**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.13 (November 25 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: EPIC (Effective Performance in Candidates) File 3: The Riggs Sentencing (reprint from Newsbytes) File 4: First Conference on Computers, Freedom & Privacy File 5: Hackers Break into DEA Lines ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #2.13: File 1 of 5: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: November 25 1990 ++++++++++ In this file: 1. CORRECTION ON SJG AFFIDAVIT 2. LEN ROSE UPDATE 3. NEW FTP SITE ++++++++++ +++++++++++++++++++++ Correction of SJG Affidavit +++++++++++++++++++++ In CuD 2.11, we reprinted the search affidavit used for the Steve Jackson Games raid. We included several pages of logs from The Phoenix Project. These logs *WERE NOT* originally attached to the affidavit, but were sent to us independently of that document as background. The judge apparently never saw the logs. Having read them, one wonders if the investigator did either, because it defies all sane logic to impute involvement in a criminal "scheme" merely by explaining that Kermit is a 7-byte transfer protocol used primarily on mainframes. If you have not read the document, we recommend it. ++++++++++++ Len Rose Update ++++++++++++ As of this week, Len Rose had not yet been indicted for the Illinois charges. Len was arrested in late October on state charges alleging computer tampering a few days after taking a job in Naperville, Ill. The original indictment date was postponed by the state. His legal difficulties, which some of us find the result of overzealous federal prosecution, continue to hamper his employment possibilities. Sheldon Zenner, the attorney who successfully defended Craig Neidorf, has agreed to channel donations to Len for those wishing to support him. *THIS IS NOT* a legal defense fund, but humanitarian assistance to provide food, rent, and utilities for wife and family. Len Rose Donation c/o Sheldon Zenner Katten, Muchin and Zavis 525 W. Monroe, Suite 1600 Chicago, IL 60606 +++++++++++++++++ New FTP Site +++++++++++++++++ Another ftp site has been added from which CuD back issues and other archives may be obtained. The hours are limited from 6 pm to 6 am. The following should get you on it: % ftp cs.widener.edu or % ftp 192.55.239.110 Connected to cs.widener.edu. 220 titan FTP server (SunOS 4.1) ready. Name (cs.widener.edu:): Password (cs.widener.edu:anonymous): 331 Guest login ok, send ident as password. 230 Guest login ok, access restrictions apply. ftp> cd pub/cud ftp> dir ... blah blah blah ... ftp> quit 221 Goodbye. fingers! NOTE: Be sure to use your e-mail address for the password or it not let you on. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Jeffery Aldrich Subject: EPIC (Effective Performance in Candidates) Date: Tue, 20 Nov 90 16:37:51 pst ******************************************************************** *** CuD #2.13: File 2 of 5: EPIC Project (by Jeff Aldrich) *** ******************************************************************** Constitutional Rights and the Electronic Community (Copyright, 1990) Even if you're on the right track, you'll get run over if you just sit there. Will Rogers CPSR (Computer Professionals for Social Responsibility) and the EFF (Electronic Frontier Foundation) have done a great deal in a very short time to awaken the political consciousness of the electronic community. The EFF managed to take some of the steam from the enforcement train railroading members of the CU and gave this community its first taste of political victory. No doubt these victories will continue to strengthen individual rights in the virtual world. As a student of electronic democracy, I am an ardent supporter of the goals expressed by the EFF. the goals expressed by the EFF. With six years devoted to personal and professional interest in the civil rights and political issues facing the electronic community. Jim Thomas has asked on several occasions that I write something for CuD about The EPIC (Effective Performance in Candidates) Project, a nonprofit group I founded last year. A description of The EPIC Project is included in this article as background information. Political action by a nonprofit is limited by law. Most of what we learn about electronic politicking in the nonprofit must be used elsewhere. I was hired earlier this year to help qualify a citizen initiative for the November elections in California. The measure included a provision making public use of computer telecommunications a state constitutional right. This article focuses on that effort and concludes with a notice of plans underway for 1992. The EPIC Project This project is an extension of research conducted at Sacramento State University focusing on the impact of electronic democracy in American politics. We *may* have created a back-door link of computer telecommunication technology to the U.S. Constitution (Campaign Industry News, Feb. 1990). We're years away from solving the dependent variable dilemma of a Supreme Court test. Board members include Dave Hughes (the founding father of electronic democracy) and Dr. Gene Shoemaker, constitutional scholar and author of the War Powers Act (1974). Projects include R&D of software to insure text data integrity from a network distribution source via end user verification software; research into the development of national electronic political party organizations (Communications Daily, 2-2-90), and; research compiled on the Sundevil raids assisted Ohio Supreme Court Justice William McMahon, ABA Technology and the Courts Committee chairman, in opening a Sundevil subcommittee looking into federal court rule changes. This subcommittee and Judge McMahon are now working closely with the EFF. Political Action and Electronic Rights With all the consternation over abused constitutional rights in the online community this year, Californians missed an opportunity to vote themselves a Constitutional Right to telecommunicate. Below is part of the opening text from a file containing a print, sign and snail mail ballot initiative signature petition to qualify a proposed California Constitutional Amendment for the November 1990 general election (Western Edition WSJ 4-20-90; Middlesex News 4-23-90). I directed the statewide electronic file distribution and speech forums: CALIFORNIANS FOR RESPONSIBLE REPRESENTATION INFORMATION TECHNOLOGY -- ELECTRONIC CITIZENS and THE CALIFORNIA CONSTITUTION are linked by THE FAIR REDISTRICTING INITIATIVE What your signature and signatures which you gather can do for you and your family (and your business), is provide a Constitutional Right to electronic citizen oversight of Legislative redistricting plans -- right in your home computer --if you like! There are now NO RULES for drawing voting district lines to establish a competitive election process. The FAIR REDISTRICTING INITIATIVE lays out specific rules to PREVENT REPETITION OF PAST ABUSES BY INCUMBENT POLITICIANS and eliminates the possibility of gerrymandering -- the drawing of electoral district lines to protect incumbents and deny fair representation. One of the most important SECTIONS included in this Initiative creates electronic citizen oversight of redistricting or reapportionment plans drafted by the Legislature before any legislative action: SECTION 5: The Legislature shall DISSEMINATE and make PUBLICLY available, in hard copy and COMPUTER-READABLE FORMAT, any data base or other information submitted or developed for its use in establishing and redistricting or reapportionment plans... NO PLANS WILL BE DRAWN BEHIND CLOSED DOORS TO PROTECT INCUMBENT POWER THAT DESTROYS YOUR RIGHT TO REPRESENTATIVE GOVERNMENT. THE INITIATIVE PROVIDES A CONSTITUTIONAL RIGHT TO KNOW PLANS BEFORE ANY ACTION IS TAKEN -- IN COMPUTER-READABLE FORMAT WITH ELECTRONIC CITIZEN OVERSIGHT. IT'S ABOUT TIME FOR THE BEGINNING OF INFORMATION AGE DEMOCRACY IN CALIFORNIA Are you ready to join other people of the world in this era our politicians praise as the "Decade of Democracy?" Are you tired of cheering the democratic victories of others? Your opportunity to take action in the name of DEMOCRACY is right in front of you. The Revolutionary Power of the Information Age is at your fingertips. THE FAIR REDISTRICTING INITIATIVE lets you put that power to work for you!! *** end *** In addition to the first effort at state level constitutional rights to telecommunicate, and to access government data in electronic form, this was the first statewide electronic distribution of print and sign political action material. In April and May of this year, issues about constitutional rights were still considered boring as dirt to most of the online community. The discussions that follow are excerpts from a WELL conference on the initiative. It is not presented as a representative sample and is reprinted with permission. Topic 333: Californians seek Information Age Democracy -- print Jeff Aldrich (jefrich) Mon, Apr 23, '90 (22:35) 18 One item I've noticed absent from this discussion is any reference to the fact that this initiative, if passed, will link this technology to the Ca Constitution by creating a constitutionally mandated right of public access to specific info in "computer-readable" format. With the volume of discussion I've seen in the Well on Electronic Citizenship and the need for same, I find it rather odd there has yet been commentary posted on this aspect of the initiative. And what about the fact that for the first time in Ca history an initiative is being distributed, in complete form, electronically -- giving people an opportunity to make an informed decision prior to signing a petition to qualify a measure for statewide ballot? Instead of some fellow pushing a pen at you to sign something on an ironing board when you leave the grocery store. Topic 333: Californians seek Information Age Democracy -- print # 26: Daniel A. Murphy (murphy) Tue, Apr 24, '90 (21:39) Jeff: I think you're looking at Fenno's paradox. Look at what people think of *their* representative, not Congress as a whole. For the most part, people support their representative, and where they don't (e.g. Cranston) it's clear they aren't likely prospects for reelection. Topic 333: Californians seek Information Age Democracy -- print # 29: David Gans (tnf) Wed, Apr 25, '90 (10:49) 4 In the long run, information access would tend to produce a better informed electorate. If you don't think the GOP takes public apathy and stupidity to the bank and the ballot box year after year, you haven't been paying attention! Topic 333: Californians seek Information Age Democracy -- print # 31: harry henderson (hrh) Wed, Apr 25, '90 (17:39) The GOP don't have a monopoly on taking voter stupidity to the bank. The Democrats also have a specialty: economic shell games that take advantage of voters' lack of knowledge of basic economic principles like supply and demand, incentive, etc. Topic 333: Californians seek Information Age Democracy -- print # 32: Jeff Aldrich (jefrich) Wed, Apr 25, '90 (18:02) The fact is, while we sit around on our butt's chewing the finer points of who's doing what to who, we're all loosing the right to access government data information. I just got a report today from the firm in Sacramento counting signatures on petitions that have come in. The few we've received on computer printed paper are from sysop's I've been working with -- Zero from the Well. The point is we have an opportunity to open a door that is closed and being welded shut. I'm beginning to wonder if all the talk here in the Well about how great the concept of Electronic Citizenship is -- protect our future, power to those without power, etc. -- was little more than sanctimonious rubbish. Topic 333: Californians seek Information Age Democracy -- print # 33: Bob Jacobson (bluefire) Wed, Apr 25, '90 (18:34) I think an initiative targeted on open information would be clearer, easier to understand, less expensive to run, and more certain of passage. Topic 333: Californians seek Information Age Democracy -- print # 34: Daniel A. Murphy (murphy) Wed, Apr 25, '90 (18:54) I agree completely with Bob. Better information access would help the process; it shouldn't me mixed up with a reapportionment scheme. Topic 333: Californians seek Information Age Democracy -- print # 35: David Gans (tnf) Wed, Apr 25, '90 (20:02) 2 And phrases like "sanctimonious rubbish" aren't likely to inspire very many people around here. Topic 333: Californians seek Information Age Democracy -- print # 36: Jeff Aldrich (jefrich) Thu, Apr 26, '90 (01:53) Your right, David, that remark does not belong here. Bob's right on all four items. Such an initiative would be easier to understand and pass. But I don't have any problems with constitutional access tied to this initiative. Neither does the Rose Institute at Clairmont. My difficulty is understanding the inactivity from the Well. Topic 333: Californians seek Information Age Democracy -- print # 37: Robert Deward (bobd) Thu, Apr 26, '90 (13:37) 6 Are there any models for an initiative addressing open access to govt. information? I can check with Reference Point if no one has anything handy. This sounds to me like a perfect issue on which to test our beliefs about the efficacy of the on-line medium. What do you people think? Topic 333: Californians seek Information Age Democracy -- print # 38: Daniel A. Murphy (murphy) Thu, Apr 26, '90 (18:41) It will be interesting to see if electronically-circulated petitions become common, as part of conventional signature-gathering campaigns. Topic 333: Californians seek Information Age Democracy -- print # 39: Art (arb) Thu, Apr 26, '90 (19:29) 2 lines Gee, Bobd, sounds like this project would have been a perfect match for your Electronic Citizenship project with a Gateway! Topic 333: Californians seek Information Age Democracy -- print # 40: Dave Hughes (dave) Sun, Apr 29, '90 (07:08) 29 Any objection from posters so far to my copying this out for Colorado candidate for Secretary of State Aaron Harber (D)? (He is a Harvard grad, serious challenger, owned two computer companies, and forced the current incumbent to better automate the SecStates office last race. One of his main themes is better citizen access to government, and he is ready for fresh electronic communications ideas to show voters that the Repub Sec of State is not doing all she could to use modern technology to give people that access. He is mulling over my suggestion to use the state telecom network (sorry US West) which is little used nights and weekends to put terminals in county offices for free citizen access to state government in Denver across a wide range of info - including state laws, regs, voter lists, licensing data, candidate reports etc) He might find this useful to think how to break out of the traditional mind-set about where/how 'official' political information is stored/distributed. It seems to me that the objection above about individual citizens not being that interested in mountains of facts misses a point. There are always local activists who would scour such facts, extract useful info, and present to local people. If they had timely, cheap, and total access to publicly stored info. Media is supposed to be doing this 'for the voters' and up to a point, on hot 'mass interest' topics do. But news media are decliningly useful sources of information about government. Topic 333: Californians seek Information Age Democracy -- print # 42: Jeff Aldrich (jefrich) Tue, May 1, '90 (21:45) the latest signature count has too many printed petition forms from all over the state for me to trace back to the well. I suspect several came from Wellies...thanks for the effort Bob, my research has yet uncovered a 'model access' amendment. If we can't come up with one ready-made, anyone with ideas on using resources here in the Well to pull one together for Calif. in '92? Or failing that, what about ideas on our ability to pull the industry together to support such an effort? +-+-+-+-+-+ END OF WELL CONFERENCE +-+-+-+-+-+ Most of the discussion in the WELL conference focused on the politics behind the measure, rather than looking at benefits extended to the electronic community. It's said that timing in politics is everything. If concerns about Operation Sundevil had been two months earlier, or our filing deadlines two months later, The FAIR REDISTRICTING INITIATIVE would have collected enough signatures to qualify for the November General Election. Initiative '92 -- Computer Rights and Economic Impact on Business We learned a lot about the online community from distributing the ballot measure earlier this year -- from identifying politically active systems statewide, to distribution, to political issues considered palatable by the electronic community. Successful efforts to promote computer rights and industry growth utilizing the electronic distribution initiative process in California offer a range of policy issues including, but not limited to, the following: legislative info in data format dispensed at no cost to info service companies providing educational access; incentives for development of rural telecommuting centers, including a) increased rate of return on investment for rural telephone utilities, b) redirecting transportation funds to reduce site construction and development costs, c) business tax incentives for participation in rural telecommunicating centers; revision of computer crime statutes and enforcement procedures; association member access to, and use of, California State University computer systems for the purpose of increasing international trade in conjunction with the California State World Trade Commission, and; add telecommuting projects to the smart Freeway Corridor Telecommunications Demonstration Project by redirection of Federal Transportation Appropriations. There is no question all of these items will be considered in the drafting of a 1992 California ballot measure. The measure will also include language mandating that computer telecommunications become a state constitutional right. Many of the issues listed above have the potential to create positive economic impact for general business, trade associations and specific computer industries. As a focal point of the initiative, Rural telecommuting development cuts to a broad based, organized constituency. I've been retained by clients interested in forming a committee to sponsor development of this initiative. I have been asked to determine the support, if any, of others interested in forming a sponsor committee. And to determine if the level of this support is sufficient to justify further activity. Committee membership guidelines: Committee Member Sponsor $7,500.00 < per 1 vote > Total Committee Member Sponsors < ten > Minimum Committee Member Sponsors to vest < five > Committee will vest January 7, 1991. Letters of intent to fund are due and payable no latter than January 4, 1991. Failure to vest refunds are due and payable January 17, 1991. For more information concerning the formation of this ballot measure committee, contact: Jeff Aldrich jefrich@well.ca.us Aldrich & Associates, Voice: (707)426-1679 Political Consulting Fax: (707)425-9811 2791F North Texas, Suite 341 Fairfield, CA 94533 ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: John and Barbara McMullen Subject: The Riggs Sentencing (reprint from Newsbytes) Date: November 21, 1990 ******************************************************************** *** CuD #2.13: File 3 of 5: More on the Riggs Sentencing *** ******************************************************************** (The following articles, by John and Barbara McMullen, were originally published in Newsbytes. They are reprinted with permission. They corrects some errors in the original AP wire service story reported in the last issue of CuD). ======================================================================= (NEWS)(GOVT)(NYC)(00001) ATLANTA SENTENCING FOR COMPUTER CRIMES ATLANTA, GEORGIA, U.S.A., 1990 NOV 19 (NB) -- Robert J. Riggs, Adam E. Grant and Franklin Darden, who pleaded guilty in July to various charges relating to computer break-ins to systems of BellSouth, have been sentenced by U.S. District Judge Owen Forrester to prison sentences and ordered to make financial restitution of $233,000 to BellSouth. Riggs, who had pleaded guilty to one conspiracy count and could have received a maximum sentence of five years in prison and a $200,000 fine, was sentenced to a 21-month prison term and was ordered to begin serving the sentence on February 15th. Darden, who faced similar penalties, received 14 months as did Grant. Grant had pleaded guilty to possessing 15 or more BellSouth access devices with the intent to defraud and faced a maximum penalty of 10 years in prison and a $250,000 fine. In sentencing Grant and Darden, Judge Forrester stipulated that seven months of their sentences may be served in a halfway house. Grant and Darden are scheduled to report for confinement on January 4th. Craig Neidorf, who had been indicted for publishing an electronic document which Riggs admitting copying from BellSouth's files, expressed surprise at the sentence, telling Newsbytes "The sentence seems severe when one considers the lesser sentence given to Robert Morris who disrupted thousands of computers and caused untold financial expense to those who had to undo the damage that he caused. I am not saying that Morris should have received a harsher penalty; I'm saying rather that the Atlanta sentences seem disproportionate. I don't know much about all of the Atlanta charges but the testimony concerning them at my case did not indicate that there had been great financial damage to anyone because of the actions of these three." Neidorf also questioned the determination of damages in the case, saying "I hope that the damages claimed by BellSouth have been well scruitinized by the government. You may remember that, before the charges against me were dismissed, BellSouth had claimed that the value of the document in question was over $70,000. It turned out that the document was available in print for under $20. Riggs, Darden and Grant had already pleaded guilty when this gross overstatement came out. I hope, for justice's sake, that the restitution awarded actually relates to substantiated damages." Kent Alexander, Assistant U.S. Attorney, told Newsbytes that he "is comfortable with the method under which the damages were determined." He also clarified the order for restitution, saying that Riggs, Darden and Grant are jointly responsible for the $233,000 and that each of them is individually liable for the entire amount should the others default in payment. Alexander had, in July, told Newsbytes that the plea agreement entered into by the defendants "allows the United States Attorney's office to, in return for substantial assistance from the defendants, to ask for a downward departure from the sentencing guidelines. The substantial assistance referred to includes debriefing by the Secret Service and truthful testimony in other related computer cases." Alexander confirmed, in his current comments to Newsbytes, that the sentences given were, in fact, downward departures from the sentencing guidelines. New York State Police Senior Investigator Donald Delaney, who has been at the forefront of New York State investigations into computer crime, commented on the sentencing to Newsbytes, saying "I think that the sentence is significant and appropriate given the severity of the crimes. I hope that this sends a message to others engaged in telecommunications fraud that such actions can result in actual jail terms." (Barbara E. McMullen & John F. McMullen/19901119) ============================================================================= (EXCLUSIVE)(GOVT)(NYC)(00001) ATLANTA SENTENCING DESIGNED TO "SEND MESSAGE" ATLANTA, GEORGIA, U.S.A., 1990 NOV 20 (NB) -- In response to questions by Newsbytes concerning the rationale underlying the sentences received by Robert J. Riggs, Adam E. Grant and Franklin E. Darden, Jr. on November 16th for activities involving illegal access to computer systems of BellSouth, Assistant United States Attorney for the Northern District of Georgia Kent B. Alexander has released the "Government's Sentencing Memorandum And S.G. & 5K1.1 Motion". This 21 page document, prepared by Joe D. Whitney, United States Attorney for the Northern District of Georgia, and Alexander and sent to United States District Court Judge J. Owen Forrester, puts forth the factors which the prosecuting attorneys wish the judge to consider in determining sentence. The memorandum states "Although the government is going to recommend a downward departure from the Sentencing Guidelines, the three defendants are clearly criminals who have caused a significant amount of damage and should be punished accordingly. Moreover, the computer hacker world is watching this case very closely, and the Court should send a message that illegal computer activities will not be tolerated" (The word "hacker" is footnoted and explained by saying "The government uses the term 'hacker' to describe a person who uses computers for criminal activity. The Court should note, however, that the term 'hacker' can also be used to describe legitimate computer users. At one time all computer users were known as 'hackers' and some computer users still identify themselves as 'hackers'."). In explaining the gravity of the crimes, the memorandum states "In all, they stole approximately $233,800 worth of logins/passwords and connect addresses (i.e. access information) from BellSouth. BellSouth spent approximately $1.5 million in identifying the intruders into their system and has since spent roughly $3 million more to further secure their network." In explaining the perceived need to send a message to the "hacker community", the memorandum points out that the last federally prosecuted adult criminal hacker, Robert Morris, Jr. received probation and that that sentence was followed very closely by 'hackers' throughout the nation. The memorandum states "Any sentence that does not include incarceration would send the wrong message to the hacking community; that is, that breaking into computer systems is not really a crime." The document also states that "All three defendants have provided significant cooperation that has fueled further investigation into the activities of a number of computer hackers throughout the country." Because of this cooperation, the "government moves for this Court to make a downward departure pursuant to S.G. 5k1.1 in the amount of three levels for defendants Grant and Darden and two levels for defendant Riggs." The memorandum then details the cooperation of each of these defendants in cases involving Craig Neidorf in Chicago and an unnamed "fellow Legion of Doom member" in Detroit. The memorandum also explains why a lesser departure is recommended for Riggs - "Defendant Riggs strikes the undersigned counsel as an unusually quiet and pensive person. Throughout the investigation, he has been cooperative, but because of his nature, he sometimes comes across as uninterested and evasive. The bottom line is that he provided helpful information that furthered several investigations around the country, though his assistance was not as substantial as that of Grant and Darden; hence the recommendation of only a two-level departure." An earlier conviction for Riggs related to computer fraud was also mentioned. In the actual sentencing by Judge Forrester, Grant and Darden received 14 months incarceration of which 7 will be in a half-way house while Riggs received 21 months incarceration . Additionally, they were directed to make restitution payments to BellSouth of $233,000. In a conversation with Newsbytes, the aforementioned Craig Neidorf questioned the determination of damages in the case, saying "I hope that the damages claimed by BellSouth have been well scrutinized by the government. You may remember that, before the charges against me were dismissed, BellSouth had claimed that the value of the document in question was over $70,000. It turned out that the document was available in print for under $20. Riggs, Darden and Grant had already pleaded guilty when this gross overstatement came out. I hope, for justice's sake, that the restitution awarded actually relates to substantiated damages." An examination of the sentencing memorandum finds that the E911 file, "the subject of the Chicago indictment" was estimated by Bob Kibler of BellSouth Security to be valued, based on R&D costs, at $24,639. Kent Alexander, Assistant U.S. Attorney, told Newsbytes that he "is comfortable with the method under which the damages were determined." He also clarified the order for restitution, saying that Riggs, Darden and Grant are jointly responsible for the $233,000 and that each of them is individually liable for the entire amount should the others default in payment. The Department of Justice release also stated "The United States Attorney commented that most computer users engage in legal and constructive activities. Criminal hackers, however, who break into computer systems of others, are breaking the law and will be prosecuted accordingly." (Barbara E. McMullen & John F. McMullen/19901119) ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Jim Warren (jwarren@well.sf.ca.us) Subject: First Conference on Computers, Freedom & Privacy Date: Undated ******************************************************************** *** CuD #2.13: File 4 of 5: Computers Freedom and Privacy Conf. *** ******************************************************************** {One good consequence of Operation Sun Devil has been the increased awareness of the need to address issues of ethics, computer rights, and computer abuse. The following conference is an attempt to bring a variety of individuals and groups together to exchange information and opinions--moderators}. FIRST CONFERENCE ON COMPUTERS, FREEDOM & PRIVACY ------------------------------------------------ March 25-28, 1991, Monday-Thursday SFO Marriott Hotel, reservations: 800-228-9290 San Francisco Airport, 1800 Old Bayshore Hwy, Burlingame CA 94010 COOPERATING ORGANIZATIONS ------------------------- Electronic Networking Association Videotex Industry Association Electronic Frontier Foundation The WELL, Portal Communications [as of 11/23/90, more expected shortly] Sponsor: Computer Professionals for Social Responsibility PLANNED CONFERENCE SESSIONS --------------------------- 1. The Constitution in the Information Age [opening session] coordinator: Jim Warren; Chair: Jim Warren Introductory remarks; then, major policy proposal regarding electronic communications and Constitutional rights. speaker: Professor Lawrence Tribe, Harvard Law School 2. Trends in Computers & Networks coordinator: Peter Denning; Chair: Peter Denning Overview and prognosis of computing capabilities and networking as they impact personal privacy, confidentiality, security, one-to-one & many-to-one communication, and access to information about government, business & society. 3. Public-Sector Information About Individuals coordinators: Les Earnest, Bruce Koball; Chair: Collection, verification, use, sharing and protection of, and access to and responsibility for personal information, by government agencies, such as census, voter, tax, license, permit and criminal records. 4. Private-Sector Information About Individuals coordinators: Les Earnest, Bruce Koball; Chair: Collection, marketing, verification, use and protection of, and access to and responsibility for personal information, by private organizations, such as banking, credit, health, consumer, employment, family & lifestyle information. 5. International Perspectives & Impacts coordinator: Mark Graham; Chair: Other nations' models for protecting personal information and communication, and granting access to government information; existing and developing laws; requirements on trans-national dataflow, personal expression & accountability. 6. Law Enforcement Practices and Problems coordinators: Dorothy Denning, Glenn Tenney; Chair: Issues relating to investigation, prosecution, due process and deterrence of computer crimes, now and in the future; using computers to aid law enforcement. 7. Law Enforcement and Civil Liberties coordinators: Dorothy Denning, Glenn Tenney; Chair: Interaction of computer crime, law enforcement, and civil liberties; issues of search and seizure, sanctions, and shared or networked equipment, software and information. 8. Legislation & Regulation coordinators: Marc Rotenberg, Elliot Fabric; Chair: Legislative and regulatory roles in protecting privacy and insuring access; legal problems posed by computing and computer networks; approaches to improving related government decision-making. 9. Computer-Based Surveillance of Individuals coordinators: Les Earnest, Bruce Koball; Chair: Monitoring electronic-mail, public & private teleconferences, electronic bulletin boards, publications and subscribers; tracking individuals' location, work performance, buying habits & lifestyles; pattern recognition & profiling 10. Ethics and Education coordinators: Dorothy Denning, Glenn Tenney; Chair: Ethical principles for individuals, system administrators, organizations, corporations, and government; copying data, copying software, distributing confidential information; relations to computer education and computer law. 11. Electronic Speech, Press and Assembly coordinators: Marc Rotenberg, Elliot Fabric; Chair: Freedoms and responsibilities regarding electronic speech, public and private electronic assembly, electronic publishing, prior restraint and chilling effects of monitoring. 12. Access to Government Information coordinator: Mark Graham; Chair: Implementing individual and corporate access to federal, state & local information about communities, corporations, legislation, administration, the courts and public figures; allowing access while protecting confidentiality. 13. Where Do We Go From Here? [closing session] coordinator: Jim Warren; Chair: Jim Warren Perspectives and recommendations of participating groups, proposed next steps to protect person privacy, protect fundamental freedoms and encourage responsible policies and action. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: chron!magic322!edtjda@UUNET.UU.NET(Joe Abernathy) Subject: Hackers Break into DEA Lines Date: Wed, 21 Nov 90 17:32:59 CST ******************************************************************** *** CuD #2.13: File 5 of 5: Hackers & the DEA PBX (J. Abernathy *** ******************************************************************** " Hackers break into DEA lines: Long-distance Service the Target" From: Houston Chronicle, Saturday, Nov. 17, 1990 (p. 1A) By JOE ABERNATHY (Copyright 1990, Houston Chronicle) Computer hackers and others stole long distance service worth up to $1.8 million from the government through the Houston offices of the Drug Enforcement Administration, the agency acknowledged Friday. "We became aware of it last spring," said DEA spokesman Thomas Lentini. "Southwestern Bell telephone security told us that they suspected somebody was hacking into our FTS system. That's the Federal Telephone System." The agency cannot estimate the precise value of the long distance service since it used a dedicated line without per-call billing. But an Arizona prosecutor who specializes in computer fraud has estimated that such a breach can use service worth at least $100,000 a month. Self-described hackers told the Houston Chronicle that hundreds of people around the nation used the government phone lines over a period of 18 months. The DEA has taken measures to protect its system, Lentini said. The thefts were discovered during a nationwide, previously undisclosed Southwestern Bell investigation into the fraudulent use of phone credit cards. "There were some folks that were making unauthorized use of customers' credit cards," said Ken Brasel, Southwestern Bell spokesman. "In our investigation of these people we discovered that they had used these credit cards to call a local number which turned out to be the DEA." By punching in an access code after connecting with this number, callers could place outgoing calls using the federal government's dedicated, private phone lines. "You just had to dial 8 and you could go anywhere," said a hacker who brought the DEA system invasion to the Chronicle's attention. "Hundreds used it." "A guy even walked up to me in Safeway once and asked if I'd heard about the 221 PBX," said another hacker. These two and other hackers, identifying themselves by their computer system "handles" but declining to give their real names, discussed the matter with a Chronicle reporter in a series of late-night conference calls that they initiated. PBX, or private branch exchange, is the name given to the telephone switching systems used in medium to large companies, while 221 is the downtown prefix of the three DEA lines offering access into the federal phone system. "The way the system works is we call an access number that puts us into FTS, then we can call anywhere," Lentini said, explaining that the system was dedicated to upper management's use, typically for calls to Washington. "In effect, they have their own WATS line," Brasel said. "When they talk from here to Washington, they don't go through an AT&T operator." The phone lines were used both for normal calls and for computer data telecommunications, hackers said, and calls were placed around the world. According to the Arizona state attorney general's office, which has become renowned for its vigorous pursuit of hackers, PBXs are a prime source for overseas phone fraud, and give hackers a layer of security. If a call is traced,it is traced back to the company that owns the PBX, not to the hacker. "In the last two years it's just skyrocketed in terms of international" calls, said Gail Thackeray, an assistant attorney general in Arizona. "All of the long distance carriers are under siege." Thackeray estimated in a recent Chronicle interview that PBX abuse will cost industry $500 million this year. According to her formulas, the DEA hackers may have used service worth $100,000 or more during each of the 18 months in which the agency's phone system was compromised. "We have some anti-social, fairly dangerous hackers out there because of the size of tools they have," Thackeray said. Assisted by computers, the hackers find the PBX numbers through trial and error by calling all available numbers in a prefix. "Numbers get passed around like a stock commodity," said one. A breach can go undetected for a long time because the government doesn't render bills on its dedicated phone lines. "Once the break-in was discovered, we immediately changed the access number," Lentini said. "We worked with Southwestern Bell trying to determine who the culprit was and we just couldn't do it," he said. "They were getting into it from pay telephones" as well as from residences and places of employment. "Southwestern Bell is still monitoring our lines for indicators that they're hacking into it again." Referring to the larger investigation of credit card fraud, Brasel urged that consumers exercise caution. "What these guys were doing is calling up and saying 'We're from AT&T and we've had a computer failure' and they say 'We need your credit card number and your PIN (personal identification number),' " he said. "That's like giving someone the key to the bank vault. You just don't do that." ******************************************************************** ------------------------------ **END OF CuD #2.13** ********************************************************************