telecom@eecs.nwu.edu (TELECOM Moderator) (08/12/90)
TELECOM Digest Sat, 11 Aug 90 19:05:00 CDT Special: Len Rose Indictment
Inside This Issue: Moderator: Patrick A. Townson
Len Rose Indictment [Len Rose]
----------------------------------------------------------------------
From: Len Rose <len@netsys.netsys.com>
Subject: Federal Indictment
Date: 10 Aug 90 00:00:42 GMT
Organization: Netsys Inc., Philadelphia
INDICTMENT
COUNT ONE
The Grand Jury for the District of Maryland charges:
FACTUAL BACKGROUND
1. At all times relevant to this Indictment,American Telephone &
Telegraph Company ("AT&T"), through it's subsidiary, Bell Laboratories
("Bell Labs"), manufactured and sold UNIX (a trademark of AT&T Bell
Laboratories) computer systems to customers throughout the United
States of America.
2. At all times relevant to this Indictment, AT&T sold computer
programs ("software") designed to run on the UNIX system to those
customers. This software is designed and manufactured by AT&T; some
software was available to the public for purchase, other software was
internal AT&T software (such as accounting and password control
programs) designed to operate with the AT&T UNIX system.
3. At all times relevant to this indictment,computer hackers were
individuals involved with gaining unauthorized access to computer
systems by various means. These means included password scanning (use
of a program that employed a large dictionary of words, which the
program used in an attempt to decode the passwords of authorized
computer system users), masquerading as authorized users, and use of
trojan horse programs.
4. At all times relevant to this Indictment, the Legion of Doom
("LOD") was a loosely-associated group of computer hackers. Among
other activities, LOD members were involved in:
a. Gaining unauthorized access to computer systems for purposes of
stealing computer software programs from the companies that
owned the programs;
b. Gaining unauthorized access to computer systems for purpose of
using computer time at no charge to themselves, thereby fraudu-
lently obtaining money and property from the companies that
owned the computer systems;
c. Gaining unauthorized access to computer systems for the purpose of
stealing proprietary source code and information from the companies
that owned the source code and information;
d. Disseminating information about their methods of gaining unauthor-
ized access to computer systems to other hackers;
e. Gaining unauthorized access to computer systems for the purpose of
making telephone calls at no charge to themselves,obtaining and using
credit history and data for individuals other than themselves, and
the like.
5. At all times relevant to this Indictment, LEONARD ROSE JR. a/k/a
"Terminus", was associated with the LOD and operated his own computer
system, identified as Netsys. His electronic mailing address was
netsys!len
COMPUTER TERMINOLOGY
6. For the purpose of this Indictment, an "assembler" is a computer
program that translates computer program instructions written in
assembly language (source code) into machine language executable by a
computer.
7. For the purpose of this Indictment, a "compiler" is a computer
program used to translate as computer program expressed in a problem
oriented language (source code) into machine language executable by a
computer.
8. For the purpose of this Indictment, a "computer" is an internally
programmed, automatic device that performs data processing.
9. For the purpose of this Indictment, a "computer network" is a set
of related,remotely connected terminals and communications facilities,
including more than one computer system, with the capability of
transmitting data among them through communicatiions facilities, such
as telephones.
10. For the purposes of this Indictment, a "computer program" is a set
of data representing coded instructions that, when executed by a
computer causes the computer to process data.
11. For the purposes of this Indictment, a "computer system" is a set
of related, connected, or unconnected computer equipment, devices, or
software.
12. For the purposes of this Indictment,electronic mail ("e-mail") is
a computerized method for sending communications and files between
computers on computer networks. Persons who send and recieve e-mail
are identified by a unique "mailing" address, similar to a postal
address.
13. For the purposes of this Indictment a "file" is a collection of
related data records treated as a unit by a computer.
14. For the purposes of thie Indictment, "hardware" is the computer
and all related or attached machinery, including terminals, keyboard,
disk drives, tape drives, cartridges, and other mechanical, magnetic,
electrical, and electronic devices used in data processing.
15. For the purposes of this Indictment,a "modem" is a device that
modulates and demodulates signals transmitted over data telecommuni-
cations facilities.
16. For the purposes of this Indictment, "software" is a set of
computer programs, procedures, and associated documentation.
17. For the purposes of this Indictment,"source code" is instructions
written by a computer programmer in a computer language that are used
as input for a compiler, interpreter, or assembler. Access to source
code permits a computer user to change the way in which a given
computer system executes a program, without the knowledge of the
computer system administrator.
18. For the purposes of this Indictment, "superuser privileges"
(sometimes referred to as "root") are privileges on a computer system
that grant the "superuser" unlimited access to the system, including
the ability to change the system's programs, insert new programs, and
the like.
19. For the purposes of this Indictment, a "trojan horse" is a set of
computer instructions secretly inserted into a computer program so
that when the program is executed, acts occur that were not intended
to be performed by the program before modification.
20. For the purposes of this Indictment,"UNIX" (a trademark of AT&T
Bell Laboratories) is a computer operating system designed by AT&T
Bell Laboratories for use with minicomputers and small business
computers, which has been widely adopted by businesses and government
agencies throughout the United States.
COMPUTER OPERATIONS
21. For the purposes of this Indictment, typical computer operations
are as described in the following paragraphs. A computer user
initiates communications with a computer system through his terminal
and modem. The modem dials the access number for the computer system
the user wishes to access and, after the user is connected to the
system, the modem transmits and receives data to and from the
computer.
22. Once the connection is established, the computer requests the
user's login identification and password. If the user fails to provide
valid login and password information, he cannot access the computer.
23. Once the user has gained access to the computer, he is capable of
instructing the computer to execute existing programs. These programs
are composed of a collection of computer files stored in the
computer's memory. The commands that make up each file and, in turn,
each program, are source code. Users who have source code are able to
see all of the commands that make up a particular program. They can
change these commands, causing the computer to perform tasks that the
author of the program did not intend.
24. The user may also copy certain files or programs from the computer
he has accessed; if the user is unauthorized, this procedure allows
the user to obtain information that is not otherwise available to him.
25. In addition, once a user has accessed a computer, he may use it's
network connections to gain access to other computers. Gaining access
from one computer to another permits a user to conceal his location
because login information on the second computer will reflect only
that the first computer accessed the second computer.
26. If a user has superuser privileges, he may add, replace, or modify
existing programs in the computer system. The user performs these
tasks by "going root"; that is, by entering a superuser password and
instructing the computer to make systemic changes.
27. On or about January 13, 1989, in the State and District of
Maryland, and elsewhere,
LEONARD ROSE JR. a/k/a Terminus
did knowingly, willfully, intentionally, and with intent to defraud,
traffic in (that is, transfer, and otherwise dispose of to another,
and obtain control of with intent to transfer and dispose of)
information through which a computer may be accessed without
authorization, to wit: a trojan horse program designed to collect
superuser passwords, and by such conduct affected interstate commerce.
COUNT TWO
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. On or about January 9,1990, in the State and District of Maryland,
and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did knowingly, willfully, intentionally, and with intent to defraud,
traffic in (that is, transfer, and otherwise dispose of to another,
and obtain control of with intent to transfer and dispose of)
information through which a computer may be accessed without
authorization, to wit: a trojan horse login program, and by such
conduct affected interstate commerce.
COUNT THREE
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. That on or about May 13, 1988 in the State and District of
Maryland, and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did cause to be transported, transmitted, and transformed in
interstate commerce goods, wares, and merchandise of the value of
$5000 or more, to wit: computer source code that was confidential,
proprietary information of AT&T, knowing the same to have been stolen,
converted, and taken by fraud.
COUNT FOUR
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. That on or about January 15, 1989 in the State and District of
Maryland, and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did cause to be transported, transmitted, and transformed in
interstate commerce goods, wares,and merchandise of the value of $5000
or more, to wit: computer source code that was confidential,
proprietary information of AT&T, knowing the same to have been stolen,
converted, and taken by fraud.
COUNT FIVE
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. That on or about January 8, 1990 in the State and District of
Maryland, and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did cause to be transported, transmitted, and transformed in
interstate commerce goods, wares, and merchandise of the value of
$5000 or more, to wit: computer source code that was confidential,
proprietary information of AT&T, knowing the same to have been stolen,
converted, and taken by fraud.
____________________
Breckinridge L. Wilcox
[Moderator's Note: Mr. Wilcox is probably the foreperson of the Grand
Jury. The five counts above, according to Mr. Rose, represent the
various occassions on which he is alleged to have transferred a
'password-trapping' program to other individuals, including Craig
Neidorf. If my understanding of the allegations is correct,
modifications to the source code causing passwords entered by users
using the 'su' command to be retained in a separate file for review by
unauthorized persons was transmitted. I believe Mr. Neidorf then
printed this information in his publication {Phrack}. It is not known
to what extent this modification was installed or implemented. Mr.
Rose said to me he does not know of anyone 'who actually used or
installed' this modification. He said he wrote it legitimatly for
testing and diagnostic purposes for his own use at his site and for
legitimate clients. He said he can't help it if it fell into the hands
of persons who would abuse or misuse his work.
Mr. Rose said to me he is destitute at this time due to the financial
burden of obtaining legal counsel and being without the tools (his
computing machinery and related stuff) he needs to be employed. His
trial has been adjourned until sometime early in 1991 at the court's
motion, and this additional delay will cause him more financial
hardship. He believes this delay was given by the court in retaliation
for motions entered by his attorney asking the judge to recuse
himself.
He said he had been offered 'deals' by the government, including
pleading guilty to one count, receiving as punishment several months
in the custody of the Attorney General, followed by perhaps a year of
federal probation. His equipment would be returned as part of the
deal. If this were his choice -- that the matter be adjudicated in
conference between the government, his attorney and the court --
resolution could come in a short time. If he prefers, the matter can
go to trial, and he can take his chances on complete acquittal, or
being found guilty on one or more of the charges against him, followed
by imposition of punishment as detirmined by the court at that time.
Mr. Rose has received advice from several quarters on this important
issue, both for and against cutting deals. He said 'people at the
Electronic Frontier Foundation refuse to return his phone calls', but
that others, including a prominent person at the Free Software
Foundation have encouraged him to hold out for trial and acquittal.
In either scenario, Mr. Rose's prior state conviction several months
ago involving computer equipment stolen from the warehouse found in
his possession does not enhance his ability to cut deals to his
liking.
It should be remembered that under the Constitution of the United
States, Len Rose must be considered innocent of the latest charges
against him until his guilt is proven in court, or based on his plea
of guilty the court finds him guilty. PAT]
------------------------------
End of TELECOM Digest Special: Len Rose Indictment
******************************Mike Godwin <mnemonic@walt.cc.utexas.edu> (08/12/90)
One of the things that troubles me about the Len Rose indictment is that it appears to have been edited. Normally, a federal indictment will state under each or charge the specific statute under which the particular offense has been committed. Lest someone read into this an accusation that Len Rose edited his indictment for some particular purpose, let me add that it is often easy to overlook the statutory references, which typically appear at the bottom of each page, and which often look like pro-forma additions. But without the statutory references, it is unclear which statutes Rose is alleged to have violated. It seems certain that 18 USC 1343 (wire fraud) and 18 USC 2314 (interstate transportation of stolen property) are two of the statutes; it is unclear, however, whether the government is also prosecuting Rose under 18 USC 1030 (use of computers to defraud) or 18 USC 371 (conspiracy). The particular statutes under which Rose is being prosecuted will dictate many of the issues that will be litigated if he goes to trial. My personal favorite of the counts is Count Two: >And the Grand Jury for the District of Maryland further charges: >1. Paragraphs 1 through 26 of Count One are incorporated by reference, >as if fully set forth. >2. On or about January 9,1990, in the State and District of Maryland, >and elsewhere, > LEONARD ROSE JR. a/k/a/ Terminus >did knowingly, willfully, intentionally, and with intent to defraud, >traffic in (that is, transfer, and otherwise dispose of to another, >and obtain control of with intent to transfer and dispose of) >information through which a computer may be accessed without >authorization, to wit: a trojan horse login program, and by such >conduct affected interstate commerce. I know of no federal statute that outlaws "trafficking in" information "through which a computer may be accessed without authorization," absent some allegation that the information was proprietary and stolen. One wonders whether this count is meant to refer to Rose's authoring a password-recording modification to AT&T system software. Our Moderator offers what seems to me to be a correct interpretation of at least one of the counts: >If my understanding of the allegations is correct, >modifications to the source code causing passwords entered by users >using the 'su' command to be retained in a separate file for review by >unauthorized persons was transmitted. I believe Mr. Neidorf then >printed this information in his publication {Phrack}. Assuming this interpretation is correct, it is unclear whether Rose broke the law in this action, unless the federal government has proof that Rose's actions were part of a conspiracy to defraud AT&T or one of the Bells. (That's why it's important to determine whether a conspiracy is being charged here.) In conspiracy prosecutions, an otherwise-legal act may make a defendant liable under the conspiracy statute if that legal act was in furtherance of the conspiracy. Mike Godwin, UT Law School mnemonic@ccwf.cc.utexas.edu (512) 346-4190 [Moderator's Note: Well, you got it the way *I* got it, save tightening up the lines a little, correcting a couple of typos. Was it specifically edited by someone? Well, in the part at the top, the reference was to the 'United States of Amerika' ... I swapped out the /k/ for a /c/ ... it looks like someone was tampering with it. Also, according to Len Rose (on the phone with me), he 'gave it to someone to be typed' for the net. I don't know if *he* personally sent it here; after all his complaints about having no equipment at his disposal, how could he? Someone may have sent it, and used his name. There were no statuatory references in the copy I received.
gd@dciem.uucp> (08/16/90)
>Access to source code permits a computer user to change the way >in which a given computer system executes a program, without the ^^^^^^^^^^^ knowledge of the computer system administrator. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >each program, are source code. Users who have source code are able to ^^^^^^^^^^^^^^^^^^^^^^^^^^ >see all of the commands that make up a particular program. They can ^^^ >change these commands, causing the computer to perform tasks that the ^^^^^^^^^^^^^^^^^^^^^^ >author of the program did not intend. The authors of the indictment seem to think that merely posessing source code somehow gives one the ability to modify executable files on any system to which one has access. Since the indictment specifically talks about Unix systems, this is simply false; without the sysadmin's (root's) permission you can't modify executables in the public directories. In the case of "su", the executable file *must* be owned by root, so the sysadmin would have to be grossly negligent or act willfully to let an ordinary user alter it. This may or may not make a difference to the case against Leonard Rose, but it reflects a view of the world that ascribes great powers to those with technical knowledge, powers they (we) simply don't have. It's that view of the world that threatens us with the labels "hacker" and "phreak" simply because we program computers or read the TELECOM Digest.