telecom@eecs.nwu.edu (TELECOM Moderator) (03/04/90)
TELECOM Digest Sat, 3 Mar 90 20:45:00 CST Special: Jolnet, Again
Today's Topics: Moderator: Patrick Townson
Re: AT&T Sourcecode: Poison! (Chip Rosenthal)
Jolnet Seizure (Mike Riddle)
Article Regarding JOLNET/e911/LoD/Phrack (Ben Rooney)
A Conversation With Rich Andrews (TELECOM Moderator)
Killer/attctc Permanently Down (Charlie Boykin)
----------------------------------------------------------------------
From: Chip Rosenthal <chip@chinacat.lonestar.org>
Subject: Re: AT&T Sourcecode: Poison!
Date: 3 Mar 90 00:00:00 GMT
Organization: Unicom Systems Development, Austin (yay!)
[Moderator's Note: Original date of 2/25 changed to prevent premature
expiration. PT]
You've got a lot of nerve, Patrick.
telecom@eecs.nwu.edu (TELECOM Moderator) writes:
>We're told by a deep-throat type that AT&T is on the war path about
>their software [...] Like jolnet, netsys went down abruptly, with
>*everything* confiscated [...] Now comes news that attcdc [sic], formerly
>known as killer went off line in a hurry.....
Yessir, after all your complaints about that about anonymous Legion of
Doom message, this is a really crummy thing to post. Based upon
unattributed conversations, you imply that Len Rose and Charlie Boykin
were involved in wrongdoing which lead to the shutdown of their
systems.
I don't know Len personally, but have had uucp connections with him in
the past. Charlie, on the other hand, I do know personally. He is
very well regarded in the Dallas/Fort Worth area, and was voted "1989
DFW Administrator of the Year" by the DFW lunch-bunch...errr....DFW
Association of Unix System Administrators.
You have cast some crummy aspersions towards these guys. Since I know
them, I will wait for the facts to come in. Others who don't know
them could very well jump to conclusions on the basis of this posting.
Was this message really called for?
Chip Rosenthal | Yes, you're a happy man and you're
chip@chinacat.Lonestar.ORG | a lucky man, but are you a smart
Unicom Systems Development, 512-482-8260 | man? -David Bromberg
------------------------------
Date: Wed, 28 Feb 90 21:38:39 EST
From: Mike Riddle <Mike.Riddle@p6.f666.n5010.z1.fidonet.org>
Subject: Jolnet Seizure
Reply-to: Mike.Riddle@p6.f666.n285.z1.fidonet.org
Organization: DRBBS Technical BBS, Omaha, Ne. 402-896-3537
Has anyone tried a novel legal approach to the case of equipment
seizure as "evidence"? As I remember the Electronic Communications
Privacy Act, it contains specific procedures for authorities to obtain
copies/listings of data on a system (which system may have been used
for illegal purposes, but whose operator is not at the moment
charged). From this I think a creative attorney could construct an
argument that the national policy was not to seize equipment, merely
to obtain all the information contained therein. After all, it's the
data that caused any harm.
Also, the Federal Rules of Evidence, and most state rules, provide
that computer generated copies are "originals" for evidentiary
purposes.
I hope that someone close enough to the scene can keep us informed
about what is happening on this one.
{standard disclaimer goes here--don't pay any attention to me!}
--- Ybbat (DRBBS) 8.9 v. 3.07 r.1
* Origin: [1:285/666.6@fidonet] The Inns of Court, Papillion, NE (285/666.6)
--- Through FidoNet gateway node 1:16/390
Mike.Riddle@p6.f666.n5010.z1.fidonet.org
------------------------------
From: brooney@sirius.uvic.ca
Date: 3 Mar 90 2:36 -0800
Subject: Article Regarding JOLNET/e911/LoD/Phrack
The following is an article I received five days ago which contains, to my
knowledge, information as yet unpublished in comp.dcom.telecom regarding the
ongoing JOLNET/e911/LoD discussion. It was printed in a weekly magazine
with a publishing date of Feb. 27 but other than that I have no exact idea
of when the events mentioned herein took place.
- Ben Rooney
MISSOURI STUDENT PLEADS INNOCENT IN 911 SYSTEM INTRUSION CASE
Craig Neidorf, a 19-year-old University of Missouri student, has
pleaded not guilty to federal allegations that he invaded the 911
emergency phone network for 9 states.
As reported earlier, he was indicted this month along with Robert J.
Riggs, 20, of Decatur, Ga. Both are charged with interstate
transportation of stolen property, wire fraud, and violations of the
federal Computer Fraud and Abuse Act of 1986.
Prosecutors contend the two used computers to enter the 911 system of
Atlanta's Bell South, then copied the program that controls and
maintains the system. The stolen material later allegedly was
published on a computer bulletin board system operating in the Chicago
suburb of Lockport. Authorities contend Neidorf edited the data for
an electronic publication known as "Phrack."
According to Associated Press writer Sarah Nordgren, in a recent
hearing on the case Assistant U.S. Attorney William Cook was granted a
motion to prevent the 911 program from becoming part of the public
record during the trial. U.S. District Judge Nicholas Bua set April
16 for a trial.
The 911 system in question controls emergency calls to police, fire,
ambulance and emergency services in cities in Alabama, Mississippi,
Georgia, Tennessee, Kentucky, Louisiana, North Carolina, South
Carolina and Florida.
---------------------------------------
Article from "A Networker's Journal" by Charles Bowen.
Info-Mat Magazine (Vol. 6, No. 2)
[Moderator's Note: {Info-Mat Magazine}, by the way, is the excellent
electronic journal distributed on many BBS machines throughout the
United States who are fortunate enough to be accepted as part of the
magazine's distribution network. I personally wish it was distributed
on Usenet as well: it is well written and very informative. PT]
------------------------------
Date: Sat, 3 Mar 90 19:34:54 CST
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: A Conversation With Rich Andrews
After the first articles appeared here relating to the seizure of
Jolnet, and the indictment of some people for their part in the theft
of '911 software', I got various messages from other folks in
response. Some were published, while others were just personal
correspondence to me. One from Chip Rosenthal was held over, and is
included in this special issue today.
One writer, whose comments were attributed to 'Deep Throat' spent some
time on two occassions on the phone, in a conference call between
himself, David Tamkin and myself.
What was lacking in the several messages which appeared over the past
week were comments from Rich Andrews, system administrator of Jolnet.
I got one note from someone in Canada who said Andrews wanted to speak
with me, and giving a phone number where I could call Andrews at his
place of employment.
I put in a call there, with David Tamkin on the other line and had a
long discussion with Andrews, who was aware of David being on the line
with me. I asked Andrews if he had any sort of net access available
to him at all -- even a terminal and modem, plus an account on some
site which could forward his mail to telecom. You see, I thought, and
still think it is extremely important to include Rich Andrews in any
discussion here.
He assured me he did have an account on a Chicago area machine, and
that a reply would be forthcoming within hours. I had a second
conversation with him the next morning, but without David on the line.
He again told me he would have a response to the several articles
written in the Digest ready and in the email 'very soon'. This was on
Wednesday morning, and we estimated his message would be here sometime
later in the day -- certainly by midnight or so, when I am typically
working up an issue of the Digest.
Midnight came and went with no message. None showed up Thursday or
Friday. I deliberatly withheld saying anything further in the hopes
his reply would be here to include at the same time. I guess at this
point we have to go on without him.
When David Tamkin and I talked to him the first time, on Tuesday
evening this past week, the first thing Andrews said to us, after the
usual opening greetings and chitchat was,
"I've been cooperating with them for over a year now. I assume you
know that."
We asked him to define 'them'. His response was that 'them' was the
United States Secret Service, and the Federal Bureau of Investigation.
He said this without us even asking him if he was doing so.
We asked him to tell us about the raid on his home early in February.
He said the agents showed up that Saturday afternoon with a warrant,
and took everything away as 'evidence' to be used in a criminal
prosecution.
ME> "If you have been working and cooperating with them for this long,
why did they take your stuff?"
RA> "They wanted to be sure it would be safe, and that nothing would be
destroyed."
ME> "But if you wanted to simply keep files safe, you could have taken
Jolnet off line for a few weeks/months by unplugging the modems from
the phone jacks, no? Then, plugged in a line when you wanted to call
or have a trusted person call you."
RA> "They thought it was better to take it all with them. It was mostly
for appearance sake. They are not charging me with anything."
ME> "Seems like a funny way to treat a cooperative citizen, at least
one who is not in some deep mess himself."
He admitted to us that several crackers had accounts on Jolnet, with
his knowledge and consent, and that it was all part of the investigation
going on ... the investigation he was cooperating in.
Here is how he told the tale of the '911 software':
The software showed up on his system one day, almost two years ago. It
came to him from netsys, where Len Rose was the sysadmin. According to
Andrews, when he saw this file, and realized what it was, he knew the
thing to do was to 'get it to the proper authorities as soon as
possible', so he chose to do that by transferring it to the machine
then known as killer, a/k/a attctc, where Charlie Boykin was the
sysadmin.
Andrews said he sent it to Boykin with a request that Boykin pass it
along to the proper people at AT&T.
ME> "After you passed it along to Boykin, did you then destroy the
file and get it off your site?"
RA> "Well, no... I kept a copy also."
ME> "Did Charlie Boykin pass it along to AT&T as you had requested?"
RA> "I assume he did."
But then, said Andrews, a funny thing happened several months later.
The folks at AT&T, instead of being grateful for the return of their
software came back to Andrews to (in his words) 'ask for it again.'
Somehow, they either never got it the first time; got it but suspected
there were still copies of it out; or were just plain confused.
So he was contacted by the feds about a year ago, and it was at that
point he decided it was in his best interest to cooperate with any
investigation going on.
Andrews pointed out that the '911 software' was really just ".... a
small part of what this is all about..." He said there was other
proprietary information going around that should not be circulating.
He said also the feds were particularly concerned by the large number
of break-ins on computers which had occurred in the past year or so.
He said there have been literally "....thousands of attempts to break
into sites in the past year....", and part of his cooperation with the
authorities at this time dealt with information on that part of it.
We asked him about killer/attctc:
ME> "You knew of course that killer went off line very abruptly about
a week ago. What caused that? It happened a week or so after the feds
raided you that Saturday."
RA> "Well the official reason given by AT&T was lack of funds, but you
know how that goes...."
Now you'd think, wouldn't you, that if it was a funding problem -- if
you can imagine AT&T not having the loose change in its corporate
pocket it took to provide electrical power and phone lines to attctc
(Charlie got no salary for running it) -- that at least an orderly
transition would have taken place; i.e. an announcement to the net; an
opportunity to distribute new maps for mail and news distribution,
etc; and some forthcoming shut down date -- let's say March 1, or
April 1, or the end of the fiscal year, or something....
But oh, no... crash boom, one day it is up, the next day it is gone.
ME> "What do you know about the temporary suspension of killer some
time ago? What was that all about?"
RA> "It was a security thing. AT&T Security was investigating Charlie
and some of the users then."
Andrews referred to the previous shutdown of killer as 'a real blunder
by AT&T', but it is unclear to me why he feels that way.
We concluded our conversation by Andrews noting that "there is a lot
happening out there right now."
He said the [Phrack] magazine distribution, via netsys, attctc and
jolnet was under close review. "One way to get them (crackers) is by
shutting down the sites they use to distribute stuff..."
And now, dear reader, you know everything I know on the subject. Well,
almost everything, anyway....
From other sources we know that Len Rose of netsys was in deep
trouble with the law *before* this latest scandal. How deep? Like he
was ready to leave the country and go to the other side of the world
maybe? Like he was in his car driving on the expressway when they
pulled him over, stopped the car and placed him under arrest? Deep
enough? This latest thing simply compounded his legal problems.
Patrick Townson
------------------------------
Date: Fri Mar 2 06:59:23 1990
From: Charlie Boykin <cfb@sulaco.sigma.com>
Subject: Killer/attctc Is Permanently Down
Hello,
Regarding a couple of things as well as a message from Bill Huttig.
The system WAS shut down a couple of years ago - for three weeks -
as part of a security inquiry. It has been in continous operation
since. On July 4, 1989, it was moved to a Customer Demonstration
location at the Dallas Infomart and the node name changed to attctc
(for AT&T Customer Technology Center). The system was closed down on
February 20, 1990 after 5 years of operation. There are no charges
pending and the "management" of the system have been ostensibly
cleared of any illegal activities.
As of now, there are no intentions of returning the system to
service. There are hopeful plans and proposals that could conceivably
result in the system being placed back in service in a different
environment and under different management.
Respectfully,
Charles F. Boykin
Formerly sysop\@attctc (killer)
------------------------------
End of TELECOM Digest Special: Jolnet, Again
******************************wb8foz@mthvax.cs.miami.edu (David Lesher) (03/04/90)
> From other sources we know that Len Rose of netsys was in deep >trouble with the law *before* this latest scandal. How deep? Like he >was ready to leave the country and go to the other side of the world >maybe? Like he was in his car driving on the expressway when they >pulled him over, stopped the car and placed him under arrest? Deep Patrick, you complained about the party who did not wish to give his name. But you then proceed to AGAIN slam Len Rose WITHOUT giving the slightest bit of supporting evidence. Who are these "other sources" ? Were you a witness? Can you prove any of the above facts? Was Len convicted of any crime? When? What is the docket number? I am not saying the Len {has,has not} committed a crime. I don't know. But you seem to be trying him by rumor, and innuendo--a tactic of very dubious value in the United States, and one that tells you more about the attacker than the attacked. (Unlike Chip, I have met Len. When netsys was running in the DC metro calling area, I had an account on it. I got all KINDS of highly confidential information off of it: rec.humor, talk.bizzare and comp.dcom.telecom to name some.) A host is a host & from coast to coast...wb8foz@mthvax.cs.miami.edu & no one will talk to a host that's close............(305) 255-RTFM Unless the host (that isn't close)......................pob 570-335 is busy, hung or dead....................................33257-0335 [Moderator's Note: What, pray tell, is so 'highly confidential' about comp.dcom.telecom and the jokes? Or were you speaking tongue in cheek? Most people by now know about the Len Rose situation; why don't you ask Chip Rosenthal; he looked into the matter this past week after some correspondence with me. And finally, please don't confuse me with my competitor, {The New York Times}. PT]