****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
               ***  Volume 1, Issue #1.14 (June 14, 1990)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer
REPLY TO:     TK0JUT2@NIU.bitnet

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
            views of the moderators. Contributors assume all responsibility
            for assuring that articles submitted do not violate copyright
            protections.
--------------------------------------------------------------------


In This Issue:

File 1:  Moderators' Comments
File 2:  Mail: 1) SS jurisdiction; 2) Busts
File 3:  Craig Neidorf's New Indictment  (Gordon Meyer)
File 4:  Is this Evidence (response to indictment, Jim Thomas)
File 5:  Mike Godwin on Search Warrants etc.
--------------------------------------------------------------------


***************************************************************
***  Computer Underground Digest Issue #1.14 / File 1 of 5  ***
***************************************************************

----------------
Gordon Meyer's Subversive Thesis
-----------------

An inside source reported to us that Omar Stanford, who was indicted in
Missouri for alleged phreaking, has had all the charges against him dropped
by local authorities. They also returned all of his software and
equipment......EXCEPT FOR the infamous M.A. thesis by Gordon Meyer. No
reason was given for the failure to return it.

-------------------
Withdrawal of Some Archives
--------------------

We have been informed that files to be used for evidence against Craig
Neidorf include those in our archives.  As a result, we will not accept
requests for Phracks 19, 22, 23 or 24.  Although we find such repression
abhorent, and although it would seem to constitute a challenge to
legitimate research interests, we feel it best to err on the side of
caution and have succumbed to the "chilling effect."


***************************************************************
***  Computer Underground Digest Issue #1.14 / File 2 of 5  ***
***************************************************************

-------------
Forwarded from Telecom Digest
-------------


In article <8820@accuvax.nwu.edu> henry@garp.mit.edu writes:
>
>In reply to Frank Earl's note ... I would reckon one of the problems
>is that most people don't know where the FBI's jurisdiction begins or
>where the Secret Service's jurisdiction ends.  I had a visit on Friday
>afternoon from an FBI agent and it seemed to be mostly reasonable,
>except he identified himself as being from a unit that I wouldn't
>associate with this sort of investigation.

Secret Service jurisdiction over computer crimes is set out in
18 USC 1030(d):

    The United States Secret Service shall, in addition to any other agency
    having such authority, have the authority to investigate offenses under
    this section. [18 USC 1030 is titled "Fraud and related activity in
    connection with computers.] Such authority of the United States Secret
    Service shall be exercised in accordance with an agreement which shall
    be entered into by the Secretary of the Treasury and the Attorney
    General.

There is a similar provision in 18 USC 1029, which concerns
"Fraud and related activity in connection with access devices."


Mike Godwin, UT Law School
------------------

********************************************************************

-------------------
The following is an anonymous submission.
-------------------

Can someone answer the following?

Operation Sun Devil is a two year investigation. If I'm counting right,
including the number of federal and state officers involved in serving
search warrants, at least 300 were involved in some capacity.

Also, if I'm counting right, there have been only 9 arrests:

  1) One guy in California who was arrested during a search on
     an unrelated charge (weapon's possession)(Doc Ripco?)
  2) One guy in Chicago who was arrested during the search on an
     unrelated charge (weapons)
  3) A woman in Pittsburgh (Electra?)
  4) Terminus in New Jersey
  5) Anthony Nusall in Tucson
  6) Craig Neidorf (for publishing phrack)
  7) Robert Riggs (for E911 documents)
  8) Adam Grant (Atlanta)
  9) Frank Darden (Atlanata)

The first four were busted in January, and the last four in the last month.
So, of the 9, only 7 were busted on computer-related charges.  Of the 7,
the charges seem bogus at best, such as Craig Neidorf's, if the information
I've read is even half accurate.

Now, here's my question: If warrants are supposed to indicate a crime has
been committed, shouldn't there be more arrests if there is such a crime
wave out there? After all that time, all that investigation, all that
hype---where's all the crooks??

I suppose the cops could say it takes time to collect evidence.  But aren't
they supposed to have evidence when they get the search warrants?  How long
can it possibly take to acquire evidence if the groundwork has already been
laid and if cops supposedly know what they're looking for?? Am I missing
something? Will other charges be like those reported against Craig--for
publishing? If I havae phrack 24 and the E911 file, does that make me a
crook? If I uploaded it to a board.  Can that board be busted for receiving
stolen information?

Maybe I'm missing something, but is there something wrong here?

Where is this giant conspiracy? Where is all the harm that's going on? I
guess the cops would say they can't talk while an investigation is going
on, but hasn't it been going on for years?  Shouldn't they have something
they can convey other than general notions of threats to national security,
huge losses, major conspiracies, and the rest of their babble?

Is there something wrong with this picture??

                                             <je>

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  Computer Underground Digest Issue #1.14 / File 3 of 5  ***
***************************************************************

                 *****************************************
                 PHRACK/KNIGHT LIGHTNING INDICTMENT UPDATE
                 *****************************************

On June 12, 1990 Craig Neidorf (aka "Knight Lightning") was arraigned on
charges of Wire Fraud and Interstate Transportation of Stolen Merchandise.
This new indictment supersedes the charges that were filed against him a
few months ago.  Note that the violation of the Computer Fraud charge has
been dropped, with the wire fraud charges being added.  The interstate
transportation charge remains and is still related to his alleged receipt
of the e911 documentation.

The new Wire Fraud charges stem from 4 or 5 articles in past issues of
"Phrack Inc.".  A discussion of the specific articles named in the
indictment is found elsewhere in this issue of CuD.

Two additional changes are worth noting.  The "retail cost" of the Bell
South e911 documentation has been reduced from over $74K to $53K.
Evidently the initial estimate was incorrectly calculated.  Also, now that
the fraud charge has been dropped mandatory sentencing guidelines may no
longer require jail time should Niedorf be convicted.  (This is speculation
and has not been confirmed.)

A new trial date has been set for July 23 (possibly the 24th, our sources
were unsure of the exact date).  The trial is expected to last about one
week.  The government still plans to call 13 witnesses, some of which are
still unnamed (being listed as "a representative from Bell South, for
example).

As of this writing we have not been able to obtain a copy of the indictment
itself.  However, the information given here has been provided by those who
have seen copies of it.  There may be some errors, which will be corrected
once we can compare our synopsis to the actual document.  We were able to
obtain a copy of the first indictment with relatively little hassle,
however we have been told by both the US Attorney's office and the US
Secret Service that this time we'll have to pick up a copy in person
(which, to be fair, is standard operating procedure but it is a requirement
that we did not anticipate).  We will do so as soon as an opportunity to
visit downtown Chicago arises.  In the meantime if any CuD readers have a
copy of the new indictment we would appreciate you forwarding a copy to us.

As always we will continue to provide you with information as it becomes
available.

GRM 6/13/90

Related rumours and speculation: Sources indicate that much of the material
being introduced as evidence by the Government has been sealed by the
court.  Additionally some people connected with the case are under a court
order not to discuss certain aspects of it prior to the trial. The full
reasoning behind this, and exactly what types of material it covers, is
unknown at this time.  This propensity to keep the details out of public
scrutiny has led to speculation (from different sources) that the trial
itself may take place behind closed doors.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

***************************************************************
***  Computer Underground Digest Issue #1.14 / File 4 of 5  ***
***************************************************************

We have not yet seen a copy of Craig Neidorf's June 12 indictment, but we
are told that Phrack #19 (file 7) and Phrack #23 (file 3) will be
introduced as evidence. We are also told that this stuff is sealed, so it
would be unwise for anybody to request (or distribute) these files.

PHRACK 19 (file 7, "Phrack World News"): This file announces that The
Phoenix Project BBS returned on-line, and summarizes some general
information.  We are given the dictionary definitions of the terms
"phoenix" and "project." We are told that Summer-con '87 was held on
schedule, and that summer-con '88 would occur. We told that The Metal Shop
BBS is down, perhaps permanently. Personnel from industry and law
enforcement are explicitely invited to attend Summer-con '88.  Dangerous
stuff.

PHRACK #23, File 3 (Part III of The Vicious Circle Trilogy).  If it is true
that this file will be used as evidence, we cannot comprehend what it is
supposed to prove.  It is a list of CU groups that have existed, and the
premise of the article is that joining groups is a status thing and of no
particular value. It discusses John Maxfield's work assessing the number of
phreaks and hackers across the country, provides a logon application
required by one p/h board, and discusses possible government informants who
may have infiltrated various groups.  There is nothing here that cannot be
found in a media article or in the works of Maxfield or Donn Parker.

PHRACK #22, Files 1, 4, 5, and 6:  File 1 announces, for those who may not
have figured it out, that some old-time hackers now have jobs, but that
some still like to maintain links to the community. No names are mentioned
in this revealing blurb. It also informs readers that Phrack will publish
anonymous articles and provide E-mail delivery to legitimate accounts. The
editors request submissions and provide an index of files in this issue.

File 4 is a version of "The State of the Hack" entitled "A Novice's Guide
to Hacking- 1989 edition." It is divided into four parts:
  Part 1:  What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
  Part 2:  Packet Switching Networks: Telenet- How it Works, How to Use it,
           Outdials, Network Servers, Private PADs
  Part 3:  Identifying a Computer, How to Hack In, Operating System Defaults
  Part 4:  Conclusion; Final Thoughts, Books to Read, Boards to Call,
It is essentially an essay with some basic technical information available
in any computer science course integrated in.

Files 5 and 6 would appear to be the most serious of the files.  Both are
labelled as Unix hacking tips. This may be more a rhetorical ploy than
anything substantive. The "tips" provided can be found in help files, text
books, over-the-counter type manuals, and many, many other sources. These
files are really little more than a guide on how to use Unix. File 6,
however, does discuss how passwords might be hacked. But, so does Stoll's
The Cuckoo's Egg, and one in fact learns more from Stoll's book than from
these files. If the authors of these files had added some sex, perhaps a
murder or two, and told a few funny stories, they, too, might have had a
best seller.

Having re-read these files, some troubling questions arise.

1. It appears that the charges against Craig have shifted from the E911
files to the content of what he has published. If found guilty, would a
precedent be set that allows agents to indict anybody who prints
information about entering a computer system? Would it allow prosecution of
people who support hacking, even though they themselves have not engaged in
any illegal activities?

2.  Where would the line be drawn between legitimate and illigetimate
information?  Stoll's book provides a useful primer for a would-be Unix
hacker.  Could Stoll be indicted? What about Levy's Out of the Inner
Circle? That book, published by Microsoft, provides explicit detail on
hacking techniques. What about computer courses in a unversity?  If an
instructor provides details on how to use Unix that one could then apply
in attempting to hack a system, would that instructor be liable? What
protections would exist for teaching computer use?

3. What is the liability of anybody who possesses a copy of the Phracks in
question? What happens if they upload one to another board? If a caller to
a board, ignorant of the current witch hunt mentality, uploads a Phrack for
upload credit, as many do, then would that user be liable? Would that
constitute sufficient grounds for a search warrant that would allow
confiscation of computer equipment?

4. What is the liability of sysops? Should they remove text files for fear
that they might be raided or harrassed, even if those files are not illegal
on the fear that they might SOMEDAY be deemed illegal and justify
prosecution?

5. What happens, as occasionally does, if an attorney asks the moderators
of CuD for a copy of Phrack #22 or the E911 file?  If we send it, have we
committed a crime? If the recipient accepts it has a second crime occured?

It seems that federal agents are not particularly interested in clarifying
these issues. It leaves the status of distribution of information in limbo
and turns the "chilling effect" into a sub-zero ice storm. Perhaps this is
what they want. It strikes us as quite irresponsible.

Perhaps we are wrong, and these files are not, in fact, in question.  If
not, then we are worrying for nothing. If, however, we are correct, then it
seems that the very future of electronic communication currently hangs in
the balance. Case and statute law being formulated today will provide the
protections (or lack of them) for the computer world for the coming
decades.  The future seems to lie in electronic communication and
information flow. Without establishing protections now, we are committing
ourselves to a bleak future indeed.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=



***************************************************************
***  Computer Underground Digest Issue #1.14 / File 5 of 5  ***
***************************************************************



-------------
The following was sent simultaneously to CuD and to Telecom Digest
Mike Godwin. Pat was not able to print it, so we reprint it here.
It is a response to a TCD contributor criticizing those who are
uncomfortable with the current witch hunts.
--------------


-----------------------------------------------------------------

Newsgroups: comp.dcom.telecom
Subject: Re: Update: LOD Woes - Part II of II
References: <8763@accuvax.nwu.edu>
Reply-To: mnemonic@dopey.cc.utexas.edu.UUCP (Mike Godwin)
Distribution:
Organization: The University of Texas at Austin, Austin, Texas

In article <8763@accuvax.nwu.edu>, in a posting titled "Law 101," Frank E.
Carey writes:

>The signal to noise ratio is becoming intolerable.  Let's go back to
>FACTS and LOGIC.

Unfortunately, much of what Frank subsequently says about law-enforcement
procedures in this country is either nonfactual or illogical or both.

>Searches and seizures are authorized by warrants.  If anybody believes
>that the government raids were done without warrants I'm sure we'd all
>like to hear about it.  Whether warrants were obtained should be a
>verifiable fact.

So far as I know, there has been no dispute as to whether any of the
Operation Sun Devil searches and seizures were warrantless. Critics of this
operation are not claiming that the searches and seizures lacked warrants,
but that the warrant-approval process has proved to be an insufficient
protection of Fourth Amendment rights.

This comes as no surprise, of course, to those who have more than a high
school civics textbook familiarity with criminal procedure.

>Warrants are issued by judges and are based on evidence.

Not exactly. Typically, warrants are issued by judges (or some other
"neutral magistrate") on the basis of affidavits written by law-enforcement
agents. The agents describe and characterize the illegal activity they seek
to investigate. So long as the FORM of warrant-seeking procedure is adhered
to, the content of the warrant is rarely (one is tempted to say "never,"
but that's not quite true) inquired into by the judge. The procedure is
NONadversarial--that is, there's no one there to challenge the
law-enforcement agent's characterization of the facts. So long as the judge
has no reason to believe that the agent is INVENTING facts, she'll normally
approve the warrant.

But the agent's good faith is NOT a measure of the accuracy of the
information contained in a warrant, especially in computer-crime cases, in
which the very nature of the property crime is being defined in the process
of prosecuting alleged wrongdoers. (These are the cases that will set the
precedents for how the federal computer-crime law will be interpreted in
the future.)

There is little doubt that the agents have a good-faith belief that they
are going after genuine wrongdoers. But to assume that law-enforcement
officials have any kind of *objective* sense of the magnitude and damage of
the "crimes" being prosecuted here is to misunderstand the character of
federal law-enforcement--generally, these are a bunch of zealous (and
sometimes over-zealous) policemen who tend to define the reach of federal
crime statutes VERY broadly.

>Any
>information suggesting that warrants were improperly issued or that
>evidence was fictitious, falsified, illegally obtained, etc. would
>probably be welcomed in this forum.  I think warrants are public
>information.

This is more or less a non sequitur. It ignores the fact that warrants,
like indictments, are *rhetorical* documents, designed to convince the
reader that the goals of the writer are correct.  The question is not
whether the facts are wrong, but how they are characterized for rhetorical
purposes.

>If we can determine that searches were done with properly issued
>warrants we would have a situation that would be closer to due process
>than "abridging of First Amendment rights".

This assumes that if the Fifth Amendment requirement of Due Process (as
well as, I assume, the Fourth Amendment requirement of "reasonable"
searches and seizures), there can be no First Amendment interests at stake.
This is a misreading of Constitutional Law; the requirements of the
respective Amendments must be met independently of each other.

>Indictments are handed down by grand juries - your peers.  Indictments
>are based on evidence and are customarily (depending on jurisdiction)
>judgments that the evidence, if not refuted, is sufficient for a
>reasonable presumption of guilt.

This is incorrect. The presumption of innocence is never overcome by
grand-jury indictments, even if the allegations contained therein are
unrefuted.

Properly, one should say that a grand-jury indictment reflects a prima
facie case against the defendant(s), who are nevertheless presumed innocent
until judged guilty beyond a reasonable doubt.

>INDICTMENTS ALSO SERVE TO PROTECT
>THE ACCUSED AGAINST FRIVOLOUS PROSECUTIONS.

No, they do not. The grand-jury process is NOT a screen against any kind of
prosecution, regardless of what you may have been told.  Patrick allowed in
his comment to your letter that "sometimes" grand juries are merely
rubber-stamps for prosecutors. "Sometimes" actually is "the great majority
of the time"--it was not for nothing that Rudy Giuliani said he could get
the jury to indict a ham sandwich.  Grand-jury proceedings are orchestrated
by prosecutors, and no one has a right to have her attorney present when
questioned by the grand jury.

>Once you have been indicted you
>go to trial.  The indictment is not a guilty verdict!

No, but it vastly increases the likelihood of one, especially if it comes
from a federal grand jury. Assuming that you can afford the cost of
defending yourself in federal court (most people find the cost crippling),
you're up against an organization that has fact-gathering organizations in
every state in the U.S., and whose agents have automatic credibility with
most jurors.

>It's hard for
>me to conclude that indictment by grand jury constitutes harassment by
>government.

How soon we forget the 1960s!

>If you don't like the grand jury process or you don't
>trust your peers to evaluate evidence you've got a more fundamental
>problem that probably belongs in net.politics.

Or, perhaps, on misc.legal, where this topic has been discussed in the
past.

>Some postings imply that motive or resulting damage should be a factor
>in these cases.  I think we need to read the law and look at the way
>the courts apply the law.  It's not helpful to argue a case on the
>basis of what you think the law should be.

Sure it is, when the law is being interpreted in new and more expansive ways.
Moreover, given the fact that even unindicted third parties can be crippled by
overzealous (but warranted) seizures, Fourth Amendment interests require that
we tell judges and legislators how we think the law should be interpreted.

>Perhaps the biggest problem some of you have with the raids, seizures,
>is that you don't like the law.  If that's the case go see your
>congressman and stop flaming the law enforcement people.

This statement assumes that law-enforcement folks have no discretion in how
they conduct their searches or prosecutions. This is untrue.  Some
law-enforcement agents have a great deal of respect for the Constitution,
while others have an us/them mentality that motivates them to pay only
cursory attention to the Constitutional interests at stake.

>The common carrier issue is one of the few lucid topics to surface
>recently.  Indeed, we don't arrest the UPS guy for delivering a
>package of stolen property and we don't sieze the mail truck when it
>contains stolen documents being mailed.  Is the law weak on this
>aspect of computer crime?

Yes, indeed. Which is one of the main problems.

>Should sysops be treated as common
>carriers?  Would this solve some problems but create others?  I'd be
>interested in opinions on this.

Sysops who received common-carrier status would be a bit dismayed at their
inability to deny access to some users. What is needed is a new status,
somewhere between common-carrier and private-operator status.  Such a
middle ground would allow sysops to control their user bases while not
being required to read every bit of verbal information that is transferred
into or through their systems.

>Disclaimer:  I'm not an attorney and I have no personal connection
>with  any of the discussed cases.  My views may be colored by the
>report in UNIX Today 5/28/90 that Leonard Rose was accused of
>stealing source code from my employer.

It may be that Len Rose was indicted for "stealing source code" (I haven't
seen that particular indictment), but the other Legion of Doom indictments
concern the alleged "theft" of an E911 text document. Many newspapers and
journals have misreported this.

Disclaimer: I have a law degree, but until I take and pass the bar exam, I
won't be a lawyer, either.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                              END C-u-D, #1.14                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=