[alt.society.cu-digest] Cu Digest, #3.11

TK0JUT2%MVS.CSO.NIU.EDU@UICVM.uic.edu (04/07/91)
  ****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 3, Issue #3.11 (April 4, 1991)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
ARCHIVISTS:   Bob Krause / Alex Smith / Bob Kusumoto
POETICA OBSCIVORUM REI: Brendan Kehoe

USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on
FIDOnet.  Anonymous ftp sites: (1) ftp.cs.widener.edu (or
192.55.239.132) (back up and running) and (2)
cudarch@chsun1.uchicago.edu E-mail server:
archive-server@chsun1.uchicago.edu.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.  It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground.  Articles are preferred
to short responses.  Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Contributors assume all
            responsibility for assuring that articles submitted do not
            violate copyright protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

CONTENTS THIS ISSUE:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: SUNDEVIL ARREST ANNOUNCED 4/13/91
File 4: Northern District (Ill.) Press Release on Len Rose
File 5: Letter to AT&T Cancelling Long-Distance Carrier Service

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Moderators
Subject: Moderators' Corner
Date: April 4, 1991

********************************************************************
***  CuD #3.11: File 1 of 5: Moderators' Corner                  ***
********************************************************************

IN THIS FILE:
1. CASE UPDATES (Ripco, Len Rose, Hollywood Hacker)
2. SUN DEVIL PROSECUTIONS
3. BYTES ON SUN DEVIL AND EFF

++++++++++++
Case Updates
++++++++++++

>>RIPCO: The Ripco case has not been forgotten.  Counsel for Dr. Ripco
is holding strategies close to the vest, and because the seizure of
the BBS is alleged by the Secret Service to be part of an on-going
investigation, things move even more slowly.  CuD filed an FOIA
request to the Secret Service for information on Ripco, and the
response was:

     With regard to Ripco, we regret to inform you that we cannot
     comply. according to the Freedom of Information Act, there
     are no records or documents available to you.

     Persuant to 5 U.S.C. 552 (b) (7) (A), this file is being
     exempted since disclosure could reasonably be expected to
     interfere with enforcement proceedings. The citation of the
     above exemption is not to be construed as the only exemption
     which may be available under the Freedom of Information Act.

>>LEN ROSE: Len Rose will be sentenced in May. We are concerned about
the posts we have seen on the nets and in news stories that continue
to construe this as a hacking case.  Mike Godwin underscored this
point in a post in RISKS Forum (#11.40):

     What makes it unreasonable to claim that Rose is a hacker is
     the fact that he had authorized access to every system he
     wanted to use. There was no question of unauthorized
     intrusion in Len's case.

     It bears a lot of repeating that Len pled guilty to
     unauthorized possession of Unix source code, not to computer
     fraud or unauthorized access.

>>THE HOLLYWOOD HACKER: Stuart Goldman, dubbed "The Hollywood Hacker" by
Fox News, is still facing state felony charges in California for
accessing a computer to which Fox claims he lacked proper
authorization.  On the surface, this case seems to illustrate the
dangers of the broad language of the California computer abuse laws
that can make what should require an apology or, at worst, be a low
order misdemeanor, a felony charge. We have been waiting for somebody
to give us evidence to counter the impression that this case was a set
up and an abuse of law, but to date all that we've seen continues to
support the preliminary judgment that this is a case of vindictive
prosecution, *not* hacking.

+++++++++++
First Sun Devil Prosecution
+++++++++++

Barbara and John McMullen's Newsbytes reprint below (File #3)
summarizes the first prosecutions announced from Operation Sun Devil.
Baron M. Majette, a teenager when the alleged offenses occured, was
charged with three counts of fraudulent schemes and artifices and
three counts of conspiracy under Arizona law.  For those wishing
information on the case, the case number (Maricopa County) is CR
91-02526: State of Arizona vs. Baron M.  Majette aka Doc Savage, aka
Samuel Savage.

The original search affidavit for the search on May 7, 1990, cites "CI
404-235," a "volunteer, paid" Secret Service informant, as the primary
source of the goverment's information.  "CI 404-235" was also the
informant responsible for providing information that led to the raid
on RIPCO. In CuD 3.02, we reported that the Secret Service indicated
that this informant ran a sting board that we identified as THE DARK
SIDE (run by a sysop known as THE DICTATOR who continues to call
boards around the country.

+++++++++++++++++++
BYTE's Jerry Pournelle on Operation Sun Devil and the EFF
+++++++++++++++++++

Jerry Pournelle, noted science fiction author and computer columnist, hands
out his annual "Orchid and Onion" awards in the April 1991 issue of BYTE
magazine. (pp 91 -101)   Two of this year's 'awards' are of interest to CuD
readers:

        _The Big Onion_
        And the Onion of the Year, with Garlic Clusters, goes to
        Special Agent Tim Foley of the Chicago office of the U.S.
        Secret Service.  While I have good reason to know that many
        Secret Service people are conscientious and highly competent,
        Mr. Foley's actions in Austin, Texas, regarding Steve Jackson
        Games no only exceeded his authority, bu weren't even half
        competently done.
        All told, a sorry chapter in the history of the Secret
        Service, and no service at all to those genuinely concerned
        with electronic fraud and computer crimes.

        _The Big Orchid_
        The Orchid of the Year goes to Mitch Kapor, for funding the
        Electronic Freedom Foundation and providing legal help and
        support to Steve Jackson, whose business was nearly ruined by
        the Secret Service in Austin.  I hold no brief for electronic
        thieves and snoops, but many of last year's government
        actions were worse than the disease.
        Thanks, Mitch, from all of us.

Source:  BYTE Magazine  April 1991  Vol 16, Number 4  pp 92,93

+++++++++
THE EFFECTOR
+++++++++

The first copy of the EFF's hardcopy newsletter, THE EFFECTOR, came
out and the content and form are great! Highlights include a history
of the EFF by John Perry Barlow and Mitch Kapor's summary of the goals
of EFF (yes, he *explicitly* states that the EFF unequivocally opposes
unauthorized computer trespass).  To get on either the hardcopy or net
mailing list, drop a note to eff@well.sf.ca.us

++++++++++++++
PHRACK Index
++++++++++++++

Timothy Newsham compiled a complete index for PHRACK. It's about 50 K
and is available from the CuD ftp sites and Ripco BBS.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Ah, Sordid
Subject: From the Mailbag
Date: 4 April, 1991

********************************************************************
***  CuD #3.11: File 2 of 5: From the Mailbag                    ***
********************************************************************

From:         John Mignault <AP201058@BROWNVM.BITNET>
Subject:      Eagle's Nest Bust
Date:         Fri, 29 Mar 91 15:01:10 EST

>Date:         Fri, 29 Mar 91 10:38:56 EST
>Reply-To:     PMC-Talk <PMC-TALK@NCSUVM.BITNET>
>Sender:       PMC-Talk <PMC-TALK@NCSUVM.BITNET>
>From:         Editors of PmC <PMC@NCSUVM.BITNET>
>Subject:      Impounding Computers
>To:           John Mignault <AP201058@BROWNVM.BITNET>
>
>From: Christopher Amirault <amirault@csd4.csd.uwm.edu>
>Subject: Boston Eagle's Nest bust
>Date: Wed, 27 Mar 91 13:55:51 CST
>
>I haven't seen anything about this on any lists, so if you want to post
>it elsewhere, feel free.
>
>In the March 11-17, 1991 edition of _Gay Community News_, the paper
>reported that Alden Baker was arrested March 1 on rape charges.  Baker
>was the monitor of a list called "Boston Eagle's Nest," which allowed
>for the sharing of various s&m stories, fantasies, etc.
>
>The Middlesex County MA DA's office has seized the computer, and there
>is some concern that the mailing list on it will be made public or be
>handed over to the FBI or something.  Needless to say, this could be
>the start of something bad.
>
>I haven't heard any more news (I don't subscribe to GCN), but I would
>be interested to hear any other info people can get.
>
>I don't know if you've heard anything about this (first I've heard of it), but
>this seems to put a new slant on underground activity, in that it's not so much
>hacker-oriented as it is concerned with obscenity issues...

John Mignault
ap201058@brownvm.brown.edu

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: hkhenson@CUP.PORTAL.COM
Subject: Letter to San Jose Mercury News on Len Rose
Date: Fri, 29 Mar 91 23:00:28 PST

March 25, 1991

San Jose Mercury News

Dear Editor:

Last Friday's Washington Post bylined story, "'Hacker' pleads guilty
in AT&T case" presented only the prosecutor's and ATT's side of an
issue which has serious implications for the press.

The "crime" for which Leonard Rose, Jr. faces a year and a day in jail
was that of creating a simple example of how a few-hundred-line login
program (a program which allows access) for ATT's Unix system could be
modified to collect passwords, and sending this example over state
lines to the editor of Phrack, an electronic magazine.

Whether Len's example was to instruct criminals on how to obtain
continued access after an initial breakin, or if it was to warn system
operators to look for modified login programs, his intent is not an
issue.  Either case is protected under the First Amendment, or mystery
stories would be illegal.

Pointing out security weaknesses in Unix is certainly a legitimate
function of the press.  The entire phone system and countless other
life- or property-critical computers use this operating system,
designed to be portable (runs on many types of computers) and not
secure.  ATT, of course, prefers that discussion of weaknesses in Unix
be suppressed by getting the government to call them "interstate wire
fraud."  To enlist the computer-ignorant, but long, arm of the law,
they inflated the value of a few hundred lines of trivial code to
$77,000, just as Southern Bell inflated the value of a document
available for $13 to over $79,000 in a related case the government
lost against Craig Neidorf, the editor of Phrack.

The big difference between the cases was that Neidorf had parents who
were able to mortgage their house for the six-figure legal bills, and
Rose had been reduced by ATT and the legal system to abject poverty.
In both cases the message has been sent:  "face jail time or financial
ruin if you expose phone company documents to the press."

Sincerely,

H. Keith Henson

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: The Works BBS Admin <works!root@UUNET.UU.NET>
Subject: Is hacking the same as Breaking and Entering?
Date:      Mon, 01 Apr 91 17:58:17 EDT

In response to the question: "Is computer hacking the same as B&E?"

Not by far. Breaking and entering has malicious intent, and usually is
solely to steal things and/or hurt something. Hacking although
portrayed negatively in the press is not like this at all. It is
merely looking around at what is in various systems, and learning from
it. Occasionally someone deletes a file by mistake. A bad apple
meanders in from the the cold and does some harm, but the majority of
hackers (in my opinion) are not trying to hurt anything, and only
allow themselves a little room to look at, and possible a small chair
to sit in from time to time...  Say you find an unknown account
mysteriously pop up? Why not find out who it is, and what they are
looking for first, because as odds go, if they got in there once,
they can do it again, no matter what you do.

So Breaking and Entering cannot even be classified in the same manner
at all.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

From: Dave Ferret          <works!LC1%das@HARVUNXW.BITNET>
Subject: Computers and Freedom of Speech
Date:      Tue, 02 Apr 91 23:35:48 EDT

In response to an article in CuD 3.09 on computer publications...

What gives people the right to censor and deem something illegal in
the electronic media when paper, TV, radio, and the spoken word is
perfectly legal and protected by the first amendment.

Q: Shouldn't electronic publications be protected under the same
article of the constitution that allows free presses?

A: Most definitly. The question now is why aren't they?

I have no real clue but this is all I can fragment together... That
people are afraid of people who are 'electronically' inclined and that
if sensitive information reaches say 100 people on an electronic
publication, what is to stop them from giving away all the inside
secrets? Its the same old story. The egregious behavior of the
authorities (Secret Service, et al) is ludicrous. Wouldn't the
reprint in a written publication (hard copy) of PHRACK24 (The E911
issue as it has been known so well for) be perfectly legal, except for
possibly a small copyright infringement? (They shoved a lot more
charges at him than copyright infringement... Mildly..)

So when does it change? Are computer publications covered? Look at
2600, I'm sure they printed even more sensitive things in the past and
I don't see anyone dragging them in... When will people realize we are
entitled to freedom of speech. We have the right to say what we want,
and disagree. That is what was guaranteed to us in the first amendment
of the constitution. The question has been raised... Why are there
different laws governing computers and the physical world? Is this
double standard just? No, on both counts.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Reprint from Newsbytes (John and Barbara McMullen)
Subject: SUNDEVIL ARREST ANNOUNCED 4/13/91
Date: April 3, 1991

********************************************************************
***  CuD #3.11: File 3 of 5: Sundevil Arrest Announced           ***
********************************************************************

 PHOENIX, ARIZONA, U.S.A., 1991 APR 1(NB) -- The Maricopa County
 Arizona County Attorney's Office has announced the arrest of Baron
 Majette, 19, also known as "Doc Savage", for alleged crimes uncovered
 in the joint federal / state "SunDevil" investigation in progress for
 over a year.

 Majette is charged with a number of felony crimes including the use
 of a telephone lineman's handset in March 1990 to tap into a Toys 'R
 Us telephone line to set up two conference calls between 15
 participants. According to the charges, each call lasted
 approximately 10 hours and cost $4,000. A spokesperson for the County
 Attorney's office told Newsbytes that a Tucson resident, Anthony
 Nusall, has previously pleaded guilty to being a participant in the
 conference Majette is also accused of illegally accessing TRW's
 credit data base to obtain personal credit information and account
 numbers of persons in the TRW database. He is alleged to have then
 used the information obtained to divert existing account mailings to
 mail drops and post office boxes set up for this purpose. He is also
 alleged to have additional credit cards issued based on the
 information obtained from the database. He is further alleged to have
 obtained cash, goods and services, such as airline tickets, in excess
 of $50,000 by using cards and account information obtained through
 entry into the TRW database.

 It is further alleged that Majette stole credit cars from U.S. Mail
 boxes and used them to obtain approximately $10,000 worth of cash,
 goods and services.The allegations state that Majette acted either
 alone or as part of a group to perform these actions. A County
 Attorney spokesperson told Newsbytes that further arrests may be
 expected as result of the ongoing investigation.

 While bail was set on these charges at $4,900. Majette is being held
 on a second warrant for probation violation and cannot be released on
 bail until the probation hearing has been held.

 Gail H. Thackeray, former Assistant Attorney General for the State of
 Arizona, currently working with Maricopa County on the SunDevil
 cases, told Newsbytes "The SunDevil project was started in response
 to a high level of complaint of communications crimes, credit card
 fraud and other incidents relating to large financial losses. These
 were not cases of persons accessing computers 'just to look around'
 or even cases like the Atlanta 'Legion of Doom' one in which the
 individuals admitted obtaining information through illegal access.
 They are rather cases in which the accused alleged used computers to
 facilitate theft of substantial goods and services."

 (Barbara E. McMullen & John F. McMullen/19910401)

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: Northern District (Ill.) Press Release on Len Rose
Date: Fri, 29 Mar 91 19:10:13 EST

********************************************************************
***  CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose   ***
********************************************************************

Information Release
US Department of Justice
United States Attorney
Northern District of Illinois

March 22, 1991

FRED FOREMAN, United States Attorney for the Northern District of
Illinois, together with TIMOTHY J. McCARTHY, Special Agent In Charge
of the United States Secret Service in Chicago, today announced the
guilty plea of LEONARD ROSE, 32, 7018 Willowtree Drive, Middletown,
Maryland to felony charges brought against him in Chicago and in
Baltimore involving Rose trafficing with others in misappropriated
AT&T computer programs and computer access programs between May 1988
and February 1, 1990. Under the terms of plea agreements submitted to
the United States District Court in Maryland, Rose will serve an
agreed, concurrent one year prison term for his role in each of the
fraud schemes charged.

In pleading guilty to the Baltimore charges, Rose admitted that on
October 5, 1989, he knowingly received misappropriated source code(1)
for the AT&T UNIX computer operating system from a former AT&T technical
contractor. The UNIX operating system is a series of computer programs
used on a computer which act as an interface or intermediary between a
user and the computer system itself. The UNIX operating system, which is
licensed by AT&T at $77,000 per license, provides certain services to
the computer user, such as the login program which is designed to
restrict access to a computer system to authorized users. The login
program is licensed by AT&T at $27,000 per license.

In pleading guilty to the Chicago charges, Rose admitted that, after
receiving the AT&T source code, he modified the source code governing
the computer's login program by inserting a secret set of instructions
commonly known as a "trojan horse." This inserted program would cause
the computer on which the source code was installed to perform
functions the program's author did not intend, while still executing
the original program so that the new instructions would not be detected.
The "trojan horse" program that Rose inserted into the computer
program enabled a person with "system administrator" privileges to
secretly capture the passwords and login information of authorized
computer users on AT&T computers and store them in a hidden file. These
captured logins and passwords could later be recovered from this
hidden file and used to access and use authorized users' accounts
without their knowledge. The program did not record unsuccessful login
attempts.

In connection with the Chicago charge, Rose admitted that on January
7, 1990, he transmitted his modified AT&T UNIX login program containing
the trojan horse from Middletown, Maryland to a computer operator in
Lockport, Illinois, and a student account at the University of
Missouri, Columbia Campus.

In pleading guilty to the Chicago charges, Rose acknowledged that when
he distributed his trojan horse program to others he inserted several
warnings so that the potential users would be alerted to the fact that
they were in posession of proprietary AT&T information. In the text of
the program Rose advised that the source code originally came from
AT&T "so it's definitely not something you wish to get caught with."
and "Warning: This is AT&T proprietary source code. DO NOT get caught
with it." The text of the trojan horse program also stated:
	Hacked by Terminus to enable stealing passwords.
	This is obviously not a tool to be used for initial
	system penetration, but instead will allow you to
	collect passwords and accounts once it's been
	installed.  (I)deal for situations where you have a
	one-shot opportunity for super user privileges..
	This source code is not public domain..(so don't get
	caught with it).
Rose admitted that "Terminus" was a name used by him in
communications with other computer users.

In addition to these warnings, the text of Rose's trojan horse program
also retained the original warnings installed in the program by AT&T:
	Copyright (c) 1984 AT&T
	All rights reserved
	THIS IS UNPUBLISHED PROPRIETARY
	SOURCE CODE OF AT&T

	This copyright notice above does
	not evidence any actual or intended
	publication of the source code.

Inspection of this modified AT&T UNlX login source code by AT&T's UNIX
licensing group revealed that the modified source code was in fact a
"derivative work" based upon the standard UNIX login source code, which
was regarded by AT&T as proprietary information and a trade secret of
AT&T, which was not available in public domain software.

In pleading guilty to the federal charges in Chicago and Baltimore, Rose
also acknowledged that, after being charged with computer fraud and
theft in federal court in Baltimore, he became employed at Interactive
Systems Inc. in Lisle, Illinois. He acknowledged that his former
employers at Interactive would testify that he was not authorized by
them to obtain copies of their AT&T source code which was licensed to
them by AT&T. Rose further admitted that John Hickey, a Member of
Technical Staff with AT&T Bell Laboratories in Lisle, Illinois,
correctly determined that Rose had downloaded copies of AT&T source code
programs from the computer of Interactive to Rose's home computers in
Naperville.  The computers were examined after they were seized by the
Naperville Police Department, executing a State search warrant,

As part of the plea agreement charges filed by the DuPage County State's
Attorney's Office will be dismissed without prejudice to refiling. The
forfeited UNIX computer seized will be retained by the Naperville Police
Department.

Commenting on the importance of the Chicago and Baltimore cases, Mr.
Foreman noted that the UNIX computer operating system, which is involved
in this investigation, is used to support international, national, and
local telephone systems. Mr. Foreman stated, "The traffic which flows
through these systems is vital to the national health and welfare.
People who invade our telecommunications and related computer systems
for profit or personal amusement create immediate and serious
consequences for the public at large. The law enforcement community and
telecommunications industry are attentive to these crimes, and those who
choose to use their intelligence and talent in an attempt to disrupt
these vital networks will find themselves vigorously prosecuted."

Mr. Foreman also stated that the criminal information filed in Chicago
and a companion information in Baltimore are the initial results of a
year long investigation by agents of the United States Secret Service in
Chicago, Maryland, and Texas. Mr. Foreman praised the cooperation of the
DuPage County State's Attorney's Office and the Naperville Police
Department in the investigation.  He also acknowledged AT&T's technical
assistance to the United States Secret Service in analyzing the computer
data seized pursuant to search warrants in Chicago, Baltimore and
Austin, Texas.

TIMOTHY J. McCARTHY, Special Agent ln Charge of the United States Secret
Service in Chicago, noted that Rose's conviction is the latest result of
the continuing investigation of the computer hacker organization, the
"Legion of Doom." This investigation being conducted by the United
States Secret Service in Chicago, Atlanta, New York and Texas, and has
resulted in convictions of six other defendants for computer related
crimes.

Assistant United States Attorney William J. Cook, who heads the Computer
Fraud and Abuse Task Force, and Assistant United States Attorneys
Colleen D. Coughlin and David Glockner supervised the Secret Service
investigation in Chicago.

----------
(1) The UNIX operating system utility programs are written initially
in a format referred to as "source code," a high-level computer
language which frequently uses English letters and symbols for
constructing computer programs. The source code was translated, using
another program known as a compiler, into another form of program
which a computer can rapidly read and execute, referred to as the
"object code."

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: hkhenson@CUP.PORTAL.COM
Subject: Letter to AT&T Cancelling Long-Distance Carrier Service
Date: Tue,  2 Apr 91 16:51:03 PST

********************************************************************
***  CuD #3.11: File 5 of 5: Letter to AT&T Cancelling Service   ***
********************************************************************

{Moderator Comment: Individuals may or may not be able to change
policies with their actions, but if enough people act things will
change. Keith Hansen cancelled AT&T as his long distance carrier, and
although it may seem a token gesture, if enough of us do it (including
the moderators), perhaps AT&T will eventually get the message. Or,
perhaps not, as cynics would argue. But, what can it hurt?

One observer remarked that AT&T and BellSouth/BellCorp are separate
entities, and allusion to the Craig Neidorf trial may not be
appropriate. But, as Craig Neidorf remarked, AT&T work closely
together and in his case AT&T was well aware of the prosecution's
evidence and could readily have intervened because of the close
working relationship. As we will suggest in a forthcoming CuD article,
AT&T in the past has hardly been reticent to challenge the limits of
law when it served their purposes. Yet, when their own ox is gored,
they seem to demand invocation of the full measure of criminal law and
more. Keith's letter is an excellent model for those willing to follow
his example.}

March 29, 1991


Robert E. Allen
Chairman of the Board
ATT Corporate Offices
550 Madison Ave.
New York, NY 10022

Dear Mr. Allen:

As a loyal ATT long-distance customer all my life, I feel I
owe you an explanation for canceling my ATT long-distance
service.

I have never had a problem with ATT service, operators, or
audio quality.  I was more than willing to pay the small premium,
and have been a heavy user of ATT long-distance services for the
past 15 years.  I am also a consultant in the computer business
who has used Unix and its derivatives intermittently over the
past 10 years.  Outside of my technical work I have long been
involved in legal and political issues related to high
technology, especially space.  One of my past activities involved
the political defeat of an oppressive United Nations treaty.  I
have also taken substantial personal risks in opposing the
organizations of Lyndon LaRouche.  During the last three years I
have been personally involved with email privacy issues.

Because of my interest in email privacy, I have closely
followed the abusive activities of Southern Bell and the Secret
Service in the Phrack/Craig Neidorf case and the activities of
ATT and the Secret Service with respect to the recently concluded
case involving Len Rose.  Both cases seem to me to be attempts to
make draconian "zero tolerance" examples of people who are--at
most--gadflies.  In actuality, people who were pointing out
deficiencies and methods of attack on Unix systems should be
considered *resources* instead of villains.

I consider this head-in-the-sand "suppress behavior" instead
of "fix the problems" approach on the part of ATT and the
government to be potentially disastrous to the social fabric.
The one thing we don't need is a number of alienated programmers
or engineers mucking up the infrastructure or teaching real
criminals or terrorists how to do it.  I find the deception
of various aspects of ATT and the operating companies to obtain
behavior suppression activities from the government to be
disgusting, and certainly not in your long-term interest.

A specific example of deception is ATT's pricing login.c (the
short program in question in the Len Rose case) at over $77,000
so the government could obtain a felony conviction for
"interstate wire fraud."  Writing a version of login.c is often
assigned as a simple exercise in first-semester programming
classes.  It exists in thousands of versions, in hundreds of
thousands of copies.  The inflation is consistent with Southern
Bell's behavior in claiming a $79,000 value for the E911 document
which they admitted at trial could be obtained for $13.

I know you can argue that the person involved should not
have plead guilty if he could defend himself using these
arguments in court.  Unlike Craig Neidorf, Len Rose lacked
parents who could put up over a hundred thousand dollars to
defend him, and your company and the Secret Service seem to have
been involved in destroying his potential to even feed himself,
his wife, and two small children.  At least he gets fed and
housed while in jail, and his wife can go on welfare.  All, of
course, at the taxpayer's expense.

There are few ways to curtail abuses by the law (unless you
happen to catch them on videotape!) and I know of no effective
methods to express my opinion of Southern Bell's activities even
if I lived in their service area.  But I can express my anger at
ATT by not purchasing your services or products, and encouraging
others to do the same.

By the time this reaches your desk, I will have switched my
voice and computer phones to one of the other long-distance
carriers.  My consulting practice has often involved selecting
hardware and operating systems.  In any case where there is an
alternative, I will not recommend Unix, ATT hardware, or NCR
hardware if you manage to buy them.


Yours in anger,



H. Keith Henson

cc:  Telecom Digest, comp.risk, etc.


PS:  My wife added the following:

I want you to try to understand something--a lesson that can
be learned from these cases.  We are no longer living in the
Industrial Age, when a product could be made in "one-size-fits
all," packaged, sold and used without modification or support,
like a television.  We face massive problems in the Information
Age in protecting intellectual property, but we cannot simply
transfer old-world, Industrial-Age police attitudes to these
problems.  Possessing a copy of my program without paying for it
is not the same as stealing my television.  If you modify my
program and make it more usable to the community, I can still go
on charging for the use of my program, but I can also incorporate
your modifications, and charge for them--especially if I pay you
something for the help.  If you provide support for my programs
(something every major hardware and software manufacturer has had
to either severely curtail or--like IBM--abandon altogether
without extra charges), then you have made my product more
usable.  This is what the so-called "hacker" culture is all
about.  I'm talking about ethical "hackers" here, not the media
image of breakin artists or virus-spreading nerds whose only
compensation is a malignant satisfaction in destroying computer
systems.  The "hacker" culture is really a native population of
problem solvers whose pleasure is in tailoring products to their
own and other's use, and often pushing back the limits on a
product.  Ethical hackers are willing to pay for their use of
products (although it's absurd to charge such a support provider
tens of thousands of dollars for source code when he has neither
the equipment nor the desire to use source code *as a product*).
And they are willing to help others to use them by providing
support which ATT could not afford to provide if it charged twice
the price for its products!  This was the sort of "theft" Len
Rose was involved in--custom tailoring of the ATT product,
helping customers to use the programs, manipulation of software
which he could not use himself in any way except to help others
use it.  Prosecuting Len Rose was like prosecuting a TV repairman
as a thief because he was removing the television from the house
to take it to his shop--except that unlike the TV repairman, Len
Rose didn't even need to take it into the shop, and his having a
copy of it could do nothing except benefit ATT.

In the long run, this inappropriate application of Industrial-Age
concepts of ownership and prosecution is going to be lethal to
you and everyone else in the same boat.  While you think you are
sending a signal that theft will not be tolerated, what you are
actually doing is sending a signal that customer support,
personal tailoring of programs and cooperation with ATT in
producing a product usable by many more millions of people will
not be tolerated.  Your problem is partly that no official
channels exist for appreciation and remuneration for the type of
work Len Rose did as a consultant and support provider, not that
"hackers" like him exist and flourish.  (Unofficial channels
obviously do exist for circulation of ATT materials, else where
would he have obtained the source?--a local K-Mart?)  And be
aware that Len Rose was the least of your worries.  Hackers much
more powerful than he exist, and you have enraged them when you
could have engaged their cooperation.

Sincerely,

Arel Lucas

********************************************************************

------------------------------

                         **END OF CuD #3.11**
********************************************************************