Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 01 Issue 00
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.00 (March 28, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0JUT2@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
COMPUTER UNDERGROUND DIGEST was begun with the encouragement of Pat Townson,
moderator of TELECOM DIGEST. Pat received far to many responses to the recent
Legion of Doom indictments to print, and many of the issues raised were, for
reasons beyond Pat's control, unable to be printed. This, the initial issue of
CuD (as in "stuff to ruminate over") will reprint some of the initial
responses to provide the background for those who missed the earlier
discussions.
Preliminary interest in this forum has been relatively good. We received about
50 inquiries in the first 12 hours. We anticipate initial problems in linking
bitnet with usenet and other outlets. Doug Davis (in Texas) has thoughtfully
volunteered to serve as a go between between Usenet and other links, so, by
trial and error, we'll try to contact everybody who has expressed interest.
We will set line length at 78 characters. If there are problems in reading
this, let us know and we will shorten it.
STATEMENT OF INTENT
CuD encourages opinions on all topics from all perspective. Other than
providing a context for an article if necessary, the moderators *will not* add
commentary of agreement or disagreement. We see our role as one of
facilitating debate, although we will undoubtedly take part in discussions in
separate articles.
From the inquiries, interest seems to gravitate around a number of issues
related to the "computer underground," by which we mean the social world of
phreaks, hackers, and pirates. Judging from the comments, we encourage
contributions of the following nature:
1. Reasoned and thoughtful debates about economic, ethical, legal, and other
issues related to the computer underground.
2. Verbatim printed newspaper or magazine articles containing relevant
stories. If you send a transcription of an article, be sure it contains the
source *and* the page numbers so references can be checked. Also be sure that
no copyright violations are infringed.
3. Public domain legal documents (affidavits, indictments, court records) that
pertain to relevant topics. In the next issue we will present documents from
the Alcor (California) E-mail law suit.
4. General discussion of news, problems, or other issues that contributors
feel should be aired.
5. Unpublished academic papers, "think pieces," or research results are
strongly encouraged. These would presumably be long, and we would limit the
size to about 1,500 lines. Those appropriate for distribution would be sent as
a single file and so-marked in the header.
Although we encourage debate, we stress that ad hominem attacks or personal
vituperations will not be printed. Although we encourage opinion, we suggest
that these be well-reasoned and substantiated with facts, citations, or other
"evidence" that would bolster claims.
CuD *is not* a preak/hacker forum, and it is not a replacement for PHRACK
magazine. However, our initial model for this forum is a combination of
PHRACK WORLD NEWS and CNN's Cross-Fire if moderated by Emo Phillips.
The first few issues are exploratory. If there is continued
interest, we will continue. If not, so it goes. We *strongly*
encourage suggestions and criticisms.
--------------
In this issue:
--------------
1. Moderator's Introduction
2. Background of the LoD debates
3. Use of Aliases in the BBS world
4. LoD Indictment
5. Press Release Accompanying LoD indictment
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
===================================================
=== Computer Underground Digest - File 1 of 5 ===
===================================================
Welcome to the first "issue" of Computer Underground Digest. Jim and I
thought it would appropriate if we both wrote a few words as a sort of "hello"
and introduction. I'll keep this brief for now as I believe the "good stuff"
will be found in the other inclusions. However since this is the first of
what could be several (or perhaps few) issues it is appropriate at this time
to offer some thoughts, more or less off the cuff, on the so-called "computer
underground" (CU).
Over the past few years I've often been asked to justify the use of "computer
underground" when referring to the realm of hackers, phreakers, and pirates.
Certainly the "computer" part is easy to justify, or at least accept as valid.
No, it's the "underground" that has been criticized. Now I certainly don't
claim to have invented the term, in fact it is taken from the vocabulary of
the p/hackers themselves. However "underground" does imply, at least in
common usage, some characteristics that are not necessarily accurate. Some of
these are organization, criminality (or at lest marginality), unity, and
purposiveness.
Does the CU display these characteristics? Discussing each would take much
more room than I intend to use today. My M.A. thesis of August 1989 addressed
the issues of organization and unity, from a sociological viewpoint. The
articles included in this issue of the Digest address all of the a fore
mentioned issues from another viewpoint, one formed largely by cultural
outsiders. The issue that faces us now is who gets to define what the CU is
all about? Do we rely on the Federal Justice department to identify and label
the intent, organization, and purpose of the CU as conspirical? Do we rely on
the media to define the CU as reckless and unlawful? Do we, as citizens,
trust those in power to make decisions that will forever impact the way our
societal institutions of control approach those whose application of
technology has out paced our conceptions of private property and crime?
Am I an advocate _for_ the computer underground? No, I'm not "one of them"
and I don't speak for "them". However I do think it is in the best interest
of all if the "problem" of the CU is approached from the new perspective it
deserves. If our society is to ultimately decide that CU activity is every
bit as terrible as puppy-whipping then that decision should be made, not
forced upon us by lawmakers (and others) who are assuming, from the very
beginning, that CU activity is threatening and criminal.
To this end I hope that the CU Digest can provide information and discussion
from a variety of perspectives. The assumptions and changes in definitions
are subtle but hopefully we can begin to get a handle on many aspects of the
CU.
Gordon Meyer
Internet: 72307.1502@compuserve.com
3/27/90
==============================================================================
Recent media depictions of phreaks, hackers, and pirates have created an
image of evil lads (is it *really* a male bastion?) out to wreak havoc on
society (the studies of Erdwin Pfuhl and Ray Michalowski, Dick Hollinger and
Lonn Lanza-Kaduce, and Meyer and Thomas). Hollinger and Lanza-Kaduce have
argued that one reason that Draconian anti-computer abuse laws were passed in
the past few years is because of distorted images, lack of understanding of
the computer world, and a lack of a strong constintuency to point out the
potential abuses of restrictive legislation. We see CuD as an antidote to the
current--yes, I will call them WITCH-HUNTS--of law enforcement agents and
media hysteria. There is also a perceived need of commentators with some
sympathy toward the computer underground to preface their comments with "I
don't agree with their behaviors, but. . ."! I see no need to adopt a
defensive posture. All predatory behavior is wrong, and that type of
disclaimer should be sufficient. However, it remains to be seen whether *all*
computer underground activity is as predatory as the media and law enforcement
agents would have us believe. Yes, crimes are committed with computers. But,
crimes are also committed with typewriters, cars, fountain pens and--badges.
Computer Underground digest will attempt to provide an antidote to current
beliefs by creating an open forum where they can be debated by all sides.
Our intent, as Gordon indicates, is not to serve as apologists, but rather as
gadflies. Technology is changing society faster than existing norms, values,
beliefs, or laws, can match, and by airing issues we hope to at least provide
insights into the new definitions of control, authority, privacy, and even
resistance. Data from our own studies indicate that sysops of some BBSs have
been exceedingly cautious in putting up documents that are quite legal. The
sysop of one of the world's largest legitimate BBSs has told us of the
chilling effect on freedom of speech that even a casual visit from the FBI can
produce. Our hope is to present facts, stimulate debate, and above all, to
create an awareness of the relationship between the computer underground,
which is currently a stigmatized passtime, and the rest of society. We are
not concerned with changing opinions, but we do hope to sharpen and clarify
what, to us, are highly complex issues for which there is no simple solution.
Jim Thomas
Sociology/Criminal Justice
Northern Illinois University
DeKalb, IL 60115 (TK0JUT1@NIU.bitnet)
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
===================================================
=== Computer Underground Digest - File 2 of 5 ===
===================================================
-----------------------------
The following articles are reprinted from an issue of TELECOM DIGEST
that appeared a few days ago. Because further responses could not
be reprinted, we present them again to provide the background that
spawned CuD. We have not added Professor Spafford's original comment
because Mike Godwin cites the bulk of it. If we err in not doing so,
we apoligize in advance, but are guided here by space constraints and
not malice.
-----------------------------
Inside This Issue: Moderator: Patrick A. Townson
Preface to Special Issue [TELECOM Moderator]
Re: Legion of Doom Rebuttal to Moderator [Mike Godwin]
Re: Legion of Doom Rebuttal to Moderator [Douglas Mason]
Re: Legion of Doom Rebuttal to Moderator [Scott Edward Conrad]
Re: Legion of Doom Rebuttal to Moderator [Gordon Burditt]
----------------------------------------------------------------------
Date: Sun, 25 Mar 90 11:45:32 CST
>From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Preface to Special Issue
This issue is devoted to replies to Gene Spafford about the activities
of the Legion of Doom. Like many controversial topics (Caller*ID for
one), the LoD has the potential to use great amounts of network
resources as the arguments go on. Because Mr. Spafford is a highly
respected member of the net community, the people who responded to his
article here certainly deserve the courtesy of being heard, but with
this selection of responses, we will discontinue further pros-and-cons
messages on LoD, at least until the criminal proceedings are finished.
Obviously, *new* information about LoD, government investigative
activities, etc is welcome, but let's not rehash old stuff again and
again.
Patrick Townson
------------------------------
>From: Mike Godwin <walt.cc.utexas.edu!mnemonic@cs.utexas.edu>
Subject: Re: Legion of Doom Rebuttal to Moderator
Date: 22 Mar 90 20:16:43 GMT
Reply-To: Mike Godwin <walt.cc.utexas.edu!mnemonic@cs.utexas.edu>
Organization: The University of Texas at Austin, Austin, Texas
In article <5462@accuvax.nwu.edu> Gene Spafford <spaf@cs.purdue.edu> writes:
>The information I have available from various sources indicates that the
>investigation is continuing, others are likely to be charged, and there
>MAY be some national security aspects to parts of the investigation that
>have yet to be disclosed.
The information that I have is that many innocent third parties are
being trampled by the federal agents in their investigatory zeal. The
unnecessary seizure of equipment at Steve Jackson Games in Austin,
Texas, is a notable example. In that case, the Secret Service assumed
that, since SJ Games employed a reformed computer hacker, it was
likely that their company BBS (used for feedback from role-playing
game testers nationwide) contained relevant evidence. So, the SS
seized all the company's computer equipment, including its laser
printer, all available copies of the company's new Cyberpunk game (set
in a William Gibson future involving penetration of repressive
corporate computer systems), and copies of Gordon Meyer's dangerous
academic thesis, in which the author proposed that the hacker
underground had been "criminalized" in the public mind due to images
created by a few destructive individuals and by the fairly ignorant
media.
In spite of this, they assured Jackson and his lawyer that neither
Jackson nor his company was the target of the investigation. (Jackson,
who owes his livelihood to the copyright laws, is an adamant opponent
of piracy.)
Apparently, the federal agents were angered by the Cyberpunk gaming
manual, which romanticized 21st-century computer "cowboys" like Case
in Gibson's novel NEUROMANCER. They further conjectured that the game
is a cookbook for hackers.
Jackson's business is losing, at his estimate, thousands of dollars a
month thanks to this seizure, which was far more intrusive than
necessary (why take the hardware at all?), and which seemed to
demonstrate the agents' willingness to find evildoings everywhere. The
Federal Tort Claims Act bars tort recovery based on
law-enforcement-related seizures of property, I note in passing.
>Now maybe there are one or two people on the law enforcement side who
>are a little over-zealous (but not the few I talk with on a regular
>basis).
Yeah, maybe one or two.
>For someone to be indicted requires that sufficient evidence
>be collected to convince a grand jury -- a group of 23 (24? I forget
>exactly) average people -- that the evidence shows a high probability
>that the crimes were committed.
The notion that grand juries are any kind of screening mechanism for
prosecutions, while correct in theory, has long been discredited. In
general, not even prosecutors pretend that the theory is accurate
anymore. In law school, one of the first things you're taught in
criminal-procedure courses is that grand juries are not screening
mechanisms at all. (It is so rare for a grand jury to fail to follow a
prosecutor's recommendation to indict that when it does happen the
grand jury is known as a "rogue grand jury.") The basic function of
grand juries at the federal level is INVESTIGATORY -- the grand-jury
subpoena power is used to compel suspects' and witnesses' presence and
testimony prior to actual prosecution.
>Search warrants require probable
>cause and the action of judges who will not sign imprecise and poorly
>targeted warrants.
Ha! Dream on.
>Material seized under warrant can be forced to be
>returned by legal action if the grounds for the warrant are shown to
>be false, so the people who lost things have legal remedy if they are
>innocent.
Guess who pays for pursuing the legal remedy in most cases.
(Hint: it's not the government.)
Now guess how long such proceedings can take.
>The system has a lot of checks on it, and it requires convincing a lot
>of people along the way that there is significant evidence to take the
>next step.
The system does have checks in it, but they are neither as comprehensive
nor as reliable as you seem to think.
>If these guys were alleged mafioso instead of electronic
>terrorists, would you still be claiming it was a witch hunt?
Possibly. There have been periods in this country in which it was not
very pleasant to be involved in a criminal investigation if your name
ended in a vowel.
>Conspiracy, fraud, theft, violations of the computer fraud and abuse
>act, maybe the ECPA, possesion of unauthorized access codes, et. al.
>are not to be taken lightly, and not to be dismissed as some
>"vendetta" by law enforcement.
I don't think anyone is proposing that the investigation of genuine
statutory violations is necessarily a vendetta. In fact, I don't think
this is the case even in the Jolnet sting. But lack of understanding
on the part of the federal officials involved, plus the general
expansion of federal law-enforcement officials powers in the '70s and
'80s, mean that life can be pretty miserable for you if you even KNOW
someone who MIGHT be the target of an investigation.
There are civil-rights and civil-liberties issues here that have yet
to be addressed. And they probably won't even be raised so long as
everyone acts on the assumption that all hackers are criminals and
vandals and need to be squashed, at whatever cost.
Before you jump to conclusions about my motivations in posting this,
let me point out the following:
1) I'm against computer crime and believe it should be prosecuted.
2) I'm nor now, nor have I ever been, a "hacker." (The only substantive
programming I've ever done was in dBase II, by the way.)
3) Even though (1) and (2) are true, I am disturbed, on principle, at
the conduct of at least some of the federal investigations now going
on. I know several people who've taken their systems out of public
access just because they can't risk the seizure of their equipment (as
evidence or for any other reason). If you're a Usenet site, you may
receive megabytes of new data every day, but you have no
common-carrier protection in the event that someone puts illegal
information onto the Net and thence into your system.
And (3) is only one of the issues that has yet to be addressed by
policymakers.
>Realize that the Feds involved are prohibited from disclosing elements
>of their evidence and investigation precisely to protect the rights of
>the defendants.
They're also secretive by nature. Much has been withheld that does not
implicate defendants' rights (e.g., the basis for Secret Service
jurisdiction in this case).
>If you base your perceptions of this whole mess on
>just what has been rumored and reported by those close to the
>defendants (or from potential defendants), then you are going to get a
>very biased, inaccurate picture of the situation.
Even if you screen out the self-serving stuff that defendants (and
non-defendants) have been saying, you still get a disturbing picture
of the unbridled scope of federal law-enforcement power.
In addition, we can't fall into the still-fashionable Ed Meese
mentality: "If they're innocent they don't have to worry about being
indicted." This is simply not true.
>Only after the whole mess comes to trial will we all be able to get a
>more complete picture, and then some people may be surprised at the
>scope and nature of what is involved.
Ah, just the way the Oliver North trial cleared things up?
(I know that's a bit unfair, but it expresses my feeling that we're
better off relying on the press, flawed as it is, than waiting for the
feds to tell us what it's good for us to know at the time they think
it's good for us to know it.)
In sum, the *complaint* has been this:
"Look at the way the feds are losing their cool over this! Lots of
folks are being harmed, and lots of rights are being violated!"
The *response* of those whose justifiable opposition to computer crime
has blinded them to the rights, due-process, and justice issues
involved has been something like this:
"They're the government. They wouldn't be doing this stuff if they
weren't a good reason for it."
I have no trouble with Gene Spafford's scepticism about the complaint;
please understand, however, why I insist on being sceptical about the
response.
Mike Godwin, UT Law School |"Neither am I anyone; I have dreamt the world as
mnemonic@ccwf.cc.utexas.edu | you dreamt your work, my Shakespeare, and among
mnemonic@walt.cc.utexas.edu | the forms in my dream are you, who like myself
(512) 346-4190 | are many and no one." --Borges
------------------------------
>From: Douglas Mason <douglas@ddsw1.mcs.com>
Subject: Re: Legion of Doom Rebuttal to Moderator
Reply-To: douglas@ddsw1.MCS.COM (Douglas Mason)
Organization: ddsw1.MCS.COM Contributor, Mundelein, IL
Date: Thu, 22 Mar 90 12:49:29 GMT
I don't think that there is anyone out there saying that what those
guys did was right in any way, shape or form. Granted, there are
people out there that are probably saying to themselves "These guys
were just trying to show what capitalistic pigs the government is and
now they are being stomped on for exposing ... " You get the idea.
I think (from the 60 or so messages that I received in the last few
days) that the general opinion seems to be "Yes, these guys are very
much in the wrong, BUT did their case deserve as much media hype as it
has received?"
Just the other day a group of people murdered a tax collector here.
The papers made it out to be a joke and a "get back at the government"
type of thing. I personally couldn't see the funny side of a 27 year
old getting killed. Anyways, the article was towards the back of the
paper (ie: not page one material) and was gone and forgotton
immediately after.
The infamous "LOD" busts, on the other hand, seem to be springing up
again and again.
Something else I noticed about the whole affair and LOD in general
(before the big ordeal): A large chunk of the respect and whatnot over
the group (in the hacker circles) seemed to be because LOD did very
little "broadcasting" of the information they came up with
collectively.
On the other hand, if I had been "wired for sound" by some agency in
the past, the LOD affair would have been over with much sooner, as all
members seemed to be more than willing to give out information on CBI,
Trans Union, SBDN, SCCS, ESACS, LMOS, Cosmos [insert favorite acrynom
here] when they were approached individually.
Last time I visited one of the infamous LOD people, he showed me how
he could monitor phone lines remotely. Sounds like complete BS and it
is a worn out subject as to if it can really be done, but he ran some
Bell telco software and it allowed him to enter the number of any
phone number that was serviced by his local CO (I believe) and then
enter a callback number. While I stood there not believing him, the
other phone rang, and sure enough, it was "testing for audio quality"
on another line. He told me the acronym for the name of this
software, but it slips my mind, as I no longer have any interest in
that type of stuff. Point is that these guys were pretty trusting.
If the feds wanted to get them, they could have done it long ago.
My guess is that by this point they have MORE than enough evidence to
prosecute these guys. There is absolutely no doubt in my mind about
that.
Douglas T. Mason | douglas@ddsw1.UUCP or dtmason@m-net |
------------------------------
Date: Thu, 22 Mar 90 13:20:10 CST
>From: Scott Edward Conrad <sec0770@cec2.wustl.edu>
Subject: Re: Legion of Doom Rebuttal to Moderator
Because I happened to start researching a paper on law applied
to computer hacking, I have been following the LoD bust with great
interest. Recently, someone mentioned that they didn't think these
alleged perpetrators (sp?) deserved 31 years. Where did this number
come from?
According to the Computer Fraud and Abuse Act of 1984, there
seem to be 3 areas covered: (see also Computer/Law Journal, Vol. 6,
1986)
1) It is a felony to access a computer without authorization
to obtain classified US military or foreign policy info with the
intent or reason to believe that such info will be used to harm the US
or to benefit a foreign nation.
2) It is a misdemeanor to access a computer without
authorization to obtain financial or credit info that is protected by
federal financial privacy laws.
3) It is a misdemeanor to access a federal government computer
without authorization and thereby use, modify, destroy, or disclose any
information therein.
(3) seems the most applicable. Where I am confused is whether or
not the 911 code is considered government property. If it is, does this
make Bell South, a federal government computer?
What exactly are the LoD being tried for? (or has there been
charges filed against them, or is the SS still gathering info?)
Please send any thoughts to me.
Scott Conrad
sec0770@cec2.wustl.edu
------------------------------
>From: Gordon Burditt <sneaky!gordon@uunet.uu.net>
Subject: Re: Legion of Doom Rebuttal to Moderator
Date: 24 Mar 90 10:21:24 GMT
In article <5462@accuvax.nwu.edu> Gene Spafford <spaf@cs.purdue.edu> writes:
>that the crimes were committed. Search warrants require probable
>cause and the action of judges who will not sign imprecise and poorly
>targeted warrants. Material seized under warrant can be forced to be
>returned by legal action if the grounds for the warrant are shown to
>be false, so the people who lost things have legal remedy if they are
>innocent.
I don't believe it. It certainly doesn't work that way for
non-computer crimes. Let's suppose I am a homeowner, and a burglar
rips off my TV set. I surprise him, and he shoots me with my own gun.
Later he is caught with the TV and the gun in his apartment. Can I
get my TV set back before the trial? No. How about the gun (assuming
it's legal for me to have it)? No. Does anyone seriously think I'm
guilty of stealing my own TV or shooting myself with my own gun? (I
got lucky and had a priest, two off-duty cops, and the mayor as
witnesses). No. Does anyone think the TV and gun aren't mine? (They
have my name engraved, and I have receipts.) No, but it doesn't
matter.
Do you really think that the operator of any BBS seized because it was
used by crooks to exchange long-distance access codes is going to get
his system back any time soon, even if the Feds are convinced of his
innocence and active cooperation? Even if the active cooperation
started before there were any access codes on the system, and the
crooks were deliberately led to this system as part of a sting
operation? No, it's evidence, and it will probably be released long
after anyone convicted has served his sentence, and only after the
owner has spent more in legal fees than the system is worth at the
time of its return.
I doubt also that the Feds are going to be helpful to a non-suspect
BBS operator, and give him a copy of his own data, (They took all the
backups) sanitized to remove anything illegal. Nope, all those disks
with his tax records (which had nothing to do with the BBS) on them
will have to be manually reconstructed, even if he can borrow a system
somewhere.
Gordon L. Burditt
sneaky.lonestar.org!gordon
------------------------------
End of TELECOM Digest Special: LoD Rebuttals
******************************
===================================================
=== Computer Underground Digest - File 3 of 5 ===
===================================================
There has been some debate about the use of "handles" (or "aliases") in the
BBS world. A few commentators have questioned their appropriateness, and there
seems to be a tendency for government law enforcement agents to interpret the
use of handles as a sign of "conspiracy" or "hiding intents."
The use of handles to disguise identity has a long and honorable tradition in
the U.S. It was Publius, after all (the "handle" of those notorious
subversives and 18th century deviants John Jay, James Madison, and Alexander
Hamilton) who wrote THE FEDERALIST PAPERS, the basis of our Constitution.
In the BBS world, handles provide not only a sense of anonymity, but serve
also as a symbolic identity. In a current research project, we find that for
serious BBS hobbyists, handles encapsulate an ethos reflected by a fictional
(usually science fiction) hero, a literary genre, music or media characters,
or public figures. Handles connote particular cultural meanings, and these
meanings can be "read off" as a short hand summary of the character,
interests, or political ideology of the user.
The anonymity provided by handles serves several purposes. First, it allows
the user, for better or worse, a sense of freedom to express ideas that might
otherwise subject him/her to ridicule. Second, analysis of BBS message logs
suggests that women, especially, feel freer to participate in discussions
without fear of gender games that might occur in face-to-face interaction.
Third, concealing one's identity provides limited freedom from kooks,
merchandise hucksters, and other snoopers. In a society in which making,
maintaining, and disseminating lists is common place, protecting one's
identity hardly seems unreasonable.
There is a fourth reason why handles are increasingly necessary. As Gordon
Meyer cogently suggested in his recent comment, prosecutors are not unwilling
to confiscate e-mail, BBS message logs, or other "evidence" of identity.
These, in turn, are easily used to obtain information on innocent parties. To
those who have continually argued, or who actually believe, the federal agents
"know what they're doing," or are are too "professional" to abuse their
powers, I remind you of the witch hunts against "subversives" who opposed the
Viet Nam war, the FBI's COINTEL-PRO, and other gross abuses of power in recent
years. Attorney Gerry Spence is currently defending Friends of the Earth
against a "set-up" by federal agents that, unfortunately for the agents, was
captured on tape. It was, after all, the FBI who attempted to coerce Martin
Luther King to commit suicide! There is voluminous literature, including the
Church Committee's Report in the 1970s, and other research (including my own)
that documents these abuses. In short, despite protections, our enforcement
agents have a rather sorry record of following the law to enforce the law (see
the corpus of Gary Marx's work for further documentation).
Especially at a time when laws related to computer technology are vague,
inconsistent, occasionally Draconian, and not yet tested in court, and when
one's computer system can be confiscated on mere suspicion, and when a BBS can
be threatened by the FBI or Secret Service (as the sysop of the world's
largest BBS was) merely for posting LICIT hacker-type text files, a chilling
affect occurs that stifles not only free speech, but free revelation of
identity. I used my real name in corresponding with the PHRACK folk at the
University of Missouri, and my name, documents, and other information--none
illicit--is now in the hands of federal prosecutors. Call it paranoia, but
from past experiences with federal agents, I have no confidence that they will
abide by rules of honor in using this information.
There are two ironies associated with the use of handles. First, those who use
them are generally sufficiently open to either self-identity when sufficient
trust has been built, or to provide enough identifying information that
identities can be determined. Second, and more important, in a "free" society
built around open and unconstrained information flow, forces operate to
restrict openness. Therefore, to be open requires concealment. Rather than
grip about the use of handles, doesn't it make more sense to examine the
factors that impel their use?
Jim Thomas
Sociology/Criminal Justice
Northern Illinois University
DeKalb, IL (60115) (815) 753-6438
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
===================================================
=== Computer Underground Digest / File 4 of 5 ===
===================================================
-----------------
We obtained the Chicago indictment of two Legion of Doom members
from a contributor. It originally was printed in PIRATE magazine.
We have checked this transcription against the original for
accuracy.
------------------
UNITED STATES DISTRICT COURT NORTHERN
DISTRICT OF ILLINOIS
EASTERN DIVISION
)
UNITED STATES OF AMERICA )
)
v. ) No. ______________________
) Violations: Title 18, United
ROBERT J. RIGGS, also known ) States Code, Sections
as Robert Johnson, also ) 1030(a)(6)(A) and 2314
known as Prophet, and )
CRAIG NEIDORF, also known )
as Knight Lightning )
COUNT ONE
The SPECIAL APRIL 1987 GRAND JURY charges:
PROPERTY INVOLVED
1. At all times relevant herein, enhanced 911 (E911) was the
national computerized telephone service program for handling
emergency calls to the police, fire, ambulance and emergency
services in most municipalities in the United States. Dialing 911
provided the public immediate access to a municipality's Public
Safety Answering Point (PSAP) through the use of computerized all
routing. The E911 system also automatically provided the recipient
of an emergency call with the telephone number and location
identification of the emergency caller.
2. At all times relevant herein, the Bell South Telephone
Company and its subsidiaries ("Bell South") provided telephone
services in the nine state area including Alabama, Mississippi,
Georgia, Tennessee, Kentucky, Lousiana %sic%, North Carolina, South
Carolina and Florida.
3. At all times relevant herein, the E911 system of Bell South
was described in the text of a computerized file program known as
the Bell South Standard Practice 660-225-104SV Control Office
- 1 -
Administration of Enhanced 911 Services for Special and Major
Account Centers date March, 1988 ("E911 Practice"). The E911
Practice was a highly proprietary and closely held computerized
text file belonging to the Bell South Telephone Company and stored
on the company's AIMSX computer in Atlanta, Georgia. The E911
Practice described the computerized control and maintainence %sic%
of the E911 system and carried warning notices that it was not to be
disclosed outside Bell South or any of its subsidiaries except
under written agreement.
COMPUTER HACKERS
4. At all times relevant herein, computer hackers were
individuals involved with the unauthorized access of computer
systems by various means.
5. At all times relevant herein, the Legion of Doom (LOD)
was a closely knit group of computer hackers involved in:
a. Disrupting telecommunications by entering
computerized telephone switches and changing the
routing on the circuits of the computerized
switches.
b. Stealing proprietary computer source code and
information from companies and individuals that
owned the code and information.
c. Stealing and modifying credit information on
individuals maintained in credit bureau computers.
- 2 -
d. Fraudulently obtaining money and property from
companies by altering the computerized information
used by the companies.
e. Disseminating information with respect to their
methods of attacking computers to other computer
hackers in an effort to avoid the focus of law
enforcement agencies and telecommunication security
experts.
6. At all times relevant herein ROBERT J. RIGGS, defendant
herein, was a member of the LOD.
7. At all times relevant herein CRAIG NEIDORF, defendant
herein, was a publisher and editor of a computer hacker newletter
%sic% known as "PHRACK."
8. At all times relevant herein, a public access computer
bulletin board system (BBS) was located in Lockport, Illinois which
provided computer storage space and electronic mail services to its
users. The Lockport BBS was also used by computer hackers as a
location for exchanging and developing software tools for computer
intrusion, and for receiving and distributing hacker tutorials and
other information.
E-MAIL
9. At all times relevant herein electronic mail (e-mail) was
a computerized method for sending communications and files between
individual computers on various computer networks. Persons who
sent or received e-mail were identified by an e-mail address,
similar to a postal address. Although a person may have more than
- 3 -
one e-mail address, each e-mail address identified a person
uniquely. The message header of an e-mail message identified both
the sender and recipient of the e-mail message and the date the
was %sic% message sent.
10. Beginning in or about September, 1988, the exact date
begin unknown to the Grand Jury, and continuing until the return
date of this indictment, at Lockport, in the Northern District of
Illinois, Eastern Division, and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, together with others known and unknown to the
Grand Jury, devised and intended to devise and participated in a
scheme and artifice to defraud and to obtain money and other things
of value by means of false and fraudulent pretenses and
representations, well knowing at the time that such pretenses,
representations and promises were false when made.
OBJECT OF FRAUD SCHEME
11. The object of the fraud scheme was to steal the E911
Practice text file from the computers of Bell South Telephone
Company though %sic% the use of false and fraudulent pretenses and
representations and to conceal all indications that the text file
had been stolen; and to thereafter publish the information about
the E911 Practice text file in a hacker publication for
dissemination.
- 4 -
OPERATION OF FRAUD SCHEME
12. It was part of the fraud scheme that the defendant NEIDORF
would and did advise the defendant RIGGS that he had assembled a
group of computer hackers for the purpose of distributing computer
information.
13. It was further part of the scheme that the defendant
RIGGS would and did steal sensitive proprietary Bell South
information files including the E911 Practice text file by gaining
remote unauthorized access to computers of the Bell South Telephone
Company.
14. It was further part of the scheme that the defendant
RIGGS would and did disguise and conceal the theft of the E911
Practice text file from Bell South Telephone Company by removing
all indications of his unauthorized access into Bell South
computers and by using account codes of legitimate Bell South users
to disguise his authorized use of the Bell South computer.
15. It was further part of the scheme that RIGGS would and
did transfer in interstate commerce a stolen E911 Practice text
file from Atlanta, Georgia to Lockport, Illinois through the use
of an interstate computer data network.
16. It was further part of the scheme that defendant RIGGS
would and did store the stolen E911 Practice text file on a
computer bulletin board system in Lockport, Illinois.
17. It was further part of the scheme that defendant NEIDORF,
utilizing a computer at the University of Missouri in Columbia,
Missouri would and did receive a copy of the stolen E911 text file
- 5 -
from defendant RIGGS through the Lockport computer bulletin board
system through the use of an interstate computer data network.
18. It was further part of the scheme that defendant NEIDORF
would and did edit and retype the E911 Practice text file at the
request of the defendant RIGGS in order to conceal the source of
the E911 Practice text file and to prepare it for publication in
a computer hacker newsletter.
19. It was further part of the scheme that defendant NEIDORF
would and did transfer the stolen E911 Practice text file through
the use of an interstate computer bulletin board system
used by defendant RIGGS in Lockport, Illinois.
20. It was further part of the scheme that the defendants
RIGGS and NEIDORF would publish information to other computer
hackers which could be used to gain unauthorized access to
emergency 911 computer systems in the United States and thereby
disrupt or halt 911 service in portions of the United States.
22. It was further a part of the scheme that the defendants
would and did misrepresent, conceal, and hide, and cause to be
misrepresented, concealed and hidden the purposes of ane %sic% the
acts done in furtherance of the fraud scheme, and would and did use
coded language and other means to avoid detection and apprehension
- 6 -
by law enforcement authorities and to otherwise provide security
to the members of the fraud scheme.
23. In or about December, 1988, at Lockport, in the
Northern District of Illinois, Eastern Division, and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet,
defendant herein, for the purpose of executing the aforesaid
scheme, did knowingly transmit and cause to be transmitted by means
of a wire communication in interstate commerce certain signs,
signals and sounds, namely: a data transfer of a E911 Practice
text file from Decatur, Georgia to Lockport, Illinois.
In violation of Title 18, United States Code, Section 1343.
- 7 -
COUNT TWO
The SPECIAL APRIL 1987 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference
the allegations of paragraphs 1 through 22 of Count One of this
Indictment as though fully set forth herein.
2. On or about January 23, 1989, at Lockport, in the
Northern District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
the defendants herein, for the purposes of executing the aforesaid
scheme did knowingly transmit and cause to be transmitted by means
of a wire communication in interstate commerce certain signs,
signals and sounds, namely: a data transfer of a E911 Practice
text file from Decatur, Georgia to Lockport, Illinois, an edited
and retyped E911 Practice text file from Columbia, Missouri, to
Lockport, Illinois.
In violation of Title 18, United States Code, Section 1343.
- 8 -
COUNT THREE
The SPECIAL APRIL 1987 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 22 of Count One of this
indictment as though fully set forth herein.
2. In or about December, 1988, at Lockport, in the Northern
District of Illinois, Easter Division, and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, did transport and cause to be transported in
interstate commerce from Decatur, Georgia, to Lockport, Illinois,
a computerized text file with a value of $5,000 or more, namely:
A Bell South Standard Practice (BSP) 660-225-104SV- Control
Office Administration of Enhanced 911 Services for Special
Services and Major Account Centers dated March, 1988; valued
at approximately $79,449.00
the defendants then and there knowing the same to have been stolen,
converted, and taken by fraud;
In violation of Title 18, United States Code, Section 2314.
- 9 -
COUNT FOUR
The SPECIAL APRIL 1987 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 22 of Count one of this
Indictment as though fully set forth herein.
2. On or about January 23, 1989, at Lockport, in the Northern
District of Illinois, Eastern Division, and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
defendants herein, did transport and cause to be transported in
interstate commerce from Columbia, Missouri, to Lockport, Illinois,
a computerized textfile with a value of $5,000 or more, namely:
An edited Bell South Standard Practice (BSP) 660-225-
104SV- Control Office Administration of Enhanced 911
Services for Special Services and Major Account Centers
dated March, 1988; valued at approximately $79,449.00.
the defendants, then and there knowing the same to have been
stolen, converted, and taken by fraud;
In violation of Title 18, United States Code, Section 2314.
- 10 -
COUNT FIVE
The SPECIAL APRIL 1987 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference
the allegations of paragraphs 1 through 22 of Count One of this
Indictment as though fully set forth herein.
2. On or about December, 1988, at Lockport, in the
Northern District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
the defendants herein, knowingly and with intent to defraud, trafficked
in information through which a computer may be accessed without
authorization and by such conduct affected interstate commerce;
In violation of Title 18, United States Code, Section
1030(a)(6)(A).
- 11 -
COUNT SIX
The SPECIAL APRIL 1987 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference
the allegations of paragraphs 1 through 22 of Count One of this
Indictment as though fully set forth herein.
2. In or about January, 1989, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
the defendants herein, knowingly and with intend to defraud, trafficked
in information through which a computer may be accessed without
authorization and by such conduct affected interstate commerce;
In violation of Title 18, United States Code, Section
1030(a)(6)(A).
- 12 -
COUNT SEVEN
The SPECIAL APRIL 1987 GRAND JURY further charges:
1. The Grand Jury realleges and incorporates by reference the
allegations of paragraphs 1 through 22 of Count One of this
Indictment as though fully set forth herein.
2. In or about February, 1989, at Lockport, in the Northern
District of Illinois, Eastern Division and elsewhere,
ROBERT J. RIGGS, also known
as Robert Johnson, also
known as Prophet, and
CRAIG NEIDORF, also known
as Knight Lightning,
the defendants herein, knowingly and with intent to defraud, trafficked
in information through which a computer may be accessed without
authorization and by such conduct affected interstate commerce;
In violation of Title 18, United States Code, Section
1030(a)(6)(A).
A TRUE BILL:
________________________________
F O R E P E R S O N
________________________________
UNITED STATES ATTORNEY
- 13 -
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
===================================================
=== Computer Underground Digest - File 5 of 5 ===
===================================================
------------
This press release was attacthed to the indictment. We reprint it here to
present the federal side of the case. It originally appeared in PIRATE
Magazine. We have checked the text against the original for accuracy.
-----------------
INFORMATION RELEASE
FROM: U.S. Department of Justice
DATE: February 6, 1990
IRA H. RAPHAELSON, United States Attorney for the Northern District of
Illinois, and PATRICK T. McDONNELL, Special Agent In Charge of the United
States Secret Service in Chicago, today announced the indictment of Robert J.
Riggs, 20, of %address deleted%, and Craig M. Neidorf, 19 %address deleted%,
on charges that between December, 1988 and February, 1989 they entered into a
scheme to steal and publish to other hackers highly proprietary and sensitive
information about the operation of Bell South's Enhanced 911 emergency
communication system. The seven count indictment charges Riggs and Neidorf with
Interstate Transportation of Stolen Property, Wire Fraud and Violations of the
Computer Fraud and Abuse Act of 1986.
Specifically, the indictment charges that Riggs, also known as "Robert
Johnson" and "The Prophet", stole a copy of Bell South's highly proprietary
and closely held computer program that controlled and maintained the E911
system. Bell South's E911 system controls emergency calls to the police, fire,
ambulance and emergency services in municipalities of the nine state region
served by Bell South; Alabama, Mississippi, Georgia, Tennessee, Kentucky,
Louisiana, North Carolina, South Carolina, and Florida. The indictment alleges
that in December 1988 Riggs stole the E911 data valued at $79,449.00 by using
a computer outside the telephone company to call into the telephone company
computer in which the computer file was stored. The indictment charges that
Riggs then transferred the E911 data to a computer bulleting board in
Lockport, Illinois from which Neidorf, also known as "Knight Lightning", down
loaded it for publication in a computer hacker publication known as "PHRACK."
The indictment charges that Riggs was a member of a closely knit group of
computer hackers known as the Legion of Doom whose members are involved in
numerous illegal activities including:
*Disrupting telephone service by entering the telephone
companies switches (which are computers) and changing
the routing of telephone calls.
*Stealing computer data from individuals and companies.
*Stealing and modifying individual credit histories.
*Fraudulently obtaining money and property from companies
by altering information in their computers.
*Disseminating information about attacking computers to other
computer hackers in an effort to shift the focus of law
enforcement agencies to those other hackers and away from the
Legion of Doom.
The indictment charges that as part of their fraud scheme Riggs and Neidorf
disclosed the stolen information %reportedly PHRACK #24-eds.% about the
operation of the enhanced 911 system to other computer hackers so that they
could unlawfully access the E911 system and potentially disrupt or halt other
911 service in the United States.
If convicted on all counts of the indictment Riggs faces a maximum possible
prison sentence of 32 years and a maximum possible fine of $222,000.00; and
Neidorf faces a maximum possible prison sentence of 31 years and a maximum
possible fine $122,000.000.
In announcing the return of the indictment, Mr. Raphaelson noted that the
allegations of the indictment have far reaching implications for the health
and welfare of individuals in the United States who rely on their telephones
as a lifeline to the outside world. Mr. Raphaelson stated, "People who invade
our telecommunications and related computer systems for profit or personal
amusement create immediate and serious consequences for the public at large.
No one should be made to suffer loss of life or severe injury as a result of
hackers who have compromised emergency networks. The telecommunications
industry and law enforcement community have become attentive to these crimes
and those who choose to use their intelligence and talent to disrupt these
vital networks will find themselves vigorously prosecuted."
Raphaelson stated that the indictment in Chicago and a companion indictment in
Atlanta are the initial results of a year long investigation by agents of the
United States Secret Service in Chicago, Atlanta, Indianapolis, New York, St.
Louis and Kansas City. Raphaelson further noted that pursuant to Court Orders,
technical and expert assistance was provided to the United States Secret
Service by telecommunication companies including Bell South and its
subsidiaries, Southwestern Bell, NYNEX (New York), and Bellcore. Raphaelson
particularly praised the actions of Bell South for its proactive position in
bringing their intrusion problems to the attention of law enforcement
officials and for its formation of an Intrusion Task Force to analyze and
respond to the intrusions noted in the Chicago and Atlanta indictments.
Assistant United States Attorney William J. Cook, who heads the Computer Fraud
and Abuse Task Force, and Assistant United States Attorney Colleen D. Coughlin
presented the case to the federal grand jury and will be trying the case in
the United States District Court in Chicago.
Members of the public are reminded that the indictment is only a charge and is
not evidence of guilt. The defendants are entitled to a fair trial at which
time it will be the government's burden to prove their guilt beyond a
reasonable doubt.
*** END ***
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
!