Households Go Online Every Day"
Dennis B. Collins
California Computer News
April 1991
p26
Get your scissors. Here come some statistics you'll want to save. I've
been doing a lot of research lately regarding computer bulletin board
systems (BBSs). Prodigy's research and development department said that
30 percent of American homes have some sort of PC. Of these homes, 20
percent have a modem. This means that six percent of all homes have the
capability to obtain computer data via phone line! The Information Age
is now in its infancy - it is here and it is real. It is also growing at
a rate of 400 percent a year.
CompuServe and Prodigy both claim 750,000 paying customers. Prodigy
stresses that their figures reflect modems at home only. They have no
count of businesses. Local system operators tell me a significant number
of calls originate from offices - their "guesstimate" is that office use
may increase the figures by another 20 percent.
(...)
The question keeps coming up: How many BBSs are there? Nobody knows.
In Sacramento, the best guess is about 200. Worldwide, the number is
quickly growing. About two years ago I obtained a list of BBS members of
FidoNet. At the time there were about 6,000 member systems. The
January 1991 Node lists over 11,000 BBSs worldwide! It is important to
note that there are several large networks, of which FidoNet is only
one. U.S. Robotics claims to have a list of 12,000 BBSs that use their
modems in this country alone. [if this estimate is based on their sales
of HST modems to sysops, it is open to debate. - Moderators'] It is clear
that millions of individuals are using PC telecommunications and the numbers
are getting larger.
------------------------------
From: The moderators' <72307.1502@COMPUSERVE.COM>
Subject: Pirate or Bootlegger?
Date: 18 Apr 91 01:12:07 EDT
In the past we have complained about the software industrys' lack of
differentiation between software piracy and the sale of bootleg copies
of commercial products. However a recent article in "Lan Times"
reflected a new care in correctly identifying two distinct segments of
the software copyright problem. We reprint the first few paragraphs
here as an illustration of how clarifying each area (piracy vs
bootlegging) can aid in understanding a complex problem. We hope that
other journalists, and even the SPA, adopt this more precise language in
future treatments of the topic.
++++++++++++++++++++
Source: "Software Piracy Now Costs Industry Billions: But software
authentication devices can protect your investment from thieves"
Charles P. Koontz
Previews
LAN TIMES March 18, 1991
pp75-76
About a zillion years ago when I first read _Swiss Family Robinson_, I
always wondered why the Robinson family was so fearful of Malaysian
pirates. After all, I was accustomed to the proper civilized pirates in
all the Errol Flynn movies. But it turns out the Malaysian variety were
much worse. The same is true of the pirates that prey on the modern
software industry.
In the software industry, the civilized pirates are the ones who copy an
occasionally program from a friend without paying for it.. Most of us at
lest know someone who's done it. I've heard of places where none of the
software in an office is legal.
Civilized pirates are still thieves and they break the law, but they
have a better attitude. They should look into shareware as an
alternative source. It's almost as cheap and often every bit as good.
In the software industry, the crook who makes a living by making and
selling copied software is the modern equivalent of a Malaysian pirate.
The fact that a lot of them are located in the orient where piracy may
not be illegal helps the analogy. It seems however that the practice is
spreading to more local climates.
The process is fairly simple and requires only a small investment to get
started. At the simplest level, all the pirate needs is a copy of a
popular program, a PC, and a place to duplicate the distribution
diskettes. More sophisticated pirates have factories employing dozens
of workers running high-speed disk duplicators and copy machines so they
can include the manual in their shrink-wrapped counterfeit package. Some
even copy the silk screening on the manual covers. They then find a
legitimate outlet for the software. The customer only finds out that
the company is bogus when he calls for technical support, if the real
manufacturer tracks serial numbers.
Software piracy has become a part of the cost of doing business for
major software manufacturers. The Software Publishers Association (SPA)
estimates that piracy costs the software industry between 1.5 and 2
billion dollars annually in the USA alone. Worldwide estimates range
from 4 to 5 billion dollars. The legitimate domestic software market
accounts for only 3 billion dollars annually. The SPA estimates that
for every copy of legal software package, there is at least one illegal
copy. If you think this is an exaggeration, just consider all the
illegal copies you know about.
[rest of article discusses hardware anti-piracy devices]
------------------------------
From: dogface!bei@CS.UTEXAS.EDU(Bob Izenberg)
Subject: Dutch Hackers article and reaction
Date: Mon, 22 Apr 91 05:14:53 CDT
FROM THE SUNDAY, APRIL 21ST NEW YORK TIMES
Dutch break into U.S. computers from 'hacker haven'
By John Markoff
New York Times Service
Beyond the reach of American law, a group of Dutch computer intruders
has been openly defying United States military, space and intelligence
authorities for almost six months.
Recently the intruders broke into a U.S. military computer while being
filmed by a Dutch television crew.
The intruders, working over local telephone lines that enable them to
tap American computer networks at almost no cost, have not done
serious damage and haven't penetrated the most secure government
computer systems, federal investigators say.
The group, however, has entered a wide range of computer systems with
unclassified information, including those at the Kennedy Space Center,
the Pentagon's Pacific Fleet Command, the Lawrence Livermore National
Laboratory and Stanford University.
U.S. government officials said they had been tracking the interlopers,
but no arrests have been made because there are no legal restrictions
in the Netherlands on unauthorized computer access.
"This has been a terrible problem," said Gail Thackeray, a former
Arizona assistant attorney general who has prosecuted computer crimes.
"Until recently there have been few countries that have computer crime
laws. These countries are acting as hacker havens."
American law-enforcement officials said they believed there were three
or four members of the Dutch group, but would not release any names.
A Dutch television news report in February showed a member of the
group at the University of Utrecht reading information off a computer
screen showing what he said was missile test information taken from a
U.S. military computer. His back was to the camera, and he was not
identified.
Because there are no computer crime laws in the Netherlands, American
investigators said the Dutch group boasts that it can enter computers
via international data networks with impunity.
One computer expert who has watched the electronic recordings made of
the group's activities said the intruders do not demonstrate any
particularly unusual computer skills, but instead appear to have
access to documents that contain recipes for breaking computer
security on many U.S. systems. These documents have been widely
circulated on underground systems.
The computer expert said he had seen several recordings of the
break-in sessions and that one of the members of the group used an
account named "Adrian" to break into computers at the Kennedy Space
Center and the Pentagon's commander in chief of the Pacific.
(end of Markoff's article)
The view of the United States as the world's policeman sure dies
hard, doesn't it? Maybe it frosts a certain ex-public servant's
behind, but these people *are* living within the laws of their own
country. They're not expatriate citizens that fled to the Netherlands
for freedom like some boatload of digital pilgrims. What business of
ours could their laws possibly be? If you're going to stop
clandestine access by foreign citizens, stop it at our border
(electronic or physical.) I believe that it's a little premature to
take the SunDevil Traveling Minstrel Show on the road, seeing as it
hasn't exactly wowed 'em in Peoria. That's where sentiments like Our
Gail's lead, to us taking this two-bit carny out to fleece the
unsuspecting. I'm sure that a few DEA retreads could be dusted off
and sent abroad. Their mission: To show those countries without
former assistant attorneys general of their own the path to true
government control of computer resources. I even think that I can
guess who the first Secret Service agent to be volunteered out of the
States will be...
You don't have to know much about the relationship between the DEA,
Customs and Mexican law enforcement to know that we may export our
laws, but rarely our protections. I don't believe that the
aforementioned do-gooders arriving on Dutch soil, pockets stuffed with
example search and seizure warrants, will have so much as a copy of
the ECPA or the EFF charter on them. It's not their job to teach
another country what freedoms it should have. Only which
prohibitions.
I strongly regret, by the way, that no U.S. law enforcement official
saw fit to tell Mr. Markoff whether this was a loosely-organized group
of hackers or a tightly knit group of hackers. Maybe they're a
tightly knit group of hackers in the process of unraveling into a
loosely organized group of hackers. I certainly hope somebody tells
the Dutch to keep their conspiracy labels straight. There's no reason
that they can't learn from our mistakes, after all.
An astute friend of mine has mentioned that 'graphs 9 and 10 of Mr.
Markoff's article are another riff on the "Evils of Phrack"
traditional. We wouldn't have all these untrained Dutchmen breaking
in and reading our unclassified material if that Neidorf guy... no,
wait, we dropped that case... well, that Emmanuel Goldstein... no,
he's not on the list... well, that Steve Jackson guy... no, we were
confused when we raided him... well, Riggs, Darden and Grant... yeah,
we did kinda take the word of a perjuring witness to get
jurisdiction... well, that Len Rose, we treated him like the wrecking
ball aimed at the pillars of society that he is, and if we hadn't got
him, there'd be even more Dutchmen roaming through our computers than
there are now.
If common sense rules, the good Netherlands officials will put the
hypothetical visiting cybercops right back on the plane. The snake
oil that they're selling is for domestic consumption only. And who
knows, maybe you and I won't buy any, either.
------------------------------
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: News from Michigan
Date: Sun, 28 Apr 91 16:26 EST
GRID News. ISSN 1054-9315. vol 2 nu 11x&12x CUD SpecEd 04/28/91
World GRID Association, P. O. Box 15061, Lansing, MI 48901 USA
----------------------------------------------------------------
(1) Libertarian Party Candidate Says Yes! to Hackers
According to LP presidential hopeful, Andre Marrou, 35% of the
dues-paying members of his party are computer programmers. Despite
the fact that Marrou had never heard of Craig Neidorf or Operation
Sundevil, he had strong opinions on the issues. "A computer is a
printing press. You can churn out stuff on the printer." He did not
move away from the paradigms print gave him but at least he was at a
loss to understand how anyone could not see something so obvious, that
a computer is a printing press.
Then he defended a special kind of hacking. "If you mean hacking to
get into government computers to get the information, there is nothing
wrong with that. There is too much secrecy in government. There is a
principle that the information belongs to the people. 99% of the
classified material is not really important. With hackers most of the
stuff they want to get into should be public in the first place.
Anything the government owns belongs to all of us. Like in real
estate you can get information from the county and I'd extend that
rule of thumb. It would be a good thing if they could get into the
IRS data files."
In line with mainstream libertarian thought, both Andre Marrou his
campaign manager, Jim Lewis (also a former LP veep candidate), said
that they support the idea of government-granted patents. Marrou said
he had never heard of patents being granted for software but knew that
software can be copyrighted. Andre Marrou graduated from MIT.
(2) Telecom Bills Move Forward, Meet Opposition
"Competition and innovation will be stifled and consumers will pay
more for telephone service if the Legislature approves the
telecommunication legislation now before Senate and House committees,"
said 15 lobbyists speaking through the Marketing Resource Group.
Representatives from the AARP, AT&T, MCI, Michigan Cable Television
Association, and the Michigan Association of Realtors all agreed that
it would be wrong to let the local exchange carriers sell cable
television, long distance and information services and manufacture
equipment.
The AARP has opposed this legislation because they do not see a limit
on the cost of phone service. According to the bill BASIC phone rates
would be frozen forever at their November 1990 level. However, there
is no limit on charges for "enhanced services." There is also no
DEFINITION of "enhanced service" but most people involved in the bill
have cited call forwarding, call waiting, fax and computer.
Other provisions of the proposed law would regulate all "information
providers." Further, those who provide information from computers via
the telephone would receive their service "at cost." This provision
takes on new colors in light of a Wall Street Journal story from Jan.
9, 1991, issued along with press release materials from Marketing
Resources. That story outlines how NYNEX inflated its cost figures
selling itself services far in excess of the market rate.
Interestingly enough, increased competition is one of the goals cited
by the bill's key sponsor, Senate Mat Dunaskiss.
------------------------------
From: Anonymous
Subject: San Luis Obispo (Calif.) "Busts" are a Bust?
Date: 25 Apr 91 01:45:19 PDT
(I found the following articles on PC-Exec BBS in Milwaukee. I haven't
seen it discussed, so here it is for Cu News-- A.)
AMATEUR HACKERS TRIPPED UP
By Danna Dykstra Coy
This article appeared in the Telegram-Tribune Newspaper, San Luis
Obispo, CA. March 23, 1991. Permission to electronically reproduce
this article was given by the newspaper's senior editor.
*****
San Luis Obispo police have cracked a case of computer hacking. Now
they've got to work out the bugs. Officers were still interviewing
suspects late Friday linked to a rare case of computer tampering that
involved at least four people, two of them computer science majors
from Cal Poly.
The hackers were obvious amateurs, according to police. They were
caught unknowingly tapping into the computer system in the office of
two local dermatologists. The only information they would have
obtained, had they cracked the system's entry code, was patient
billing records.
Police declined to name names because the investigation is on-going.
They don't expect any arrests, though technically, they say a crime
has been committed. Police believe the tampering was all in fun,
though at the expense of the skin doctors who spent money and time
fixing glitches caused by the electronic intrusion.
"Maybe it was a game for the suspects, but you have to look at the
bigger picture," said the officer assigned to the case, Gary Nemeth.
"The fact they were knowingly attempting to access a computer system
without permission is a crime." Because the case is rare in this
county, police are learning as they go along. "We will definitely
file complaints with the District Attorney's Office," said Nemeth.
"They can decide whether we've got enough of a case to go to trial."
Earlier this month San Luis dermatologists James Longabaugh and
Jeffrey Herten told police they suspected somebody was trying to
access the computer in the office they share at 15 Santa Rosa St. The
system, which contains patient records and billing information,
continually shut down. The doctors were unable to access their
patients' records, said Nemeth, and paid a computer technician at
least $1,500 to re-program their modem.
The modem is a device that allows computers to communicate through
telephone lines. It can only be accessed when an operator "dials" its
designated number by punching the numbers on a computer keyboard. The
"calling" computer then asks the operator to punch in a password to
enter the system. If the operator fails to type in the correct
password, the system may ask the caller to try again or simply hang
up. Because the doctors' modem has a built-in security system,
several failed attempts causes the system to shut down completely.
The technician who suspected the problems were more than mechanical,
advised the doctors to call the police. "We ordered a telephone tap
on the line, which showed in one day alone 200 calls were made to that
number," said Nemeth. "It was obvious someone was making a game of
trying to crack the code to enter the system." The tap showed four
residences that placed more than three calls a day to the doctors'
computer number. Three of the callers were from San Luis Obispo and
one was from Santa Margarita. From there police went to work.
"A lot of times I think police just tell somebody in a situation like
that to get a new phone number," said Nemeth, "and their problem is
resolved. But these doctors were really worried. They were afraid
someone really wanted to know what they had in their files. They
wondered if it was happening to them, maybe it was happening to
others. I was intrigued."
Nemeth, whose training is in police work and not computer crimes, was
soon breaking new ground for the department. "Here we had the
addresses, but no proper search warrant. We didn't know what to name
in a search warrant for a computer tampering case." A security
investigator for Pacific Bell gave Nemeth the information he needed:
disks, computer equipment, stereos and telephones, anything that could
be used in a computer crime.
Search warrants were served at the San Luis Obispo houses Thursday and
Friday. Residents at the Santa Margarita house have yet to be served.
But police are certain they've already cracked the case. At all three
residences that were searched police found a disk that incorrectly
gave the doctors' phone number as the key to a program called "Cygnus
XI". "It was a fluke," said Nemeth. "These people didn't know each
other, and yet they all had this same program". Apparently when the
suspects failed to gain access, they made a game of trying to crack
the password, he said. "They didn't know whose computer was hooked up
to the phone number the program gave them," said Nemeth. "So they
tried to find out."
Police confiscated hundreds of disks containing illegally obtained
copies of software at a residence where two Cal Poly students lived,
which will be turned over to a federal law enforcement agency, said
Nemeth.
Police Chief Jim Gardner said he doesn't expect this type of case to
be the department's last, given modern technology. "What got to be a
little strange is when I heard my officers talk in briefings this
week. It was like `I need more information for the database'." "To
think 20 years ago when cops sat around and talked all you heard about
was `211' cases and dope dealers."
(End)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
COMPUTER CASE TAKES A TWIST
By Danna Dykstra Coy
This article appeared in the Telegram-Tribune Newspaper, San Luis
Obispo, CA. March 29, 1991. Permission to electronically reproduce
this article was given by the newspaper's senior editor.
*****
A suspected computer hacker says San Luis Obispo police overreacted
when they broke into his house and confiscated thousands of dollars of
equipment. "I feel violated and I'm angry" said 34-year-old engineer
Ron Hopson. All of Hopson's computer equipment was seized last week
by police who believed he may have illegally tried to "hack" his way
into an office computer belonging to two San Luis Obispo
dermatologists. Police also confiscated equipment belonging to three
others.
"If police had known more about what they were doing, I don't think it
would have gone this far," Hopson said. "They've treated me like a
criminal, and I was never aware I was doing anything wrong. It's like
a nightmare." Hopson, who has not been arrested in the case, was at
work last week when a neighbor called to tell him there were three
patrol cars and two detective cars at his house. Police broke into
the locked front door of his residence, said Officer Gary Nemeth, and
broke down a locked door to his study where he keeps his computer.
"They took my stuff, they rummaged through my house, and all the time
I was trying to figure out what I did, what this was about. I didn't
have any idea."
A police phone tap showed three calls were made from Hopson's
residence this month to a computer at an office shared by doctors
James Longabaugh and Jeffrey Herten. The doctors told police they
suspected somebody was trying to access the computer in their office
at 15 Santa Rosa St. Their system, which contains patient records and
billing information, kept shutting down. The doctors were unable to
access their patients' records, said Nemeth. They had to pay a
computer technician at least $1,500 to re-program their modem, a
device that allows computers to communicate through telephone lines.
Hopson said there is an easy explanation for the foul-up. He said he
was trying to log-on to a public bulletin board that incorrectly gave
the doctors number as the key to a system called "Cygnus XI". Cygnus
XI enabled people to send electronic messages to one another, but the
Cygnus XI system was apparently outdated. The person who started it
up moved from the San Luis Obispo area last year, and the phone
company gave the dermatologists his former number, according to
Officer Nemeth.
Hopson said he learned about Cygnus XI through a local computer club,
the SLO-BYTES User Group. "Any of the group's 250 members could have
been trying to tap into the same system", said Robert Ward, SLO-BYTES
club secretary and computer technician at Cal Poly. In addition, he
suspects members gave the phone number to fellow computer buffs and
could have been passed around the world through the computer
Bulletin-Board system. "I myself might have tried to access it three
or four times if I was a new user," he said. "I'd say if somebody
tried 50 times, fine, they should be checked out, but not just for
trying a couple of times."
Police said some 200 calls were made to the doctors modem during the
10 days the phone was tapped. "They say, therefore, its obvious
somebody is trying to make a game of trying to crack the computer
code", said Hopson. "The only thing obvious to me is a lot of people
have that published number. Nobody's trying to crack a code to gain
illegal access to a system. I only tried it three times and gave up,
figuring the phone was no longer in service."
Hopson said he tried to explain the situation to the police. "But
they took me to an interrogation room and said I was lying. They
treated me like a big-time criminal, and now they won't give me back
my stuff." Hopson admitted he owned several illegally obtained copies
of software confiscated by police. "But so does everybody," he said,
"and the police have ever right to keep them, but I want the rest of
my stuff."
Nemeth, whose training is in police work and not computer crimes, said
this is the first such case for the department and he learning as he
goes along. He said the matter has been turned over to the District
Attorney's Office, which will decide whether to bring charges against
Hopson and one other suspect.
The seized belongings could be sold to pay restitution to the doctors
who paid to re-program their system. Nemeth said the police are
waiting for a printout to show how many times the suspects tried to
gain access to the doctors' modem. "You can try to gain access as
many times as you want on one phone call. The fact a suspect only
called three times doesn't mean he only tried to gain access three
times."
Nemeth said he is aware of the bulletin board theory. "The problem is
we believe somebody out there intentionally got into the doctors'
system and shut it down so nobody could gain access, based on evidence
from the doctors' computer technician," said Nemeth. "I don't think
we have that person, because the guy would need a very sophisticated
system to shut somebody else's system down." At the same time, he
said, Hopson and the other suspects should have known to give up after
the first failed attempt. "The laws are funny. You don't have to
prove malicious intent when you're talking about computer tampering.
The first attempt you might say was an honest mistake. More than
once, you have to wonder."
Police this week filled reports with the District Attorney's Office
regarding their investigation of Hopson and another San Luis Obispo
man suspected of computer tampering. Police are waiting for Stephen
Brown, a deputy district attorney, to decide whether there is enough
evidence against the two to take court action. If so, Nemeth said he
will file reports involving two other suspects, both computer science
majors from Cal Poly. All computers, telephones, computer instruction
manuals, and program disks were seized from three houses in police
searches last week. Hundreds of disks containing about $5,000 worth
of illegally obtained software were also taken from the suspects'
residences.
Police and the District Attorney's Office are not naming the suspects
because the case is still under investigation. However, police
confirmed Hopson was one of the suspects in the case after he called
the Telegram-Tribune to give his side of the story.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
HACKERS' OFF HOOK, PROPERTY RETURNED
By Danna Dykstra Coy
This article appeared in the Telegram-Tribune Newspaper, San Luis
Obispo, CA. April 12, 1991. Permission to electronically reproduce
this article was given by the newspaper's senior editor.
*****
Two San Luis Obispo men suspected of computer tampering will not be
charged with any crime. They will get back the computer equipment
that was seized from their homes, according to Stephen Brown, a deputy
district attorney who handled the case. "It appears to have been a
case of inadvertent access to a modem with no criminal intent," said
Brown. San Luis Obispo police were waiting on Brown's response to
decide whether to pursue an investigation that started last month.
They said they would drop the matter if Brown didn't file a case.
The officer heading the case, Gary Nemeth, admitted police were
learning as they went along because they rarely deal with computer
crimes. Brown said he doesn't believe police overreacted in their
investigation. "They had a legitimate concern."
In early March two dermatologists called police when the computer
system containing patient billing records in their San Luis Obispo
office kept shutting down. They paid a computer technician about
$1,500 to re-program their modem, a device that allows computers to
communicate through the telephone lines. The technician told the
doctors it appeared someone was trying to tap into their system. The
computer's security system caused the shutdown after several attempts
to gain access failed.
Police ordered a 10-day phone tap on the modem's line and, after
obtaining search warrants, searched four residences where calls were
made to the skin doctors' modem at least three times. One suspect,
Ron Hopson, said last week his calls were legitimate and claimed
police overreacted when they seized his computer, telephone, and
computer manuals. Hopson could not reached Thursday for comment.
Brown's investigation revealed Hopson, like the other suspects, was
trying to log-on to a computerized "bulletin-board" that incorrectly
gave the doctors' number as the key to a system called "Cygnus XI".
Cygnus XI enabled computer users to electronically send messages to
one another. Brown said while this may not be the county's first
computer crime, it was the first time the District Attorney's Office
authorized search warrants in a case of suspected computer fraud using
telephone lines. Police will not be returning several illegally
obtained copies of software also seized during the raids, he said.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A Case for Mistaken Identity... Who's Privacy was Really Invaded?
By Jim Bigelow
According to the San Luis Obispo County (California) Telegram-Tribune,
dated Saturday, March 23, 1991, the San Luis Obispo Police raided the
homes of two Cal Poly students and two other residents including one
in Santa Margarita for alleged computer crimes, "hacking." The
suspects had, through their computer modems, unknowingly tried to
access a computer owned by a group of local dermatologists. That same
number had previously belonged to a popular local bulletin board,
Cygnus XI. The police were alerted by the dermatologists and their
computer technician who was afraid someone was trying to access their
patient records. The police put a phone tap on the computer line for
10 days which showed over 200 calls placed to that number in one 24
hour period.
Armed with a search warrant, police went to the house of the first
suspect who later said he only called that number 3 times in a 24 hour
period (I wonder who made the other 197 calls?). Unfortunately he was
not home... this cost him two broken doors as the police had to enter
the house some way. All computer equipment, disks and computer
related equipment was "seized" and taken to police headquarters.
Follow-up articles reveal that the individual had not committed local
crimes, that no charges would be filed and that the computers . would
be returned. Disks which were determined to contain illegally copied
commercial software were to be turned over to Federal authorities.
Like most personal home computer users I have interviewed, I didn't
think much . of this matter at first, but I am now becoming alarmed.
I am a 64 year old senior citizen, perhaps a paranoid senior. I think
most seniors are a bit paranoid. I am a strong supporter of law
enforcement, an ex-peace officer, a retired parole agent, and as a
senior I want law enforcement protection. . In this situation,
according to the Tribune report, the police "had legitimate concern."
But, apparently they didn't know what they were doing as the officer
in charge stated "We are learning as we go."
Accessing a modem is not easy. I, with five years of computer
experience, find ? it difficult and frustrating to set up a computer
and keep it operating, to understand a manual well enough to get the
software to operate, to set the switches and jumpers on a modem, and
then contact a BBS, and in the midst of their endless questions,
coupled with my excitability and fumbling, answer them and get on
line. I have many times tried to connect to BBS's only to be
disconnected because I typed my name or code incorrectly. I have
dialed wrong numbers and gotten a private phone.
I do not want to be considered an enemy of law enforcement merely
because I own a computer. I do not like to be called a "hacker," and
especially because I contacted a BBS 3 times. The word, "hacker"
originally applied to a computer user, now has become a dirty word. It
implies criminality, a spy, double agents, espionage, stealing
government secrets, stealing business codes, etc. Certainly, not that
of a law abiding and law supporting, voting senior citizen, who has
found a new hobby, a toy and a tool to occupy his mind. Computers are
educational and can and do assist in providing community functions. I
hope that the name "personal computer user" doesn't become a dirty
word.
The "hacker" problem seems to be viewed by law enforcement as one in
which "we learn as we go." This is an extremely costly method as we
blunder into a completely new era, that of computerization. It causes
conflicts between citizens and law enforcement. It is costly to
citizens in that it causes great distress to us, to find ourselves
possible enemies of the law, the loss of our computers and equipment,
telephones and reputation by being publicly called hackers and
criminals. It causes more problems when we attempt to regain our
reputation and losses by suing the very agencies we have been so
diligently supporting, for false arrest, confiscation of our most
coveted possession and uninvited and forced entrance into our homes,
causing great emotional disturbances (and older people are easily
upset).
I have a legal question I would like answered. Who is obligated in
this incident: the owners and operators of Cygnus XI for failure to
make a public announcement of the discontinuance of their services? or
the phone company for issuing the number to a private corporation with
a modem? the police for not knowing what they are doing? the computer
user? It is not a problem of being more cautious, ethical, moral,
law)abiding. It is a matter of citizen rights.
The "hacker" problem now applies not only to code breakers, secret and
document stealers, but to me, even in my first attempts to connect
with a BBS. Had I tried to contact Cygnus XI my attempts would have
put me under suspicion of the police and made me liable for arrest,
confiscation of my computer, equipment, disks, and subsequent
prosecution. I am more than a little bewildered.
And, am I becoming a paranoid senior citizen, not only because of
criminals, but of the police also? Am I running a clandestine
operation by merely owning a computer and a modem, or am I a solid
senior citizen, which may well imply that I don't own "one of those
computers?" Frankly, I don't know. Even though my computer is
returned, and I am not arrested or prosecuted, I wonder what condition
it now is in after all the rough handling. (Police who break down
doors do not seem to be overly gentle, and computers and their hard
disk drives are very fragile instruments). Just who and how many have
scrutinized my computer? its contents? and why? my personal home
business transactions? and perhaps I supplement my income with the aid
of my computer (I am a writer)? my daily journal? my most private and
innermost thoughts? my letters? my daily activities? (This is exactly
why personal computers and their programs were designed, for personal
use. My personal computer is an extension of my self, my mind, and my
personal affairs.)
Can the police confiscate all my software claiming it is stolen,
merely because they don't find the originals? (I, at the suggestion of
the software companies, make backup copies of the original disks, and
then place the originals elsewhere for safekeeping.) Do I need to keep
all receipts to "prove" to the police that I am innocent of holding
bootleg software? Is there a new twist in the laws that applies to
personal computer users?
Also any encoding of my documents or safeguarding them with a
password, such as my daily journal, my diary, I have read in other
cases, is viewed by law enforcement as an attempt to evade prosecution
and virtually incriminates me. ("If it wasn't criminal why did the
"suspect" encode it?")
This recent incident arouses complex emotions for me. What will the
future bring for the home and personal computer user? I do not care to
fear the police. I do not want to have to register my computer with
the government. Will it come to that in our country? I do not want to
have to maintain an impeccable record of all of my computer usages and
activities, imports and exports, or to be connected to a state police
monitoring facility, that at all times monitors my computer usage. The
year "1984" is behind us. Let's keep it that way.
This matter is a most serious problem and demands the attention of all
citizens. As for myself, I wasn't the one involved, but I find it
disturbing enough to cause me to learn of it and do something about
it.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: EFF (eff@well.sf.ca.us)
Subject: EFF/SJG Sue Bill Cook, Tim Foley, Secret Service, et. al.
Date: 1 May, 1991
********************************************************************
*** CuD #3.15: File 3 of 3: EFF/SJG SUE COOK, FOLEY ET. AL. ***
********************************************************************
%The following came in just minutes before we began sending out this
issue of CuD. We reduced the original to just a few lines. The full
text can be obtained from EFF (eff@well.sf.ca.us) or from the CuD
archives%.
Excerpted From: EFFector Online #1.04 (May 1, 1991)
The following press release was Faxcast to over 1,500 media
organizations and interested parties this afternoon:
EXTENDING THE CONSTITUTION TO AMERICAN CYBERSPACE:
TO ESTABLISH CONSTITUTIONAL PROTECTION FOR ELECTRONIC MEDIA AND TO
OBTAIN REDRESS FOR AN UNLAWFUL SEARCH, SEIZURE, AND PRIOR RESTRAINT
ON PUBLICATION, STEVE JACKSON GAMES AND THE ELECTRONIC FRONTIER
FOUNDATION TODAY FILED A CIVIL SUIT AGAINST THE UNITED STATES SECRET
SERVICE AND OTHERS.
On March 1, 1990, the United States Secret Service nearly
destroyed Steve Jackson Games (SJG), an award-winning publishing
business in Austin, Texas.
In an early morning raid with an unlawful and
unconstitutional warrant, agents of the Secret Service conducted a
search of the SJG office. When they left they took a manuscript
being prepared for publication, private electronic mail, and several
computers, including the hardware and software of the SJG Computer
Bulletin Board System. Yet Jackson and his business were not only
innocent of any crime, but never suspects in the first place. The
raid had been staged on the unfounded suspicion that somewhere in
Jackson's office there "might be" a document compromising the
security of the 911 telephone system.
In the months that followed,
Jackson saw the business he had built up over many years dragged to
the edge of bankruptcy. SJG was a successful and prestigious
publisher of books and other materials used in adventure role-playing
games. Jackson also operated a computer bulletin board system (BBS)
to communicate with his customers and writers and obtain feedback and
suggestions on new gaming ideas. The bulletin board was also the
repository of private electronic mail belonging to several of its
users. This private mail was seized in the raid. Despite repeated
requests for the return of his manuscripts and equipment, the Secret
Service has refused to comply fully.
Today, more than a year after that raid, The Electronic
Frontier Foundation, acting with SJG owner Steve Jackson, has filed
a precedent setting civil suit against the
United States Secret Service, Secret Service Agents Timothy Foley and
Barbara Golden, Assistant United States Attorney William Cook, and
Henry Kluepfel.
"This is the most important case brought to date,"
said EFF general counsel Mike Godwin, "to vindicate the
Constitutional rights of the users of computer-based communications
technology. It will establish the Constitutional dimension of
electronic expression. It also will be one of the first cases that
invokes the Electronic Communications and Privacy Act as a shield and
not as a sword -- an act that guarantees users of this digital
medium the same privacy protections enjoyed by those who use the
telephone and the U.S. Mail."
(remainder of text deleted)
********************************************************************
------------------------------
**END OF CuD #3.15**
********************************************************************