Computer underground Digest Fri July 17, 1992 Volume 4 : Issue 31 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Copy Editor: Etaion Shrdlu, Jr. Archivist: Brendan Kehoe Archivist in spirit: Bob Kusumoto Shadow-Archivist: Dan Carosone CONTENTS, #4.31 (July 17, 1992) File 1--MOD Indictment (July, '92) File 2--Newsbytes Editorial on MOD Indictment Back issues of CuD can be found in the Usenet alt.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from American Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: 17 Jul 92 16:43:21 CDT From: Moderators <tk0jut2@mvs.cso.niu.edu> Subject: File 1--MOD Indictment (July, '92) ((Moderators' note: The following is the complete indictment of five MOD members (see CuD 4.30 for background)). UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK - - - - - - - - - - - - - - - - - - - -X : UNITED STATES OF AMERICA : : - v - : : JULIO FERNANDEZ, a/k/a "Outlaw," : _INDICTMENT_ JOHN LEE, a/k/a "John Farrington," : a/k/a "Corrupt," : MARK ABENE, a/k/a "Phiber Optik," : ELIAS LADOPOULOS, : 92 Cr. a/k/a "Acid Phreak," and : PAUL STIRA, a/k/a "Scorpion" : : Defendants : : - - - - - - - - - - - - - - - - - - - -X _COUNT ONE_ Conspiracy The Grand Jury Charges: _Introduction_ 1. At all times relevant to this indictment: (a) MOD was a closely knit group of computer hackers located primarily in the New York City area. (The term "computer hacker" refers to someone who uses a computer or a telephone to obtain unauthorized access to other computers). The letters "MOD" had various meanings, among them "Masters Of Disaster" and "Masters of Deception." (b) At various times, the defendants JULIO FERNANDEZ, JOHN LEE, MARK ABENE, ELIAS LADOPOULOS and PAUL STIRA were members of MOD. Within MOD and in the course of their computer hacking activities, the defendants frequently identified themselves by their nicknames or hacking "handles." In particular, JULIO FERNANDEZ used the name "Outlaw," JOHN LEE used - 1- the name "Corrupt," MARK ABENE used the name "Phiber Optik," ELIAS LADOPOULOS used the name "Acid Phreak," and PAUL STIRA used the name "Scorpion." JOHN LEE was also known to his associates as "John Farrington." (c) Southwestern Bell Telephone Company ("Southwestern Bell") was a regional telephone company that provided local telephone service to millions of customers in Arkansas, Kansas, Missouri, Oklahoma and Texas. Southwestern Bell's telephone system was controlled and operated by numerous computers located throughout the above-named states, including telephone switching computers. The telephone switching computers operated by Southwestern Bell and other telephone companies were large computers that controlled call routing, calling features (such as call forwarding, call waiting and three-way calling), billing and other telephone services for tens of thousands of telephone lines each. Southwestern Bell's headquarters were located in St. Louis, Missouri. (d) BT North America Inc. was an international corporation that provided telecommunications services throughout the world. Among BT North America's businesses in the United States was the operation of a data transfer network called Tymnet. The Tymnet network was an international network through which customers could transmit electronic communications. The Tymnet network was controlled and operated by numerous computers located throughout the United States and elsewhere. BT North America's headquarters were located in San Jose, California. - 2 - (e) New York Telephone Company ("New York Telephone") was a regional telephone company that provided local telephone service to millions of customers in New York State. New York Telephone's telephone system was controlled and operated by numerous computers located throughout New York State. New York Telephone's headquarters were located in New York City. (f) Pacific Bell and U.S. West were regional telephone companies that provide telephone service to customers in, among other states, California and Idaho, respectively. One of the telephone switching computers operated by Pacific Bell was located in Santa Rosa, California. One of the telephone switching computers operated by U.S. West was located in Boise, Idaho. (g) Martin Marietta Electronics Information and Missile Group ("Martin Marietta") was an aerospace and engineering company located in Orlando, Florida. Martin Marietta operated a telephone switching computer that handled the company's telephone lines. (h) International Telephone and Telegraph Company ("ITT"), was a telecommunications company. One of the ways that ITT provided telephone services to customers was to provide customers with personal identification numbers. Customers could dial local or toll free telephone numbers assigned to ATT, enter their personal identification numbers, and then obtain local and long distance calling services that would be charged to their accounts. - 3 - (i) Information America, Inc., was a computerized information service that provided subscribers with accesses to telephone numbers, addresses, business abstracts and other information regarding individuals and businesses throughout the United States. Information America's headquarters and its primary computer data base were located in Atlanta, Georgia. (j) TRW Information Services ("TRW") and Trans Union Corporation ("Trans Union") were credit reporting services that provided subscribers with access to credit reports and other information. One of the ways that subscribers could obtain credit information was to use a computer to access data bases maintained by TRW and Trans Union. TRW's primary data base was located in Anaheim, California. Trans Union's primary data base was located in Chicago, Illinois. (k) The Learning Link was a computerized information system operated by the Educational Broadcasting Corporation in New York City. The Learning Link computer provided educational and instructional information to hundreds of schools and educators in New York, New Jersey and Connecticut. Access to the Learning Link computer was limited to persons and institutions who subscribed to the service and paid a membership fee. (l) New York University ("NYU") was a large university located in New York City. NYU operated a computer system for faculty, students and other authorized users. One of the services provided by the NYU computer systems was to allow - 4 - authorized users to make local and long distance telephone calls for the purpose of connecting to other computers outside of NYU. Authorized users of the NY computer could obtain outdial service by accessing the NYU computer system and entering a billing code. The call would then be charged to the authorized users' account. (m) The University of Washington was a large university located in Seattle, Washington, The University of Washington operated numerous computers for use by faculty, students and other authorized users. (n) The Bank of America was a national Bank located in California and elsewhere. The Bank of America operated a data transfer network that was used to transmit electronic communications of Bank of America employees and others. _The Conspiracy_ 2. From in or about 1989 through the date of the filing of this Indictment, in the Southern District of New York and elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," MARK ABENE, a/k/a "Phiber Optik," ELIAS LADOPOULOS, a/k/a "Acid Phreak," and PAUL STIRA, a/k/a "Scorpion," the defendants, and others known and unknown to the Grand Jury (collectively the "co-conspirators"), unlawfully, willfully and knowingly did combine, conspire, confederate and agree together and with each other to commit offenses against the United States of America, to wit, to possess unauthorized access devices with the intent to defraud, in violation of Title 18, United States Code, Section 1029(a)(3); to use and traffic in - 5 - unauthorized access devises with the intent to defraud, in violation of Title 18, United States Code, Section 1029(a)(2); to access federal interest computers without authorization, in violation of Title 18, United States Code, Section 1030(a)(5)(a); to intercept electronic communications, in violation of Title 18, United States Code, Section 2511(1)(a); and to commit wire fraud, in violation of Title 18, United States Code, Section 1343. _Objects of the Conspiracy_ _Possession of Unauthorized Access Devices_ 3. It was a part and object of the conspiracy that the co-conspirators unlawfully, willfully, knowingly and with the intent to defraud, would and did possess fifteen and more unauthorized access devices, to wit, the co-conspirators would and did posess fifteen and more unauthorized passwords, user identifications, personal identification numbers and other access devices that permitted access to computer systems, data bases and telephone services of Southwestern Bell, BT North America, New York Telephone, ITT, Information America, TRW, Trans Union, NYU and others, in violation of Title 18, United States Code, Section 1029(a)(3). _Use of Unauthorized Access Devices_ 4. It was a further part and object of the conspiracy that the co-conspirators unlawfully, willfully, knowingly and with the intent to defraud, would and did use one or more unauthorized access devices during a one year period, and by such conduct obtain something of value aggregating $1,000 and more - 6 - during that period, to wit, the co-conspirators would and did use unauthorized access devices of Southwestern Bell, BT North America, New York Telephone, ITT, Information America, TRW, Trans Union, NYU and others in order to obtain information services, credit reporting services, telephone services and other things of value aggregating in excess of $1,000 during a one year period, in violation of Title 18, United States Code, Section 1029(a)(2). _Unauthorized Access of Computers_ 5. It was a further part and object of the conspiracy that the co-conspirators unlawfully, willfully, knowingly and intentionally would and did access federal interest computers without authorization, and by means of such conduct alter, damage and destroy information in such federal interest computers and prevent authorized use of such computers and information, and thereby cause loss to one or more others of a value aggregating $1,000 and more during a one year period, to wit, the co- conspirators would and did access computers belonging to Southwestern Bell, BT North America and others without authorization, and by means of such conduct altered telephone services, installed their own computer programs and made other modifications, thereby causing losses aggregating $1,000 and more during a one year period, in violation of Title 18, United States Code, Section 1030(a)(5)(A). _Interception of Electronic Communications_ 6. It was a further part and object of the conspiracy that the co-conspirators unlawfully, willfully, knowingly and - 7 - intentionally would and did intercept, endeavor to intercept and procure other persons to intercept electronic communications, to wit, the co-conspirators would and did intercept, endeavor to intercept and procure other persons to intercept passwords, user identifications and other electronic communications as such communications were being transmitted over Tymnet and other data transfer networks, in violation of Title 18, United States Code, Section 2511(1)(a). _Wire Fraud_ 7. It was a further part and object of the conspiracy that the co-conspirators, unlawfully, willfully and knowingly, and having devised a scheme and artifice to defraud and for obtaining money and property by means of false and fraudulent pretenses, representations and promises, would and did transmit and cause to be transmitted by means of wire communications in interstate and foreign commerce, signs, signals and sounds for the purpose of executing the scheme to defraud, to wit, the co- conspirators would and did transmit and cause to be transmitted passwords, user identifications, personal identification numbers, telephone tones and other signs, signals and sounds for the purpose of executing a scheme to obtain telephone services, credit reporting services, information services and other services free of charge, in violation of Title 18, United States Code, Section 1343. - 8 - _Goal of the Conspiracy_ 8. It was the goal of the conspiracy that the members of MOD would gain access to and control of computer systems in order to enhance their image and prestige among other computer hackers; to harass and intimidate rival hackers and other people they did not like; to obtain telephone, credit, information and other services without paying for them; and to obtain passwords, account numbers and other things of value which they could sell to others. _Means and Methods of the Conspiracy_ 9. Among the means and methods by which the co- conspirators would and did carry out the conspiracy were the following: (a) The co-conspirators formed the group MOD to further their computer hacking activities and to compete with other computer hackers in their quest for and access to and control of computer systems. (b) The members of MOD exchanged computer-related information among themselves including passwords, user identifications and personal identification numbers. The members of MOD also assisted each other in breaking into computer systems by sharing technical information regarding the configuration and security systems of target computers. The members of MOD agreed to share important computer information only among themselves and not with other computer hackers. - 9 - (c) The co-conspirators obtained passwords, user identifications and other unauthorized access devices through a variety of means including the following: (i) Data interception--The co-conspirators intercepted access codes as the codes were being transmitted over Tymnet and other data transfer networks. The co-conspirators were able to perform such interceptions on Tymnet by obtaining unauthorized access to Tymnet computers which controlled the transfer of electronic communications over the network. Using their unauthorized access to Tymnet computers, the co- conspirators monitored and intercepted information that Tymnet personnel and others using the Tymnet network were sending through the network, including user identifications and passwords used by Tymnet personnel and others. (ii) Social Engineering -- The co- conspirators made telephone calls to the telephone company employees and other persons, and pretended to be computer technicians or others who were authorized to obtain access devices and related information. The co-conspirators then caused the unwitting targets of their calls to furnish access devices and other proprietary information. The co-conspirators referred to this technique as "social engineering." (iii) Password Grabbing and Password Cracking Programs -- The co-conspirators wrote and used various computer programs that were designed to steal passwords from computers in which the programs were inserted. The co-conspirators maintained - 10 - other programs that were designed to"crack" encrypted passwords, that is, to take passwords that had been scrambled into a code for security purposes, and to break the code so that the passwords could be used to obtain unauthorized access to computer systems. (d) When the co-conspirators broke into computer systems, they installed "back door" programs to ensure that they would continue to have access to the computers. These back door programs were designed to modify computers in which they were inserted so that the computer would give the highest level of access ("root" access) to anyone using a special password that was known to the members of MOD. Some of these back door programs also included additional features that were designed to modify computers in which they were inserted so that (i) the computer would store the passwords of legitimate users in a secret file that was known to the members of MOD; (ii) the computer would display a message that read, in part, "This system is owned, controlled, and administered by MOD" to anyone who accessed the system using the password "MOD"; and (iii) the computer would be destroyed if anyone accessed the system using another special password known to the members of MOD. (e) The co-conspirators obtained free telephone and data transfer services for themselves and for each other by: (i) obtaining unauthorized access to telephone company computers and adding and altering calling features; and (ii) maintaining and exchanging personal identification numbers, passwords, - 11 - billing codes and other access devices that allowed them to make free local and long distance telephone calls as well as to transmit and receive electronic communications free of charge. (f) One of the ways that the co-conspirators obtained free telephone service by their access to telephone switching computers was to call forward unassigned local telephone numbers to long distance numbers or to pay per call services such as conference calling services. By setting up such call forwards the co-conspirators could make long distance and conferences calls for the price of a call to the local unassigned number. (g) The co-conspirators obtained information including credit reports, telephone numbers, addresses, neighbor listings and social security numbers of various individuals by obtaining unauthorized access to information and credit reporting services. _Overt Acts_ 10. In furtherance of the conspiracy and to effect the objects thereof, the co-conspirators committed the following acts among others in the Southern District of New York and elsewhere: (a) On or about November 28, 1989, members of MOD caused virtually all of the information contained within the Learning Link computer operated by the Educational Broadcasting Corporation to be destroyed, and caused a message to be left on the computer that said, in part: "Happy Thanksgiving you turkeys, - 12 - from all of us at MOD" and which was signed with the names "Acid Phreak," "Phiber Optik" and "Scorpion" among others. (b) On or about January 8, 1990, from his residence in Queens, New York, ELIAS LADOPOULOS, a/k/a "Acid Phreak," accessed a New York Telephone switching computer without authorization. During the call, LADOPOULOS issued commands to automatically call forward all calls received by one telephone number to another telephone number. (c) On or about January 24, 1990, at his college dormitory room in Farmingdale, New York, PAUL STIRA, a/k/a "Scorpion," possessed numerous password files containing hundreds of encrypted and unencrypted user identifications and passwords to telephone company computers and other computers. (d) On or about January 24, 1990, at his college dormitory room in Farmingdale, New York, PAUL STIRA, a/k/a "Scorpion," possessed a back door computer program and a password grabbing program. The back door program included a feature that was designed to modify a computer in which the program was inserted so that the computer would be destroyed if someone accessed it using a certain password. (e) On or about May 31, 1991, from his residence in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," obtained unauthorized access to a Southwestern Bell computer in St. Louis, Missouri. (f) On or about October 28, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw," - 13 - obtained unauthorized access to a Southwestern Bell telephone switching computer in Houston, Texas and issued commands so that calls received by one telephone number would be automatically forwarded to another number. (g) On or about October 31, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw," obtained unauthorized access to a U.S. West telephone switching computer in Boise, Idaho. (h) On or about November 1, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw," called a New York Telephone technician. During the call, FERNANDEZ pretended to be another New York Telephone employee and convinced the technician to provide information regarding access to a New York Telephone switching computer in Mt. Vernon, New York. (i) On or about November 1, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw," made multiple calls to a New York Telephone switching computer in Mt. Vernon New York. During the calls, FERNANDEZ call forwarded numbers and obtained detailed information regarding telephone services provided by the switch. (j) On or about November 5, 1991, from his residence in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," obtained a user identification and password by monitoring electronic communications on the Tymnet network. Later, on November 5, 1991, JOHN LEE called JULIO - 14 ' FERNANDEZ, a/k/a "Outlaw," and provided FERNANDEZ with the intercepted user identification and password. (k) On or about November 6, 1991, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," had a telephone conversation with MARK ABENE, a/k/a "Phiber Optik." During the conversation, LEE provided ABENE with the user identification and password that LEE had intercepted the previous day. (l) On or about November 6, 1991, JOHN LEE, a/k/a "John Farrington," a/k/a "corrupt," had a telephone conversation with another member of MOD, during which they discussed obtaining information from another hacker about how to alter TRW credit reports. LEE said that the information he wanted to obtain included instructions on how to add and remove delinquency reports, "to destroy people's lives. . .or make them look like saints." (m) On or about November 14, 1991, JULIO FERNANDEZ, a/k/a "Outlaw," and JOHN LEE, a/k/a "Corrupt," had a telephone conversation. During the conversation, FERNANDEZ and LEE discussed a lengthy list of institutions that operated computers, including government offices, private companies and an Air Force base. In the course of the conversation, FERNANDEZ said, "We've just got to start hitting these sites left and right." (n) On or about November 14, 1991, at his residence in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," obtained unauthorized access to - 15 - Trans Union's computerized data base and obtained credit reports on several individuals. (o) On or about November 22, 1991, at his residence in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," obtained unauthorized access to Information American's computerized data base and obtained personal information concerning several individuals. (p) On or about November 23, 1991, MARK ABENE, a/k/a "Phiber Optik," and JULIO FERNANDEZ, a/k/a "Outlaw," had a telephone conversation. During the conversation, ABENE gave FERNANDEZ advice concerning how to call forward telephone numbers on a certain type of telephone switching computer. (q) On or about November 25, 1991, JULIO FERNANDEZ, a/k/a "outlaw," and JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," obtained several hundred dollars from Morton Rosenfeld, a co-conspirator not named herein as a defendant, in exchange for providing Rosenfeld with information regarding how to obtain unauthorized access to credit reporting services. (r) On or about November 25, 1991, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," JULIO FERNANDEZ, a/k/a "Outlaw," and MARK ABENE, a/k/a "Phiber Optik," had a three way telephone conversation. During the conversation, LEE and FERNANDEZ provided ABENE with user identifications and passwords of Southwestern Bell and Information America. (s) On or about November 26, 1991, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," and MARK ABENE, a/k/a "Phiber - 16 - Optik," had a telephone conversation. During the conversation, LEE and ABENE discussed obtaining unauthorized access to Southwestern Bell computes and LEE provided ABENE with a series of Southwestern Bell user identifications and passwords. A short while later, ABENE called LEE and reported that one of the passwords worked and that he had obtained information from a Southwestern Bell computer. (t) On or about November 27, 1991, ELIAS LADOPOULOS, a/k/a "Acid Phreak," had a telephone conversation with JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt." During the conversation, LADOPOULOS asked LEE to obtain personal information on an individual. (u) On or about November 27, 1991, from his residence in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt" obtained unauthorized access to Information America's computerized data base and obtained personal information on the individual that ELIAS LADOPOULOS, a/k/a "Acid Phreak," had requested. LEE the called LADOPOULOS and gave him the information. (v) On or about November 30, 1991, JULIO FERNANDEZ, a/k/a "Outlaw," provided associates of Morton Rosenfeld with an account number and password for TRW. Between November 30, 1991, and December 2, 1991, Rosenfeld and his associates used the TRW account number and password to obtain approximately 176 credit reports on various individuals. - 17 - (w) On or about December 1, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw," obtained unauthorized access to a Pacific Bell Telephone switching computer in Santa Rosa, California. (x) On or about December 1, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "outlaw," obtained unauthorized access to a Southwestern ell telephone switching computer in Saginaw, Texas. (y) On or about December 4, 1991, from his residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw," obtained unauthorized access to a Martin Marietta telephone switching computer in Orlando, Florida. During the call, FERNANDEZ added a feature to one of the telephone numbers services by the switch. (z) On or about December 6, 1991, at his residence in Queens, New York, MARK ABENE, a/k/a "Phiber Optik," possessed numerous proprietary technical manuals of BT North America, including manuals that described the operation of Tymnet computers and computer programs. (Title 18, United States Code, Section 371.) - 18 - _COUNT TWO_ _Unauthorized Access to Computers_ The Grand Jury further charges: 11. Between on or about January 1, 1991 and on or about January 1, 1992, in the Southern District of New York and elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," JOHN LEE, a/k/a "John Farrington,"a/k/a "Corrupt," and MARK ABENE, a/k/a "Phiber Optik," the defendants, and others whom they aided and abetted, unlawfully, willfully, knowingly and intentionally did access federal interest computers without authorization, and by means of such conduct did alter, damage and destroy information in such federal interest computers and prevent authorized use of such computers and information and thereby cause loss to one or more others of a value aggregating $1,000 and more during a one year period, to wit, JULIO FERNANDEZ, JOHN LEE, MARK ABENE, and others whom they aided and abetted, accessed Southwestern Bell computers without authorization and by means of such conduct altered calling features, installed back door programs, and made other modifications which caused losses to Southwestern Bell of approximately $370,000 in the form of expenses to locate and replace computer programs and other information that hand been modified or otherwise corrupted, expenses to determine the source of the unauthorized intrusions, and expenses for new computers and security devices that were necessary to prevent continued unauthorized access by the defendants and others whom they aided and abetted. (Title 18, United States Code, Sections 1030(a)(5)A) and 2.) - 19 - _COUNT THREE_ _Possession of Unauthorized Access Devices_ The Grand Jury further charges: 12. On or about December 6, 1991, in the Southern District of New York, JULIO FERNANDEZ, a/k/a "outlaw," the defendant, unlawfully, willfully and knowingly, and with the intent to defraud, did possess fifteen and more unauthorized access devices, to wit, JULIO FERNANDEZ possessed several hundred unauthorized user identifications and passwords of Southwestern Bell, BT North America, TRW and others with the intent to defraud said companies by using the access devices to obtain services and to obtain access to computers operated by said companies under the false pretenses that FERNANDEZ was an authorized user of the access devices. (Title 18, United States Code, Section 1029(a)(3).) _COUNTS FOUR THROUGH SIX_ _Interception of Electronic Communications_ The Grand Jury further charges: 13. On or about the dates set forth below, in the Southern District of New York and elsewhere, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," the defendant, unlawfully, willfully, knowingly and intentionally, did intercept and endeavor to intercept electronic communications, to wit, on the dates set forth below, JOHN LEE did intercept and endeavor to intercept electronic communications, including user -20 - identifications and passwords, as the communications were being transmitted over the Tymnet network. _Count_ _Date of Interception_ Four November 5, 1991 Five November 12, 1991 Six November 15, 1991 (Title 18, United States Code, Section 2511(1)(a).) _COUNT SEVEN_ _INTERCEPTION OF ELECTRONIC COMMUNICATIONS_ The Grand Jury further charges: 14. On or about December 1, 1991, in the Southern District of New York and elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," and JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," the defendants, unlawfully, willfully, knowingly and intentionally, did intercept, endeavor to intercept and procure others to intercept electronic communications, to wit, JULIO FERNANDEZ gave JOHN LEE a password that JOHN LEE used to intercept electronic communications as the communications were being transmitted over a data transfer network operated by the Bank of America. (Title 18, United States Code, Sections 2511(1)(a) and 2.) - 21 - _COUNTS EIGHT AND NINE_ _Wire Fraud_ The Grand Jury further charges: 15. From in or about June 1991 through the date of the filing of this Indictment, in the Southern District of New York, JULIO FERNANDEZ, a/k/a "Outlaw," the defendant, unlawfully, willfully and knowingly and having devised and intending to devise a scheme and artifice to defraud and for obtaining property by means of false and fraudulent pretenses and representations, to wit, a scheme to obtain unauthorized access to NYU's computer system and to use an NYU Billing code that was not assigned to him to obtain free telephone connections to computers outside of NYU, did, for the purpose of executing such scheme, transmit and cause to be transmitted by means of wire communications in interstate commerce, writings, signs,and signals, to wit: Destination Called _Count_ _Date of Call to NYU_ _From NYU Computer_ 8 November 29, 1991 Southwestern ell 5ESS telephone switching computer El Paso, Texas 9 December 5, 1991 University of Washington computer system Seattle, Washington (Title 18, United States Code, Section 1343.) - 22 - _COUNTS TEN AND ELEVEN_ _Wire Fraud_ The Grand Jury further charges: 15. From in or about June, 1991 through the date of the filing of this Indictment, in the Southern District of New York, JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," the defendant, unlawfully, willfully and knowingly and having devised and intending to devise a scheme and artifice to defraud and for obtaining property by means of false and fraudulent pretenses and representations, to wit, a scheme to obtain unauthorized access to NYU's computer system and to use an NYU billing code that was not assigned to him to obtain free telephone connections to computers outside of NYU, did, for the purpose of executing such scheme, transmit and cause to be transmitted by means of wire communications in interstate commerce, writings, signs, and signals, to wit: Destination Called _Count_ _Date of Call to NYU_ _From NYU Computer_ 10 November 21,1991 University of Washington computer system Seattle, Washington 11 November 23, 1991 University of Washington computer system Seattle, Washington (Title 18, United States Code, Section 1343.) (signed) _________________ ___________________________ Foreperson OTTO G. OBERMAIER United States Attorney - 23 - ------------------------------ Date: 14 Jul 92 22:02:12 PDT From: mcmullen@well.sf.ca.us Subject: File 2--Newsbytes Editorial on MOD Indictment NEWSBYTES EDITORIAL Second Thoughts On New York Computer Crime Indictments 7/13/92 NEW YORK, N.Y., U.S.A., 1992 JULY 13 (NB) -- On Wednesday, July 9th, I sat at a press briefing in New York City's Federal Court Building during which law enforcement officials presented details relating to the indictment of 5 young computer "hackers". In describing the alleged transgressions of the indicted, United States Assistant Attorney Stephen Fishbein wove a tale of a conspiracy in which members of an evil sounding group called the "Masters of Destruction" (MOD) attempted to wreck havoc with the telecommunications system of the country. The accused were charged with infiltrating computer systems belonging to telephone companies, credit bureaus, colleges and defense contractors --Southwestern Bell, BT North America, New York Telephone, ITT, Information America, TRW, Trans Union, Pacific Bell, the University of Washington, New York University, U.S. West, Learning Link, Tymnet and Martin Marietta Electronics Information, and Missile Group. They were charged with causing injury to the telephone systems, charging long distance calls to the universities, copying private credit information and selling it to third parties -- a long list of heinous activities. The immediate reaction to the indictments were predictably knee-jerk. Those who support any so-called "hacker"-activities mocked the government and the charges that were presented, forgetting, it seems to me, that these charges are serious -- one of the accused could face up to 40 years in prison and $2 million in fines; another - 35 years in prison and $1.5 million in fines. In view of that possibility, it further seems to me that it is a wasteful diversion of effort to get all excited that the government insists on misusing the word "hacker" (The indictment defines computer hacker as "someone who uses a computer or a telephone to obtain unauthorized access to other computers.") or that the government used wiretapping evidence to obtain the indictment (I think that, for at least the time being that the wiretapping was carried out under a valid court order; if it were not, the defendants' attorneys will have a course of action.). On the other hand, those who traditionally take the government and corporate line were publicly grateful that this threat to our communications life had been removed -- they do not in my judgement properly consider that some of these charges may have been ill-conceived and a result of political considerations. Both groups, I think, oversimplify and do not give proper consideration to the wide spectrum of issues raised by the indictment document. The issues range from a simple black-and-white case of fraudulently obtaining free telephone time to the much broader question of the appropriate interaction of technology and law enforcement. The most clear cut cases are the charges such as the ones which allege that two of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee a/k/a "Corrupt" fraudulently used the computers of New York University to avoid paying long distance charges for calls to computer systems in El Paso Texas and Seattle, Washington. The individuals named either did or did not commit the acts alleged and, if it is proven that they did, they should receive the appropriate penalty (it may be argued that the 5 year, $250,000 fine maximum for each of the counts in this area is excessive but that is a sentencing issue not an indictment issue.). Other charges of this black-and-white are those that allege that Fernandez and/or Lee intercepted electronic communications over networks belonging to Tymnet and the Bank of America. Similarly, the charge that Fernandez, on December 4, 1991 possessed hundreds of user id's and passwords of Southwestern Bell, BT North America and TRW fits in the category of "either he did it or he didn't." A more troubling count is the charge that the indicted 5 were all part of a conspiracy to "gain access to and control of computer systems in order to enhance their image and prestige among other computer hackers; to harass and intimidate rival hackers and people they did not like; to obtain telephone, credit, information, and other services without paying for them; and to obtain. passwords, account numbers and other things of value which they could sell to others." To support this allegation, the indictment lists 26, lettered A through Z, Overt Acts" to support the conspiracy. While this section of the indictment lists numerous telephone calls between some of the individuals, it mentions the name Paul Stira a/k/a "Scorpion" only twice with both allegations dated "on or about" January 24, 1990, a full 16 months before the next chronological incident. Additionally, Stira is never mentioned as joining in any of the wiretapped conversation -- in fact, he is never mentioned again! I find it hard to believe that he could be considered, from these charges, to have engaged in a criminal conspiracy with any of the other defendants. Additionally, some of the allegations made under the conspiracy count seem disproportionate to some of the others. Mark Abene a/k/a "Phiber Optik" is of possessing proprietary technical manuals belonging to BT North America while it is charged that Lee and Hernandez, in exchange for several hundred dollars, provided both information on how to illegally access credit reporting bureaus and an actual TRW account and password to a person, Morton Rosenfeld, who later illegally accessed TRW, obtained credit reports on 176 individuals and sold the reports to private detective (Rosenfeld, indicted separately, pled guilty to obtaining and selling the credit reports and named "Julio" and "John" as those who provided him with the information). I did not see anywhere in the charges any indication that Abene, Stira or Elias Lapodoulos conspired with or likewise encouraged Lee or Fernandez to sell information involving the credit bureaus to a third party Another troubling point is the allegation that Fernandez, Lee, Abene and "others whom they aided and abetted" performed various computer activities "that caused losses to Southwestern Bell of approximately $370,000." The $370,000 figure, according to Assistant United States Attorney Stephen Fishbein, was developed by Southwestern Bell and is based on "expenses to locate and replace computer programs and other information that had been modified or otherwise corrupted, expenses to determine the source of the unauthorized intrusions, and expenses for new computers and security devices that were necessary to prevent continued unauthorized access by the defendants and others whom they aided and abetted." While there is precedent in assigning damages for such things as "expenses for new computers and security devices that were necessary to prevent continued unauthorized access by the defendants and others whom they aided and abetted." (the Riggs, Darden & Grant case in Atlanta found that the defendants were liable for such expenses), many feel that such action is totally wrong. If a person is found uninvited in someone's house, they are appropriately charged with unlawful entry, trespassing, burglary --whatever th statute is for the transgression; he or she is, however, not charged with the cost of the installation of an alarm system or enhanced locks to insure that no other person unlawfully enters the house. When I discussed this point with a New York MIS manager, prone to take a strong anti-intruder position, he said that an outbreak of new crimes often results in the use of new technological devices such as the nationwide installation of metal detectors in airports in the 1970's. While he meant thi as a justification for liability, the analogy seems rather to support the contrary position. Air line hijackers were prosecuted for all sorts of major crimes; they were, however, never made to pay for the installation of the metal detectors or absorb the salary of the additional air marshalls hired to combat hijacking. I think the airline analogy also brings out the point that one may both support justifiable penalties for proven crimes and oppose unreasonable ones -- too often, when discussing these issues, observers choose one valid position to the unnecessary exclusion of another valid one. There is nothing contradictory, in my view, to holding both that credit agencies must be required to provide the highest possible level of security for data they have collected AND that persons invading the credit data bases, no matter how secure they are, be held liable for their intrusions. We are long past accepting the rationale that the intruders "are showing how insecure these repositories of our information are." We all know that the lack of security is scandalous; this fact, however, does not excuse criminal behavior (and it should seem evident that the selling of electronic burglar tools so that someone may copy and sell credit reports is not a public service). The final point that requires serious scrutiny is the use of the indictment a a tool in the on-going political debate over the FBI Digital Telephony proposal. Announcing the indictments, Otto G. Obermaier, United States Attorney for the Southern District of New York, said that this investigation was "the first investigative use of court-authorized wiretaps to obtain conversations and data transmissions of computer hackers." He said that this procedure was essential to the investigation and that "It demonstrates, think, the federal government's ability to deal with criminal conduct as it moves into new technological areas." He added that the interception of data was possible only because the material was in analog form and added "Most of the new technology is in digital form and there is a pending statute in Congress which seeks the support of telecommunications companies to allow the federal government, under court authorization, to intercept digital transmission. Many of you may have read the newspaper about the laser transmission which go through fiber optics as a method of the coming telecommunications method. The federal government needs the help of Congress and, indeed, the telecommunications companies to able to intercept digital communications." The FBI proposal has been strongly attacked by the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and Computer Professionals for Social Responsibility (CPSR) as an attempt to institutionalize, for the first time, criminal investigations as a responsibility of the communications companies; a responsibility that they feel belongs solely to law-enforcement. Critics further claim that the proposal will impede the development of technology and cause developers to have to "dumb-down" their technologies to include the requested interception facilities. The FBI, on the other hand, maintains that the request is simply an attempt to maintain its present capabilities in the face of advancing technology. Whatever the merits of the FBI position, it seems that the indictments either would not have been made at this time or, at a minimum, would not have been done with such fanfare if it were not for the desire to attempt to drum up support for the pending legislation. The press conference was the biggest thing of this type since the May 1990 "Operation Sun Devil" press conference in Phoenix, Arizona and, while that conference, wowed us with charges of "hackers" endangering lives by disrupting hospital procedures and being engaged in a nationwide, 13 state conspiracy, this one told us about a bunch of New York kids supposedly engaged in petty theft, using university computers without authorization and performing a number of other acts referred to by Obermaier as "anti-social behavior" -- not quite as heady stuff! It is not to belittle these charges -- they are quite serious -- to question the fanfare. The conference was attended by a variety of high level Justice Department, FBI and Secret Service personnel and veteran New York City crime reporters tell me that the amount of alleged damages in this case would normally not call for such a production -- New York Daily News reporter Alex Michelini publicly told Obermaier "What you've outlined, basically, except for the sales of credit information, this sounds like a big prank, most of it" (Obermaier's response -- "Well, I suppose, if you can characterize that as a prank but it's really a federal crime allowing people without authorization to rummage through the data of other people to which they do not have access and, as I point out to you again, the burglar cannot be your safety expert. He may be inside and laugh at you when you come home and say that your lock is not particularly good but I think you, if you were affected by that contact, would be somewhat miffed"). One hopes that it is only the fanfare surrounding the indictments that is tied in with the FBI initiative and not the indictments themselves. As an aside, two law enforcement people that I have spoken to have said that while the statement that the case is "the first investigative use of court-authorized wiretaps to obtain conversations and data transmissions of computer hackers.", while probably true, seems to give the impression that the case is the first one in which data transmission was intercepted. According to these sources, that is far from the case -- there have been many instances of inception of data and fax information by law enforcement officials in recent years. I know each of the accused in varying degrees. The one that I know the best, Phiber Optik, has participated in panels with myself and law enforcement officials discussing issues relating to so-called "hacker" crime. He has also appeared on various radio and television shows discussing the same issues. These high profile activities have made him an annoyance to some in law enforcement. One hopes that this annoyance played no part in the indictment. I have found Phiber's presence extremely valuable in these discussions both for the content and for the fact that his very presence attracts an audience that might never otherwise get to hear the voices of Donald Delaney, Mike Godwin, Dorothy Denning and others addressing these issues from quite different vantage points. While he has, in these appearances, said that he has "taken chances to learn things", he has always denied that he has engaged in vandalous behavior and criticized those who do. He has also called those who engage in "carding" and the like as criminals (These statements have been made not only in the panel discussion but also on the occasions that he has guest lectured to my class in "Connectivity" at the New School For Social Research in New York City. In those classes, he has discussed the history of telephone communications in a way that has held a class of professionals enthralled by over two hours. While my impressions of Phiber or any of the others are certainly not a guarantee of innocence on these charges, they should be taken as my personal statement that we are not dealing with a ring of hardened criminals that one would fear on a dark knight. In summary, knee-jerk reactions should be out and thoughtful analysis in! We should be insisting on appropriate punishment for lawbreakers -- this means neither winking at "exploration" nor allowing inordinate punishment. We should be insisting that companies that have collected data about us properly protect -- and are liable for penalties when they do not. We should not be deflected from this analysis by support or opposition to the FBI proposal before Congress -- that requires separate analysis and has nothing to do with the guilt or innocence of these young men or the appropriate punishment should any guilt be established. (John F. McMullen/19920713) ------------------------------ End of Computer Underground Digest #4.31 ************************************