Copy Link
Add to Bookmark
Report
Phrack Inc. Volume 04 Issue 40 File 13
==Phrack Inc.==
Volume Four, Issue Forty, File 13 of 14
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN Phrack World News PWN
PWN PWN
PWN Issue 40 / Part 2 of 3 PWN
PWN PWN
PWN Compiled by Datastream Cowboy PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
MOD Indicted July 8, 1992
~~~~~~~~~~~~
Taken from U.S. Newswire
The following is the press release issued by the United States Attorney's
Office in the Southern District of New York.
Group of "Computer Hackers" Indicted
First Use of Wiretaps in Such a Case
NEW YORK -- A group of five "computer hackers" has been indicted on charges of
computer tampering, computer fraud, wire fraud, illegal wiretapping, and
conspiracy, by a federal grand jury in Manhattan, resulting from the first
investigative use of court-authorized wiretaps to obtain conversations and data
transmissions of computer hackers.
A computer hacker is someone who uses a computer or a telephone to obtain
unauthorized access to other computers.
The indictment, which was filed today, alleges that Julio Fernandez, a/k/a
"Outlaw," John Lee, a/k/a "Corrupt," Mark Abene, a/k/a "Phiber Optik," Elias
Ladopoulos, a/k/a "Acid Phreak," and Paul Stira, a/k/a "Scorpion," infiltrated
a wide variety of computer systems, including systems operated by telephone
companies, credit reporting services, and educational institutions.
According to Otto G. Obermaier, United States Attorney for the Southern
District of New York, James E. Heavey, special agent in charge, New York Field
Division, United States Secret Service, William Y. Doran, special agent in
charge, Criminal Division, New York Field Division, Federal Bureau of
Investigation, and Scott Charney, chief of the Computer Crime Unit of the
Department of Justice, the indictment charges that the defendants were part of
a closely knit group of computer hackers self-styled "MOD," an acronym used
variously for "Masters of Disaster" and "Masters of Deception" among other
things.
The indictment alleges that the defendants broke into computers "to enhance
their image and prestige among other computer hackers; to harass and intimidate
rival hackers and other people they did not like; to obtain telephone, credit,
information and other services without paying for them; and to obtain
passwords, account numbers and other things of value which they could sell to
others."
The defendants are also alleged to have used unauthorized passwords and billing
codes to make long distance telephone calls and to be able to communicate with
other computers for free.
Some of the computers that the defendants allegedly broke into were telephone
switching computers operated by Southwestern Bell, New York Telephone, Pacific
Bell, U.S. West and Martin Marietta Electronics Information and Missile Group.
According to the indictment, such switching computers each control telephone
service for tens of thousands of telephone lines.
In some instances, the defendants allegedly tampered with the computers by
adding and altering calling features. In some cases, the defendants allegedly
call forwarded local numbers to long distance numbers and thereby obtained long
distance services for the price of a local call. Southwestern Bell is alleged
to have incurred losses of approximately $370,000 in 1991 as a result of
computer tampering by defendants Fernandez, Lee, and Abene.
The indictment also alleges that the defendants gained access to computers
operated by BT North America, a company that operates the Tymnet data transfer
network. The defendants were allegedly able to use their access to Tymnet
computers to intercept data communications while being transmitted through the
network, including computer passwords of Tymnet employees. On one occasion,
Fernandez and Lee allegedly intercepted data communications on a network
operated by the Bank of America.
The charges also allege that the defendants gained access to credit and
information services including TRW, Trans Union and Information America. The
defendants allegedly were able to obtain personal information on people
including credit reports, telephone numbers, addresses, neighbor listings and
social security numbers by virtue of their access to these services. On one
occasion Lee and another member of the group are alleged to have discussed
obtaining information from another hacker that would allow them to alter credit
reports on TRW. As quoted in the indictment, Lee said that the information he
wanted would permit them "to destroy people's lives... or make them look like
saints."
The indictment further charges that in November 1991, Fernandez and Lee sold
information to Morton Rosenfeld concerning how to access credit services. The
indictment further alleges that Fernandez later provided Rosenfeld's associates
with a TRW account number and password that Rosenfeld and his associates used
to obtain approximately 176 TRW credit reports on various individuals. (In a
separate but related court action, Rosenfeld pleaded guilty to conspiracy to
use and traffic in account numbers of TRW. See below).
According to Stephen Fishbein, the assistant United States attorney in charge
of the prosecution, the indictment also alleges that members of MOD wiped out
almost all of the information contained within the Learning Link computer
operated by the Educational Broadcasting Corp. (WNET Channel 13) in New York
City. The Learning Link computer provided educational and instructional
information to hundreds of schools and teachers in New York, New Jersey and
Connecticut. Specifically, the indictment charges that on November 28, 1989,
the information on the Learning Link was destroyed and a message was left on
the computer that said: "Happy Thanksgiving you turkeys, from all of us at MOD"
and which was signed with the aliases "Acid Phreak," "Phiber Optik," and
"Scorpion." During an NBC News broadcast on November 14, 1990, two computer
hackers identified only by the aliases "Acid Phreak" and "Phiber Optik" took
responsibility for sending the "Happy Thanksgiving" message.
Obermaier stated that the charges filed today resulted from a joint
investigation by the United States Secret Service and the Federal Bureau of
Investigation. "This is the first federal investigation ever to use court-
authorized wiretaps to obtain conversations and data transmissions of computer
hackers," said Obermaier. He praised both the Secret Service and the FBI for
their extensive efforts in this case. Obermaier also thanked the Department of
Justice Computer Crime Unit for their important assistance in the
investigation. Additionally, Obermaier thanked the companies and institutions
whose computer systems were affected by the defendants' activities, all of whom
cooperated fully in the investigation.
Fernandez, age 18, resides at 3448 Steenwick Avenue, Bronx, New York. Lee
(also known as John Farrington), age 21, resides at 64A Kosciusco Street,
Brooklyn, New York. Abene, age 20, resides at 94-42 Alstyne Avenue, Queens,
New York. Elias Ladopoulos, age 22, resides at 85-21 159th Street, Queens, New
York. Paul Stira, age 22, resides at 114-90 227th Street, Queens, New York.
The defendants' arraignment has been scheduled for July 16, at 10 AM in
Manhattan federal court.
The charges contained in the indictment are accusations only and the defendants
are presumed innocent unless and until proven guilty. Fishbein stated that if
convicted, each of the defendants may be sentenced to a maximum of five years
imprisonment on the conspiracy count. Each of the additional counts also
carries a maximum of five years imprisonment, except for the count charging
Fernandez with possession of access devices, which carries a maximum of ten
years imprisonment. Additionally, each of the counts carries a maximum fine of
the greater of $250,000, or twice the gross gain or loss incurred.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
In separate but related court actions, it was announced that Rosenfeld and
Alfredo De La Fe [aka Renegade Hacker] have each pleaded guilty in Manhattan
Federal District Court to conspiracy to use and to traffic in unauthorized
access devices in connection with activities that also involved members of MOD.
Rosenfeld pled guilty on June 24 before Shirley Wohl Kram, United States
District Judge. At his guilty plea, Rosenfeld admitted that he purchased
account numbers and passwords for TRW and other credit reporting services from
computer hackers and then used the information to obtain credit reports, credit
card numbers, social security numbers and other personal information which he
sold to private investigators. Rosenfeld added in his guilty plea that on or
about November 25, 1991, he purchased information from persons named "Julio"
and "John" concerning how to obtain unauthorized access to credit services.
Rosenfeld stated that he and his associates later obtained additional
information from "Julio" which they used to pull numerous credit reports.
According to the information to which Rosenfeld pleaded guilty, he had
approximately 176 TRW credit reports at his residence on December 6, 1991.
De La Fe pled guilty on June 19 before Kenneth Conboy, United States District
Judge. At his guilty plea, De La Fe stated that he used and sold telephone
numbers and codes for Private Branch Exchanges ("PBXs"). According to the
information to which De La Fe pleaded guilty, a PBX is a privately operated
computerized telephone system that routes calls, handles billing, and in some
cases permits persons calling into the PBX to obtain outdial services by
entering a code. De La Fe admitted that he sold PBX numbers belonging to Bugle
Boy Industries and others to a co-conspirator who used the numbers in a call
sell operation, in which the co-conspirator charged others to make long
distance telephone calls using the PBX numbers. De La Fe further admitted that
he and his associates used the PBX numbers to obtain free long distance
services for themselves. De La Fe said that one of the people with whom he
frequently made free long distance conference calls was a person named John
Farrington, who he also knew as "Corrupt."
Rosenfeld, age 21, resides at 2161 Bedford Avenue, Brooklyn, N.Y. Alfredo De La
Fe, age 18, resides at 17 West 90th Street, N.Y. Rosenfeld and De La Fe each
face maximum sentences of five years, imprisonment and maximum fines of the
greater of $250,000, or twice the gross gain or loss incurred. Both defendants
have been released pending sentence on $20,000 appearance bonds. Rosenfeld's
sentencing is scheduled for September 9, before Shirley Wohl Kram. De La Fe's
sentencing is scheduled for August 31, before Conboy.
-----
Contacts:
Federico E. Virella Jr., 212-791-1955, U.S. Attorney's Office, S. N.Y.
Stephen Fishbein, 212-791-1978, U.S. Attorney's Office, S. N.Y.
Betty Conkling, 212-466-4400, U.S. Secret Service
Joseph Valiquette Jr., 212-335-2715, Federal Bureau of Investigation
Editor's Note: The full 23 page indictment can be found in Computer
Underground Digest (CUD), issue 4.31 (available at ftp.eff.org
/pub/cud/cud).
_______________________________________________________________________________
EFF Issues Statement On New York Computer Crime Indictments July 9, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cambridge, MA -- The Electronic Frontier Foundation (EFF) issued a statement
concerning the indictment of MOD for alleged computer-related crimes.
This statement said, in part, that EFF's "staff counsel in Cambridge, Mike
Godwin is carefully reviewing the indictment."
EFF co-founder and president Mitchell Kapor said "EFF's position on
unauthorized access to computer systems is, and has always been, that it is
wrong. Nevertheless, we have on previous occasions discovered that allegations
contained in Federal indictments can also be wrong, and that civil liberties
can be easily infringed in the information age. Because of this, we will be
examining this case closely to establish the facts."
When asked how long the complete trial process might take, assistant U.S.
attorney Fishbein said "I really couldn't make an accurate estimate. The
length of time period before trial is generally more a function of the
defense's actions than the prosecution's. It could take anywhere from six
months to a year.
_______________________________________________________________________________
Feds Tap Into Major Hacker Ring July 13, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Mary E. Thyfault (InformationWeek)(Page 15)
Law enforcement officials are taking the gloves off-and plugging their modems
in-in the battle against computer crime.
In one of the largest such cases ever, a federal grand jury in Manhattan
indicted five computer "hackers" -- part of a group that calls itself MOD, for
Masters of Deception -- on charges of computer tampering, computer fraud, wire
fraud, illegal wiretapping, and conspiracy.
Some of the hackers are accused of stealing phone service and selling
information on how to obtain credit reports. The victims (a dozen were named
in the indictments, but numerous others are likely to have been hit as well)
include three Baby Bells, numerous credit bureaus, and BankAmerica Corp.
For the first time, investigators used court-authorized wiretaps to monitor
data transmissions over phone lines. The wiretapping comes as the FBI is
unsuccessfully lobbying Congress to mandate that telecom equipment and service
companies build into new technology easier ways for securities agencies to tap
into computer systems.
Ironically, the success of this wiretap, some say, may undermine the FBI's
argument. "They did this without the equipment they claim they need," says
Craig Neidorf, founder of hacker newsletter Phrack.
If convicted, the alleged hackers-all of whom are under 22 years old-could face
55 years each and a fine of $250,000, or twice the gross gain or loss incurred.
One charged with possessing an access device could face an additional five
years.
The vulnerability of the victims' networks should be surprising, but experts
say corporations continue to pay scant attention to security issues. For
instance, despite the fact that the credit bureaus are frequent targets of
hackers and claim to have made their networks more secure, in this case, most
of the victims didn't even know they were being hit, according to the FBI.
Two of the victims, value-added network service provider BT Tymnet and telco
Southwestern Bell, both take credit for helping nab the hacker ring. "We
played an instrumental role in first recognizing that they were there," says
John Guinasso, director of global network security for Tymnet parent BT North
America. "If you mess with our network and we catch you -- which we always do
-- you will go down."
_______________________________________________________________________________
Second Thoughts On New York Computer Crime Indictments July 13, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By John F. McMullen (Newsbytes)
NEW YORK -- On Wednesday, July 9th, I sat at a press briefing in New York
City's Federal Court Building during which law enforcement officials presented
details relating to the indictment of 5 young computer "hackers". In
describing the alleged transgressions of the indicted, United States Assistant
Attorney Stephen Fishbein wove a tale of a conspiracy in which members of an
evil sounding group called the "Masters of Destruction" (MOD) attempted to
wreck havoc with the telecommunications system of the country.
The accused were charged with infiltrating computer systems belonging to
telephone companies, credit bureaus, colleges and defense contractors --
Southwestern Bell, BT North America, New York Telephone, ITT, Information
America, TRW, Trans Union, Pacific Bell, the University of Washington, New York
University, U.S. West, Learning Link, Tymnet and Martin Marietta Electronics
Information and Missile Group. They were charged with causing injury to the
telephone systems, charging long distance calls to the universities, copying
private credit information and selling it to third parties -- a long list of
heinous activities.
The immediate reaction to the indictments were predictably knee-jerk. Those
who support any so-called "hacker"-activities mocked the government and the
charges that were presented, forgetting, it seems to me, that these charges are
serious -- one of the accused could face up to 40 years in prison and $2
million in fines; another -- 35 years in prison and $1.5 million in fines. In
view of that possibility, it further seems to me that it is a wasteful
diversion of effort to get all excited that the government insists on misusing
the word "hacker" (The indictment defines computer hacker as "someone who uses
a computer or a telephone to obtain unauthorized access to other computers.")
or that the government used wiretapping evidence to obtain the indictment (I
think that, for at least the time being that the wiretapping was carried out
under a valid court order; if it were not, the defendants' attorneys will have
a course of action).
On the other hand, those who traditionally take the government and corporate
line were publicly grateful that this threat to our communications life had
been removed -- they do not in my judgement properly consider that some of
these charges may have been ill-conceived and a result of political
considerations.
Both groups, I think, oversimplify and do not give proper consideration to the
wide spectrum of issues raised by the indictment document. The issues range
from a simple black-and-white case of fraudulently obtaining free telephone
time to the much broader question of the appropriate interaction of technology
and law enforcement.
The most clear cut cases are the charges such as the ones which allege that two
of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee a/k/a "Corrupt"
fraudulently used the computers of New York University to avoid paying long
distance charges for calls to computer systems in El Paso, Texas and Seattle,
Washington. The individuals named either did or did not commit the acts
alleged and, if it is proven that they did, they should receive the appropriate
penalty (it may be argued that the 5 year, $250,000 fine maximum for each of
the counts in this area is excessive, but that is a sentencing issue not an
indictment issue).
Other charges of this black-and-white are those that allege that Fernandez
and/or Lee intercepted electronic communications over networks belonging to
Tymnet and the Bank of America. Similarly, the charge that Fernandez, on
December 4, 1991 possessed hundreds of user id's and passwords of Southwestern
Bell, BT North America and TRW fits in the category of "either he did it or he
didn't."
A more troubling count is the charge that the indicted 5 were all part of a
conspiracy to "gain access to and control of computer systems in order to
enhance their image and prestige among other computer hackers; to harass
and intimidate rival hackers and people they did not like; to obtain telephone,
credit, information, and other services without paying for them; and to obtain
passwords, account numbers and other things of value which they could sell to
others."
To support this allegation, the indictment lists 26, lettered A through Z,
"Overt Acts" to support the conspiracy. While this section of the indictment
lists numerous telephone calls between some of the individuals, it mentions
the name Paul Stira a/k/a "Scorpion" only twice with both allegations dated
"on or about" January 24, 1990, a full 16 months before the next chronological
incident. Additionally, Stira is never mentioned as joining in any of the
wiretapped conversation -- in fact, he is never mentioned again! I find it
hard to believe that he could be considered, from these charges, to have
engaged in a criminal conspiracy with any of the other defendants.
Additionally, some of the allegations made under the conspiracy count seem
disproportionate to some of the others. Mark Abene a/k/a "Phiber Optik" is of
possessing proprietary technical manuals belonging to BT North America while it
is charged that Lee and Fernandez, in exchange for several hundred dollars,
provided both information on how to illegally access credit reporting bureaus
and an actual TRW account and password to a person, Morton Rosenfeld, who later
illegally accessed TRW, obtained credit reports on 176 individuals and sold the
reports to private detective (Rosenfeld, indicted separately, pled guilty to
obtaining and selling the credit reports and named "Julio" and "John" as those
who provided him with the information). I did not see anywhere in the charges
any indication that Abene, Stira or Elias Ladopoulos conspired with or likewise
encouraged Lee or Fernandez to sell information involving the credit bureaus to
a third party
Another troubling point is the allegation that Fernandez, Lee, Abene and
"others whom they aided and abetted" performed various computer activities
"that caused losses to Southwestern Bell of approximately $370,000." The
$370,000 figure, according to Assistant United States Attorney Stephen
Fishbein, was developed by Southwestern Bell and is based on "expenses to
locate and replace computer programs and other information that had been
modified or otherwise corrupted, expenses to determine the source of the
unauthorized intrusions, and expenses for new computers and security devices
that were necessary to prevent continued unauthorized access by the defendants
and others whom they aided and abetted."
While there is precedent in assigning damages for such things as "expenses
for new computers and security devices that were necessary to prevent continued
unauthorized access by the defendants and others whom they aided and abetted."
(the Riggs, Darden & Grant case in Atlanta found that the defendants were
liable for such expenses), many feel that such action is totally wrong. If a
person is found uninvited in someone's house, they are appropriately charged
with unlawful entry, trespassing, burglary -- whatever the statute is for the
transgression; he or she is, however, not charged with the cost of the
installation of an alarm system or enhanced locks to insure that no other
person unlawfully enters the house.
When I discussed this point with a New York MIS manager, prone to take a strong
anti-intruder position, he said that an outbreak of new crimes often results in
the use of new technological devices such as the nationwide installation of
metal detectors in airports in the 1970's. While he meant this as a
justification for liability, the analogy seems rather to support the contrary
position. Air line hijackers were prosecuted for all sorts of major crimes;
they were, however, never made to pay for the installation of the metal
detectors or absorb the salary of the additional air marshalls hired to combat
hijacking.
I think the airline analogy also brings out the point that one may both support
justifiable penalties for proven crimes and oppose unreasonable ones -- too
often, when discussing these issues, observers choose one valid position to the
unnecessary exclusion of another valid one. There is nothing contradictory, in
my view, to holding both that credit agencies must be required to provide the
highest possible level of security for data they have collected AND that
persons invading the credit data bases, no matter how secure they are, be held
liable for their intrusions. We are long past accepting the rationale that the
intruders "are showing how insecure these repositories of our information are."
We all know that the lack of security is scandalous; this fact, however, does
not excuse criminal behavior (and it should seem evident that the selling of
electronic burglar tools so that someone may copy and sell credit reports is
not a public service).
The final point that requires serious scrutiny is the use of the indictment as
a tool in the on-going political debate over the FBI Digital Telephony
proposal. Announcing the indictments, Otto G. Obermaier, United States
Attorney for the Southern District of New York, said that this investigation
was "the first investigative use of court-authorized wiretaps to obtain
conversations and data transmissions of computer hackers." He said that this
procedure was essential to the investigation and that "It demonstrates, I
think, the federal government's ability to deal with criminal conduct as it
moves into new technological areas." He added that the interception of data
was possible only because the material was in analog form and added "Most of
the new technology is in digital form and there is a pending statute in
Congress which seeks the support of telecommunications companies to allow the
federal government, under court authorization, to intercept digital
transmission. Many of you may have read the newspaper about the laser
transmission which go through fiber optics as a method of the coming
telecommunications method. The federal government needs the help of Congress
and, indeed, the telecommunications companies to able to intercept digital
communications."
The FBI proposal has been strongly attacked by the American Civil Liberties
Union (ACLU), the Electronic Frontier Foundation (EFF) and Computer
Professionals for Social Responsibility (CPSR) as an attempt to
institutionalize, for the first time, criminal investigations as a
responsibility of the communications companies; a responsibility that they feel
belongs solely to law-enforcement. Critics further claim that the proposal
will impede the development of technology and cause developers to have to
"dumb-down" their technologies to include the requested interception
facilities. The FBI, on the other hand, maintains that the request is simply
an attempt to maintain its present capabilities in the face of advancing
technology.
Whatever the merits of the FBI position, it seems that the indictments either
would not have been made at this time or, at a minimum, would not have been
done with such fanfare if it were not for the desire to attempt to drum up
support for the pending legislation. The press conference was the biggest
thing of this type since the May 1990 "Operation Sun Devil" press conference in
Phoenix, Arizona and, while that conference, wowed us with charges of "hackers"
endangering lives by disrupting hospital procedures and being engaged in a
nationwide, 13 state conspiracy, this one told us about a bunch of New York
kids supposedly engaged in petty theft, using university computers without
authorization and performing a number of other acts referred to by Obermaier as
"anti-social behavior" -- not quite as heady stuff!
It is not to belittle these charges -- they are quite serious -- to question
the fanfare. The conference was attended by a variety of high level Justice
Department, FBI and Secret Service personnel and veteran New York City crime
reporters tell me that the amount of alleged damages in this case would
normally not call for such a production -- New York Daily News reporter Alex
Michelini publicly told Obermaier "What you've outlined, basically, except for
the sales of credit information, this sounds like a big prank, most of it"
(Obermaier's response -- "Well, I suppose you can characterize that as a prank,
but it's really a federal crime allowing people without authorization to
rummage through the data of other people to which they do not have access and,
as I point out to you again, the burglar cannot be your safety expert. He may
be inside and laugh at you when you come home and say that your lock is not
particularly good but I think you, if you were affected by that contact, would
be somewhat miffed"). One hopes that it is only the fanfare surrounding the
indictments that is tied in with the FBI initiative and not the indictments
themselves.
As an aside, two law enforcement people that I have spoken to have said that
while the statement that the case is "the first investigative use of court-
authorized wiretaps to obtain conversations and data transmissions of computer
hackers," while probably true, seems to give the impression that the case is
the first one in which data transmission was intercepted. According to these
sources, that is far from the case -- there have been many instances of
inception of data and fax information by law enforcement officials in recent
years.
I know each of the accused in varying degrees. The one that I know the best,
Phiber Optik, has participated in panels with myself and law enforcement
officials discussing issues relating to so-called "hacker" crime. He has also
appeared on various radio and television shows discussing the same issues. His
high profile activities have made him an annoyance to some in law enforcement.
One hopes that this annoyance played no part in the indictment.
I have found Phiber's presence extremely valuable in these discussions both for
the content and for the fact that his very presence attracts an audience that
might never otherwise get to hear the voices of Donald Delaney, Mike Godwin,
Dorothy Denning and others addressing these issues from quite different vantage
points. While he has, in these appearances, said that he has "taken chances to
learn things", he has always denied that he has engaged in vandalous behavior
and criticized those who do. He has also called those who engage in "carding"
and the like as criminals (These statements have been made not only in the
panel discussion, but also on the occasions that he has guest lectured to my
class in "Connectivity" at the New School For Social Research in New York City.
In those classes, he has discussed the history of telephone communications in a
way that has held a class of professionals enthralled by over two hours.
While my impressions of Phiber or any of the others are certainly not a
guarantee of innocence on these charges, they should be taken as my personal
statement that we are not dealing with a ring of hardened criminals that one
would fear on a dark night.
In summary, knee-jerk reactions should be out and thoughtful analysis in! We
should be insisting on appropriate punishment for lawbreakers -- this means
neither winking at "exploration" nor allowing inordinate punishment. We should
be insisting that companies that have collected data about us properly protect
-- and are liable for penalties when they do not. We should not be deflected
from this analysis by support or opposition to the FBI proposal before Congress
-- that requires separate analysis and has nothing to do with the guilt or
innocence of these young men or the appropriate punishment should any guilt be
established.
_______________________________________________________________________________
New York Hackers Plead Not Guilty July 17, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
New York City -- At an arraignment in New York Federal Court on Thursday, July
16th, the five New York "hackers," recently indicted on charges relating to
alleged computer intrusion, all entered pleas of not guilty and were released
after each signed a personal recognizance (PRB) bond of $15,000 to guarantee
continued appearances in court.
As part of the arraignment process, United States District Judge Richard Owen
was assigned as the case's presiding judge and a pre-trial meeting between the
judge and the parties involved.
Charles Ross, attorney for John Lee, told Newsbytes "John Lee entered a not
guilty plea and we intend to energetically and aggressively defend against the
charges made against him."
Ross also explained the procedures that will be in effect in the case, saying
"We will meet with the judge and he will set a schedule for discovery and the
filing of motions. The defense will have to review the evidence that the
government has amassed before it can file intelligent motions and the first
meeting is simply a scheduling one."
Majorie Peerce, attorney for Stira, told Newsbytes "Mr. Stira has pleaded not
guilty and will continue to plead not guilty. I am sorry to see the government
indict a 22 year old college student for acts that he allegedly committed as a
19 year old."
The terms of the PRB signed by the accused require them to remain within the
continental United States. In requesting the bond arrangement, Assistant
United States Attorney Stephen Fishbein referred to the allegations as serious
and requested the $15,000 bond with the stipulation that the accused have their
bonds co-signed by parents. Abene, Fernandez and Lee, through their attorneys,
agreed to the bond as stipulated while the attorneys for Ladopoulos and Stira
requested no bail or bond for their clients, citing the fact that their clients
have been available, when requested by authorities, for over a year. After
consideration by the judge, the same $15,000 bond was set for Ladopoulos and
Stira but no co-signature was required.
_______________________________________________________________________________
Young Working-Class Hackers Accused of High-Tech Crime July 23, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By Mary B.W. Tabor with Anthony Ramirez (The New York Times)(Page B1, B7)
Computer Savvy, With an Attitude
Late into the night, in working-class neighborhoods around New York City, young
men with code names like Acid Phreak and Outlaw sat hunched before their
glowing computer screens, exchanging electronic keys to complex data-processing
systems. They called themselves the Masters of Deception. Their mission: to
prove their prowess in the shadowy computer underworld.
Compulsive and competitive, they played out a cybernetic version of "West Side
Story," trading boasts, tapping into telephone systems, even pulling up
confidential credit reports to prove their derring-do and taunt other hackers.
Their frequent target was the Legion of Doom, a hacker group named after a
gang of comic-book villains. The rivalry seemed to take on class and ethnic
overtones, too, as the diverse New York group defied the traditional image of
the young suburban computer whiz.
But Federal prosecutors say the members of MOD, as the group called itself,
went far beyond harmless pranks.
Facing Federal Charges
On July 16, five young men identified by prosecutors as MOD members pleaded not
guilty to Federal charges including breaking into some of the nation's most
powerful computers and stealing confidential data like credit reports, some of
which were later sold to private investigators. Prosecutors call it one of the
most extensive thefts of computer information ever reported.
The indictment says the men entered the computer systems of Southwestern Bell,
TRW Information Services and others "to enhance their image and prestige among
other computer hackers; to harass and intimidate rival hackers and other people
they did not like; to obtain telephone, credit, information and other services
without paying for them; and to obtain passwords, account numbers and other
things of value which they could sell to others."
With modems that link their terminals to other computers over ordinary
telephone lines, young hackers have been making mischief for years. But as the
nation relies more and more on vast networks of powerful computers and as
personal computers become faster and cheaper, the potential for trouble has
soared. For example, Robert Tappan Morris, a Cornell student, unleashed a
program in 1988 that jammed several thousand computers across the country.
A Polyglot Group
But the world of computer hackers has been changing. Unlike the typical
hackers of old -- well-to-do suburban youths whose parents could afford costly
equipment -- the Masters of Deception are a polyglot representation of blue-
collar New York: black, Hispanic, Greek, Lithuanian and Italian. They work
their mischief often using the least expensive computers.
One of the young men, 21-year-old John Lee, who goes by the name Corrupt, has
dreadlocks chopped back into stubby "twists," and lives with his mother in a
dilapidated walk-up in Bedford-Stuyvesant, Brooklyn. He bounced around
programs for gifted students before dropping out of school in the 11th grade.
Scorpion -- 22-year-old Paul Stira of Queens -- was his class valedictorian at
Thomas A. Edison High School in Queens. Outlaw -- Julio Fernandez, 18, of the
Bronx -- first studied computers in grade school.
They met not on street corners, but via computer bulletin boards used to swap
messages and programs.
With nothing to identify them on the boards except their nicknames and uncanny
abilities, the young men found the computer the great democratic leveler.
Questions of Profit
There may be another difference in the new wave of hackers. While the
traditional hacker ethic forbids cruising computer systems for profit, some new
hackers are less idealistic. "People who say that," said one former hacker, a
friend of the MOD who insisted on anonymity, "must have rich parents. When you
get something of value, you've got to make money."
Mr. Lee, Mr. Fernandez, Mr. Stira and two others described as MOD members --
20-year-old Mark Abene (Phiber Optik), and 22-year-old Elias Ladopoulos (Acid
Phreak), both of Queens -- were charged with crimes including computer
tampering, computer and wire fraud, illegal wiretapping and conspiracy. They
face huge fines and up to five years in prison on each of 11 counts.
The youths, on advice of their lawyers, declined to be interviewed.
Prosecutors say they do not know just how and when youthful pranks turned to
serious crime. Other hackers said the trouble began, perhaps innocently
enough, as a computer war with ethnic and class overtones.
The Masters of Deception were born in a conflict with the Legion of Doom, which
had been formed by 1984 and ultimately included among its ranks three Texans,
one of whom, Kenyon Shulman, is the son of a Houston socialite, Carolyn Farb.
Banished From the Legion
Mr. Abene had been voted into the Legion at one point. But when he began to
annoy others in the group with his New York braggadocio and refusal to share
information, he was banished, Legion members said.
Meanwhile, a hacker using a computer party line based in Texas had insulted Mr.
Lee, who is black, with a racial epithet.
By 1989, both New Yorkers had turned to a new group, MOD, founded by Mr.
Ladopoulos. They vowed to replace their Legion rivals as the "new elite."
"It's like every other 18- or 19-year-old who walks around knowing he can do
something better than anyone else can," said Michael Godwin, who knows several
of the accused and is a lawyer for the Electronic Frontier Foundation of
Cambridge, Massachusetts, which provides legal aid for hackers. "They are
offensively arrogant."
Hacker groups tend to rise and fall within six months or so as members leave
for college, meet girls or, as one former hacker put it, "get a life." But the
MOD continued to gather new members from monthly meetings in the atrium of the
Citicorp Building in Manhattan and a computer bulletin board called Kaos.
According to a history the group kept on the computer network, they enjoyed
"mischievous pranks," often aimed at their Texas rivals, and the two groups
began sparring.
Texas-New York Sparring
But in June 1990, the three Texas-based Legion members, including Mr. Shulman,
Chris Goggans and Scott Chasin, formed Comsec Data Security, a business
intended to help companies prevent break-ins by other hackers.
Worried that the Texans were acting as police informers, the MOD members
accused their rivals of defaming them on the network bulletin boards. Several
members, including Mr. Abene, had become targets of raids by the Secret
Service, and MOD members believed the Texans were responsible, a contention the
Texans respond to with "no comment."
But the sparring took on racial overtones as well. When Mr. Lee wrote a
history of the MOD and left it in the network, Mr. Goggans rewrote it in a jive
parody.
The text that read, "In the early part of 1987, there were numerous amounts of
busts in the U.S. and in New York in particular" became "In de early time part
uh 1987, dere wuz numerous amounts uh busts in de U.S. and in New Yo'k in
particular."
Mr. Goggans said that it was not meant as a racist attack on Mr. Lee. "It was
just a good way to get under his skin," he said.
Exposing Identities
MOD's activities, according to the indictment and other hackers, began to
proliferate.
Unlike most of the "old generation" of hackers who liked to joyride through the
systems, the New Yorkers began using the file information to harass and
intimidate others, according to prosecutors. Everything from home addresses to
credit card numbers to places of employment to hackers' real names -- perhaps
the biggest taboo of all -- hit the network.
In the indictment, Mr. Lee and Mr. Fernandez are accused of having a
conversation last fall in which they talked about getting information on how to
alter TRW credit reports to "destroy people's lives or make them look like
saints."
The prosecutors say the youths also went after information they could sell,
though the indictment is not specific about what, if anything, was sold. The
only such information comes from another case earlier this month in which two
other New York City hackers, Morton Rosenfeld, 21, of Brooklyn, and Alfredo de
la Fe, 18, of Manhattan, pleaded guilty to a conspiracy to use passwords and
other access devices obtained from MOD. They said they had paid "several
hundred dollars" to the computer group for passwords to obtain credit reports
and then resold the information for "several thousand dollars" to private
investigators.
News Media Attention
Competition for attention from the news media also heated up. The former
Legion members in Comsec had become media darlings, with articles about them
appearing in Time and Newsweek. Mr. Abene and Mr. Ladopoulos also appeared on
television or in magazines, proclaiming their right to probe computer systems,
as long as they did no damage.
In one highly publicized incident, during a 1989 forum on computers and privacy
sponsored by Harper's magazine, John Perry Barlow, a freelance journalist and
lyricist for the Grateful Dead, went head to head with Mr. Abene, or Phiber
Optik. Mr. Barlow called the young hacker a "punk."
According to an article by Mr. Barlow -- an account that Mr. Abene will not
confirm or deny -- Mr. Abene then retaliated by "downloading" Mr. Barlow's
credit history, displaying it on the computer screens of Mr. Barlow and other
network users.
Skirmishes Subside
"I've been in redneck bars wearing shoulder-length curls, police custody while
on acid, and Harlem after midnight, but no one has ever put the spook in me
quite as Phiber Optik did at that moment," Mr. Barlow wrote. "To a middle-
class American, one's credit rating has become nearly identical to his
freedom."
In recent months, hackers say, the war has calmed down. Comsec went out of
business, and several Masters of Deception were left without computers after
the Secret Service raids.
Mr. Abene pleaded guilty last year to misdemeanor charges resulting from the
raids. On the night before his arrest this month, he gave a guest lecture on
computers at the New School for Social Research.
Mr. Lee says he works part time as a stand-up comic and is enrolled at Brooklyn
College studying film production.
Mr. Stira is three credits shy of a degree in computer science at Polytechnic
University in Brooklyn. Mr. Fernandez hopes to enroll this fall in the
Technical Computer Institute in Manhattan. Mr. Ladopoulos is studying at
Queens Community College.
No trial date has been set.
But the battles are apparently not over yet. A couple of days after the
charges were handed up, one Legion member said, he received a message on his
computer from Mr. Abene. It was sarcastic as usual, he said, and it closed,
"Kissy, kissy."
[Editor's Note: Article included photographs of Phiber Optik, Scorpion,
Corrupt, and Outlaw.]
_______________________________________________________________________________
Frustrated Hackers May Have Helped Feds In MOD Sting July 20, 1992
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By James Daly (ComputerWorld)(Page 6)
NEW YORK -- Are hackers beginning to police themselves? The five men recently
charged with cracking into scores of complex computer systems during the last
two years may have been fingered by other hackers who had grown weary of the
group's penchant for destruction and vindictiveness, members of the hacker
community said.
The arrest of the defendants, whom federal law enforcement officials claimed
were members of a confederation variously called the "Masters of Deception" and
the "Masters of Disaster" (MOD), was cause for celebration in some quarters
where the group is known as a spiteful fringe element.
"Some of these guys were a big pain," said one source who requested anonymity
for fear that unindicted MOD members would plot revenge. "They used their
skills to harass others, which is not what hacking is all about. MOD came with
a 'you will respect us' attitude, and no one liked it."
Said another: "In the past few months, there has been a lot of muttering on the
[bulletin] boards about these guys."
In one episode, MOD members reportedly arranged for the modem of a computer at
the University of Louisville in Kentucky to continually dial the home number of
a hacker bulletin board member who refused to grant them greater access
privileges. A similar threat was heard in Maryland.
In the indictment, the defendants are accused of carrying on a conversation in
early November 1991 in which they sought instructions on how to add and remove
credit delinquency reports "to destroy people's lives . . . or make them look
like a saint." Unlike many other hacker organizations, the members of MOD
agreed to share important computer information only among themselves and not
with other hackers.
Officials Mum
Who exactly helped the FBI, Secret Service and U.S. Attorney General's Office
prepare a case against the group is still anyone's guess. Assistant U.S.
Attorney Stephen Fishbein is not saying. He confirmed that the investigation
into the MOD began in 1990, but he would not elaborate on how or why it was
launched or who participated. FBI and Secret Service officials were equally
mute.
Some observers said that if the charges are true, the men were not true
"hackers" at all.
"Hacking is something done in the spirit of creative playfulness, and people
who break into computer security systems aren't hackers -- they're criminals,"
said Richard Stallman, president of the Cambridge, Massachusetts-based Free
Software Foundation, a public charity that develops free software. The
foundation had several files on one computer deleted by a hacker who some
claimed belonged to the MOD.
The MOD hackers are charged with breaking into computer systems at several
regional telephone companies, Fortune 500 firms including Martin Marietta
Corp., universities and credit-reporting concerns such as TRW, Inc., which
reportedly had 176 consumer credit reports stolen and sold to private
investigators. The 11-count indictment accuses the defendants of computer
fraud, computer tampering, wire fraud, illegal wiretapping and conspiracy.
But some hackers said the charges are like trying to killing ants with a
sledgehammer. "These guys may have acted idiotically, but this was a stupid
way to get back at them," said Emmanuel Goldstein, editor of 2600, a quarterly
magazine for the hacker community based in Middle Island, New York.
Longtime hackers said the MOD wanted to move into the vacuum left when the
Legion of Doom began to disintegrate in late 1989 and early 1990 after a series
of arrests in Atlanta and Texas. Federal law enforcement officials have
described the Legion of Doom as a group of about 15 computer enthusiasts whose
members re-routed calls, stole and altered data and disrupted telephone
services.