TELECOM Moderator <telecom@eecs.nwu.edu> (06/08/90)
TELECOM Digest Thu, 7 Jun 90 20:45:00 CDT Special: LOD - Part I
Inside This Issue: Moderator: Patrick A. Townson
LOD/Kapor Debate Hits the Big Time [Jerry Leichter]
Update: LOD Woes [psrc@pegasus.att.com AND wts@winken.att.com]
----------------------------------------------------------------------
Date: Mon, 4 Jun 90 09:28:29 EDT
From: leichter@lrw.com
Subject: LOD/Kapor Debate Hits the Big Time
Given the vehemence of the recent, um, debate between the Moderator
and many readers, I thought the following article - which appeared on
the front page of this Sunday's {New York Times} (3-Jun-90) - was of
interest.
Drive to Counter Computer Crime Aims at Invaders
Legitimate Users Voice Worries Over Rights
By John Markoff
From Los Angeles to Atlanta, Federal and state law-enforcement agents
have begun an intense battle against computer operators who break into
government and business data systems.
The agents, under mounting pressure from corporations and lawmakers,
say the crackdown is needed to halt a growing threat to commerce,
research and national security.
But increasingly, civil liberties experts and even some computer
industry executives say the crackdown is affecting computer users who
are not breaking the law. These experts say such users are being
intimidated and are suffering illegal searches and violations of their
constitutional guarantees to free speech.
Crimes `in the Blink of an Eye'
In many ways the computer crackdown parallels the campaign against
drugs, with officials responding to an outcry over a serious problem
only to confront another outcry over assaults on civil rights.
"It's a whole new era," said Stephen McNammee, United States Attorney
for Arizona, who has been a central figure in Government efforts to
counter computer crime. "Computers are providing a new avenue for
criminal activities. It is possible to transmit computer information
for an illegal purpose in the blink of an eye."
But Representative Don Edwards, a California Democrat, said the
authorities had gone too far. "Every time there is a perceived
crisis, law-enforcement agencies and legislators overreact, and
usually due process and civil liberties suffer," Mr. Edwards said.
"The Fourth Amendment provides strict limits on rummaging through
people's property."
The largest of several investigations under way around the country is
a two year old Federal effort called Operation Sun Devil, in which
about 40 personal computer systems, including 23,000 data disks, have
been siezed from homes and businesses.
The siezures, resulting from 28 search warrents in 14 cities, halted
the oper- ation of some computer bulletin boards ... little or any of
the confiscated equipment has been returned. In all, seven people
have been arrested so far.
One computer game maker who has not been charged says he is on the
verge of going out of business since investigators siezed his
equipment.
In related inquiries, the Secret Service has surreptitiously
eavesdropped on computer bulletin boards and telephone conversations,
and in the process agents have entered these networks posing as
legitimate users and traded information.
In an unrelated investigation of the theft of an important program
from Apple Computer Inc. last year, dozens of experts and hobbyists
have recently been interrogated by the [FBI].
Civil libertarians and some business executives have begun to organize
defenses. Among them is Mitchel D. Kapor, creator of the nation's
most popular software program, the Lotus 1-2-3 spreadsheet, who is
planning to help finance a legal defense fund of several hundred
thousand dollars for some of those accused.
Legal Protections Are Unclear
Harvey Silverglate, a Massachusetts lawyer and civil rights expert who
is working with Mr. Kapor, said, "You have innocent people who are
being terrorized as well as investigations of people who have broken
the law." He termed the Government actions a "typical American
solution: throw your best and brightest in jail."
Officials of the Secret Service, which since 1984 has been the primary
Federal enforces of computer fraud laws, believe that an alarming
number of bright young computer enthusiasts are using computers
illegally.
"Often," said Gary M. Jenkins, Secret Service assistant director, "a
progression of criminal activity occurs which involves
telecommunications fraud, unauthorized access to other computers,
credit card fraud, and then moves on to other destructive activities
like computer viruses."
A 1986 Federal law on computer fraud and abuse make it a crime to
enter computers or take information from them without authorization.
But Mr. Kapor of Lotus said he believe the danger posed by the
computer joy riders had been greatly exaggerated. "Now that the
Communists aren't our enemies any more, the American psyche has to end
up inventing new ones," he said.
He and other experts are also alarmed by new investigative techniques
that employ computers. The power of advanced machines multiplies the
risk of search and seizure violations, these experts say, because they
can perform so many simultaneous tasks and absorb and analyze so much
information.
Moreover, civil liberties advocates say the perils are greater because
legal precedents are not clear on how the First Amendment protects
speech and the Fourth Amendment protects against searches and seizures
in the electronic world.
Goverment Surveillance
In response to a court-enforceable request under the Freedom of
Information Act, the Secret Service has acknowledged that it has
monitored computer bulletin boards. In its answer to the request,
made by Representative Edwards, the agency said its agents, acting as
legitimate users, had secretly monitored communications on computer
bulletin boards. The agency also disclosed it had a new Computer
Diagnostic Center, in which the data on computer disks siezed in raids
is evaluated by machines operating automatically.
Civil liberties specialists view such practices as potentially harmful.
"Computer mail unrelated to an investigation could be swept up in the
Govenment's electronic dragnet if the law is not carefully tailored to
a well-defined purpose," said Marc Rotenberg, Washington director for
the Computer Professionals for Social Responsibility.
The Government's Operations Sun Devil was set up primarily to fight a
loose association of several dozen computer hobbyists, including
teen-agers, who referred to themselves as the Legion of Doom. Members
in various cities stayed in touch through computer networks and
bulletin boards and exchanged technical information on how to break
into computer systems.
In February a Federal grand jury in Chicago indicted two members:
Craig Neidorf, 20 years old, and Robert J. Riggs, 21, for exchanging a
six-page document describing the operation of the Southern Bell 911
emergency system.
Private Document Distributed
The indictment, under the 1986 computer fraud law charges that in
December, 1988, Mr. Riggs broke into a company computer and stole the
document, which the company valued at slightly more than $76,000. He
transferred it to Mr. Neidorf by electronic mail on a bulletin board
in Lockport, Ill., the indictment said, and Mr. Neidorf later
reproduced it in an electronic newsletter.
Computer security experts say documents like the 911 description are
usually not taken for profit, but rather for the challenge of doing
it. Some members of the computer undergournd creat elaborate manuals
on how to violate computer security as a sport or hobby.
But law-enforcement officials do not see it as a game. Because modern
society has come to depend on computers for some much of its
government and commercial business, officials view intrusions as
threats not only to private property, but also to the very operation
of the systems.
In another part of the Sun Devil investigation, Secret Service agents
in March confiscated computers and other equipment from Steven Jackson
Games, a small Austin, Tex., company.
Mr. Jackson, the company's president, said the agents were seeking a
rule book for a fantasy game that deals with "cyberpunk," the science
fiction world where high technology and outlaw society intersect.
Mr. Jackson said he still did not know why his company had been
searched. He said Secret Service officials had promised three times
to return his equipment and software but still had not done so. He
said that he had been forced to lay off 8 of his 17 employees and that
the company was on the verge of going out of business.
"It raises First Amendment questions," said Mr. Jackson. "It's a
frightening precedent. I don't think they would have done it to
I.B.M."
Law-enforcement officials say they have difficulty returning seized
computers and software prompty; William J. Cook, an assistant United
States Attorney in Chicago, said thorough examination took a long time
because of the "levels of information you find in a computer."
A Sweep in 14 Cities
The largest operation in the Sun Devil investigation came on May 8
when more than 150 Secret Service agents, plus state and local
law-enforcement officers, searved the 28 search warrants in 14 cities.
In all, seven people, including Mr. Riggs and Mr. Neidorf, have been
arrested.
In a separate investigation, the F.B.I. has been searching for a year
for members of a group that stole basic programming information from
Apple Computer and mailed copies to people in the press and the
computer industry. The group said it stole the software, which is
fundamental to the operation of Macintosh computers, to protest
Apple's refusal to let other makers copy the Macintosh.
The group calls itself the Nuprometheus League, from the character in
Greek mythology who stole fire from the gods.
Organizers of an annual West Coast computer meeting known as the
Hackers' Conference said at least a dozen of the several hundred
people who attended last year's event had reported being recently
questioned by F.B.I. agents about the Apple theft.
The Hackers' Conference began in 1984 after the publication of the
book "Hackers" by Steven Levy, Ahchor/Doubleday, an account of
computer industry pioneers at M.I.T. and in Silicon Valley.
There is no evidence that the Apple theft was linked to people who
attended the Hackers' Conference, and Leo Cunningham, assistant United
States Attorney in San Jose, Calif., would not comment on any facet of
the case.
------------------------------
Date: Tue, 5 Jun 90 16:43 EDT
From: psrc@pegasus.att.com
Subject: Update: LOD Woes
[Len Rose posted another article to comp.sys.att, which again might be
of interest to TELECOM Digest readers. Disclaimer: I think this guy
is being accused of stealing my employer's software; I'm not speaking
for any person or organization, I'm just passing this along. --Paul]
From: len@eci.UUCP (Len Rose)
Newsgroups: misc.legal,u3b.misc,comp.sys.att
Subject: Update: LOD woes
Keywords: help mistake punishment torture
Date: 4 Jun 90 05:17:13 GMT
Reply-To: len@eci.UUCP (Len Rose,Netsys)
Followup-To: misc.legal
Organization: Netsys in Exile
I was indicted in Maryland.
Because of articles in the Baltimore Sun, and Unix Today I have been
branded a member of the Legion of Doom.
"I am not now, nor have ever been a member of the Legion of Doom".
I am not allowed to say much more than that.
I would appreciate if a particular net persona not try to judge me
without being fully informed.
Here is the article in the Baltimore Sun that is based on a press release
from the U.S. Attorney's office in Maryland.
--------------------------------
Reprinted from an article in {The Baltimore Sun}
MARYLAND MAN INDICTED FOR COMPUTER HACKING
by Karen Warmkessel
A 31-year old Middletown man,who prosecutors said was part of an
illegal computer hackers' group known as the "Legion of Doom" was
indicted yesterday for alledgedly helping others break into computer
systems throughout the country.
In addition to facing federal computer fraud charges, Leonard Rose
Jr.,a computer consultant, is charged in an alleged sheme to steal
and give out closely guarded software for AT&T Unix computer systems.
Breckinridge L. Wilcox, the U.S. attorney for Maryland,said the
indictment - the third in a series of related prosecutions of the
Legion of Doom - had "far reaching" implications for the security of
computer systems in the United States.
"The activities of this guy and his group are disturbing" Mr. Wilcox
said.
He said the investigation, which started in Chicago, and expanded to
Georgia, and Maryland, had revealed that Mr. Rose and his confederates
gained access to computer systems belonging to federal research
centers,educational institutions and private businesses, but he
declined to name them.
Mr. Wilcox said that because the hackers covered their tracks,
authorities had not yet determined whether any harm resulted. "We know
what computer systems were accessed," he said. "It may be very
difficult, if not impossible, to determine what, if any damage was
done. "We don't know if it was done for fun,to see if it could be
done, or if it was done form some more malignant motive."
One law enforcement source said there were indications that Mr. Rose
may have been paid for some programs but that he gave others to his
fellow hackers.
Mr. Rose, who, according to authorities lives on Willow Tree Drive,
and used the name "Terminus," could not be reached for comment last
night. He is charged with two counts of computer fraud and three
counts of interstate transportation of stolen property.
If convicted of all counts, he faces a maximum possible prison
sentence of 32 years and a maximum possible fine of $500,000.
"He is a fairly sophisticated Unix user who decided to take advantage
of that knowledge to work his way into other people's systems" one law
enforcement said.
The investigation is continuing,and others in Maryland reportedly
could be charged.
The Unix program, originally developed by AT&T, is an "operating
system" that governs the core functions of a computer system. An AT&T
spokesman said yesterday that about one million Unix computers are in
use in the country, many of them on college campuses.
David P. King, an assistant U.S. attorney, said that Mr. Rose not
only gave the stolen Unix software to others, but also used it to
develop two so called "Trojan horse" computer programs, with seemingly
innocuous functions that conceal their true purpose.
One of these programs was alledgedly designed to collect "superuser"
passwords, which give the user unlimited access to computer
systems,including the ability to change the programs and insert new
programs.Another program which would have allowed users to use a
computer system without authorization.
Mr. Rose allegedly used tthe programs himself and gave them to others
hackers in Michigan and Chicago.
One of the men was a member of the Legion of Doom,according to Mr.
King .
He said it was unclear where Mr. Rose had obtained the stolen Unix
software.
There are other federal indictments pending that involve Legion of
Doom members in Atlanta and Chicago, Mr. King said.
The assistant U.S. attorney said authorities believe that the Legion
of Doom is a "small" group of hackers nationally. He said he was
unable to estimate their numbers.
The indictment alleges that the group used various methods to gain
access to computer systems such as masquerading as authorized
users, password scanning, and Trojan horse programs.
It's members allegedly wanted to break into the system to steal
computer software from the companies that owned the programs; to use
computer time at no charge; to steal the original text of software and
other information; to make telephone calls at no charge; and to obtain
and use credit histories of individuals other than themselves, the
indictment said.
This is the second computer fraud case to be brought by federal
prosecutors in Maryland. Mr. Wilcox said the other case was dismissed
by a federal judge.
[Moderator's Note: W. T. Sykes <wts@winken.com> also forwarded the Len
Rose article and the {Baltimore Sun} article. My thanks to him. In the
next part of this special issue, several shorter messages pro and con
on the whole affair. PT]
------------------------------
End of TELECOM Digest Special: LOD - Part I
******************************