TELECOM Moderator <telecom@eecs.nwu.edu> (06/08/90)
TELECOM Digest Thu, 7 Jun 90 20:45:00 CDT Special: LOD - Part I Inside This Issue: Moderator: Patrick A. Townson LOD/Kapor Debate Hits the Big Time [Jerry Leichter] Update: LOD Woes [psrc@pegasus.att.com AND wts@winken.att.com] ---------------------------------------------------------------------- Date: Mon, 4 Jun 90 09:28:29 EDT From: leichter@lrw.com Subject: LOD/Kapor Debate Hits the Big Time Given the vehemence of the recent, um, debate between the Moderator and many readers, I thought the following article - which appeared on the front page of this Sunday's {New York Times} (3-Jun-90) - was of interest. Drive to Counter Computer Crime Aims at Invaders Legitimate Users Voice Worries Over Rights By John Markoff From Los Angeles to Atlanta, Federal and state law-enforcement agents have begun an intense battle against computer operators who break into government and business data systems. The agents, under mounting pressure from corporations and lawmakers, say the crackdown is needed to halt a growing threat to commerce, research and national security. But increasingly, civil liberties experts and even some computer industry executives say the crackdown is affecting computer users who are not breaking the law. These experts say such users are being intimidated and are suffering illegal searches and violations of their constitutional guarantees to free speech. Crimes `in the Blink of an Eye' In many ways the computer crackdown parallels the campaign against drugs, with officials responding to an outcry over a serious problem only to confront another outcry over assaults on civil rights. "It's a whole new era," said Stephen McNammee, United States Attorney for Arizona, who has been a central figure in Government efforts to counter computer crime. "Computers are providing a new avenue for criminal activities. It is possible to transmit computer information for an illegal purpose in the blink of an eye." But Representative Don Edwards, a California Democrat, said the authorities had gone too far. "Every time there is a perceived crisis, law-enforcement agencies and legislators overreact, and usually due process and civil liberties suffer," Mr. Edwards said. "The Fourth Amendment provides strict limits on rummaging through people's property." The largest of several investigations under way around the country is a two year old Federal effort called Operation Sun Devil, in which about 40 personal computer systems, including 23,000 data disks, have been siezed from homes and businesses. The siezures, resulting from 28 search warrents in 14 cities, halted the oper- ation of some computer bulletin boards ... little or any of the confiscated equipment has been returned. In all, seven people have been arrested so far. One computer game maker who has not been charged says he is on the verge of going out of business since investigators siezed his equipment. In related inquiries, the Secret Service has surreptitiously eavesdropped on computer bulletin boards and telephone conversations, and in the process agents have entered these networks posing as legitimate users and traded information. In an unrelated investigation of the theft of an important program from Apple Computer Inc. last year, dozens of experts and hobbyists have recently been interrogated by the [FBI]. Civil libertarians and some business executives have begun to organize defenses. Among them is Mitchel D. Kapor, creator of the nation's most popular software program, the Lotus 1-2-3 spreadsheet, who is planning to help finance a legal defense fund of several hundred thousand dollars for some of those accused. Legal Protections Are Unclear Harvey Silverglate, a Massachusetts lawyer and civil rights expert who is working with Mr. Kapor, said, "You have innocent people who are being terrorized as well as investigations of people who have broken the law." He termed the Government actions a "typical American solution: throw your best and brightest in jail." Officials of the Secret Service, which since 1984 has been the primary Federal enforces of computer fraud laws, believe that an alarming number of bright young computer enthusiasts are using computers illegally. "Often," said Gary M. Jenkins, Secret Service assistant director, "a progression of criminal activity occurs which involves telecommunications fraud, unauthorized access to other computers, credit card fraud, and then moves on to other destructive activities like computer viruses." A 1986 Federal law on computer fraud and abuse make it a crime to enter computers or take information from them without authorization. But Mr. Kapor of Lotus said he believe the danger posed by the computer joy riders had been greatly exaggerated. "Now that the Communists aren't our enemies any more, the American psyche has to end up inventing new ones," he said. He and other experts are also alarmed by new investigative techniques that employ computers. The power of advanced machines multiplies the risk of search and seizure violations, these experts say, because they can perform so many simultaneous tasks and absorb and analyze so much information. Moreover, civil liberties advocates say the perils are greater because legal precedents are not clear on how the First Amendment protects speech and the Fourth Amendment protects against searches and seizures in the electronic world. Goverment Surveillance In response to a court-enforceable request under the Freedom of Information Act, the Secret Service has acknowledged that it has monitored computer bulletin boards. In its answer to the request, made by Representative Edwards, the agency said its agents, acting as legitimate users, had secretly monitored communications on computer bulletin boards. The agency also disclosed it had a new Computer Diagnostic Center, in which the data on computer disks siezed in raids is evaluated by machines operating automatically. Civil liberties specialists view such practices as potentially harmful. "Computer mail unrelated to an investigation could be swept up in the Govenment's electronic dragnet if the law is not carefully tailored to a well-defined purpose," said Marc Rotenberg, Washington director for the Computer Professionals for Social Responsibility. The Government's Operations Sun Devil was set up primarily to fight a loose association of several dozen computer hobbyists, including teen-agers, who referred to themselves as the Legion of Doom. Members in various cities stayed in touch through computer networks and bulletin boards and exchanged technical information on how to break into computer systems. In February a Federal grand jury in Chicago indicted two members: Craig Neidorf, 20 years old, and Robert J. Riggs, 21, for exchanging a six-page document describing the operation of the Southern Bell 911 emergency system. Private Document Distributed The indictment, under the 1986 computer fraud law charges that in December, 1988, Mr. Riggs broke into a company computer and stole the document, which the company valued at slightly more than $76,000. He transferred it to Mr. Neidorf by electronic mail on a bulletin board in Lockport, Ill., the indictment said, and Mr. Neidorf later reproduced it in an electronic newsletter. Computer security experts say documents like the 911 description are usually not taken for profit, but rather for the challenge of doing it. Some members of the computer undergournd creat elaborate manuals on how to violate computer security as a sport or hobby. But law-enforcement officials do not see it as a game. Because modern society has come to depend on computers for some much of its government and commercial business, officials view intrusions as threats not only to private property, but also to the very operation of the systems. In another part of the Sun Devil investigation, Secret Service agents in March confiscated computers and other equipment from Steven Jackson Games, a small Austin, Tex., company. Mr. Jackson, the company's president, said the agents were seeking a rule book for a fantasy game that deals with "cyberpunk," the science fiction world where high technology and outlaw society intersect. Mr. Jackson said he still did not know why his company had been searched. He said Secret Service officials had promised three times to return his equipment and software but still had not done so. He said that he had been forced to lay off 8 of his 17 employees and that the company was on the verge of going out of business. "It raises First Amendment questions," said Mr. Jackson. "It's a frightening precedent. I don't think they would have done it to I.B.M." Law-enforcement officials say they have difficulty returning seized computers and software prompty; William J. Cook, an assistant United States Attorney in Chicago, said thorough examination took a long time because of the "levels of information you find in a computer." A Sweep in 14 Cities The largest operation in the Sun Devil investigation came on May 8 when more than 150 Secret Service agents, plus state and local law-enforcement officers, searved the 28 search warrants in 14 cities. In all, seven people, including Mr. Riggs and Mr. Neidorf, have been arrested. In a separate investigation, the F.B.I. has been searching for a year for members of a group that stole basic programming information from Apple Computer and mailed copies to people in the press and the computer industry. The group said it stole the software, which is fundamental to the operation of Macintosh computers, to protest Apple's refusal to let other makers copy the Macintosh. The group calls itself the Nuprometheus League, from the character in Greek mythology who stole fire from the gods. Organizers of an annual West Coast computer meeting known as the Hackers' Conference said at least a dozen of the several hundred people who attended last year's event had reported being recently questioned by F.B.I. agents about the Apple theft. The Hackers' Conference began in 1984 after the publication of the book "Hackers" by Steven Levy, Ahchor/Doubleday, an account of computer industry pioneers at M.I.T. and in Silicon Valley. There is no evidence that the Apple theft was linked to people who attended the Hackers' Conference, and Leo Cunningham, assistant United States Attorney in San Jose, Calif., would not comment on any facet of the case. ------------------------------ Date: Tue, 5 Jun 90 16:43 EDT From: psrc@pegasus.att.com Subject: Update: LOD Woes [Len Rose posted another article to comp.sys.att, which again might be of interest to TELECOM Digest readers. Disclaimer: I think this guy is being accused of stealing my employer's software; I'm not speaking for any person or organization, I'm just passing this along. --Paul] From: len@eci.UUCP (Len Rose) Newsgroups: misc.legal,u3b.misc,comp.sys.att Subject: Update: LOD woes Keywords: help mistake punishment torture Date: 4 Jun 90 05:17:13 GMT Reply-To: len@eci.UUCP (Len Rose,Netsys) Followup-To: misc.legal Organization: Netsys in Exile I was indicted in Maryland. Because of articles in the Baltimore Sun, and Unix Today I have been branded a member of the Legion of Doom. "I am not now, nor have ever been a member of the Legion of Doom". I am not allowed to say much more than that. I would appreciate if a particular net persona not try to judge me without being fully informed. Here is the article in the Baltimore Sun that is based on a press release from the U.S. Attorney's office in Maryland. -------------------------------- Reprinted from an article in {The Baltimore Sun} MARYLAND MAN INDICTED FOR COMPUTER HACKING by Karen Warmkessel A 31-year old Middletown man,who prosecutors said was part of an illegal computer hackers' group known as the "Legion of Doom" was indicted yesterday for alledgedly helping others break into computer systems throughout the country. In addition to facing federal computer fraud charges, Leonard Rose Jr.,a computer consultant, is charged in an alleged sheme to steal and give out closely guarded software for AT&T Unix computer systems. Breckinridge L. Wilcox, the U.S. attorney for Maryland,said the indictment - the third in a series of related prosecutions of the Legion of Doom - had "far reaching" implications for the security of computer systems in the United States. "The activities of this guy and his group are disturbing" Mr. Wilcox said. He said the investigation, which started in Chicago, and expanded to Georgia, and Maryland, had revealed that Mr. Rose and his confederates gained access to computer systems belonging to federal research centers,educational institutions and private businesses, but he declined to name them. Mr. Wilcox said that because the hackers covered their tracks, authorities had not yet determined whether any harm resulted. "We know what computer systems were accessed," he said. "It may be very difficult, if not impossible, to determine what, if any damage was done. "We don't know if it was done for fun,to see if it could be done, or if it was done form some more malignant motive." One law enforcement source said there were indications that Mr. Rose may have been paid for some programs but that he gave others to his fellow hackers. Mr. Rose, who, according to authorities lives on Willow Tree Drive, and used the name "Terminus," could not be reached for comment last night. He is charged with two counts of computer fraud and three counts of interstate transportation of stolen property. If convicted of all counts, he faces a maximum possible prison sentence of 32 years and a maximum possible fine of $500,000. "He is a fairly sophisticated Unix user who decided to take advantage of that knowledge to work his way into other people's systems" one law enforcement said. The investigation is continuing,and others in Maryland reportedly could be charged. The Unix program, originally developed by AT&T, is an "operating system" that governs the core functions of a computer system. An AT&T spokesman said yesterday that about one million Unix computers are in use in the country, many of them on college campuses. David P. King, an assistant U.S. attorney, said that Mr. Rose not only gave the stolen Unix software to others, but also used it to develop two so called "Trojan horse" computer programs, with seemingly innocuous functions that conceal their true purpose. One of these programs was alledgedly designed to collect "superuser" passwords, which give the user unlimited access to computer systems,including the ability to change the programs and insert new programs.Another program which would have allowed users to use a computer system without authorization. Mr. Rose allegedly used tthe programs himself and gave them to others hackers in Michigan and Chicago. One of the men was a member of the Legion of Doom,according to Mr. King . He said it was unclear where Mr. Rose had obtained the stolen Unix software. There are other federal indictments pending that involve Legion of Doom members in Atlanta and Chicago, Mr. King said. The assistant U.S. attorney said authorities believe that the Legion of Doom is a "small" group of hackers nationally. He said he was unable to estimate their numbers. The indictment alleges that the group used various methods to gain access to computer systems such as masquerading as authorized users, password scanning, and Trojan horse programs. It's members allegedly wanted to break into the system to steal computer software from the companies that owned the programs; to use computer time at no charge; to steal the original text of software and other information; to make telephone calls at no charge; and to obtain and use credit histories of individuals other than themselves, the indictment said. This is the second computer fraud case to be brought by federal prosecutors in Maryland. Mr. Wilcox said the other case was dismissed by a federal judge. [Moderator's Note: W. T. Sykes <wts@winken.com> also forwarded the Len Rose article and the {Baltimore Sun} article. My thanks to him. In the next part of this special issue, several shorter messages pro and con on the whole affair. PT] ------------------------------ End of TELECOM Digest Special: LOD - Part I ******************************