mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
848 lines
48 KiB
Text
848 lines
48 KiB
Text
==Phrack Inc.==
|
|
|
|
Volume Four, Issue Forty, File 13 of 14
|
|
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
PWN PWN
|
|
PWN Phrack World News PWN
|
|
PWN PWN
|
|
PWN Issue 40 / Part 2 of 3 PWN
|
|
PWN PWN
|
|
PWN Compiled by Datastream Cowboy PWN
|
|
PWN PWN
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
|
|
|
|
MOD Indicted July 8, 1992
|
|
~~~~~~~~~~~~
|
|
Taken from U.S. Newswire
|
|
|
|
The following is the press release issued by the United States Attorney's
|
|
Office in the Southern District of New York.
|
|
|
|
Group of "Computer Hackers" Indicted
|
|
First Use of Wiretaps in Such a Case
|
|
|
|
NEW YORK -- A group of five "computer hackers" has been indicted on charges of
|
|
computer tampering, computer fraud, wire fraud, illegal wiretapping, and
|
|
conspiracy, by a federal grand jury in Manhattan, resulting from the first
|
|
investigative use of court-authorized wiretaps to obtain conversations and data
|
|
transmissions of computer hackers.
|
|
|
|
A computer hacker is someone who uses a computer or a telephone to obtain
|
|
unauthorized access to other computers.
|
|
|
|
The indictment, which was filed today, alleges that Julio Fernandez, a/k/a
|
|
"Outlaw," John Lee, a/k/a "Corrupt," Mark Abene, a/k/a "Phiber Optik," Elias
|
|
Ladopoulos, a/k/a "Acid Phreak," and Paul Stira, a/k/a "Scorpion," infiltrated
|
|
a wide variety of computer systems, including systems operated by telephone
|
|
companies, credit reporting services, and educational institutions.
|
|
|
|
According to Otto G. Obermaier, United States Attorney for the Southern
|
|
District of New York, James E. Heavey, special agent in charge, New York Field
|
|
Division, United States Secret Service, William Y. Doran, special agent in
|
|
charge, Criminal Division, New York Field Division, Federal Bureau of
|
|
Investigation, and Scott Charney, chief of the Computer Crime Unit of the
|
|
Department of Justice, the indictment charges that the defendants were part of
|
|
a closely knit group of computer hackers self-styled "MOD," an acronym used
|
|
variously for "Masters of Disaster" and "Masters of Deception" among other
|
|
things.
|
|
|
|
The indictment alleges that the defendants broke into computers "to enhance
|
|
their image and prestige among other computer hackers; to harass and intimidate
|
|
rival hackers and other people they did not like; to obtain telephone, credit,
|
|
information and other services without paying for them; and to obtain
|
|
passwords, account numbers and other things of value which they could sell to
|
|
others."
|
|
|
|
The defendants are also alleged to have used unauthorized passwords and billing
|
|
codes to make long distance telephone calls and to be able to communicate with
|
|
other computers for free.
|
|
|
|
Some of the computers that the defendants allegedly broke into were telephone
|
|
switching computers operated by Southwestern Bell, New York Telephone, Pacific
|
|
Bell, U.S. West and Martin Marietta Electronics Information and Missile Group.
|
|
According to the indictment, such switching computers each control telephone
|
|
service for tens of thousands of telephone lines.
|
|
|
|
In some instances, the defendants allegedly tampered with the computers by
|
|
adding and altering calling features. In some cases, the defendants allegedly
|
|
call forwarded local numbers to long distance numbers and thereby obtained long
|
|
distance services for the price of a local call. Southwestern Bell is alleged
|
|
to have incurred losses of approximately $370,000 in 1991 as a result of
|
|
computer tampering by defendants Fernandez, Lee, and Abene.
|
|
|
|
The indictment also alleges that the defendants gained access to computers
|
|
operated by BT North America, a company that operates the Tymnet data transfer
|
|
network. The defendants were allegedly able to use their access to Tymnet
|
|
computers to intercept data communications while being transmitted through the
|
|
network, including computer passwords of Tymnet employees. On one occasion,
|
|
Fernandez and Lee allegedly intercepted data communications on a network
|
|
operated by the Bank of America.
|
|
|
|
The charges also allege that the defendants gained access to credit and
|
|
information services including TRW, Trans Union and Information America. The
|
|
defendants allegedly were able to obtain personal information on people
|
|
including credit reports, telephone numbers, addresses, neighbor listings and
|
|
social security numbers by virtue of their access to these services. On one
|
|
occasion Lee and another member of the group are alleged to have discussed
|
|
obtaining information from another hacker that would allow them to alter credit
|
|
reports on TRW. As quoted in the indictment, Lee said that the information he
|
|
wanted would permit them "to destroy people's lives... or make them look like
|
|
saints."
|
|
|
|
The indictment further charges that in November 1991, Fernandez and Lee sold
|
|
information to Morton Rosenfeld concerning how to access credit services. The
|
|
indictment further alleges that Fernandez later provided Rosenfeld's associates
|
|
with a TRW account number and password that Rosenfeld and his associates used
|
|
to obtain approximately 176 TRW credit reports on various individuals. (In a
|
|
separate but related court action, Rosenfeld pleaded guilty to conspiracy to
|
|
use and traffic in account numbers of TRW. See below).
|
|
|
|
According to Stephen Fishbein, the assistant United States attorney in charge
|
|
of the prosecution, the indictment also alleges that members of MOD wiped out
|
|
almost all of the information contained within the Learning Link computer
|
|
operated by the Educational Broadcasting Corp. (WNET Channel 13) in New York
|
|
City. The Learning Link computer provided educational and instructional
|
|
information to hundreds of schools and teachers in New York, New Jersey and
|
|
Connecticut. Specifically, the indictment charges that on November 28, 1989,
|
|
the information on the Learning Link was destroyed and a message was left on
|
|
the computer that said: "Happy Thanksgiving you turkeys, from all of us at MOD"
|
|
and which was signed with the aliases "Acid Phreak," "Phiber Optik," and
|
|
"Scorpion." During an NBC News broadcast on November 14, 1990, two computer
|
|
hackers identified only by the aliases "Acid Phreak" and "Phiber Optik" took
|
|
responsibility for sending the "Happy Thanksgiving" message.
|
|
|
|
Obermaier stated that the charges filed today resulted from a joint
|
|
investigation by the United States Secret Service and the Federal Bureau of
|
|
Investigation. "This is the first federal investigation ever to use court-
|
|
authorized wiretaps to obtain conversations and data transmissions of computer
|
|
hackers," said Obermaier. He praised both the Secret Service and the FBI for
|
|
their extensive efforts in this case. Obermaier also thanked the Department of
|
|
Justice Computer Crime Unit for their important assistance in the
|
|
investigation. Additionally, Obermaier thanked the companies and institutions
|
|
whose computer systems were affected by the defendants' activities, all of whom
|
|
cooperated fully in the investigation.
|
|
|
|
Fernandez, age 18, resides at 3448 Steenwick Avenue, Bronx, New York. Lee
|
|
(also known as John Farrington), age 21, resides at 64A Kosciusco Street,
|
|
Brooklyn, New York. Abene, age 20, resides at 94-42 Alstyne Avenue, Queens,
|
|
New York. Elias Ladopoulos, age 22, resides at 85-21 159th Street, Queens, New
|
|
York. Paul Stira, age 22, resides at 114-90 227th Street, Queens, New York.
|
|
The defendants' arraignment has been scheduled for July 16, at 10 AM in
|
|
Manhattan federal court.
|
|
|
|
The charges contained in the indictment are accusations only and the defendants
|
|
are presumed innocent unless and until proven guilty. Fishbein stated that if
|
|
convicted, each of the defendants may be sentenced to a maximum of five years
|
|
imprisonment on the conspiracy count. Each of the additional counts also
|
|
carries a maximum of five years imprisonment, except for the count charging
|
|
Fernandez with possession of access devices, which carries a maximum of ten
|
|
years imprisonment. Additionally, each of the counts carries a maximum fine of
|
|
the greater of $250,000, or twice the gross gain or loss incurred.
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
In separate but related court actions, it was announced that Rosenfeld and
|
|
Alfredo De La Fe [aka Renegade Hacker] have each pleaded guilty in Manhattan
|
|
Federal District Court to conspiracy to use and to traffic in unauthorized
|
|
access devices in connection with activities that also involved members of MOD.
|
|
|
|
Rosenfeld pled guilty on June 24 before Shirley Wohl Kram, United States
|
|
District Judge. At his guilty plea, Rosenfeld admitted that he purchased
|
|
account numbers and passwords for TRW and other credit reporting services from
|
|
computer hackers and then used the information to obtain credit reports, credit
|
|
card numbers, social security numbers and other personal information which he
|
|
sold to private investigators. Rosenfeld added in his guilty plea that on or
|
|
about November 25, 1991, he purchased information from persons named "Julio"
|
|
and "John" concerning how to obtain unauthorized access to credit services.
|
|
Rosenfeld stated that he and his associates later obtained additional
|
|
information from "Julio" which they used to pull numerous credit reports.
|
|
According to the information to which Rosenfeld pleaded guilty, he had
|
|
approximately 176 TRW credit reports at his residence on December 6, 1991.
|
|
|
|
De La Fe pled guilty on June 19 before Kenneth Conboy, United States District
|
|
Judge. At his guilty plea, De La Fe stated that he used and sold telephone
|
|
numbers and codes for Private Branch Exchanges ("PBXs"). According to the
|
|
information to which De La Fe pleaded guilty, a PBX is a privately operated
|
|
computerized telephone system that routes calls, handles billing, and in some
|
|
cases permits persons calling into the PBX to obtain outdial services by
|
|
entering a code. De La Fe admitted that he sold PBX numbers belonging to Bugle
|
|
Boy Industries and others to a co-conspirator who used the numbers in a call
|
|
sell operation, in which the co-conspirator charged others to make long
|
|
distance telephone calls using the PBX numbers. De La Fe further admitted that
|
|
he and his associates used the PBX numbers to obtain free long distance
|
|
services for themselves. De La Fe said that one of the people with whom he
|
|
frequently made free long distance conference calls was a person named John
|
|
Farrington, who he also knew as "Corrupt."
|
|
|
|
Rosenfeld, age 21, resides at 2161 Bedford Avenue, Brooklyn, N.Y. Alfredo De La
|
|
Fe, age 18, resides at 17 West 90th Street, N.Y. Rosenfeld and De La Fe each
|
|
face maximum sentences of five years, imprisonment and maximum fines of the
|
|
greater of $250,000, or twice the gross gain or loss incurred. Both defendants
|
|
have been released pending sentence on $20,000 appearance bonds. Rosenfeld's
|
|
sentencing is scheduled for September 9, before Shirley Wohl Kram. De La Fe's
|
|
sentencing is scheduled for August 31, before Conboy.
|
|
|
|
-----
|
|
|
|
Contacts:
|
|
|
|
Federico E. Virella Jr., 212-791-1955, U.S. Attorney's Office, S. N.Y.
|
|
Stephen Fishbein, 212-791-1978, U.S. Attorney's Office, S. N.Y.
|
|
Betty Conkling, 212-466-4400, U.S. Secret Service
|
|
Joseph Valiquette Jr., 212-335-2715, Federal Bureau of Investigation
|
|
|
|
Editor's Note: The full 23 page indictment can be found in Computer
|
|
Underground Digest (CUD), issue 4.31 (available at ftp.eff.org
|
|
/pub/cud/cud).
|
|
_______________________________________________________________________________
|
|
|
|
EFF Issues Statement On New York Computer Crime Indictments July 9, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Cambridge, MA -- The Electronic Frontier Foundation (EFF) issued a statement
|
|
concerning the indictment of MOD for alleged computer-related crimes.
|
|
|
|
This statement said, in part, that EFF's "staff counsel in Cambridge, Mike
|
|
Godwin is carefully reviewing the indictment."
|
|
|
|
EFF co-founder and president Mitchell Kapor said "EFF's position on
|
|
unauthorized access to computer systems is, and has always been, that it is
|
|
wrong. Nevertheless, we have on previous occasions discovered that allegations
|
|
contained in Federal indictments can also be wrong, and that civil liberties
|
|
can be easily infringed in the information age. Because of this, we will be
|
|
examining this case closely to establish the facts."
|
|
|
|
When asked how long the complete trial process might take, assistant U.S.
|
|
attorney Fishbein said "I really couldn't make an accurate estimate. The
|
|
length of time period before trial is generally more a function of the
|
|
defense's actions than the prosecution's. It could take anywhere from six
|
|
months to a year.
|
|
_______________________________________________________________________________
|
|
|
|
Feds Tap Into Major Hacker Ring July 13, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Mary E. Thyfault (InformationWeek)(Page 15)
|
|
|
|
Law enforcement officials are taking the gloves off-and plugging their modems
|
|
in-in the battle against computer crime.
|
|
|
|
In one of the largest such cases ever, a federal grand jury in Manhattan
|
|
indicted five computer "hackers" -- part of a group that calls itself MOD, for
|
|
Masters of Deception -- on charges of computer tampering, computer fraud, wire
|
|
fraud, illegal wiretapping, and conspiracy.
|
|
|
|
Some of the hackers are accused of stealing phone service and selling
|
|
information on how to obtain credit reports. The victims (a dozen were named
|
|
in the indictments, but numerous others are likely to have been hit as well)
|
|
include three Baby Bells, numerous credit bureaus, and BankAmerica Corp.
|
|
|
|
For the first time, investigators used court-authorized wiretaps to monitor
|
|
data transmissions over phone lines. The wiretapping comes as the FBI is
|
|
unsuccessfully lobbying Congress to mandate that telecom equipment and service
|
|
companies build into new technology easier ways for securities agencies to tap
|
|
into computer systems.
|
|
|
|
Ironically, the success of this wiretap, some say, may undermine the FBI's
|
|
argument. "They did this without the equipment they claim they need," says
|
|
Craig Neidorf, founder of hacker newsletter Phrack.
|
|
|
|
If convicted, the alleged hackers-all of whom are under 22 years old-could face
|
|
55 years each and a fine of $250,000, or twice the gross gain or loss incurred.
|
|
One charged with possessing an access device could face an additional five
|
|
years.
|
|
|
|
The vulnerability of the victims' networks should be surprising, but experts
|
|
say corporations continue to pay scant attention to security issues. For
|
|
instance, despite the fact that the credit bureaus are frequent targets of
|
|
hackers and claim to have made their networks more secure, in this case, most
|
|
of the victims didn't even know they were being hit, according to the FBI.
|
|
|
|
Two of the victims, value-added network service provider BT Tymnet and telco
|
|
Southwestern Bell, both take credit for helping nab the hacker ring. "We
|
|
played an instrumental role in first recognizing that they were there," says
|
|
John Guinasso, director of global network security for Tymnet parent BT North
|
|
America. "If you mess with our network and we catch you -- which we always do
|
|
-- you will go down."
|
|
_______________________________________________________________________________
|
|
|
|
Second Thoughts On New York Computer Crime Indictments July 13, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By John F. McMullen (Newsbytes)
|
|
|
|
NEW YORK -- On Wednesday, July 9th, I sat at a press briefing in New York
|
|
City's Federal Court Building during which law enforcement officials presented
|
|
details relating to the indictment of 5 young computer "hackers". In
|
|
describing the alleged transgressions of the indicted, United States Assistant
|
|
Attorney Stephen Fishbein wove a tale of a conspiracy in which members of an
|
|
evil sounding group called the "Masters of Destruction" (MOD) attempted to
|
|
wreck havoc with the telecommunications system of the country.
|
|
|
|
The accused were charged with infiltrating computer systems belonging to
|
|
telephone companies, credit bureaus, colleges and defense contractors --
|
|
Southwestern Bell, BT North America, New York Telephone, ITT, Information
|
|
America, TRW, Trans Union, Pacific Bell, the University of Washington, New York
|
|
University, U.S. West, Learning Link, Tymnet and Martin Marietta Electronics
|
|
Information and Missile Group. They were charged with causing injury to the
|
|
telephone systems, charging long distance calls to the universities, copying
|
|
private credit information and selling it to third parties -- a long list of
|
|
heinous activities.
|
|
|
|
The immediate reaction to the indictments were predictably knee-jerk. Those
|
|
who support any so-called "hacker"-activities mocked the government and the
|
|
charges that were presented, forgetting, it seems to me, that these charges are
|
|
serious -- one of the accused could face up to 40 years in prison and $2
|
|
million in fines; another -- 35 years in prison and $1.5 million in fines. In
|
|
view of that possibility, it further seems to me that it is a wasteful
|
|
diversion of effort to get all excited that the government insists on misusing
|
|
the word "hacker" (The indictment defines computer hacker as "someone who uses
|
|
a computer or a telephone to obtain unauthorized access to other computers.")
|
|
or that the government used wiretapping evidence to obtain the indictment (I
|
|
think that, for at least the time being that the wiretapping was carried out
|
|
under a valid court order; if it were not, the defendants' attorneys will have
|
|
a course of action).
|
|
|
|
On the other hand, those who traditionally take the government and corporate
|
|
line were publicly grateful that this threat to our communications life had
|
|
been removed -- they do not in my judgement properly consider that some of
|
|
these charges may have been ill-conceived and a result of political
|
|
considerations.
|
|
|
|
Both groups, I think, oversimplify and do not give proper consideration to the
|
|
wide spectrum of issues raised by the indictment document. The issues range
|
|
from a simple black-and-white case of fraudulently obtaining free telephone
|
|
time to the much broader question of the appropriate interaction of technology
|
|
and law enforcement.
|
|
|
|
The most clear cut cases are the charges such as the ones which allege that two
|
|
of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee a/k/a "Corrupt"
|
|
fraudulently used the computers of New York University to avoid paying long
|
|
distance charges for calls to computer systems in El Paso, Texas and Seattle,
|
|
Washington. The individuals named either did or did not commit the acts
|
|
alleged and, if it is proven that they did, they should receive the appropriate
|
|
penalty (it may be argued that the 5 year, $250,000 fine maximum for each of
|
|
the counts in this area is excessive, but that is a sentencing issue not an
|
|
indictment issue).
|
|
|
|
Other charges of this black-and-white are those that allege that Fernandez
|
|
and/or Lee intercepted electronic communications over networks belonging to
|
|
Tymnet and the Bank of America. Similarly, the charge that Fernandez, on
|
|
December 4, 1991 possessed hundreds of user id's and passwords of Southwestern
|
|
Bell, BT North America and TRW fits in the category of "either he did it or he
|
|
didn't."
|
|
|
|
A more troubling count is the charge that the indicted 5 were all part of a
|
|
conspiracy to "gain access to and control of computer systems in order to
|
|
enhance their image and prestige among other computer hackers; to harass
|
|
and intimidate rival hackers and people they did not like; to obtain telephone,
|
|
credit, information, and other services without paying for them; and to obtain
|
|
passwords, account numbers and other things of value which they could sell to
|
|
others."
|
|
|
|
To support this allegation, the indictment lists 26, lettered A through Z,
|
|
"Overt Acts" to support the conspiracy. While this section of the indictment
|
|
lists numerous telephone calls between some of the individuals, it mentions
|
|
the name Paul Stira a/k/a "Scorpion" only twice with both allegations dated
|
|
"on or about" January 24, 1990, a full 16 months before the next chronological
|
|
incident. Additionally, Stira is never mentioned as joining in any of the
|
|
wiretapped conversation -- in fact, he is never mentioned again! I find it
|
|
hard to believe that he could be considered, from these charges, to have
|
|
engaged in a criminal conspiracy with any of the other defendants.
|
|
|
|
Additionally, some of the allegations made under the conspiracy count seem
|
|
disproportionate to some of the others. Mark Abene a/k/a "Phiber Optik" is of
|
|
possessing proprietary technical manuals belonging to BT North America while it
|
|
is charged that Lee and Fernandez, in exchange for several hundred dollars,
|
|
provided both information on how to illegally access credit reporting bureaus
|
|
and an actual TRW account and password to a person, Morton Rosenfeld, who later
|
|
illegally accessed TRW, obtained credit reports on 176 individuals and sold the
|
|
reports to private detective (Rosenfeld, indicted separately, pled guilty to
|
|
obtaining and selling the credit reports and named "Julio" and "John" as those
|
|
who provided him with the information). I did not see anywhere in the charges
|
|
any indication that Abene, Stira or Elias Ladopoulos conspired with or likewise
|
|
encouraged Lee or Fernandez to sell information involving the credit bureaus to
|
|
a third party
|
|
|
|
Another troubling point is the allegation that Fernandez, Lee, Abene and
|
|
"others whom they aided and abetted" performed various computer activities
|
|
"that caused losses to Southwestern Bell of approximately $370,000." The
|
|
$370,000 figure, according to Assistant United States Attorney Stephen
|
|
Fishbein, was developed by Southwestern Bell and is based on "expenses to
|
|
locate and replace computer programs and other information that had been
|
|
modified or otherwise corrupted, expenses to determine the source of the
|
|
unauthorized intrusions, and expenses for new computers and security devices
|
|
that were necessary to prevent continued unauthorized access by the defendants
|
|
and others whom they aided and abetted."
|
|
|
|
While there is precedent in assigning damages for such things as "expenses
|
|
for new computers and security devices that were necessary to prevent continued
|
|
unauthorized access by the defendants and others whom they aided and abetted."
|
|
(the Riggs, Darden & Grant case in Atlanta found that the defendants were
|
|
liable for such expenses), many feel that such action is totally wrong. If a
|
|
person is found uninvited in someone's house, they are appropriately charged
|
|
with unlawful entry, trespassing, burglary -- whatever the statute is for the
|
|
transgression; he or she is, however, not charged with the cost of the
|
|
installation of an alarm system or enhanced locks to insure that no other
|
|
person unlawfully enters the house.
|
|
|
|
When I discussed this point with a New York MIS manager, prone to take a strong
|
|
anti-intruder position, he said that an outbreak of new crimes often results in
|
|
the use of new technological devices such as the nationwide installation of
|
|
metal detectors in airports in the 1970's. While he meant this as a
|
|
justification for liability, the analogy seems rather to support the contrary
|
|
position. Air line hijackers were prosecuted for all sorts of major crimes;
|
|
they were, however, never made to pay for the installation of the metal
|
|
detectors or absorb the salary of the additional air marshalls hired to combat
|
|
hijacking.
|
|
|
|
I think the airline analogy also brings out the point that one may both support
|
|
justifiable penalties for proven crimes and oppose unreasonable ones -- too
|
|
often, when discussing these issues, observers choose one valid position to the
|
|
unnecessary exclusion of another valid one. There is nothing contradictory, in
|
|
my view, to holding both that credit agencies must be required to provide the
|
|
highest possible level of security for data they have collected AND that
|
|
persons invading the credit data bases, no matter how secure they are, be held
|
|
liable for their intrusions. We are long past accepting the rationale that the
|
|
intruders "are showing how insecure these repositories of our information are."
|
|
We all know that the lack of security is scandalous; this fact, however, does
|
|
not excuse criminal behavior (and it should seem evident that the selling of
|
|
electronic burglar tools so that someone may copy and sell credit reports is
|
|
not a public service).
|
|
|
|
The final point that requires serious scrutiny is the use of the indictment as
|
|
a tool in the on-going political debate over the FBI Digital Telephony
|
|
proposal. Announcing the indictments, Otto G. Obermaier, United States
|
|
Attorney for the Southern District of New York, said that this investigation
|
|
was "the first investigative use of court-authorized wiretaps to obtain
|
|
conversations and data transmissions of computer hackers." He said that this
|
|
procedure was essential to the investigation and that "It demonstrates, I
|
|
think, the federal government's ability to deal with criminal conduct as it
|
|
moves into new technological areas." He added that the interception of data
|
|
was possible only because the material was in analog form and added "Most of
|
|
the new technology is in digital form and there is a pending statute in
|
|
Congress which seeks the support of telecommunications companies to allow the
|
|
federal government, under court authorization, to intercept digital
|
|
transmission. Many of you may have read the newspaper about the laser
|
|
transmission which go through fiber optics as a method of the coming
|
|
telecommunications method. The federal government needs the help of Congress
|
|
and, indeed, the telecommunications companies to able to intercept digital
|
|
communications."
|
|
|
|
The FBI proposal has been strongly attacked by the American Civil Liberties
|
|
Union (ACLU), the Electronic Frontier Foundation (EFF) and Computer
|
|
Professionals for Social Responsibility (CPSR) as an attempt to
|
|
institutionalize, for the first time, criminal investigations as a
|
|
responsibility of the communications companies; a responsibility that they feel
|
|
belongs solely to law-enforcement. Critics further claim that the proposal
|
|
will impede the development of technology and cause developers to have to
|
|
"dumb-down" their technologies to include the requested interception
|
|
facilities. The FBI, on the other hand, maintains that the request is simply
|
|
an attempt to maintain its present capabilities in the face of advancing
|
|
technology.
|
|
|
|
Whatever the merits of the FBI position, it seems that the indictments either
|
|
would not have been made at this time or, at a minimum, would not have been
|
|
done with such fanfare if it were not for the desire to attempt to drum up
|
|
support for the pending legislation. The press conference was the biggest
|
|
thing of this type since the May 1990 "Operation Sun Devil" press conference in
|
|
Phoenix, Arizona and, while that conference, wowed us with charges of "hackers"
|
|
endangering lives by disrupting hospital procedures and being engaged in a
|
|
nationwide, 13 state conspiracy, this one told us about a bunch of New York
|
|
kids supposedly engaged in petty theft, using university computers without
|
|
authorization and performing a number of other acts referred to by Obermaier as
|
|
"anti-social behavior" -- not quite as heady stuff!
|
|
|
|
It is not to belittle these charges -- they are quite serious -- to question
|
|
the fanfare. The conference was attended by a variety of high level Justice
|
|
Department, FBI and Secret Service personnel and veteran New York City crime
|
|
reporters tell me that the amount of alleged damages in this case would
|
|
normally not call for such a production -- New York Daily News reporter Alex
|
|
Michelini publicly told Obermaier "What you've outlined, basically, except for
|
|
the sales of credit information, this sounds like a big prank, most of it"
|
|
(Obermaier's response -- "Well, I suppose you can characterize that as a prank,
|
|
but it's really a federal crime allowing people without authorization to
|
|
rummage through the data of other people to which they do not have access and,
|
|
as I point out to you again, the burglar cannot be your safety expert. He may
|
|
be inside and laugh at you when you come home and say that your lock is not
|
|
particularly good but I think you, if you were affected by that contact, would
|
|
be somewhat miffed"). One hopes that it is only the fanfare surrounding the
|
|
indictments that is tied in with the FBI initiative and not the indictments
|
|
themselves.
|
|
|
|
As an aside, two law enforcement people that I have spoken to have said that
|
|
while the statement that the case is "the first investigative use of court-
|
|
authorized wiretaps to obtain conversations and data transmissions of computer
|
|
hackers," while probably true, seems to give the impression that the case is
|
|
the first one in which data transmission was intercepted. According to these
|
|
sources, that is far from the case -- there have been many instances of
|
|
inception of data and fax information by law enforcement officials in recent
|
|
years.
|
|
|
|
I know each of the accused in varying degrees. The one that I know the best,
|
|
Phiber Optik, has participated in panels with myself and law enforcement
|
|
officials discussing issues relating to so-called "hacker" crime. He has also
|
|
appeared on various radio and television shows discussing the same issues. His
|
|
high profile activities have made him an annoyance to some in law enforcement.
|
|
One hopes that this annoyance played no part in the indictment.
|
|
|
|
I have found Phiber's presence extremely valuable in these discussions both for
|
|
the content and for the fact that his very presence attracts an audience that
|
|
might never otherwise get to hear the voices of Donald Delaney, Mike Godwin,
|
|
Dorothy Denning and others addressing these issues from quite different vantage
|
|
points. While he has, in these appearances, said that he has "taken chances to
|
|
learn things", he has always denied that he has engaged in vandalous behavior
|
|
and criticized those who do. He has also called those who engage in "carding"
|
|
and the like as criminals (These statements have been made not only in the
|
|
panel discussion, but also on the occasions that he has guest lectured to my
|
|
class in "Connectivity" at the New School For Social Research in New York City.
|
|
In those classes, he has discussed the history of telephone communications in a
|
|
way that has held a class of professionals enthralled by over two hours.
|
|
|
|
While my impressions of Phiber or any of the others are certainly not a
|
|
guarantee of innocence on these charges, they should be taken as my personal
|
|
statement that we are not dealing with a ring of hardened criminals that one
|
|
would fear on a dark night.
|
|
|
|
In summary, knee-jerk reactions should be out and thoughtful analysis in! We
|
|
should be insisting on appropriate punishment for lawbreakers -- this means
|
|
neither winking at "exploration" nor allowing inordinate punishment. We should
|
|
be insisting that companies that have collected data about us properly protect
|
|
-- and are liable for penalties when they do not. We should not be deflected
|
|
from this analysis by support or opposition to the FBI proposal before Congress
|
|
-- that requires separate analysis and has nothing to do with the guilt or
|
|
innocence of these young men or the appropriate punishment should any guilt be
|
|
established.
|
|
_______________________________________________________________________________
|
|
|
|
New York Hackers Plead Not Guilty July 17, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
New York City -- At an arraignment in New York Federal Court on Thursday, July
|
|
16th, the five New York "hackers," recently indicted on charges relating to
|
|
alleged computer intrusion, all entered pleas of not guilty and were released
|
|
after each signed a personal recognizance (PRB) bond of $15,000 to guarantee
|
|
continued appearances in court.
|
|
|
|
As part of the arraignment process, United States District Judge Richard Owen
|
|
was assigned as the case's presiding judge and a pre-trial meeting between the
|
|
judge and the parties involved.
|
|
|
|
Charles Ross, attorney for John Lee, told Newsbytes "John Lee entered a not
|
|
guilty plea and we intend to energetically and aggressively defend against the
|
|
charges made against him."
|
|
|
|
Ross also explained the procedures that will be in effect in the case, saying
|
|
"We will meet with the judge and he will set a schedule for discovery and the
|
|
filing of motions. The defense will have to review the evidence that the
|
|
government has amassed before it can file intelligent motions and the first
|
|
meeting is simply a scheduling one."
|
|
|
|
Majorie Peerce, attorney for Stira, told Newsbytes "Mr. Stira has pleaded not
|
|
guilty and will continue to plead not guilty. I am sorry to see the government
|
|
indict a 22 year old college student for acts that he allegedly committed as a
|
|
19 year old."
|
|
|
|
The terms of the PRB signed by the accused require them to remain within the
|
|
continental United States. In requesting the bond arrangement, Assistant
|
|
United States Attorney Stephen Fishbein referred to the allegations as serious
|
|
and requested the $15,000 bond with the stipulation that the accused have their
|
|
bonds co-signed by parents. Abene, Fernandez and Lee, through their attorneys,
|
|
agreed to the bond as stipulated while the attorneys for Ladopoulos and Stira
|
|
requested no bail or bond for their clients, citing the fact that their clients
|
|
have been available, when requested by authorities, for over a year. After
|
|
consideration by the judge, the same $15,000 bond was set for Ladopoulos and
|
|
Stira but no co-signature was required.
|
|
_______________________________________________________________________________
|
|
|
|
Young Working-Class Hackers Accused of High-Tech Crime July 23, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Mary B.W. Tabor with Anthony Ramirez (The New York Times)(Page B1, B7)
|
|
|
|
Computer Savvy, With an Attitude
|
|
|
|
Late into the night, in working-class neighborhoods around New York City, young
|
|
men with code names like Acid Phreak and Outlaw sat hunched before their
|
|
glowing computer screens, exchanging electronic keys to complex data-processing
|
|
systems. They called themselves the Masters of Deception. Their mission: to
|
|
prove their prowess in the shadowy computer underworld.
|
|
|
|
Compulsive and competitive, they played out a cybernetic version of "West Side
|
|
Story," trading boasts, tapping into telephone systems, even pulling up
|
|
confidential credit reports to prove their derring-do and taunt other hackers.
|
|
Their frequent target was the Legion of Doom, a hacker group named after a
|
|
gang of comic-book villains. The rivalry seemed to take on class and ethnic
|
|
overtones, too, as the diverse New York group defied the traditional image of
|
|
the young suburban computer whiz.
|
|
|
|
But Federal prosecutors say the members of MOD, as the group called itself,
|
|
went far beyond harmless pranks.
|
|
|
|
Facing Federal Charges
|
|
|
|
On July 16, five young men identified by prosecutors as MOD members pleaded not
|
|
guilty to Federal charges including breaking into some of the nation's most
|
|
powerful computers and stealing confidential data like credit reports, some of
|
|
which were later sold to private investigators. Prosecutors call it one of the
|
|
most extensive thefts of computer information ever reported.
|
|
|
|
The indictment says the men entered the computer systems of Southwestern Bell,
|
|
TRW Information Services and others "to enhance their image and prestige among
|
|
other computer hackers; to harass and intimidate rival hackers and other people
|
|
they did not like; to obtain telephone, credit, information and other services
|
|
without paying for them; and to obtain passwords, account numbers and other
|
|
things of value which they could sell to others."
|
|
|
|
With modems that link their terminals to other computers over ordinary
|
|
telephone lines, young hackers have been making mischief for years. But as the
|
|
nation relies more and more on vast networks of powerful computers and as
|
|
personal computers become faster and cheaper, the potential for trouble has
|
|
soared. For example, Robert Tappan Morris, a Cornell student, unleashed a
|
|
program in 1988 that jammed several thousand computers across the country.
|
|
|
|
A Polyglot Group
|
|
|
|
But the world of computer hackers has been changing. Unlike the typical
|
|
hackers of old -- well-to-do suburban youths whose parents could afford costly
|
|
equipment -- the Masters of Deception are a polyglot representation of blue-
|
|
collar New York: black, Hispanic, Greek, Lithuanian and Italian. They work
|
|
their mischief often using the least expensive computers.
|
|
|
|
One of the young men, 21-year-old John Lee, who goes by the name Corrupt, has
|
|
dreadlocks chopped back into stubby "twists," and lives with his mother in a
|
|
dilapidated walk-up in Bedford-Stuyvesant, Brooklyn. He bounced around
|
|
programs for gifted students before dropping out of school in the 11th grade.
|
|
Scorpion -- 22-year-old Paul Stira of Queens -- was his class valedictorian at
|
|
Thomas A. Edison High School in Queens. Outlaw -- Julio Fernandez, 18, of the
|
|
Bronx -- first studied computers in grade school.
|
|
|
|
They met not on street corners, but via computer bulletin boards used to swap
|
|
messages and programs.
|
|
|
|
With nothing to identify them on the boards except their nicknames and uncanny
|
|
abilities, the young men found the computer the great democratic leveler.
|
|
|
|
Questions of Profit
|
|
|
|
There may be another difference in the new wave of hackers. While the
|
|
traditional hacker ethic forbids cruising computer systems for profit, some new
|
|
hackers are less idealistic. "People who say that," said one former hacker, a
|
|
friend of the MOD who insisted on anonymity, "must have rich parents. When you
|
|
get something of value, you've got to make money."
|
|
|
|
Mr. Lee, Mr. Fernandez, Mr. Stira and two others described as MOD members --
|
|
20-year-old Mark Abene (Phiber Optik), and 22-year-old Elias Ladopoulos (Acid
|
|
Phreak), both of Queens -- were charged with crimes including computer
|
|
tampering, computer and wire fraud, illegal wiretapping and conspiracy. They
|
|
face huge fines and up to five years in prison on each of 11 counts.
|
|
|
|
The youths, on advice of their lawyers, declined to be interviewed.
|
|
|
|
Prosecutors say they do not know just how and when youthful pranks turned to
|
|
serious crime. Other hackers said the trouble began, perhaps innocently
|
|
enough, as a computer war with ethnic and class overtones.
|
|
|
|
The Masters of Deception were born in a conflict with the Legion of Doom, which
|
|
had been formed by 1984 and ultimately included among its ranks three Texans,
|
|
one of whom, Kenyon Shulman, is the son of a Houston socialite, Carolyn Farb.
|
|
|
|
Banished From the Legion
|
|
|
|
Mr. Abene had been voted into the Legion at one point. But when he began to
|
|
annoy others in the group with his New York braggadocio and refusal to share
|
|
information, he was banished, Legion members said.
|
|
|
|
Meanwhile, a hacker using a computer party line based in Texas had insulted Mr.
|
|
Lee, who is black, with a racial epithet.
|
|
|
|
By 1989, both New Yorkers had turned to a new group, MOD, founded by Mr.
|
|
Ladopoulos. They vowed to replace their Legion rivals as the "new elite."
|
|
|
|
"It's like every other 18- or 19-year-old who walks around knowing he can do
|
|
something better than anyone else can," said Michael Godwin, who knows several
|
|
of the accused and is a lawyer for the Electronic Frontier Foundation of
|
|
Cambridge, Massachusetts, which provides legal aid for hackers. "They are
|
|
offensively arrogant."
|
|
|
|
Hacker groups tend to rise and fall within six months or so as members leave
|
|
for college, meet girls or, as one former hacker put it, "get a life." But the
|
|
MOD continued to gather new members from monthly meetings in the atrium of the
|
|
Citicorp Building in Manhattan and a computer bulletin board called Kaos.
|
|
According to a history the group kept on the computer network, they enjoyed
|
|
"mischievous pranks," often aimed at their Texas rivals, and the two groups
|
|
began sparring.
|
|
|
|
Texas-New York Sparring
|
|
|
|
But in June 1990, the three Texas-based Legion members, including Mr. Shulman,
|
|
Chris Goggans and Scott Chasin, formed Comsec Data Security, a business
|
|
intended to help companies prevent break-ins by other hackers.
|
|
|
|
Worried that the Texans were acting as police informers, the MOD members
|
|
accused their rivals of defaming them on the network bulletin boards. Several
|
|
members, including Mr. Abene, had become targets of raids by the Secret
|
|
Service, and MOD members believed the Texans were responsible, a contention the
|
|
Texans respond to with "no comment."
|
|
|
|
But the sparring took on racial overtones as well. When Mr. Lee wrote a
|
|
history of the MOD and left it in the network, Mr. Goggans rewrote it in a jive
|
|
parody.
|
|
|
|
The text that read, "In the early part of 1987, there were numerous amounts of
|
|
busts in the U.S. and in New York in particular" became "In de early time part
|
|
uh 1987, dere wuz numerous amounts uh busts in de U.S. and in New Yo'k in
|
|
particular."
|
|
|
|
Mr. Goggans said that it was not meant as a racist attack on Mr. Lee. "It was
|
|
just a good way to get under his skin," he said.
|
|
|
|
Exposing Identities
|
|
|
|
MOD's activities, according to the indictment and other hackers, began to
|
|
proliferate.
|
|
|
|
Unlike most of the "old generation" of hackers who liked to joyride through the
|
|
systems, the New Yorkers began using the file information to harass and
|
|
intimidate others, according to prosecutors. Everything from home addresses to
|
|
credit card numbers to places of employment to hackers' real names -- perhaps
|
|
the biggest taboo of all -- hit the network.
|
|
|
|
In the indictment, Mr. Lee and Mr. Fernandez are accused of having a
|
|
conversation last fall in which they talked about getting information on how to
|
|
alter TRW credit reports to "destroy people's lives or make them look like
|
|
saints."
|
|
|
|
The prosecutors say the youths also went after information they could sell,
|
|
though the indictment is not specific about what, if anything, was sold. The
|
|
only such information comes from another case earlier this month in which two
|
|
other New York City hackers, Morton Rosenfeld, 21, of Brooklyn, and Alfredo de
|
|
la Fe, 18, of Manhattan, pleaded guilty to a conspiracy to use passwords and
|
|
other access devices obtained from MOD. They said they had paid "several
|
|
hundred dollars" to the computer group for passwords to obtain credit reports
|
|
and then resold the information for "several thousand dollars" to private
|
|
investigators.
|
|
|
|
News Media Attention
|
|
|
|
Competition for attention from the news media also heated up. The former
|
|
Legion members in Comsec had become media darlings, with articles about them
|
|
appearing in Time and Newsweek. Mr. Abene and Mr. Ladopoulos also appeared on
|
|
television or in magazines, proclaiming their right to probe computer systems,
|
|
as long as they did no damage.
|
|
|
|
In one highly publicized incident, during a 1989 forum on computers and privacy
|
|
sponsored by Harper's magazine, John Perry Barlow, a freelance journalist and
|
|
lyricist for the Grateful Dead, went head to head with Mr. Abene, or Phiber
|
|
Optik. Mr. Barlow called the young hacker a "punk."
|
|
|
|
According to an article by Mr. Barlow -- an account that Mr. Abene will not
|
|
confirm or deny -- Mr. Abene then retaliated by "downloading" Mr. Barlow's
|
|
credit history, displaying it on the computer screens of Mr. Barlow and other
|
|
network users.
|
|
|
|
Skirmishes Subside
|
|
|
|
"I've been in redneck bars wearing shoulder-length curls, police custody while
|
|
on acid, and Harlem after midnight, but no one has ever put the spook in me
|
|
quite as Phiber Optik did at that moment," Mr. Barlow wrote. "To a middle-
|
|
class American, one's credit rating has become nearly identical to his
|
|
freedom."
|
|
|
|
In recent months, hackers say, the war has calmed down. Comsec went out of
|
|
business, and several Masters of Deception were left without computers after
|
|
the Secret Service raids.
|
|
|
|
Mr. Abene pleaded guilty last year to misdemeanor charges resulting from the
|
|
raids. On the night before his arrest this month, he gave a guest lecture on
|
|
computers at the New School for Social Research.
|
|
|
|
Mr. Lee says he works part time as a stand-up comic and is enrolled at Brooklyn
|
|
College studying film production.
|
|
|
|
Mr. Stira is three credits shy of a degree in computer science at Polytechnic
|
|
University in Brooklyn. Mr. Fernandez hopes to enroll this fall in the
|
|
Technical Computer Institute in Manhattan. Mr. Ladopoulos is studying at
|
|
Queens Community College.
|
|
|
|
No trial date has been set.
|
|
|
|
But the battles are apparently not over yet. A couple of days after the
|
|
charges were handed up, one Legion member said, he received a message on his
|
|
computer from Mr. Abene. It was sarcastic as usual, he said, and it closed,
|
|
"Kissy, kissy."
|
|
|
|
[Editor's Note: Article included photographs of Phiber Optik, Scorpion,
|
|
Corrupt, and Outlaw.]
|
|
_______________________________________________________________________________
|
|
|
|
Frustrated Hackers May Have Helped Feds In MOD Sting July 20, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By James Daly (ComputerWorld)(Page 6)
|
|
|
|
NEW YORK -- Are hackers beginning to police themselves? The five men recently
|
|
charged with cracking into scores of complex computer systems during the last
|
|
two years may have been fingered by other hackers who had grown weary of the
|
|
group's penchant for destruction and vindictiveness, members of the hacker
|
|
community said.
|
|
|
|
The arrest of the defendants, whom federal law enforcement officials claimed
|
|
were members of a confederation variously called the "Masters of Deception" and
|
|
the "Masters of Disaster" (MOD), was cause for celebration in some quarters
|
|
where the group is known as a spiteful fringe element.
|
|
|
|
"Some of these guys were a big pain," said one source who requested anonymity
|
|
for fear that unindicted MOD members would plot revenge. "They used their
|
|
skills to harass others, which is not what hacking is all about. MOD came with
|
|
a 'you will respect us' attitude, and no one liked it."
|
|
|
|
Said another: "In the past few months, there has been a lot of muttering on the
|
|
[bulletin] boards about these guys."
|
|
|
|
In one episode, MOD members reportedly arranged for the modem of a computer at
|
|
the University of Louisville in Kentucky to continually dial the home number of
|
|
a hacker bulletin board member who refused to grant them greater access
|
|
privileges. A similar threat was heard in Maryland.
|
|
|
|
In the indictment, the defendants are accused of carrying on a conversation in
|
|
early November 1991 in which they sought instructions on how to add and remove
|
|
credit delinquency reports "to destroy people's lives . . . or make them look
|
|
like a saint." Unlike many other hacker organizations, the members of MOD
|
|
agreed to share important computer information only among themselves and not
|
|
with other hackers.
|
|
|
|
Officials Mum
|
|
|
|
Who exactly helped the FBI, Secret Service and U.S. Attorney General's Office
|
|
prepare a case against the group is still anyone's guess. Assistant U.S.
|
|
Attorney Stephen Fishbein is not saying. He confirmed that the investigation
|
|
into the MOD began in 1990, but he would not elaborate on how or why it was
|
|
launched or who participated. FBI and Secret Service officials were equally
|
|
mute.
|
|
|
|
|
|
Some observers said that if the charges are true, the men were not true
|
|
"hackers" at all.
|
|
|
|
"Hacking is something done in the spirit of creative playfulness, and people
|
|
who break into computer security systems aren't hackers -- they're criminals,"
|
|
said Richard Stallman, president of the Cambridge, Massachusetts-based Free
|
|
Software Foundation, a public charity that develops free software. The
|
|
foundation had several files on one computer deleted by a hacker who some
|
|
claimed belonged to the MOD.
|
|
|
|
The MOD hackers are charged with breaking into computer systems at several
|
|
regional telephone companies, Fortune 500 firms including Martin Marietta
|
|
Corp., universities and credit-reporting concerns such as TRW, Inc., which
|
|
reportedly had 176 consumer credit reports stolen and sold to private
|
|
investigators. The 11-count indictment accuses the defendants of computer
|
|
fraud, computer tampering, wire fraud, illegal wiretapping and conspiracy.
|
|
|
|
But some hackers said the charges are like trying to killing ants with a
|
|
sledgehammer. "These guys may have acted idiotically, but this was a stupid
|
|
way to get back at them," said Emmanuel Goldstein, editor of 2600, a quarterly
|
|
magazine for the hacker community based in Middle Island, New York.
|
|
|
|
Longtime hackers said the MOD wanted to move into the vacuum left when the
|
|
Legion of Doom began to disintegrate in late 1989 and early 1990 after a series
|
|
of arrests in Atlanta and Texas. Federal law enforcement officials have
|
|
described the Legion of Doom as a group of about 15 computer enthusiasts whose
|
|
members re-routed calls, stole and altered data and disrupted telephone
|
|
services.
|