72307.1502@compuserve.com (GORDON MEYER) (03/21/90)
In Telecom Digest v10 #160 the moderator suggested that I retract my characterization of the recent LoD/Phrack busts as a "witch hunt" on the basis of of an allegation about LoD involvement in a supposed $66,000. theft from a Citibank VAX computer. (Legal note: This is heresay. I'm not suggesting that Citibank's computers have been comprimised. I know of no such instance.) Actually, this particular story is a _perfect_ example that it is indeed a "witch-hunt". A "witch-hunt", for those not familar with the term, usually refers to a situation where people are presumed guilty before being convicted, where associates of alleged "criminals" are harassed, intimidated, and discredited, with the whole thing being fed by culture misinterpretation and escalation by people whose opinions are based solely on what they have read in the newspaper and other media. All of this applies to the subject at hand. First off, no one has been convicted of any charges, at least not yet. The indictment for Neidorf and Riggs lists 5-7 "facts" about the Legion of Doom. All of which are heresay and should not be included as "evidence" of anything. Also, there is indeed a "hit list" of known associates of the LoD, and PHRACK contributors. (I don't know if our moderator is on it, but I do know that things he has written were published in Phrack. Perhaps w/out his permission but that's a moot point when putting together a list of "suspects". People who don't belive this aren't familar with CoIntelPro.) Finally, I have read the "How We Got Rich Through Electronic Fund Transfer" article by the Legion of Doom. It was published 11/27/89 in Phrack #29. As John Markoff surmised it is indeed _fiction_. The satire, humor, and obvious tounge-in-cheekness (sic) of it all is quite obvious if you are computer literate and attentive to the computer underground. If you're a techno-phobic news reporter or federal agent I could easily see how it could be believed, but one can't interpret humorous articles from an outside perspective. How many times have people made tounge-in-cheek comments in this digest that could, if taken out of context in terms of intent, be shocking to much of the tele-phobic :) populace? It is not my intent to write an apology for the computer underground. What I am trying to do is inject some sanity and perspective into the discussion (which seems to have died down, but it will be an issue we'll face again in the future.) Cultural ignorance, name-calling, and emotional attachment aren't going to get us anywhere. No one (at least not me) is doubting the seriousness of the charges. But just because the charges are serious doesn't preclude the possiblity that the recent actions undertaken against people known to associate with p/hackers aren't a "mean-spirited attempt to kill the fun of a couple of kids" (a tip of the hat to Gene Spafford in v10 #164). The stories reported here don't give the full picture. Intimidation, threats, disruption of work and school, "hit lists", and serious legal charges are _all_ part of the tactics being used in this "witch-hunt". That, my friends, ought to indicate that perhaps the use of pseudonames wasn't such a bad idea after all. It has occured to me that I should clarify something I said in a previous message. I belive that the events described in the LoD electronic fund transfer article are fictional. The article (and another in the same issue of PHRACK) does describe, in a narrative form, the process and format of overseas electronic fund transfers. That information may indeed be accurate. I simply don't know. I doubt that Citibank will confirm if it is or isn't. Many would say that it "isn't cool" to disclose the hows and where-fors of the EFT process. Perhaps so. But again I question the logical leap from _knowing_ how to divert funds, to accusing them of actually doing it. Thanks for letting me clarify that point. I'm sure it will save some bandwidth in the long run. Gordon Meyer 72307.1502@compuserve.com [Moderator's Note: Thanks for your comments. I am not a contributor to Phrack, per se. If they were using articles from TELECOM Digest in their publication, I hope they at least were attributing the author and this publication. This Digest may be freely distributed anywhere. The operative word of course, is *freely*. You cannot charge for its distribution, nor pass it along to people or organizations you know will charge for reading the Digest. Exceptions are made for UUNET, systems with mailbox fees where the reader has asked me to deliver to a mailbox there, and public access sites like Chinet, Portal, etc. PT]
spaf@cs.purdue.edu (Gene Spafford) (03/22/90)
Let me point out that the investigation that resulted in the four
indictements of the LoD folks has also included a number of other
indictments and arrests. All of this APPEARS to be one large-scale
investigation into a pattern of repeated collaboration for purposes of
illegal activity (in legal terms, criminal conspiracy). The
information I have available from various sources indicates that the
investigation is continuing, others are likely to be charged, and
there MAY be some national security aspects to parts of the
investigation that have yet to be disclosed.
Now maybe there are one or two people on the law enforcement side who
are a little over-zealous (but not the few I talk with on a regular
basis). For someone to be indicted requires that sufficient evidence
be collected to convince a grand jury -- a group of 23 (24? I forget
exactly) average people -- that the evidence shows a high probability
that the crimes were committed. Search warrants require probable
cause and the action of judges who will not sign imprecise and poorly
targeted warrants. Material seized under warrant can be forced to be
returned by legal action if the grounds for the warrant are shown to
be false, so the people who lost things have legal remedy if they are
innocent.
The system has a lot of checks on it, and it requires convincing a lot
of people along the way that there is significant evidence to take the
next step. If these guys were alleged mafioso instead of electronic
terrorists, would you still be claiming it was a witch hunt?
Conspiracy, fraud, theft, violations of the computer fraud and abuse
act, maybe the ECPA, possesion of unauthorized access codes, et. al.
are not to be taken lightly, and not to be dismissed as some
"vendetta" by law enforcement.
Realize that the Feds involved are prohibited from disclosing elements
of their evidence and investigation precisely to protect the rights of
the defendants. If you base your perceptions of this whole mess on
just what has been rumored and reported by those close to the
defendants (or from potential defendants), then you are going to get a
very biased, inaccurate picture of the situation. Only after the
whole mess comes to trial will we all be able to get a more complete
picture, and then some people may be surprised at the scope and nature
of what is involved.
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf