Editors: Jim Thomas and Gordon Meyer ([email protected])
Copy Editor: Etaion Shrdlu, Jr.
Archivist: Brendan Kehoe
Archivist in spirit: Bob Kusumoto
Shadow-Archivist: Dan Carosone
CONTENTS, #4.31 (July 17, 1992)
File 1--MOD Indictment (July, '92)
File 2--Newsbytes Editorial on MOD Indictment
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from American Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
((Moderators' note: The following is the complete indictment of
five MOD members (see CuD 4.30 for background)).
UNITED STATES DISTRICT COURT
SOUTHERN DISTRICT OF NEW YORK
- - - - - - - - - - - - - - - - - - - -X
:
UNITED STATES OF AMERICA :
:
- v - :
:
JULIO FERNANDEZ, a/k/a "Outlaw," : _INDICTMENT_
JOHN LEE, a/k/a "John Farrington," :
a/k/a "Corrupt," :
MARK ABENE, a/k/a "Phiber Optik," :
ELIAS LADOPOULOS, : 92 Cr.
a/k/a "Acid Phreak," and :
PAUL STIRA, a/k/a "Scorpion" :
:
Defendants :
:
- - - - - - - - - - - - - - - - - - - -X
_COUNT ONE_
Conspiracy
The Grand Jury Charges:
_Introduction_
1. At all times relevant to this indictment:
(a) MOD was a closely knit group of computer
hackers located primarily in the New York City area. (The term
"computer hacker" refers to someone who uses a computer or a
telephone to obtain unauthorized access to other computers). The
letters "MOD" had various meanings, among them "Masters Of
Disaster" and "Masters of Deception."
(b) At various times, the defendants JULIO
FERNANDEZ, JOHN LEE, MARK ABENE, ELIAS LADOPOULOS and PAUL STIRA
were members of MOD. Within MOD and in the course of their
computer hacking activities, the defendants frequently identified
themselves by their nicknames or hacking "handles." In
particular, JULIO FERNANDEZ used the name "Outlaw," JOHN LEE used
- 1-
the name "Corrupt," MARK ABENE used the name "Phiber Optik,"
ELIAS LADOPOULOS used the name "Acid Phreak," and PAUL STIRA used
the name "Scorpion." JOHN LEE was also known to his associates
as "John Farrington."
(c) Southwestern Bell Telephone Company
("Southwestern Bell") was a regional telephone company that
provided local telephone service to millions of customers in
Arkansas, Kansas, Missouri, Oklahoma and Texas. Southwestern
Bell's telephone system was controlled and operated by numerous
computers located throughout the above-named states, including
telephone switching computers. The telephone switching computers
operated by Southwestern Bell and other telephone companies were
large computers that controlled call routing, calling features
(such as call forwarding, call waiting and three-way calling),
billing and other telephone services for tens of thousands of
telephone lines each. Southwestern Bell's headquarters were
located in St. Louis, Missouri.
(d) BT North America Inc. was an international
corporation that provided telecommunications services throughout
the world. Among BT North America's businesses in the United
States was the operation of a data transfer network called
Tymnet. The Tymnet network was an international network through
which customers could transmit electronic communications. The
Tymnet network was controlled and operated by numerous computers
located throughout the United States and elsewhere. BT North
America's headquarters were located in San Jose, California.
- 2 -
(e) New York Telephone Company ("New York
Telephone") was a regional telephone company that provided local
telephone service to millions of customers in New York State.
New York Telephone's telephone system was controlled and operated
by numerous computers located throughout New York State. New
York Telephone's headquarters were located in New York City.
(f) Pacific Bell and U.S. West were regional
telephone companies that provide telephone service to customers
in, among other states, California and Idaho, respectively. One
of the telephone switching computers operated by Pacific Bell was
located in Santa Rosa, California. One of the telephone
switching computers operated by U.S. West was located in Boise,
Idaho.
(g) Martin Marietta Electronics Information and
Missile Group ("Martin Marietta") was an aerospace and
engineering company located in Orlando, Florida. Martin Marietta
operated a telephone switching computer that handled the
company's telephone lines.
(h) International Telephone and Telegraph Company
("ITT"), was a telecommunications company. One of the ways that
ITT provided telephone services to customers was to provide
customers with personal identification numbers. Customers could
dial local or toll free telephone numbers assigned to ATT, enter
their personal identification numbers, and then obtain local and
long distance calling services that would be charged to their
accounts.
- 3 -
(i) Information America, Inc., was a computerized
information service that provided subscribers with accesses to
telephone numbers, addresses, business abstracts and other
information regarding individuals and businesses throughout the
United States. Information America's headquarters and its primary
computer data base were located in Atlanta, Georgia.
(j) TRW Information Services ("TRW") and Trans
Union Corporation ("Trans Union") were credit reporting services
that provided subscribers with access to credit reports and other
information. One of the ways that subscribers could obtain
credit information was to use a computer to access data bases
maintained by TRW and Trans Union. TRW's primary data base was
located in Anaheim, California. Trans Union's primary data base
was located in Chicago, Illinois.
(k) The Learning Link was a computerized
information system operated by the Educational Broadcasting
Corporation in New York City. The Learning Link computer
provided educational and instructional information to hundreds of
schools and educators in New York, New Jersey and Connecticut.
Access to the Learning Link computer was limited to persons and
institutions who subscribed to the service and paid a membership
fee.
(l) New York University ("NYU") was a large
university located in New York City. NYU operated a computer
system for faculty, students and other authorized users. One of
the services provided by the NYU computer systems was to allow
- 4 -
authorized users to make local and long distance telephone calls for
the purpose of connecting to other computers outside of NYU.
Authorized users of the NY computer could obtain outdial service by
accessing the NYU computer system and entering a billing code. The
call would then be charged to the authorized users' account.
(m) The University of Washington was a large
university located in Seattle, Washington, The University of
Washington operated numerous computers for use by faculty,
students and other authorized users.
(n) The Bank of America was a national Bank
located in California and elsewhere. The Bank of America operated
a data transfer network that was used to transmit electronic
communications of Bank of America employees and others.
_The Conspiracy_
2. From in or about 1989 through the date of the filing
of this Indictment, in the Southern District of New York and
elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," MARK ABENE, a/k/a "Phiber Optik,"
ELIAS LADOPOULOS, a/k/a "Acid Phreak," and PAUL STIRA, a/k/a
"Scorpion," the defendants, and others known and unknown to the
Grand Jury (collectively the "co-conspirators"), unlawfully,
willfully and knowingly did combine, conspire, confederate and
agree together and with each other to commit offenses against the
United States of America, to wit, to possess unauthorized access
devices with the intent to defraud, in violation of Title 18,
United States Code, Section 1029(a)(3); to use and traffic in
- 5 -
unauthorized access devises with the intent to defraud, in
violation of Title 18, United States Code, Section 1029(a)(2); to
access federal interest computers without authorization, in
violation of Title 18, United States Code, Section 1030(a)(5)(a);
to intercept electronic communications, in violation of Title 18,
United States Code, Section 2511(1)(a); and to commit wire fraud,
in violation of Title 18, United States Code, Section 1343.
_Objects of the Conspiracy_
_Possession of Unauthorized Access Devices_
3. It was a part and object of the conspiracy that the
co-conspirators unlawfully, willfully, knowingly and with the
intent to defraud, would and did possess fifteen and more
unauthorized access devices, to wit, the co-conspirators would
and did posess fifteen and more unauthorized passwords, user
identifications, personal identification numbers and other access
devices that permitted access to computer systems, data bases and
telephone services of Southwestern Bell, BT North America, New
York Telephone, ITT, Information America, TRW, Trans Union, NYU
and others, in violation of Title 18, United States Code, Section
1029(a)(3).
_Use of Unauthorized Access Devices_
4. It was a further part and object of the conspiracy
that the co-conspirators unlawfully, willfully, knowingly and
with the intent to defraud, would and did use one or more
unauthorized access devices during a one year period, and by such
conduct obtain something of value aggregating $1,000 and more
- 6 -
during that period, to wit, the co-conspirators would and did use
unauthorized access devices of Southwestern Bell, BT North
America, New York Telephone, ITT, Information America, TRW, Trans
Union, NYU and others in order to obtain information services,
credit reporting services, telephone services and other things of
value aggregating in excess of $1,000 during a one year period,
in violation of Title 18, United States Code, Section 1029(a)(2).
_Unauthorized Access of Computers_
5. It was a further part and object of the conspiracy
that the co-conspirators unlawfully, willfully, knowingly and
intentionally would and did access federal interest computers
without authorization, and by means of such conduct alter, damage
and destroy information in such federal interest computers and
prevent authorized use of such computers and information, and
thereby cause loss to one or more others of a value aggregating
$1,000 and more during a one year period, to wit, the co-
conspirators would and did access computers belonging to
Southwestern Bell, BT North America and others without
authorization, and by means of such conduct altered telephone
services, installed their own computer programs and made other
modifications, thereby causing losses aggregating $1,000 and more
during a one year period, in violation of Title 18, United States
Code, Section 1030(a)(5)(A).
_Interception of Electronic Communications_
6. It was a further part and object of the conspiracy
that the co-conspirators unlawfully, willfully, knowingly and
- 7 -
intentionally would and did intercept, endeavor to intercept and
procure other persons to intercept electronic communications, to
wit, the co-conspirators would and did intercept, endeavor to
intercept and procure other persons to intercept passwords, user
identifications and other electronic communications as such
communications were being transmitted over Tymnet and other data
transfer networks, in violation of Title 18, United States Code,
Section 2511(1)(a).
_Wire Fraud_
7. It was a further part and object of the conspiracy
that the co-conspirators, unlawfully, willfully and knowingly,
and having devised a scheme and artifice to defraud and for
obtaining money and property by means of false and fraudulent
pretenses, representations and promises, would and did transmit
and cause to be transmitted by means of wire communications in
interstate and foreign commerce, signs, signals and sounds for
the purpose of executing the scheme to defraud, to wit, the co-
conspirators would and did transmit and cause to be transmitted
passwords, user identifications, personal identification numbers,
telephone tones and other signs, signals and sounds for the
purpose of executing a scheme to obtain telephone services,
credit reporting services, information services and other
services free of charge, in violation of Title 18, United States
Code, Section 1343.
- 8 -
_Goal of the Conspiracy_
8. It was the goal of the conspiracy that the members
of MOD would gain access to and control of computer systems in
order to enhance their image and prestige among other computer
hackers; to harass and intimidate rival hackers and other people
they did not like; to obtain telephone, credit, information and
other services without paying for them; and to obtain passwords,
account numbers and other things of value which they could sell
to others.
_Means and Methods of the Conspiracy_
9. Among the means and methods by which the co-
conspirators would and did carry out the conspiracy were the
following:
(a) The co-conspirators formed the group MOD to
further their computer hacking activities and to compete with
other computer hackers in their quest for and access to and control
of computer systems.
(b) The members of MOD exchanged computer-related
information among themselves including passwords, user
identifications and personal identification numbers. The members
of MOD also assisted each other in breaking into computer systems
by sharing technical information regarding the configuration and
security systems of target computers. The members of MOD agreed
to share important computer information only among themselves and
not with other computer hackers.
- 9 -
(c) The co-conspirators obtained passwords, user
identifications and other unauthorized access devices through a
variety of means including the following:
(i) Data interception--The co-conspirators
intercepted access codes as the codes were being transmitted over
Tymnet and other data transfer networks. The co-conspirators
were able to perform such interceptions on Tymnet by obtaining
unauthorized access to Tymnet computers which controlled the
transfer of electronic communications over the network. Using
their unauthorized access to Tymnet computers, the co-
conspirators monitored and intercepted information that Tymnet
personnel and others using the Tymnet network were sending
through the network, including user identifications and passwords
used by Tymnet personnel and others.
(ii) Social Engineering -- The co-
conspirators made telephone calls to the telephone company employees
and other persons, and pretended to be computer technicians or
others who were authorized to obtain access devices and related
information. The co-conspirators then caused the unwitting
targets of their calls to furnish access devices and other
proprietary information. The co-conspirators referred to this
technique as "social engineering."
(iii) Password Grabbing and Password Cracking
Programs -- The co-conspirators wrote and used various computer
programs that were designed to steal passwords from computers in
which the programs were inserted. The co-conspirators maintained
- 10 -
other programs that were designed to"crack" encrypted passwords,
that is, to take passwords that had been scrambled into a code
for security purposes, and to break the code so that the
passwords could be used to obtain unauthorized access to computer
systems.
(d) When the co-conspirators broke into computer
systems, they installed "back door" programs to ensure that they
would continue to have access to the computers. These back door
programs were designed to modify computers in which they were
inserted so that the computer would give the highest level of
access ("root" access) to anyone using a special password that
was known to the members of MOD. Some of these back door
programs also included additional features that were designed to
modify computers in which they were inserted so that (i) the
computer would store the passwords of legitimate users in a
secret file that was known to the members of MOD; (ii) the
computer would display a message that read, in part, "This system
is owned, controlled, and administered by MOD" to anyone who
accessed the system using the password "MOD"; and (iii) the
computer would be destroyed if anyone accessed the system using
another special password known to the members of MOD.
(e) The co-conspirators obtained free telephone
and data transfer services for themselves and for each other by:
(i) obtaining unauthorized access to telephone company computers
and adding and altering calling features; and (ii) maintaining
and exchanging personal identification numbers, passwords,
- 11 -
billing codes and other access devices that allowed them to make
free local and long distance telephone calls as well as to
transmit and receive electronic communications free of charge.
(f) One of the ways that the co-conspirators
obtained free telephone service by their access to telephone
switching computers was to call forward unassigned local
telephone numbers to long distance numbers or to pay per call
services such as conference calling services. By setting up such
call forwards the co-conspirators could make long distance and
conferences calls for the price of a call to the local unassigned
number.
(g) The co-conspirators obtained information
including credit reports, telephone numbers, addresses, neighbor
listings and social security numbers of various individuals by
obtaining unauthorized access to information and credit reporting
services.
_Overt Acts_
10. In furtherance of the conspiracy and to effect the
objects thereof, the co-conspirators committed the following acts
among others in the Southern District of New York and elsewhere:
(a) On or about November 28, 1989, members of MOD
caused virtually all of the information contained within the
Learning Link computer operated by the Educational Broadcasting
Corporation to be destroyed, and caused a message to be left on
the computer that said, in part: "Happy Thanksgiving you turkeys,
- 12 -
from all of us at MOD" and which was signed with the names "Acid
Phreak," "Phiber Optik" and "Scorpion" among others.
(b) On or about January 8, 1990, from his
residence in Queens, New York, ELIAS LADOPOULOS, a/k/a "Acid
Phreak," accessed a New York Telephone switching computer without
authorization. During the call, LADOPOULOS issued commands to
automatically call forward all calls received by one telephone
number to another telephone number.
(c) On or about January 24, 1990, at his college
dormitory room in Farmingdale, New York, PAUL STIRA, a/k/a
"Scorpion," possessed numerous password files containing hundreds
of encrypted and unencrypted user identifications and passwords
to telephone company computers and other computers.
(d) On or about January 24, 1990, at his college
dormitory room in Farmingdale, New York, PAUL STIRA, a/k/a
"Scorpion," possessed a back door computer program and a password
grabbing program. The back door program included a feature that
was designed to modify a computer in which the program was
inserted so that the computer would be destroyed if someone
accessed it using a certain password.
(e) On or about May 31, 1991, from his residence
in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a
"Corrupt," obtained unauthorized access to a Southwestern Bell
computer in St. Louis, Missouri.
(f) On or about October 28, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
- 13 -
obtained unauthorized access to a Southwestern Bell telephone
switching computer in Houston, Texas and issued commands so that
calls received by one telephone number would be automatically
forwarded to another number.
(g) On or about October 31, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
obtained unauthorized access to a U.S. West telephone switching
computer in Boise, Idaho.
(h) On or about November 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
called a New York Telephone technician. During the call,
FERNANDEZ pretended to be another New York Telephone employee and
convinced the technician to provide information regarding access
to a New York Telephone switching computer in Mt. Vernon, New
York.
(i) On or about November 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
made multiple calls to a New York Telephone switching computer in
Mt. Vernon New York. During the calls, FERNANDEZ call forwarded
numbers and obtained detailed information regarding telephone
services provided by the switch.
(j) On or about November 5, 1991, from his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," obtained a user identification and
password by monitoring electronic communications on the Tymnet
network. Later, on November 5, 1991, JOHN LEE called JULIO
- 14 '
FERNANDEZ, a/k/a "Outlaw," and provided FERNANDEZ with the
intercepted user identification and password.
(k) On or about November 6, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," had a telephone conversation
with MARK ABENE, a/k/a "Phiber Optik." During the conversation,
LEE provided ABENE with the user identification and password that
LEE had intercepted the previous day.
(l) On or about November 6, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "corrupt," had a telephone conversation
with another member of MOD, during which they discussed obtaining
information from another hacker about how to alter TRW credit
reports. LEE said that the information he wanted to obtain
included instructions on how to add and remove delinquency
reports, "to destroy people's lives. . .or make them look like
saints."
(m) On or about November 14, 1991, JULIO
FERNANDEZ, a/k/a "Outlaw," and JOHN LEE, a/k/a "Corrupt," had a
telephone conversation. During the conversation, FERNANDEZ and
LEE discussed a lengthy list of institutions that operated
computers, including government offices, private companies and an
Air Force base. In the course of the conversation, FERNANDEZ
said, "We've just got to start hitting these sites left and
right."
(n) On or about November 14, 1991, at his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," obtained unauthorized access to
- 15 -
Trans Union's computerized data base and obtained credit reports
on several individuals.
(o) On or about November 22, 1991, at his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," obtained unauthorized access to
Information American's computerized data base and obtained
personal information concerning several individuals.
(p) On or about November 23, 1991, MARK ABENE,
a/k/a "Phiber Optik," and JULIO FERNANDEZ, a/k/a "Outlaw," had a
telephone conversation. During the conversation, ABENE gave
FERNANDEZ advice concerning how to call forward telephone numbers
on a certain type of telephone switching computer.
(q) On or about November 25, 1991, JULIO
FERNANDEZ, a/k/a "outlaw," and JOHN LEE, a/k/a "John Farrington,"
a/k/a "Corrupt," obtained several hundred dollars from Morton
Rosenfeld, a co-conspirator not named herein as a defendant, in
exchange for providing Rosenfeld with information regarding how
to obtain unauthorized access to credit reporting services.
(r) On or about November 25, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," JULIO FERNANDEZ, a/k/a
"Outlaw," and MARK ABENE, a/k/a "Phiber Optik," had a three way
telephone conversation. During the conversation, LEE and
FERNANDEZ provided ABENE with user identifications and passwords
of Southwestern Bell and Information America.
(s) On or about November 26, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," and MARK ABENE, a/k/a "Phiber
- 16 -
Optik," had a telephone conversation. During the conversation,
LEE and ABENE discussed obtaining unauthorized access to
Southwestern Bell computes and LEE provided ABENE with a series
of Southwestern Bell user identifications and passwords. A short
while later, ABENE called LEE and reported that one of the
passwords worked and that he had obtained information from a
Southwestern Bell computer.
(t) On or about November 27, 1991, ELIAS
LADOPOULOS, a/k/a "Acid Phreak," had a telephone conversation
with JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt." During
the conversation, LADOPOULOS asked LEE to obtain personal
information on an individual.
(u) On or about November 27, 1991, from his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt" obtained unauthorized access to
Information America's computerized data base and obtained
personal information on the individual that ELIAS LADOPOULOS,
a/k/a "Acid Phreak," had requested. LEE the called LADOPOULOS
and gave him the information.
(v) On or about November 30, 1991, JULIO
FERNANDEZ, a/k/a "Outlaw," provided associates of Morton
Rosenfeld with an account number and password for TRW. Between
November 30, 1991, and December 2, 1991, Rosenfeld and his
associates used the TRW account number and password to obtain
approximately 176 credit reports on various individuals.
- 17 -
(w) On or about December 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
obtained unauthorized access to a Pacific Bell Telephone
switching computer in Santa Rosa, California.
(x) On or about December 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "outlaw,"
obtained unauthorized access to a Southwestern ell telephone
switching computer in Saginaw, Texas.
(y) On or about December 4, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
obtained unauthorized access to a Martin Marietta telephone
switching computer in Orlando, Florida. During the call,
FERNANDEZ added a feature to one of the telephone numbers
services by the switch.
(z) On or about December 6, 1991, at his
residence in Queens, New York, MARK ABENE, a/k/a "Phiber Optik,"
possessed numerous proprietary technical manuals of BT North
America, including manuals that described the operation of Tymnet
computers and computer programs.
(Title 18, United States Code, Section 371.)
- 18 -
_COUNT TWO_
_Unauthorized Access to Computers_
The Grand Jury further charges:
11. Between on or about January 1, 1991 and on or about
January 1, 1992, in the Southern District of New York and
elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," JOHN LEE, a/k/a "John
Farrington,"a/k/a "Corrupt," and MARK ABENE, a/k/a "Phiber
Optik," the defendants, and others whom they aided and abetted,
unlawfully, willfully, knowingly and intentionally did access
federal interest computers without authorization, and by means of
such conduct did alter, damage and destroy information in such
federal interest computers and prevent authorized use of such
computers and information and thereby cause loss to one or more
others of a value aggregating $1,000 and more during a one year
period, to wit, JULIO FERNANDEZ, JOHN LEE, MARK ABENE, and others
whom they aided and abetted, accessed Southwestern Bell computers
without authorization and by means of such conduct altered
calling features, installed back door programs, and made other
modifications which caused losses to Southwestern Bell of
approximately $370,000 in the form of expenses to locate and
replace computer programs and other information that hand been
modified or otherwise corrupted, expenses to determine the source
of the unauthorized intrusions, and expenses for new computers
and security devices that were necessary to prevent continued
unauthorized access by the defendants and others whom they aided
and abetted.
(Title 18, United States Code, Sections 1030(a)(5)A) and 2.)
- 19 -
_COUNT THREE_
_Possession of Unauthorized Access Devices_
The Grand Jury further charges:
12. On or about December 6, 1991, in the Southern
District of New York, JULIO FERNANDEZ, a/k/a "outlaw," the
defendant, unlawfully, willfully and knowingly, and with the
intent to defraud, did possess fifteen and more unauthorized
access devices, to wit, JULIO FERNANDEZ possessed several hundred
unauthorized user identifications and passwords of Southwestern
Bell, BT North America, TRW and others with the intent to defraud
said companies by using the access devices to obtain services and
to obtain access to computers operated by said companies under
the false pretenses that FERNANDEZ was an authorized user of the
access devices.
(Title 18, United States Code, Section 1029(a)(3).)
_COUNTS FOUR THROUGH SIX_
_Interception of Electronic Communications_
The Grand Jury further charges:
13. On or about the dates set forth below, in the
Southern District of New York and elsewhere, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," the defendant, unlawfully,
willfully, knowingly and intentionally, did intercept and
endeavor to intercept electronic communications, to wit, on the
dates set forth below, JOHN LEE did intercept and endeavor to
intercept electronic communications, including user
-20 -
identifications and passwords, as the communications were being
transmitted over the Tymnet network.
_Count_ _Date of Interception_
Four November 5, 1991
Five November 12, 1991
Six November 15, 1991
(Title 18, United States Code, Section 2511(1)(a).)
_COUNT SEVEN_
_INTERCEPTION OF ELECTRONIC COMMUNICATIONS_
The Grand Jury further charges:
14. On or about December 1, 1991, in the Southern
District of New York and elsewhere, JULIO FERNANDEZ, a/k/a
"Outlaw," and JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt,"
the defendants, unlawfully, willfully, knowingly and
intentionally, did intercept, endeavor to intercept and procure
others to intercept electronic communications, to wit, JULIO
FERNANDEZ gave JOHN LEE a password that JOHN LEE used to
intercept electronic communications as the communications were
being transmitted over a data transfer network operated by the
Bank of America.
(Title 18, United States Code, Sections 2511(1)(a) and 2.)
- 21 -
_COUNTS EIGHT AND NINE_
_Wire Fraud_
The Grand Jury further charges:
15. From in or about June 1991 through the date of the
filing of this Indictment, in the Southern District of New York,
JULIO FERNANDEZ, a/k/a "Outlaw," the defendant, unlawfully,
willfully and knowingly and having devised and intending to
devise a scheme and artifice to defraud and for obtaining
property by means of false and fraudulent pretenses and
representations, to wit, a scheme to obtain unauthorized access
to NYU's computer system and to use an NYU Billing code that was
not assigned to him to obtain free telephone connections to
computers outside of NYU, did, for the purpose of executing such
scheme, transmit and cause to be transmitted by means of wire
communications in interstate commerce, writings, signs,and
signals, to wit:
Destination Called
_Count_ _Date of Call to NYU_ _From NYU Computer_
8 November 29, 1991 Southwestern ell 5ESS
telephone switching computer
El Paso, Texas
9 December 5, 1991 University of Washington
computer system
Seattle, Washington
(Title 18, United States Code, Section 1343.)
- 22 -
_COUNTS TEN AND ELEVEN_
_Wire Fraud_
The Grand Jury further charges:
15. From in or about June, 1991 through the date of the
filing of this Indictment, in the Southern District of New York,
JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," the
defendant, unlawfully, willfully and knowingly and having devised
and intending to devise a scheme and artifice to defraud and for
obtaining property by means of false and fraudulent pretenses and
representations, to wit, a scheme to obtain unauthorized access
to NYU's computer system and to use an NYU billing code that was
not assigned to him to obtain free telephone connections to
computers outside of NYU, did, for the purpose of executing such
scheme, transmit and cause to be transmitted by means of wire
communications in interstate commerce, writings, signs, and
signals, to wit:
Destination Called
_Count_ _Date of Call to NYU_ _From NYU Computer_
10 November 21,1991 University of Washington
computer system
Seattle, Washington
11 November 23, 1991 University of Washington
computer system
Seattle, Washington
(Title 18, United States Code, Section 1343.)
(signed)
_________________ ___________________________
Foreperson OTTO G. OBERMAIER
United States Attorney
- 23 -
------------------------------
Date: 14 Jul 92 22:02:12 PDT
From: [email protected]
Subject: File 2--Newsbytes Editorial on MOD Indictment
NEWSBYTES EDITORIAL
Second Thoughts On New York Computer Crime Indictments 7/13/92
NEW YORK, N.Y., U.S.A., 1992 JULY 13 (NB) -- On Wednesday, July 9th, I
sat at a press briefing in New York City's Federal Court Building
during which law enforcement officials presented details relating to
the indictment of 5 young computer "hackers". In describing the
alleged transgressions of the indicted, United States Assistant
Attorney Stephen Fishbein wove a tale of a conspiracy in which members
of an evil sounding group called the "Masters of Destruction" (MOD)
attempted to wreck havoc with the telecommunications system of the
country.
The accused were charged with infiltrating computer systems belonging
to telephone companies, credit bureaus, colleges and defense
contractors --Southwestern Bell, BT North America, New York Telephone,
ITT, Information America, TRW, Trans Union, Pacific Bell, the
University of Washington, New York University, U.S. West, Learning
Link, Tymnet and Martin Marietta Electronics Information, and Missile
Group. They were charged with causing injury to the telephone systems,
charging long distance calls to the universities, copying private
credit information and selling it to third parties -- a long list of
heinous activities.
The immediate reaction to the indictments were predictably knee-jerk.
Those who support any so-called "hacker"-activities mocked the
government and the charges that were presented, forgetting, it seems
to me, that these charges are serious -- one of the accused could face
up to 40 years in prison and $2 million in fines; another - 35 years
in prison and $1.5 million in fines. In view of that possibility, it
further seems to me that it is a wasteful diversion of effort to get
all excited that the government insists on misusing the word "hacker"
(The indictment defines computer hacker as "someone who uses a
computer or a telephone to obtain unauthorized access to other
computers.") or that the government used wiretapping evidence to
obtain the indictment (I think that, for at least the time being that
the wiretapping was carried out under a valid court order; if it were
not, the defendants' attorneys will have a course of action.).
On the other hand, those who traditionally take the government and
corporate line were publicly grateful that this threat to our
communications life had been removed -- they do not in my judgement
properly consider that some of these charges may have been
ill-conceived and a result of political considerations.
Both groups, I think, oversimplify and do not give proper
consideration to the wide spectrum of issues raised by the indictment
document. The issues range from a simple black-and-white case of
fraudulently obtaining free telephone time to the much broader
question of the appropriate interaction of technology and law
enforcement.
The most clear cut cases are the charges such as the ones which allege
that two of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee
a/k/a "Corrupt" fraudulently used the computers of New York University
to avoid paying long distance charges for calls to computer systems in
El Paso Texas and Seattle, Washington. The individuals named either
did or did not commit the acts alleged and, if it is proven that they
did, they should receive the appropriate penalty (it may be argued
that the 5 year, $250,000 fine maximum for each of the counts in this
area is excessive but that is a sentencing issue not an indictment
issue.).
Other charges of this black-and-white are those that allege that
Fernandez and/or Lee intercepted electronic communications over
networks belonging to Tymnet and the Bank of America. Similarly, the
charge that Fernandez, on December 4, 1991 possessed hundreds of user
id's and passwords of Southwestern Bell, BT North America and TRW fits
in the category of "either he did it or he didn't."
A more troubling count is the charge that the indicted 5 were all part
of a conspiracy to "gain access to and control of computer systems in
order to enhance their image and prestige among other computer
hackers; to harass and intimidate rival hackers and people they did
not like; to obtain telephone, credit, information, and other services
without paying for them; and to obtain. passwords, account numbers and
other things of value which they could sell to others."
To support this allegation, the indictment lists 26, lettered A
through Z, Overt Acts" to support the conspiracy. While this section
of the indictment lists numerous telephone calls between some of the
individuals, it mentions the name Paul Stira a/k/a "Scorpion" only
twice with both allegations dated "on or about" January 24, 1990, a
full 16 months before the next chronological incident. Additionally,
Stira is never mentioned as joining in any of the wiretapped
conversation -- in fact, he is never mentioned again! I find it hard
to believe that he could be considered, from these charges, to have
engaged in a criminal conspiracy with any of the other defendants.
Additionally, some of the allegations made under the conspiracy count
seem disproportionate to some of the others. Mark Abene a/k/a "Phiber
Optik" is of possessing proprietary technical manuals belonging to BT
North America while it is charged that Lee and Hernandez, in exchange
for several hundred dollars, provided both information on how to
illegally access credit reporting bureaus and an actual TRW account
and password to a person, Morton Rosenfeld, who later illegally
accessed TRW, obtained credit reports on 176 individuals and sold the
reports to private detective (Rosenfeld, indicted separately, pled
guilty to obtaining and selling the credit reports and named "Julio"
and "John" as those who provided him with the information). I did not
see anywhere in the charges any indication that Abene, Stira or Elias
Lapodoulos conspired with or likewise encouraged Lee or Fernandez to
sell information involving the credit bureaus to a third party
Another troubling point is the allegation that Fernandez, Lee, Abene
and "others whom they aided and abetted" performed various computer
activities "that caused losses to Southwestern Bell of approximately
$370,000." The $370,000 figure, according to Assistant United States
Attorney Stephen Fishbein, was developed by Southwestern Bell and is
based on "expenses to locate and replace computer programs and other
information that had been modified or otherwise corrupted, expenses to
determine the source of the unauthorized intrusions, and expenses for
new computers and security devices that were necessary to prevent
continued unauthorized access by the defendants and others whom they
aided and abetted."
While there is precedent in assigning damages for such things as
"expenses for new computers and security devices that were necessary
to prevent continued unauthorized access by the defendants and others
whom they aided and abetted." (the Riggs, Darden & Grant case in
Atlanta found that the defendants were liable for such expenses), many
feel that such action is totally wrong. If a person is found uninvited
in someone's house, they are appropriately charged with unlawful entry,
trespassing, burglary --whatever th statute is for the transgression;
he or she is, however, not charged with the cost of the installation
of an alarm system or enhanced locks to insure that no other person
unlawfully enters the house.
When I discussed this point with a New York MIS manager, prone to take
a strong anti-intruder position, he said that an outbreak of new
crimes often results in the use of new technological devices such as
the nationwide installation of metal detectors in airports in the
1970's. While he meant thi as a justification for liability, the
analogy seems rather to support the contrary position. Air line
hijackers were prosecuted for all sorts of major crimes; they were,
however, never made to pay for the installation of the metal detectors
or absorb the salary of the additional air marshalls hired to combat
hijacking.
I think the airline analogy also brings out the point that one may
both support justifiable penalties for proven crimes and oppose
unreasonable ones -- too often, when discussing these issues,
observers choose one valid position to the unnecessary exclusion of
another valid one. There is nothing contradictory, in my view, to
holding both that credit agencies must be required to provide the
highest possible level of security for data they have collected AND
that persons invading the credit data bases, no matter how secure they
are, be held liable for their intrusions. We are long past accepting
the rationale that the intruders "are showing how insecure these
repositories of our information are." We all know that the lack of
security is scandalous; this fact, however, does not excuse criminal
behavior (and it should seem evident that the selling of electronic
burglar tools so that someone may copy and sell credit reports is not
a public service).
The final point that requires serious scrutiny is the use of the
indictment a a tool in the on-going political debate over the FBI
Digital Telephony proposal. Announcing the indictments, Otto G.
Obermaier, United States Attorney for the Southern District of New
York, said that this investigation was "the first investigative use of
court-authorized wiretaps to obtain conversations and data
transmissions of computer hackers." He said that this procedure was
essential to the investigation and that "It demonstrates, think, the
federal government's ability to deal with criminal conduct as it moves
into new technological areas." He added that the interception of data
was possible only because the material was in analog form and added
"Most of the new technology is in digital form and there is a pending
statute in Congress which seeks the support of telecommunications
companies to allow the federal government, under court authorization,
to intercept digital transmission. Many of you may have read the
newspaper about the laser transmission which go through fiber optics
as a method of the coming telecommunications method. The federal
government needs the help of Congress and, indeed, the
telecommunications companies to able to intercept digital
communications."
The FBI proposal has been strongly attacked by the American Civil
Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and
Computer Professionals for Social Responsibility (CPSR) as an attempt
to institutionalize, for the first time, criminal investigations as a
responsibility of the communications companies; a responsibility that
they feel belongs solely to law-enforcement. Critics further claim
that the proposal will impede the development of technology and cause
developers to have to "dumb-down" their technologies to include the
requested interception facilities. The FBI, on the other hand,
maintains that the request is simply an attempt to maintain its
present capabilities in the face of advancing technology.
Whatever the merits of the FBI position, it seems that the indictments
either would not have been made at this time or, at a minimum, would
not have been done with such fanfare if it were not for the desire to
attempt to drum up support for the pending legislation. The press
conference was the biggest thing of this type since the May 1990
"Operation Sun Devil" press conference in Phoenix, Arizona and, while
that conference, wowed us with charges of "hackers" endangering lives
by disrupting hospital procedures and being engaged in a nationwide,
13 state conspiracy, this one told us about a bunch of New York kids
supposedly engaged in petty theft, using university computers without
authorization and performing a number of other acts referred to by
Obermaier as "anti-social behavior" -- not quite as heady stuff!
It is not to belittle these charges -- they are quite serious -- to
question the fanfare. The conference was attended by a variety of high
level Justice Department, FBI and Secret Service personnel and veteran
New York City crime reporters tell me that the amount of alleged
damages in this case would normally not call for such a production --
New York Daily News reporter Alex Michelini publicly told Obermaier
"What you've outlined, basically, except for the sales of credit
information, this sounds like a big prank, most of it" (Obermaier's
response -- "Well, I suppose, if you can characterize that as a prank
but it's really a federal crime allowing people without authorization
to rummage through the data of other people to which they do not have
access and, as I point out to you again, the burglar cannot be your
safety expert. He may be inside and laugh at you when you come home
and say that your lock is not particularly good but I think you, if
you were affected by that contact, would be somewhat miffed"). One
hopes that it is only the fanfare surrounding the indictments that is
tied in with the FBI initiative and not the indictments themselves.
As an aside, two law enforcement people that I have spoken to have
said that while the statement that the case is "the first
investigative use of court-authorized wiretaps to obtain conversations
and data transmissions of computer hackers.", while probably true,
seems to give the impression that the case is the first one in which
data transmission was intercepted. According to these sources, that
is far from the case -- there have been many instances of inception of
data and fax information by law enforcement officials in recent years.
I know each of the accused in varying degrees. The one that I know the
best, Phiber Optik, has participated in panels with myself and law
enforcement officials discussing issues relating to so-called "hacker"
crime. He has also appeared on various radio and television shows
discussing the same issues. These high profile activities have made him
an annoyance to some in law enforcement. One hopes that this annoyance
played no part in the indictment.
I have found Phiber's presence extremely valuable in these discussions
both for the content and for the fact that his very presence attracts
an audience that might never otherwise get to hear the voices of
Donald Delaney, Mike Godwin, Dorothy Denning and others addressing
these issues from quite different vantage points. While he has, in
these appearances, said that he has "taken chances to learn things",
he has always denied that he has engaged in vandalous behavior and
criticized those who do. He has also called those who engage in
"carding" and the like as criminals (These statements have been made
not only in the panel discussion but also on the occasions that he has
guest lectured to my class in "Connectivity" at the New School For
Social Research in New York City. In those classes, he has discussed
the history of telephone communications in a way that has held a class
of professionals enthralled by over two hours.
While my impressions of Phiber or any of the others are certainly not
a guarantee of innocence on these charges, they should be taken as my
personal statement that we are not dealing with a ring of hardened
criminals that one would fear on a dark knight.
In summary, knee-jerk reactions should be out and thoughtful analysis
in! We should be insisting on appropriate punishment for lawbreakers
-- this means neither winking at "exploration" nor allowing inordinate
punishment. We should be insisting that companies that have collected
data about us properly protect -- and are liable for penalties when
they do not. We should not be deflected from this analysis by support
or opposition to the FBI proposal before Congress -- that requires
separate analysis and has nothing to do with the guilt or innocence of
these young men or the appropriate punishment should any guilt be
established.
(John F. McMullen/19920713)
------------------------------
End of Computer Underground Digest #4.31
************************************
