>C O M P U T E R U N D E R G R O U N D<

****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.17 (June 21, 1990) **
** SPECIAL ISSUE: JUDGE BUA'S OPINION ON MOTION TO DISMISS **
****************************************************************************

MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: [email protected]

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------

File 1: Moderators' Comments
File 2: From the Mailbag (6 items)
File 3: Info World article and response (Mike Godwin)
File 4: LoD and the Secret Service (Mike Godwin)
File 5: California Law Targets Info Possession as Felonious??
File 6: Hackers in the News (reprint by Adam Gaffin)
--------------------------------------------------------------------

***************************************************************
*** Computer Underground Digest Issue #1.17 / File 1 of 6 ***
***************************************************************

----------
FTP
----------

The FTP site seems to be working well. The directories are not obvious, but
if you send us a note, we can provide the directory chart and info on how
to access files if you're having problems.

-------------
PHRACK 31
-------------

We have received several questions about PHRACK 31 from people wondering
what the connection is between the resurrected issue and previous issues.
The lastest issue **IS IN NO WAY RELATED TO THE PREVIOUS!** The former
editors had no connection with the current editors and they are not in any
way associated with it. Some feel that the new editors should have changed
the name or taken a stronger editorial position, and feel the content is
not what would have appeared in previous issues. However, others have
argued that they find the issues informative and feel it is important to
continue the tradition as a way of maintaining a sense of community among
the CU. We invite responses on both side.

-------------
MAILING LIST
-------------

If you have sent us mail but have not received a reply, it means that we
cannot get through to your address and the "reply" command doesn't respond
to the "From:" line. Just send us another note with several addresses that
we can experiment with, and we'll try again.

-------------
STUFF TO READ
-------------

John Perry Barlow has written the best summary and analysis of recent
events that we have read. It's titled "Crime and Puzzlement," and we
encourage everybody to read it. We also recommend Dorothy Denning's work as
well. She has not yet given us permission to circulate it, but if you're
interested, we will send your requests directly to her.

-------------
ERRATTA
-------------

LEN ROSE: In CuD 1.14, a contributor identified Len Rose as being from New
Jersey. The case is in fact in Baltimore.

TAP: A reader reminded us that the current TAP, available for the price of
a stamp, is not a direct offspring of the original.

PHRACK: A typo listed Phrack as originating in 1986. It first appeared in
November 1985.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

***************************************************************
*** CuD, Issue #1.17 / File 2 of 6 / From the Mailbag ***
***************************************************************

----------------
The following was forwarded from Telecom Digest
----------------

Date: Wed, 13 Jun 90 11:03:34 CDT
From: Doug Barnes <[email protected]>
Message-Id: <[email protected]>
To: @auschs.uucp:ibmchs!cs.utexas.edu!eecs.nwu.edu!telecom

Although I have not been directly affected by this operation, it has loomed
very large in my life. I'm an Austin, TX resident, I know many of the
principals who *have* been directly affected, and I've experienced
first-hand some of the chilling effects that the operation has had on
freedom of expression and freedom of association among the usenet and bbs
communities here in Austin.

First of all, some simple math will tell you that if evidence was seized in
26 places, only a handfull of the seizures have been publicized. In two
cases of people I know personally, there was no direct participation with
the LoD, equipment was seized, and the equipment owners sufficiently
terrified by the prospect of further victimization that they have avoided
publicity. Let's face it; even if over $30,000 of equipment has been seized
from someone, that's peanuts compared to court costs and possible
career-damaging publicity from being connected to this mess.

The next layer of damage is to operators of systems even less involved, but
who want to avoid having their house broken into, their equipment seized,
and their reputation besmirched. (If the SS has come to call, then surely
you're guilty of *something*, right?) The solution? Restrict or eliminate
public access to your system. And give me a break, Mr. Townson; if a system
has any reasonable volume and the administrator has any sort of a life,
then that administrator is not going to be reading people's personal mail.
It's semi-reasonable to expect some monitoring of public areas, but not on
a prior review basis...

Then there's the hard-to-quantify suspicion that brews; if being associated
with "crackers" can lead to that early morning knock, (even if that
association has nothing to do with cracking, say, an employer-employee
relationship), then how does that square with freedom of association? Does
the operator of a usenet feed have to run an extensive security check on
anyone who calls for news? How about the operator of a computer store who
hires a salesman? Do any of these people deserve to have their computers,
their disks, their manuals, their modems seized because they have "been
associated with" a "known" cracker?

Although the crackdown has not been as bad as it could have been, allowing
the SS to get away with it would set a most unfortunate precedent.

Douglas Barnes

===========================================================================

Date: Thu, 14 Jun 90 17:08 EDT
From: Stephen Tihor <TIHOR@NYUACF>
Subject: Outreach..advice sought
To: tk0jut2

My university already has one summer program for bright high school
students but I am looking to see what we can and should do to provide a
legitimate opertunity for youngsters who might become crackers to learn and
to help socialize their urges to explore and expand their world view
without attracting electronic vandals.

Although the computer center is receptive to student initiated projects and
requests for talks or training on any subject few students take advantage
of our offers. Some of our efforts (such as universal email only accounts
on request) have been thwarted by the central administration concerns about
the potentially hugh costs of the project. We have been proceding more
slowly to demonstrate that most members of the university community don't
care yet.

I am interested in ideas with low $ and personel costs and which will avoid
triggering more vandalism or even unguided explorations. Innocent mistakes
made by users "sharing resources" have been almost as much trouble as the
vandals so we can not simply take the Stallman approach and remove all
passwords from the university.

===========================================================================

Date: Thu, 14 Jun 90 11:54:57 EDT
From: [email protected](Mark Seiden)

re CuD 1.14:

<5. What happens, as occasionally does, if an attorney asks the moderators
<of CuD for a copy of Phrack #22 or the E911 file? If we send it, have we
<committed a crime? If the recipient accepts it has a second crime occured?

presumably there a precise legal definition of "traffic"?

<It seems that federal agents are not particularly interested in clarifying
<these issues. It leaves the status of distribution of information in limbo
<and turns the "chilling effect" into a sub-zero ice storm. Perhaps this is
<what they want. It strikes us as quite irresponsible.

Exactly how have they been asked to clarify these issues?

Are you still able/willing to make the entire archives available to, say,
counsel needing access for trial preparation? how about to someone who
will be testifying before Congress (who are holding hearings in mid-July on
this subject)?

Does the chilling effect extend so far that defendants will find themselves
denied access to resources they need to prepare a proper defense (while the
government remains resourceful as always) and debate over public policy is
stifled because relevant information cannot be revealed?

A separate query: does anyone have in postable form the texts of the
Computer Fraud and Abuse Act and the Wire Fraud sections of USC so maybe us
ordinary asses can figure out how this game of "pin the tail on the donkey"
can be played?

[email protected]

===========================================================================

Date: Sat, 16 Jun 90 15:59:16 -0500
From: BKEHOE@widener
Subject: On the counts held against Riggs & Neidorf
To: tk0jut2,

In reading the official transcript %of Craig Neidorf's indictment--eds.%, I
found myself realizing a few things:

1) The way the counts read on the transmission of the E911 file along with
the Phrack files, it opens up an interesting hole--if they are being
charged with the fact that it was illegal to transmit such a file, then
what of the people (from Rich Andrews at Jolnet to the Postmaster at
Missouri) that were, albeit indirectly, also transmitting that file? Should
they too be charged with having committed a crime? If not, then how can
Riggs & Neidorf be charged, if it's not a crime? Murky water.

2) Counts 3 and 4 were about as vague as anything I've read. From my
interpretation, the counts are charging them with conspiring to perform the
E911 "theft" via email. Does that then mean that if I were to write to
someone with a scheme to break into a system somewhere, that I could be
held accountable for my plans? Is the discussion of performing an illegal
act of and in itself illegal?

4) Finally, I must wonder how many more charges may be pulled up between
now and the time of the trial, if that gem about transmitting Phrack 22 was
so suddenly included. Will every Phrack be dug through for any "possibly"
illegal information?

Something's rubbed me wrong ever since Operation SunDevil first started
moving its gears. The trade of information is turning out to be the
mainstay of our society; the amazing boom of fax machines and CD-ROM
storage of volumes of information attribute to that fact. So now all of a
sudden we are hit with the dilemma of deciding what information should and
shouldn't be made available to the "general public", and who should
disseminate that information. If I were to write up a file based on the
information in Dave Curry's Unix Security paper, using language that
"incites devious activity" (a.k.a. encourages people to go searching for
holes in every available Unix system they can find), can I be held
accountable for providing that information? How much of it is based on the
ethical & legal value of the situation, and how much of it is the result of
the "witch hunt" mentality?

One more thing...I know that it's like beating a dead horse, and that it's
become a well-founded part of the American vernacular, but I still don't
like to see the term 'hacker' defined so concretely as was in this
indictment. Sure, the definition's been encouraged over the past decade or
so; I think it still puts a bad light on anyone that finds a fascination
with computers & the world focused around them.

Well, that's enough for now...I'm interested in hearing other peoples'
opinions on all of this. I'm sure I'm not the only one out here who gets
mildly PO'd each time I hear about a new result of Operation Sun Devil (and
the associated fever).

--Brendan Kehoe ([email protected]) -- Sun Systems Manager c 40

===========================================================================

Date: Sun, 17 Jun 90 20:46:27 -0400
From: [email protected](Adam M Gaffin)
To: tk0jut2%[email protected]
Subject: forum invitation

Commenting on Operation Sun Devil and Mitch Kapor's efforts, Sanford
Sherizen, a computer-security consultant in Natick, Mass, told the
Middlesex News (Framingham, Mass) that he is worried both by the potential
for excessive government zeal in going after computer criminals and by the
attitude that hackers have a right to go wherever their keyboards can gain
them entry.

%%I would hope this would not turn into an argument over whether
hackers are good or bad, but rather I would hope (Kapor) and a lot of other
leaders in the computer-communications industry start looking at what is
privacy, what is an appropriate guarantee of free speech, but also the
right to be left alone, the right not to have their data under siege,'' he
said. %%We don't have a good sense of what our %bill of privacy rights'
are.''

Sherizen is trying to organize a forum on electronic free speech and
privacy issues with a university in the Boston area. He would like to hear
from anybody interested in participating, including members of the CU, and
can be reached by phone at (508) 653-7101 or on MCI Mail at SSherizen.

===========================================================================

To: [email protected]
From: Pat Bahn <[email protected]>
Subject: the Jolnet/Sun Devil story
Date: 21 Jun 90 15:04:13 GMT

I have a reporter friend who wants to do a story on the Jolnet/Sun Devil
situation. Is there anyone out there who has first hand experience. She
doesn't need friend of a friend rumours but hard physical contact. Guns in
faces of 12 year olds makes great copy.

thanks
=============================================================================
Pat @ grebyn.com | If the human mind was simple enough to understand,
301-948-8142 | We'd be too simple to understand it. -Emerson Pugh

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

***************************************************************
*** CuD, Issue #1.17 / File 3 of 6 / Info World - LoD ***
***************************************************************

Newsgroups: news.admin,alt.bbs
Subject: Re: Legion of Doom/Secret Service
Reply-To: [email protected] (Mike Godwin)
Organization: The University of Texas at Austin, Austin, Texas

In article <[email protected]> [email protected] (James Deibele) writes:
>Interesting paragraph in this week's InfoWorld. In "Notes from the Field,"
>Robert X. Cringely's column, he writes:
>
>"Back in February, when AT&T long distance service went down for most of a day,
>the company blamed it on a software bug, but it was really a worm --- sabotage
>by hackers loosely associated as the Legion of Doom. Members also lifted UNIX
>System V.3 source code from Bell Labs and 911 maintenance code from Bellsouth.
>But it was disruption of telephone service that got the Secret Service
>involved. Many Unix nodes on the anarchic Usenet crabgrass network were seized
>by zealous agents tracking down mailing lists."

I doubt Cringely is correct about the connection between the AT&T crash and
the Legion of Doom prosecutions:

1) The indictments don't mention any connection or criminal liability
relating to the AT&T crash.

2) The indictments DO list only counts of wire fraud and interstate
transportation of stolen property. (The major "theft" was of an E911
"help" file; the major "fraud" seems to have been that the hackers
used pseudonyms--e.g., "Knight Lightning"--and that they concealed
the evidence of their logons on remote systems.)

3) None of the so-called "stolen property" (there are legal reasons to
question the feds' expansive definition of stolen property here) seems
to have been source code.

4) The Secret Service has been apparently been involved in the LoD
investigation since long before the AT&T crash.

Since the feds are constitutionally required to inform Neidorff and
Riggs (the LoD defendants) of the charges against them, the indictment
is pretty much of a map of the way the case is going to go--the
prosecutors can't surprise the defendants later by saying, "Oh, yes,
we're REALLY prosecuting you for the AT&T crash.) If they had any
reason to believe that the LoD was involved in such a highly publicized
failure of an LD system, it is practically a sure thing that it would
have been mentioned in the indictment. Not to mention the press
releases that accompanied the issuing of the indictments.

There do seem to be a few genuine facts in Cringely's paragraph; e.g.,
that Usenet is anarchic.

--Mike
-------------------------------------
MODERATOR'S RESPONSE: We attempted to contact Mr. Cringely, a
pseudonym, at Infoworld (415-328-4602). Mr. Cringely was not in,
but he did return our call later (but we were not in). We will
try to contact him again and print his response. One source who
has contacted him indicated that Infoworld has received many calls
objecting to the article. Our own information is that Mr.
Cringely stands by his sources, but that Infoworld may do a
follow-up NEWS story. The unidentified person with whom we spoke
said that the purpose of the rumors column was to allow "insiders"
to speak without fear of reprisal. But, as Mike Godwin indicates
above, there are so many demonstrable factual errors in the
story that one wonders whether the editors condone what appears
to be fabrication, especially when cynical prosecutors seem willing
to grasp any innuendo in order to discredit the CU.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

***************************************************************
*** CuD, Issue #1.17 / File 4 of 6 / LoD and SS ***
***************************************************************

To: TK0JUT2%[email protected]
From: [email protected] (Mike Godwin)
Subject: Re: Legion of Doom/Secret Service
Date: 22 Jun 90 04:39:54 GMT
References: <[email protected]> <[email protected]>

In article <[email protected]> [email protected] (Kenneth Trant) writes:

> In reading all the postings regarding the Secret Service, LoD, & the
>C/Hackers I find (maybe in my own mind :-) ) that everyone is jumping to
>the defense of the defendants, who it appears have admitted to entering
>systems without the permission of the Sysadm's. People seem to always side
>against the gov't in favor of the individuals in these types of cases,
>unless of course it was they who were the victims. I for one believe that
>if they illegally entered another computer, whether to just poke around or
>to gather information or material, they deserve to lose all their equipment
>and serve some jail time. If they have some much time on their hands to
>crack systems let them do community service. Someone mentioned that they
>had a hard time believing the estimated amount of the "stolen property",
>who cares?. They broke in, they stole, they should lose their equipment and
>go to jail.

Kenneth, it seems to me that the points you raise here are based on the
assumption that we're all REFLEXIVELY anti-government. I for one am not.
But if you study how the law is being used in cases like these, you cannot
help but worry about the implications such use has for the expansion of
government power.

First, consider the issue of whether the property was really "stolen." The
law defines property interests and stolen property in several ways. These
definitions include: 1) whether the rightful owner was deprived of its use
(not true in this case), 2) whether (in the case of information), the thief
*used* the information himself rather than merely *possessing* it (not true
in this case), and 3) whether the thief had some kind of fiduciary duty to
the rightful owner (not true in this case). The broad definition of
property used by the federal prosecutors here could just as easily be
applied to a whistleblower who photocopies government documents and takes
them to the press.

Second, consider the degree of punishment. Neidorf and Riggs currently must
defend themselves against an 11-count indictment. Eight of the counts are
for wire fraud, which carries a maximum penalty of $1000 and five years'
prison time *per count*. The other three are for interstate transportation
of stolen property, with a maximum of $10,000 in fines and 10 years in
prison *per count*.

Third, consider the breadth of definition in the feds' use of the term
"fraud" in the wire-fraud counts: Apparently, the "fraud" in the Legion of
Doom prosecutions was nothing more than 1) the defendants' use of handles
(common-place in the BBS world, as you should know), and 2) their alleged
erasure of evidence that they had ever entered the computers in question.
This is a *very broad* application of the crime of wire fraud.

Fourth, consider that the original indictment tacked on an 18 USC 1030
charge, which gave the Secret Service jurisdiction along with the FBI. Even
though the charge was dropped in the amended indictment (that particular
statute requires a federally owned computer or a "Federal interest
computer" for jurisdictional purposes), its initial presence justified
expanded involvement of the Secret Service in domestic law enforcement.

Me, I have no objection to criminalizing unauthorized access to other
people's computers. But I object to prosecution of this scale against
defendants of this sort, for much the same reason I oppose prosecuting
joyriders for grand theft auto.

--Mike

Mike Godwin, UT Law School |"No interest is good unless it must vest,

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

***************************************************************
*** CuD, Issue #1.17 / File 5 of 6 / California Law ***
***************************************************************

It appears that under California's recent amendments to Sections 502 and
502.7 of the Penal Code, discussion of certain types of knowledge can be
felonious. Although we do not have the final statute (could somebody send
us a copy to TK0JUT2@NIU?), the final "mock ups" are ominous. Most of the
amended legislation is legitimately aimed at such crimes as theft,
malicious data damage, and other acts to which we all object. However,
tucked within the proposed statute is language that seems sufficiently
vague and ambiguous to warrant concern. A few passages in particular caught
our eye. Upper case indicates emphasis that we have added.

Sec. 6, 502.7 (a) specifies:

"Any person who, knowingly, willfully, and with intent to defraud a
person providing telephone or telegraph service, avoids or attempts to
avoid, OR AIDS ABETS OR CAUSES ANOTHER TO AVOID the lawful charge, in
whole or in part, for telephone or telegraph service by any of the
following means is guilty of a misdemeanor or a felony, as provided in
subdivision (f):"

Most of the provisions seem reasonable. One, however, strikes us as
potentially dangerous. 502.7 (a)(5)(b) states:

"Any person who MAKES, POSSESSES, SELLS, GIVES, OR OTHERWISE TRANSFERS
TO ANOTHER, OR OFFERS OR ADVERTISES ANY INSTRUMENT, APPARATUS, OR
DEVICE WITH INTENT TO USE IT or with knowledge or reason to believe it
is intended to be used to avoid any lawful telephone or telegraph toll
charge or to conceal the existence or place of origin of destination
of any telephone or telegraph message; or (2) sells, gives, or
otherwise transfers to another, or advertises plans or instruments for
making or assemblying an instrument, apparatus, or device described in
paragraph (1) of this subdivision with knowledge or reason to believe
that they may be used to make or assemble the instrument, apparatus, or
device is guilty of a a misdemeanor or a felony, as provided in
subdivision (1)."

Subdivision (b) of this section indicates that the law applies when a
telephone or telegraph communication either originates or terminates, or
both originates and terminates, in California. It is not clear whether the
law is limited only to communications that "intend to defraud," or extends
also to information passed over the lines as well. Given the current
liberal extension and use of RICO and anti-drug laws, there is no reason to
expect that law enforcement agents will adopt a narrow interpretation. We
have already seen the creative use of "fraud" and "theft" (as well as
"conspiracy") employed in the prosecution of Craig Neidorf in Chicago.

Just as chilling is subdivisions (g) and (h) of this passage. The language
in (g) specifics:

Any instrument, apparatus, device, plans, instructions, or written
publication described in subdivision (b) or (c) may be seized under
warrant or incident to a lawful arrest, and, upon the conviction of a
person for a violation of subdivision (a), (b), or (c), the
instrument, apparatus, device, plans, instructions, or written
publication may be destroyed as contraband by the sheriff of the
county in which the person was convicted or turned over to the person
providing telephone or telegraph service in the territory in which it
was seized.

Section (h) provides that:

Any computer, computer system, computer network, or any software or
data, owned by the defendant, which is used during the commission of
any public offense described in this section any computer, owned by
the defendant, which is used as a repository for the storage of
software or data illegally obtained in violation of this section shall
be subject to forfeiture.

Perhaps we misread the language of all this, but if so, it seems that
control agents also have considerable latitude to "misread." But, it seems
to say that the MERE POSSESSION of information of, for example, how to make
a box, or of an auto-dialer, or of information on altering a telephone
constitutes a crime, whether it is ultimately used or not. The language
seems quite explicit that communicating information about ANY of these
articles is a crime.

What does this mean? It seems to mean that if you possess any copy of
PHRACK that describes boxing with diagrammed instructions on how to make
one, you are potentially at risk for both prosecution and forfeiture of
equipment. A counter argument, one that enforcement agents give, is that we
should trust the "good faith" of controllers. We have seen, however, that
"trust your friendly computer cop" is an oxymoron.

Would persons in Illinois who have uploaded a textfile on boxing to
California be guilty under this law? It so-appears. Does California have an
extradition agreement with Illinois? Should researchers, journalists, and
just plain folk start to worry? Looks like you'd better if you possess
profane information.

Perhaps we are unduly concerned, but it seems that the language of this, if
this is what actually appears in the final statute, provides a means to
RESTRICT THE FLOW OF INFORMATION, whether used in a crime or not. And this
is what all the fuss is about! It is not about hacking, phreaking, carding,
or illegal behavior. It is about the free flow of information that seems to
be threatened with prosecution, and lots of it. It is about confiscation,
forfeiture, or...fill in your own favorite term...the rip-off of equipment
of legitimate, law-abiding folk merely for possessing (or worse?)
disseminating knowledge. As the California statue reads, even to publish
information that could help others learn how to break into a computer is a
potential felony. This means a restriction on research, literature, or any
other legitimate forum in which presentation of such information is
critical. On feature that made Stoll's work so captivating was the detail
he provided on the cat and mouse game between himself and Marcus Hess.
Should such detail be prohibited under the guise of "protecting the
commonweal?"

Our point here is that, until recently, there was no organized constituency
to oppose the excesses of otherwise well-meaning laws. It is one thing to
protect the public. It is quite another to cynically manipulate law in ways
that restrict freedom of information. The California law seems akin to
formatting the hard drive in order to delete a troublesome file. It fails
to distinguish between the nature of computer crimes, and ultimately
penalizes those of us who depend on the free flow of information that we,
perhaps naively, feel is essential to a democracy.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

***************************************************************
*** CuD, Issue #1.17 / File 6 of 6 / Hackers in the News ***
***************************************************************

Date: Sun, 17 Jun 90 20:42:39 -0400
From: [email protected](Adam M Gaffin)
To: tk0jut2%[email protected]
Subject: newspaper article

The following is from the Middlesex News, Framingham, Mass, 6/17.

By Adam Gaffin NEWS STAFF WRITER

Scarecrow and Ferret say they're lying low right now - this
time the feds seem to be really serious about cracking down on
computer hackers.

Not that that's what they consider themselves. But the two
Framingham-area residents are part of the computer
corporate codes to make free phone calls across the country and to
Europe as he tries to collect pirated copies of computer games from
underground computer bulletin-board systems.

Ferret ran one of these "elite" systems, open only to other
members of this demi-world, until his computer's hard drive began
malfunctioning a few weeks ago.

But the pair are cutting back their hacking. On May 7 and 8,
150 federal agents served search warrants in 15 locations across the
country in connection with a two-year probe into computer hacking.
Four months earlier several people were arrested in a related probe
into the electronic theft of a document describing the
administration of a 911 system in the South.

"I've been very low-key since this whole thing started,"
Scarecrow says, "I've gone seven weeks without using a
(credit-card) code."

"This time it has a different ring to it," Ferret said.
"This one for
me personally, it looks like maybe it's for real. It may be the end
of an era."

Both agreed to an interview on the condition that they be
identified only by the nicknames they use in the computer
underworld.

It's a world that is hard to enter until you pick up enough
skills to prove to insiders that you can hack with the best of them.

Scarecrow recalled getting a call once from a local teen who
needed some computer help. Scarecrow said he'd help, but on one
condition: that the teen crack into a computer network at a large
university in Boston and create an "account" that would give
Scarecrow access.

"And he did," Scarecrow said. Once accepted into the
computer underworld, everybody tries to help each other out and
often become fast friends - even if they do not know each
other's real names and communicate only by computer or
long-distance phone call - the two said. "I don't believe in
the high prices of software," Scarecrow says, explaining his
mania for collecting games for Commodore computers.

"Personally, I think it's insane to pay $40 for one game."
Yet he admits he has played few of the several thousand games
he has collected over the past couple of years. "It's more
like a game, just to see how many you can get." He says he has
a reputation as one of the fastest collectors in the country -
he can get any game within three days after it's been cracked.
And in the underground, reputation is everything, the two say.
It's how you gain access to the "elite" bulletin-board
systems, which now often require three personal references.
It's how you get others to do things you either cannot yourself
or just don't want to.

"I can get anything I need, and I have
the means to get it," Scarecrow said. "You do it because you
can," he said. "If I can get away with it and do it, why
not?" Scarecrow says nobody gets hurt and the phone companies
or big businesses pick up the tab for his phone calls, which
are often long conference calls with people across the country
and the Atlantic, usually at night. "They can afford it," he
said. "I don't consider what we do breaking the law," he
said. "We sort of push it to the limit. How can you sit there
and tell me I'm breaking the law when I see what they did on
May 7 and 8? How can the government say I'm breaking the law?
They threw the First Amendment out the window."

The Software
Publishers Association, which represents companies that sell
programs, and the Secret Service see it differently. "All the
publishers have to sell is an idea, a creation," says Peter
Beruq, the association's litigation manager. "A lot of time,
energy and effort goes into developing software products.

Publishers and their authors should be compensated for that
work; it doesn't matter if it's a $40 game or $200 spreadsheet.
What's the incentive for someone to create a new software
product if they know it's going to be pirated?"

"The losses
to the American public in this case are expected to be
significant," Gary Jenkins, the service's assistant director,
said in announcing the May warrants. "The Secret Service takes
computer crime very seriously, and we will continue to
investigate aggressively those crimes which threaten to disrupt
our nation's business and government services. "Our
experience shows that many computer hacker suspects are no
longer misguided teen-agers mischievously playing games with
their computers in their bedrooms," he said. "Some are now
high-tech computer operators using computers to engage in
unlawful conduct."

"No one's out for destruction," Scarecrow
said. "We keep ourselves in check more than the government
ever could. ... There's a strict etiquette and you have to
answer for your actions. Your reputation is all you have."
Hackers often design elaborate "demos" - programs with fancy
graphics and sophisticated sound effects - to spread the word
about hackers gone bad, they said. "Word on anyone can get
out within 24 hours," he said. They add there is no shortage
of new people coming into the field. "It's nice to see new
people coming in, new people taking over, but there's so much
to teach," Scarecrow said. "We're old men," Ferret, 22,
said. Scarecrow is 26.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
!