**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.09 (May 16, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- In This Issue: File 1: Moderators' Corner (news and notes) File 2: From the Mail Bag (Richard Duffy) File 3: Operation Sun Devil: Press Release File 4: Operation Sun Devil: Secret Service Statement File 5: News Excerpts about Operation Sun Devil File 6: Software Publishers Association Update -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.09 / File 1 of 6 *** *************************************************************** In this file: -- Operation Sun Devil -- FTP (Clarification) -- Dr. Ripco's Final Words --------------------------------------------------------------- ---------- Operation Sun Devil ----------- Operation Sun Devil, another phase in the crackdown against the computer underground, was begun May 8 (See this issue, Files 3 and 4). At least 28 search warrants were served, and a number of arrests have resulted, although not all directly related to the May 8 operation. Judging from comments we have received, people are either quite angry about it or highly supportive of it. We will give our own views in File #3, but we urge you to send reasoned opinions on either side. One of the best commentaries of the entire crackdown can be in Emmanuel Goldstein's articles in 2600 MAGAZINE (May 15, 1990). People can contact 2600/M at: 2600@well.sf.ca.us OR 2600 EDITORIAL DEPARTMENT P.O. BOX 99, MIDDLE ISLAND, NY 11953 We will have an expanded article on Sun Devil in CuD #1.10 ------------ FTP SITE ------------ DATE: FRI, 11 MAY 90 06:38 EDT FROM: <KRAUSER@SNYSYRV1> SUBJECT: FTP SITE (FILE TRANSFER PERSON) TO: TK0JUT2 OK EVERYONE. THE "FTP" SIGHT IS REALLY REFERRING TO A FILE TRANSFER PERSON WHICH IS ME. TO REQUEST A FILE SEND MESSAGE CONTAINING THE FOLLOWING INFORMATION: 1. YOUR NETWORK ADDRESS 2. WHAT FILES YOU WANT (GIVE ME AN EXACT IDEA IE. ISSUES 1-12 OF PHRACK) AFTER RECEIVING YOUR REQUEST, I WILL SEND YOU A MESSAGE THAT I HAVE RECEIVED YOUR REQUEST. THIS WILL SERVE TWO PURPOSES, THE FIRST TO LET YOU KNOW THAT I RECEIVED YOUR REQUEST AND TO LET ME MAKE SURE THAT THE FILES WILL GET TO YOU. YOU SHOULD RECEIVE THE FILES WITHIN A 48 HOURS TIME PERIOD AND ALL PAST REQUESTS WILL BE SENT THIS WEEKEND. AT THIS TIME I HAVE ALL OF PHRACK (EXCEPT ISSUE 24 AND WE WON'T WANT TO SEND THAT ONE NOW WOUDLD WE), LOD TECH JOURNALS, AND P/HUN. I WILL BE RECEIVING THE REST OF THE ATI AND PIRATE ARTICLES SOON. ALSO IF YOU HAVE A LIST OF FILES THAT YOU WOULD LIKE TO SHARE WITH EVERYONE, INCLUDE THAT LIST WITH YOUR REQUEST. HOPEFULLY THIS METHOD OF FILE TRANSFER WILL ONLY BE FOR A WHILE SINCE I AM IN THE MIDST OF HUNTING DOWN A FTP SITE. DARKMAGE -------------------------------------------------------------------- ------------- RIPCO ------------- Ripco was one of the boards that went down on May 8. It was probably the longest running decent board in the country. Judging from our knowledge of the users and the content of the logs, less than 3 percent of the callers claimed to be identified in illegal activity, and of those, we'd guess that at least half were faking it. Given the nature of undercover operations, which include "infiltrating" boards, we also assume some were law enforcement agents. Ripco had a number of message sections, all of which were lively, generally intelligent, and invariably interesting. Raiding Ripco seems to be throwing the baby out with the bath water by intimidating sysops willing to allow provocative discussions. We repeat: THE BULK OF RIPCO'S USERS WERE NOT IN ANY WAY INVOLVED IN *ANY* ILLEGAL ACTIVITY, but now names are in the hands of agents. We have seen from past experience what can happen when they start generating "lists." We can see some aggressive hot-shot prosecutor now, about to seek political office: "I HAVE IN MY HAND A LIST OF 200 SUBVERSIVE HACKER SCUM....!" In our view, this is no long a computer underground issue, but one of First Amendment protections. We reprint Dr. Ripco's final message left to his users: ****************************************************************** This is 528-5020. As you are probably aware, on May 8, the Secret Service conducted a series of raids across the country. Early news reports indicate these raids involved people and computers that could be connected with credit card and long distance toll fraud. Although no arrests or charges were made, Ripco BBS was confiscated on that morning. It's involvement at this time is unknown. Since it is unlikely that the system will ever return, I'd just l say goodbye, and thanks for your support for the last six and a half years. It's been interesting, to say the least. Talk to ya later. %Dr. Ricpo% *** END OF VOICE MESSAGE *** -------------------------------------------------------------------- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.09 / File 2 of 6 *** *************************************************************** To: tk0jut2 Subject: passwordless account argument in alt.security Date: Sun, 13 May 90 02:54:18 -0500 From: Richard Duffy <zeno@zaphod.UChicago.EDU> There is currently a thought-provoking, ongoing argument raging in the Usenet group alt.security, concerning a user at St. Olaf College who deliberately maintains a null password on one of his accounts there. That newsgroup has been engaged in a detailed, continuing discussion of Unix security issues, especially concerning policies about user passwords (forcing users to change them regularly, forcing them to choose from a software-generated list of choices, etc. etc.) and the associated ideas about the general need for security measures. The user in question, Peter Seebach, takes the provocative but firmly held position that Unix is so insecure anyway that there's not even a point in having passwords for user accounts. He advertised in this highly public forum (Usenet) the fact that his own account lacks one, and a major flame-war has ensued, partly precipitated by the fact that someone, possibly a reader of his public admission, promptly logged in to Peter's account and gave it a password, thus temporarily locking him out of his own account. The resulting verbiage has a lot of the usual puerile, vindictive, posturing qualities associated with Usenet flame-wars, but in spite of all that, some interesting points about "hackers," privacy, ethics and trust are beginning to make themselves discernible through all the noise. I highly recommend it to those of you with Usenet access, for a little mind-bending on some issues you might have thought you were already completely decided on. It's also rather entertaining! =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.09 / File 3 of 6 *** *************************************************************** U.S. Department of Justice United States Attorney District of Arizona -------------------------------------------------------------------- 4000 United States Courthouse Phoenix, Arizona 82505 602-379-3011 /FTS/261-3011 PRESS RELEASE FOR IMMEDIATE RELEASE: CONTACT: Wendy Harnagel Wednesday, May 9, 1990 United States Attorney's Office (602) 379-3011 PHOENIX--Stephen M. McNamee, United States Attorney for the District of Arizona, Robert K. Corbin, Attorney General for the state of Arizona, and Henry R. Potosky, Acting Special Agent in Charge of the United States Secret Service Office in Phoenix, today announced that approximately twenty-seven search warrants were executed on Monday and Tuesday, May 7 and 8, 1990, in various cities across the nation by 150 Secret Service agents along with state and local law enforcement officials. The warrants were issued as a part of Operation Sundevil, which was a two year investigation into alleged illegal computer hacking activities. The United States Secret Service, in cooperation with the United States Attorney's Office, and the Attorney General for the State of Arizona, established an operation utilizing sophisticated investigative techniques, targeting computer hackers who were alleged to have trafficked in and abuse stolen credit card numbers, unauthorized long distance dialing codes, and who conduct unauthorized access and damage to computers. While the total amount of losses cannot be calculated at this time, it is (MORE) estimated that the losses may run into the millions of dollars. For example, the unauthorized accessing of long distance telephone cards have resulted in uncollectible charges. The same is true of the use of stolen credit card numbers. Individuals are able to utilize the charge accounts to purchase items for which no payment is made. Federal search warrants were executed in the following cities: Chicago, IL Cincinnati, OH Detroit, MI Los Angeles, CA Miami, FL Newark, NJ New York, NY Phoenix, AZ Pittsburgh, PA Plano, TX Richmond, VA San Diego, CA San Jose, CA Unlawful computer hacking imperils the health and welfare of individuals, corporations and government agencies in the United States who rely on computers and telephones to communicate. Technical and expert assistance was provided to the United States Secret Service by telecommunication companies including Pac Bel, AT&T, Bellcore, Bell South, MCI, U.S. Sprint, Mid-American, Southwestern Bell, NYNEX, U.S. West, and by the many corporate victims. All are to be commended for their efforts in researching intrusions and documenting losses. McNamee and Corbin expressed concern that the improper and alleged illegal use of computers may become the White Collar crime of the (MORE) 1990's. McNamee and Corbin reiterated that the state and federal government will vigorously pursue criminal violations of statutes under their jurisdiction. Three individuals were arrested yesterday in other jurisdictions on collateral or independent state charges. The investigations surrounding the activities of Operation Sundevil are continuing. The investigations are being conducted by agents of the United States Secret Service and Assistant United States Attorney Tim Holtzen, District of Arizona, and Assistant Arizona Attorney General Gail Thackery. END STORY =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.09 / File 4 of 6 *** *************************************************************** Assistant Director Garry M. Jenkins' Prepared Remarks Operation Sun Devil Today, the Secret Service is sending a clear message to those computer hackers who have decided to violate the laws of this nation in the mistaken belief that they can successfully avoid detection by hiding behind the relative anonymity of their computer terminals. In 1984, Congress enacted the Comprehensive Crime Control Act which prohibits, among other things, credit card fraud and computer fraud. Since 1984, the Secret Service has been aggressively enforcing these laws and has made over 9,000 arrests nationwide. Recently we have witnessed an alarming number of young people who, for a variety of sociological and psychological reasons, have become attached to their computers and are exploiting thier potential in a criminal manner. Often, a progression of criminal activity occurs which involves telecommunications fraud (free long distance phone calls), unauthorized access to other computers (whether for profit, fascination, ego, or the intellectual challenge), credit card fraud (cash advances and unauthorized purchases of goods), and then move on to other destructive activities like computer viruses. Some computer abusers form close associations with other people having similar interests. Underground groups have been formed for the purpose of exchanging information relevant to their criminal activities. These groups often communicate with each other through message systems between computers called "bulletin boards." Operation Sun Devil was an investigation of potential computer fraud conducted over a two-year period with the use of sophisticated investigative techniques. This investigation exemplifies the commitment and extensive cooperation between federal, state and local law enforcement agencies and private governmental industries which have been targeted by computer criminals. While state and local law enforcement agencies successfully investigate and prosecute technological crimes in specific geographical locations, federal intervention is clearly called for when the nature of these crimes becomes interstate and international. (PAGE 1) On May 8, 1990, over 150 Special Agents of the United States Secret Service, teamed with numerous local and state law enforcement agencies, served over two dozen search warrants in approximately fifteen (15) cities across this nation. Several arrests and searches were made during the investigation to protect the public from impending dangers. In one situation, computer equipment was seized after unauthorized invasion into a hospital computer. Our experience shows that many computer hacker suspects are no longer misguide teenagers mischievously playing games with their computers in their bedrooms. Some are now high tech computer operators using computers to engage in unlawful conduct. The losses to the american public in this case are expected to be significant. The Secret Service takes computer crime very seriously, and we will continue to investigate aggressively those crimes which threaten our nation's businesses and government services. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.09 / File 5 of 6 *** *************************************************************** These excerpts from media sources on operation Sun Devil were sent by various contributors. ************************************************************************* Probe Focuses on Entry, Theft by Computers (From: CHICAGO TRIBUNE, May 10, 1990: p. I-6) PHOENIX--An interstate probe of computer invasions has uncovered losses that may reach millions of dollars and could be "just the tip of the iceberg," federal law enforcement officials said Wednesday. The investigation is focused on illegal entry into computer systems and unauthorized use of credit-card numbers and long-distance codes, said Garry Jenkins, assistant Secret Service director for investigations. No arrests for computer crime resulted, however, when 27 search warrants were served in 12 cities, including Chicago, by 150 Secret Service agents and police on Tuesday, officials said. In Chicago, federal agents seized computers and information disks at a business and a private home, said Tim McCarthey, chief of the Secret Service's criminal enforcement division in Chicago. Nationwide, some 40 computers and 23,000 disks of computer information were seized. Secret Service officials declined to release an specifics, including the number of people targeted, saying the two-year investigation, code-named "Operation Sun Devil," is continuing. "The losses that we estimate on this may run to the millions of dollars," said Stephen McNamee, U.S. Atty. for Arizona. Much of the alleged loss stems from unpaid telephone and computer access charges, officials said. They said it was possible that computer hackers had obtained goods or cash through use of unauthorized credit cards, but could not cite any instance of it. In addition to misuse of credit cards and phone lines the hackers are believed to have gained access to computers that store medical and financial histories, officials said. Under new computer crime laws, the Secret Service has jurisdiction to investigate allegations of electronic fraud through the use of access devices such as credit-card numbers and long-distance codes. Defendants convicted of unauthorized use of such devices can be sentenced up to 10 years in prison if they commit fraud of more than $,100. A similar investigation supervised by federal prosecutors in Chicago has resulted in several indictments. ******************************************************************** AT&T NEWS BRIEFS via Consultant's Liason Program Wednesday, May 9, 1990 HACKER WHACKER -- The Secret Service is conducting a coast-to-coast investigation into the unauthorized use of credit-card numbers and long-distance dialing as well as illegal entry into computer systems by hackers, according to sources. ... AP ... Authorities fanned out with search warrants in fourteen cities Tuesday in an investigation of a large nationwide computer hacker operation. Officials of the Secret Service, U.S. Attorney's Office and Arizona Attorney General's office scheduled a news conference Wednesday to release details of the operation. UPI, 5/8 ... A Long Island [NY] teen, caught up in [the investigation], dubbed Operation Sun Devil, has been charged ... with computer tampering and computer trespass. State Police, who said [Daniel Brennan, 17], was apparently trying to set up a surreptitious messaging system using the [computer system of a Massachusetts firm] and 800 numbers, raided his home Monday along with security officials of AT&T. ... [A State Police official] said that in tracing phone calls made by Brennan ... AT&T security people found that he was regularly calling one of the prime targets of the Sun Devil probe, a ... hacker who goes by the handle "Acid Phreak." ... New York Newsday, p. 31. **************************************************************************** [from risks 9.90] ------------------------------ Date: Tue, 8 May 90 09:46:06 -0700 From: "David G. Novick" <novick@cse.ogi.edu> Subject: %Hacker' alters phone services The Spring, 1990, issue of Visions, the Oregon Graduate Institute's quarterly magazine, has an interesting article on a man who broke into telephone computers, creating the kinds of disruptions that have been discussed lately on RISKS. The programmer, named Corey Lindsly, lives in Portland, OR. He was eventually arrested and pled guilty to a felony count of stealing long-distance phone service. Here is an excerpt. --David ************************************************************************** Confessions of a Computer Hacker by Michael Rose Visions (Oregon Graduate Institute quarterly magazine) Spring, 1990 ... Perhaps the most disturbing part of Lindsly's adventures was his penetration of AT&T Switching Control Center Systems. These sensitive computers support long distance telephone service. System administrators for 17 of these computers spent over 520 hours mopping up Lindsly's damages. According to [AT&T New Jersey manager of corporate security Allen] Thompson, Lindsly could have "severely disrupted" the nations's telephone service. Lindsly, however, bristles at the suggestion of his doing potentially dangerous stunts. Anything beyond harmless pranks is "beneath the hacker ethic and uncouth," he says. He does admit to disconnecting phones, changing billing status, and adding custom calling features. He also likes to convert residential lines to coin class service, so when the unwitting homeowner picked up his phone, a recorded voice would tell him to deposit 25 cents. "Swapping people's phone numbers ... now that was great trick," he recalls, with obvious amusement. "You would have your next door neighbor's number and he would have yours, and people would call you and and ask for your neighbor, and vice versa, and everyone's getting totally confused." -------------------------------------------------------------------------- RISKS-LIST: RISKS-FORUM Digest Sunday 13 May 1990 Volume 9 : Issue 91 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: "Feds Pull Plug On Hackers" (James K. Huggins) <...other articles removed...> --rjc ------------------------------ Date: Fri, 11 May 90 12:26:08 -0400 From: James K. Huggins <huggins@dip.eecs.umich.edu> Subject: "Feds Pull Plug On Hackers": Newspaper Article >EXCERPTED From The Detroit News, Thursday, May 10, 1990, Section B, p.1: FEDS PULL PLUG ON HACKERS Computer-fraud raid hits two homes in Michigan By Joel J. Smith, Detroit News Staff Writer Secret Service agents got a big surprise when they raided a Jackson-area home as part of an investigation of a nationwide computer credit card and telephone fraud scheme. They found a manual that details how almost anybody can use a computer to steal. It also describes how to avoid detection by federal agents. On Wednesday, James G. Huse, Jr., special agent in charge of the Secret Service office in Detroit, said the manual was discovered when his agents and Michigan State Police detectives broke into a home in Clark Lake, near Jackson, on Tuesday. Agents, who also raided a home in Temperance, Mich., near the Ohio border, confiscated thousands of dollars in computer equipment suspected of being used by computer buffs -- known as hackers -- in the scheme. The raids were part of a national computer fraud investigation called Operation Sundevil in which 150 agents simultaneously executed 28 search warrants in 16 U.S. cities. Forty-two computer systems and 23,000 computer disks were seized across the country. The nationwide network reportedly has bilked phone companies of $50 million. Huse said the Secret Service has evidence that computers in both of the Michigan homes were used to obtain merchandise with illegally obtained credit card numbers. He said long-distance telephone calls from the homes also were billed to unsuspecting third parties. There were no arrests, because it was not known exactly who was using the computers at the homes. Huse also said there was no evidence that the suspects were working together. Rather, they probably were sharing information someone had put into a national computer "bulletin board". ***************************************************************************** "Computer Hacker Ring with a Bay Area Link" (From: San Francisco Chronical, May 9, 1990: A-30) The Secret Service yesterday searched as many as 29 locations in 13 cities, including the family home of an 18-year-old San Jose State University student, in an investigation of alleged fraud by computer hackers, law enforcement sources said. The 6 a.m. search on Balderstone Drive in San Jose sought computer equipment allegedly used to "deal in pirate software and electronic fraud," San Jose police Seargeant Richard Saito said in a prepared statement. The nationwide investigation, code-named "Operation Sun Devil," concerns the unauthorized use of credit card numbers and long-distance dialing codes as well as illegal entry into computer systems by hackers, said sources. Saito said the probe centered on the "Billionaire Boys Cub computer bulletin board" based in Phoenix. A press conference on the probe is scheduled today in Phoenix. The investigation in Phoenix is also focusing on incidents in which copmputer hackers allegedly changed computerized records at hospitals and police 911-emergency lines, according to one source. The San Jose suspect was identified as Frank Fazzio Jr., whom neighors said was a graduate of Pioneer High School and lives at home with his younger sister and parents. Neither he nor his family could be reached for comment. "I've never thought him capable of that sort of thing," said one neighbor in the block-long stret located in the Almaden Valley section of south San Jose. Warrants were obtained by the Secret Service to conduct the search in San Jose, as well as in Chicago; Cincinnati; Detroit; Los Angeles; Miami; Newark, N.J.; New York City; Pittsburgh; Richmond, Va.; Plano Texas; and San Diego. Under new computer crime laws, the Secret Service has jurisdiction to investigate allegations of electronic fraud through the use of access devices such as credit card numbers and codes that long-distance companies issue to indivdual callers. Defendants convicted of unauthorized use of such "access devaices" can be sentenced to 10 years in prison if they commit fraud of more than $1,000. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** Computer Underground Digest Issue #1.09 / File 6 of 6 *** *************************************************************** In CuD 1.05 I discussed the Software Publisher's Association (SPA) toll-free piracy hot line and the less than informative response my call recieved. As an addendum here is some information culled from "PC Computing" March 1990, Page 80. Software Manufacturers Tempt Illegal Users to Change Their Evil Ways This brief article, written by Christine Triano, discusses "amnesty" programs offered by XTree, XyQuest, and Unison World where users could "register" pirated copies of XTree Pro, Xywrite, and Printmaster Plus (respectively) and recieve legitimate versions at a reduced cost. XTree reports that 5000 people took them up on their SAFE (Software Amnesty Fore Everyone) offer, but the other companies have so far declined to comment on the success of thier programs. Also discussed is the SPA's auditing process where the SPA asks companies that are suspected of being users of pirated warez to let the Association examine hard drives and software purchase records, in return for strict confidentiality of the outcome. The corporation then purchases legitimate copies of all the pirated programs found, and "contributes" an equal amount to the SPA's Copyright Protection Fund. Thus the software gets purchased, the SPA's coffers are lined, and the corporation stays out of court. To date "more than half a dozen" audits have been conducted. The article concludes with a short paragraph concerning the toll-free piracy hotline: "The SPA has also set up a toll-free piracy hot line (800-388-PIR8). According to SPA director Ken Wasch, the hot line receives 15 serious calls a week. Who finks? The majority of callers are unhappy or former employees serving up their own version of just desserts." Final Note: Perhaps the "Ken" I spoke to at the SPA is Ken Wasch, the director of the organization. If so, I wonder if he considered my call about a pirate BBS to be "serious"? GRM Internet: 72307.1502@Compuserve.com =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=