bcn@mit-eddie.UUCP (Clifford Neuman) (11/29/83)
The following may be of interest. The next few messages also pertain
to the roundup.
**********************************************************************
DDN-MGT-BULLETIN 15 NETWORK INFO CENTER for
31 Oct 1983 DCA DDN Program Mgmt Office
NIC@SRI-NIC
(415) 859-3695
Defense Data Network
MANAGEMENT BULLETIN
The DDN MANAGEMENT BULLETIN is published by the Network Information
Center under DCA contract as a means of communicating official policy,
procedures and other information of concern to management personnel at
DDN facilities. Back issues may be obtained by FTP from the directory
<DDN-NEWS> at SRI-NIC [10.0.0.73].
**********************************************************************
HACKER ROUNDUP: WITNESSES NEEDED
WITNESSES NEEDED
The following two messages from Richard Guy at UCLA are forwarded for
your information and action as appropriate. Note that the date for
filing was slipped from Friday until Monday. The "To" and "Cc" fields
have been deleted.bcn@mit-eddie.UUCP (Clifford Neuman) (11/29/83)
Date: 26 Oct 1983 16:19:38 PDT From: guy @ UCLA-LOCUS Subject: potential 'witnesses' needed for district attorney's case Text: Hello, Most of you are already aware of the arpanet-hackers problem that was occuring during August and September of this year, in which UCLA was used as the 'home' site for much of the activity. (If this is the first you've heard of it, my apologies. Only recently have we conducted an exhaustive(ing) analysis of the data we've been collecting.) Our district attorney's office is in the final stages of filing charges against two individuals. (search warrants were served Sep. 22, and equipment and materials confiscated) In order to proceed, they need the name of a person from each victimized site who can testify that their site was penetrated at specified times, on specified accounts. Basically what we need is supporting evidence that in some way would indicate to a court that we haven't 'faked up' our log files. 'Last login' information will suffice; if you happen to have more extensive information, that would be welcome. (Incoming/outgoing FTP and TELNET logging info would be very useful as well.) The name(s) you each supply will appear on court documents when the charges are filed (hopefully this week). They will be listed as 'potential witnesses' to support the charges. This means that the names will probably be public information, available to the press, but does NOT mean that the persons listed will actually have to come and testify. If this thing does in fact go to trial, some subset of the names will be selected. The DA was unsure whether simple affidavits would suffice, in place of personal appearances. In short, the DA needs (yesterday, of course) one name from each site that he can list as a potential witness to corroborate what our log files say, at least in regards to when connections were made. He would like to file the charges Friday, Oct. 28. So far, the original search warrants have been sealed away from the press, but from Friday on, everything will
bcn@mit-eddie.UUCP (Clifford Neuman) (11/29/83)
Date: 31 Oct 1983 11:02:45 PST From: guy @ UCLA-LOCUS Subject: Re: HACKER ROUNDUP - WITNESSES NEEDED In-reply-to: Your message of 31 October 1983 10:29 EST. Text: I just got off the phone with ..........., the deputy DA prosecuting the case. He says that since we have talked with all the folks we expect to be using, there's no problem in telling all the site administrators what's been going on. If any new evidence/sites turn up, we're interested, but it is doubtful that it would be used in this particular case. Note especially that we're only filing charges against one of the two guys, and if more info turns up on the second, that would be VERY useful. The two key first names are 'ron' and 'kev', short for Ronald and Kevin. These guys have a habit of changing their UNIX 'full name' to at least be their first name, if not their last name as well. (they have been known to use a fictitious surname on-line.) We're filing against Ronald, initially. They were active at UCLA from August 1 through Sep 22, when they were served search warrants, and their toys confiscated. One had a Commodore, the other a TRS color computer. Both had cassettes, neither had floppys or printers. Both had 300-baud modems. Both had UNIX manuals--one had a two volume set from Bell system III; the other had the Yates book. One had also purchased UCLA CSDept documents on using UNIX. We know that a third person was involved, and that accesses to UCLA continued briefly even after the equipment was confiscated. Other sites have also noticed that some activity is still occurring. richard ps I suspect that this note, with excerpts from the others, are what you want to publish to the liasons/administrators. Also note, that due to the wonder of transparent gateways, ANY host accessible directly by ftp/telnet is a potential victim. Not to mention anyone with a dial-in. Our bandits used (fraudently) both MCI-type long-distance dialing codes, as well as dial-out facilities from various penetrated systems.
bcn@mit-eddie.UUCP (Clifford Neuman) (11/29/83)
From: Mark Crispin <MRC@SU-SCORE.ARPA>
Subject: they got one of the cretins!
Date: Wed, 2-Nov-83 21:55:06 PST
Date-Received: Wed Nov 2 21:55:06 1983
To: su-bboards
AM-Computer Crime,580
UCLA Student Accused of Penetrating Defense Communication System
LOS ANGELES (AP) - A 19-year-old UCLA student was charged Wednesday
with using a home computer to break into a Defense Department
communications system linking government and private computers
throughout the United States and Europe.
Ronald Mark Austin was arrested at his Santa Monica home and booked
into the Los Angeles County jail on a district attorney's complaint
accusing him of 14 felony counts of maliciously gaining access to a
computer system.
Bail was set at $10,000, and a Municipal Court arraignment was
expected Thursday.
''This is not some childish prank,'' District Attorney Robert
Philibosian said. ''We're talking about an individual who has cost the
federal government, private organizations and universities literally
hundreds of thousands of dollars in reprogramming costs.'' He said of
the information was ''very sensitive.''
The complaint also charged Austin with one count each of theft and
receiving stolen property involving four stolen airline tickets to
Europe found at his home. If convicted he faces up to six years in
prison.
District attorney spokesman Al Albergate said the tickets were made
out to people who lived in Austin's neighborhood. He said
investigators also found $800 in hundred-dollar bills, possibly
proceeds from the sale of other tickets.
Investigators said they did not know if the tickets were related to
the computer scheme.
Austin's arrest followed an investigation by the district attorney's
Electronic Crimes Section in cooperation with the UCLA Computer
Sciences Department.
Philibosian said the investigation indicated that the unauthorized
access to computer systems at UCLA began July 7. Albergate said UCLA
officials contacted authorities after noticing that seldom-used
computer accounts belonging to UCLA scientists suddenly were being
used with unusual frequency.
Philibosian said the computer systems reached by Austin all had to
be reprogrammed.
''Using local telephone connections, Austin gained access not only
to local computer accounts but also, through the UCLA system, to the
Advanced Research Projects Agency Network'' linking computers that
store data on research projects for several agencies, including the
Defense Department, Philibosian said.
''Some of the information was very sensitive,'' the district
attorney said. ''We can't give a more complete description at this
time.''
The complaint said Austin gained access to more than 200 computer
accounts at 14 different locations, and that in some cases he blocked
out legitimate account users.
''We don't know what he was doing with the data,'' Philibosian said,
adding that Austin's motives are still under investigation.
Austin allegedly gained access to computers at the Naval Ocean
Systems Center in San Diego; the Naval Research Laboratory in
Washington, D.C.; the Norwegian Telecommunication Administration in
Norway; and the Rand Corp. in Santa Monica.
Rand spokesman Paul Weeks said the company determined that on Aug.
29, an unauthorized person used ''a Rand computer that is used to
forward electronic mail on a national network of computers.''
Weeks said the computer was used only ''sort of like a relay'' to
tie into other computers in the Advanced Research Projects Agency
Network and ''there was no penetration of any Rand data or files.''
''Rand has standard security practices that prevent unauthorized
access to its unclassified research information, and no such
information was involved in this instance,'' Weeks said.
Other computers systems Austin allegedly accessed: Purdue
University, Lafayette, Indiana; BBN-Communications Corp., Cambridge,
Mass.; University of California-Berkeley; University of Wisconsin;
UCLA; SRI International, Menlo Park, Calif.; Computer Science Network,
Madison, Wisc.; The Mitre Corp., Bedford, Mass.; Cornell University,
Ithaca, N.Y., and ISI (Information Science Institute), Marina Del
Rey, Calif.
ap-ny-11-02 2007EST
***************bcn@mit-eddie.UUCP (Clifford Neuman) (11/29/83)
From: Arthur Keller <ARK@SU-AI>
Subject: More on ``Computer Crime''
Date: Fri, 4-Nov-83 03:11:28 PST
To: su-bboards
a042 0256 04 Nov 83 and a044 0306 04 Nov 83
PM-Computer Crime, Bjt,680+460
Computer Raiders Ran Holes Through UCLA System, Investigator Says
By RICHARD DE ATLEY
Associated Press Writer
LOS ANGELES (AP) - Three computer raiders known as ''Ron,'' ''Kev''
and ''Kar'' ran amok in UCLA's vast government, business and school
computer files until their electronic chatter and carelessness gave
them away, an investigator says.
UCLA physics student Ronald Mark Austin, 19 - who officials said was
known to computer users as ''Ron'' - pleaded innocent Thursday to 14
counts of malicious computer entry and theft of two round-trip
airline tickets to London.
Municipal Judge Michael Tynan lowered bail from $10,000 to $2,000 on
the condition Austin stays away from computers.
Austin's Santa Monica home and that of Kevin Lee Poulsen in North
Hollywood were raided by investigators Sept. 22. Their computers were
seized along with equipment, telephones and thousands of sheets of
data.
No charges have been filed against Poulsen, a juvenile, and court
documents mention only one name for the third person, Kareem.
On UCLA's electronic computer billboard, Poulsen was known as
''Kev'' and Kareem was known as ''Kar,'' said district attorney
investigator J. Duane Trump.
Besides breaking into the UCLA research computer last summer and
allegedly changing the codes of scores of files, the three discussed
their conquests via computer hookup which, unknown to them, was being
monitored by school officials, then the campus police, and finally
the district attorney's office.
Deputy District Attorney Clifton Garrott refused to comment on the
case after Austin's arraignment, but reports filed by Trump indicate
that the three raiders had access to some of the most sophisticated
computer networks in the country for two months.
Austin and Poulsen both admitted tapping into files when Trump
interviewed them after the raids on their homes, Trump said.
A break in the case came when Austin gave his full name, address and
phone number by computer to Poulsen. And it was Austin who bragged to
Kareem one day about how he was capturing files, Trump said.
The illegal access was first noticed on July 7 by Terry Gray,
associate director of the UCLA Research Computer Science Department,
who was told by staff members that someone outside UCLA's computer was
using four unauthorized phone numbers to enter the system.
Monitors also indicated that the raiders had entered the research
computer through a network called Advanced Research Projects Agency,
or ARPANET, a Defense Department communications system linking
computers in government, labor and major universities throughout the
United States.
The monitors, Gray explained, were capable of showing how the
computers were being entered. On Aug. 9, Gray filed a complaint with
campus police that unknown people were illegally breaking into the
UCLA system.
Austin allegedly told Trump he also was able to enter the Telenet
and Tymenet systems, which store programs for businesses. A typical
program might be a current analysis of stocks for system members.
Among items seized in the raid on Austin's home were airline tickets
valued at $2,546. The tickets had been ordered by phone through valid
credit card numbers, but when the people whose names were on the
tickets were contacted by investigators, they said they had not
ordered them, Trump said.
He said Austin told investigators he had ''found'' the tickets.
On Aug. 25, there was this cryptic message between ''Kev'' and
''Ron'':
''Who is this?''
''Ron.''
''Why are you using Betty (a password)?''
''I can't tell you''
But the owner of the Betty file found out soon enough. On Sept. 3,
UCLA student Betty Lee found she couldn't get into her own file. A
supervisor used a special code to open the file, and Ms. Lee
discovered that 50 to 60 hours of research work was missing.
Aug. 25 provided another break in the case. Two suspicious
researchers working late at night in the computer center noticed a
young man and woman bent over a computer printout. One got close
enough to see they were printing out a list of ARPANET computer sites
and the various codes for access to those computers.
The researchers followed the pair into a parking lot and took down
the license plate of the car. Police say they traced it to Austin.
ap-ny-11-04 0604EST
***************ultra@cmcl2.UUCP (11/29/83)
#R:mit-eddi:-97400:cmcl2:20100001:000:505
cmcl2!ultra Nov 29 15:02:00 1983
From: Mark Crispin <MRC@SU-SCORE.ARPA>
Subject: they got one of the cretins!
Date: Wed, 2-Nov-83 21:55:06 PST
To: su-bboards
AM-Computer Crime,580
UCLA Student Accused of Penetrating Defense Communication System
LOS ANGELES (AP) - A 19-year-old UCLA student was charged ...
"Cretins"? Aw, come on, Mark: tell me that in the early 70's, before
the public knew what "computer" stood for, that you didn't play around
on the Net at all, and that "blue box" meant absolutely nothing to you.ka@hou3c.UUCP (Kenneth Almquist) (11/30/83)
Anybody know what the "hundreds of thousands of dollars" of reprogramming is for? Kenneth Almquist
bcn@mit-eddie.UUCP (Clifford Neuman) (11/30/83)
Isn't it obvios what the hundreds of thousands of dollars in reprogramming
is for? They have to reprogram their users to use more secure passwords.
Cliff
{decvax!genrad,ihnp4}!mit-eddie!bcn.UUCP
BCN@MIT-MC.ARPA