seisure warrent documents for ripco bbs.txt

1000 HOWTOs for various needs [WINDOWS]

they are law enforcement, adults, or other undesirables).  This is
particularly true of BBS's whose members are involved in some form of
criminal activity.  Many "underground" or criminal bulletin boards
contain subsections through which the users regularly exchange stolen
customer authorization codes, credit card numbers, and information on
techniques or methods for the commission of such crimes as computer
fraud and abuse, access device fraud and wire fraud.
     5.  System operator/system administrator (sysop): the person(s)
charged with the responsibility for operating a particular computer
bulletin board system (usually the owner of

                                - 5 -

the computer who lives in the residence where the BBS is operating).
In order to perform their necessary supervisory and maintenance
functions, sysops who run or own the BBS give themselves the highest
level of access, or privileges, available on a system.  In the case
of a bulletin board sysop, these functions typically include deciding
whether or not to to give access or type of privileges to allow to
different users, and the ability to read the entire content stored on
the BBS (including "private mail" -- see electronic mail, below.)
Sysops control the BBS, can remove contents, add and delete users,
change the programming, alter the communications parameters, and
perform a number of administrative and maintenance tasks associated
with operation of the BBS.
     6.  Electronic mail (E-mail):  electronic mail is a means of
communication among computer users, and is one of the features normally
found on a BBS.  Each user on a criminal BBS has a distinct
identifier, with a computer hacker's "username" or "login" often
identical to his hacker handle (handles tend toward the theatrical,
I.e. Prophet of Doom, DungeonMaster, Ax Murderer, etc.) and a unique
confidential password; each user may also be assigned a user number by
the system.  Users may send "public" mail by leaving a message in a
section of the system where all who call in may read the message and
respond.  They may also send "private mail" by sending a message
limited to a particular individual or group.

                                - 6 -

In this instance, other users would not be able to read the private

message.  (Except, of course for the sysop, as explained above.)
     7.  Chat:  unlike electronic mail, which consists of messages and
responses entered and stored for later review, the "chat" communication on
a BBS consists of simultaneous interactive communication between the sysop
and a user, or between two or more users -- the computer equivalent of a
conference call.  A more sophisticated BBS may have more than one
telephone line connected to the system, so that two or more users can
"talk" to each other though the BBS from their own computer systems at one
time.
     8.  Voice Mail System (VMS):  a voice mail system is an electronic
messaging computer which acts as an answering service.  These systems are
generally either (1) operated for hire to the public by commercial
communications companies, often in combination with cellular telephone or
paging services, or (2) by corporations for the convenience of employees
and customers.  In either case, the subscriber or employee is assigned an
individual "mailbox" on the system which is capable of performing several
functions.  Among these functions are receiving and storing messages from
callers, sending messages to other boxes on the system, and sending
messages to a pre-selected group of boxes.  These functions are performed
by pushing the appropriate numerical commands on a telephone keypad for
the desired function.

                                - 7 -

     9.  While voice mail systems vary among manufacturers, in general, a
caller dials either a local area code and number, or an "800" number to
access the system.  Generally, the caller hears a corporate greeting
identifying the system and listing instructions for leaving a message and
other options.  To leave a message, the caller enters a "mailbox number,"
a series of digits (often identical to the assigned owner's telephone
extension), on his own telephone keypad.  The caller then hears whatever
greeting the mailbox owner has chosen to leave.  Again, the caller can
usually exercise several options, one of which is to dictate an oral
message after a tone.
    10.  In this respect, the voice mail system operates much like a
telephone answering machine.  Rather than being recorded on audio tape,
however, the message is stored in digitized form by the computer system.
When the message is retrieved, the computer plays it back as sound
understandable by the human ear.  The entire VMS is actually a computer
system accessible through telephone lines; the messages are stored on
large-capacity computer disks.
    11.  A caller needs to known only the extension or mailbox number in
order to leave a message for the employee or subscriber.  In order to
retrieve the messages or delete them from the system, however, the person
to whom the box is assigned must have both the box number and a
confidential password: the password ensures privacy of the communications,
by acting as a "key" to "unlock" the box and reveal its contents. Anyone

                                - 8 -

calling the telephone number of the mailbox hears the owner's greeting --
only the content of messages left for the owner is protected by the
password or security code.  The person to whom the box is assigned may
also have the ability to change his password, thereby preventing access to
the box contents by anyone who may have learned his password.
    12.  Private Branch Exchange (PBX): a private branch exchange is a
device which operates as a telephone switching system to provide internal
communications between telephone facilities located on the owner's
premises as well as communications between the company and other private
or public networks.  By dialing the specific telephone number of a PBX
equipped with a remote access feature and entering a numeric password or
code on a telephone keypad or by means of a computer modem, the caller can
obtain a dial tone, enabling the caller to place long distance calls at
the expense of the company operating the PBX.
    13.  Phone phreak:  phone phreaks, like computer hackers, are
persons involved in the theft of long-distance services and other
forms of abuse of communications technology, but they often do not
have computer systems.  Rather than communicating with each other
through BBS's, they communicate with each other and, exchange stolen
carrier customer authorization codes and credit cards, either directly
or by means of stolen or "hacked" corporate voice mailboxes.  Phone
phreaks may also set up fraudulent conference calls for the

                                - 9 -

exchange of information.  A phone phreak may operate a "codeline" (a
method of disseminating unauthorized access devices) on a fraudulently
obtained voice mailbox, receiving messages containing stolen credit
card numbers from his co-conspirators, and in turn "broadcasting" them
to those he shares this information with during the greeting (box
owner's message to callers), which can be heard by anyone dialing the
mailbox number.  Phone phreaks and computer hackers sometimes share
information by means of the conference calls and codelines.  Like
computer hackers, phone phreaks also identify themselves by "handles"
or aliases.

                        BACKGROUND OF THE INVESTIGATION

    14.  Over the past several years, the U.S. Secret Service has received
and increasing  number of complaints from long distance carriers, credit
card companies, credit reporting bureaus, and other victims of crimes
committed by computer hackers, phone phreaks, and computer bulletin board
users and operators (see Definitions section),  which have resulted in
substantial financial losses and business disruption to the victims.
Because the persons committing these crimes use aliases or "handles", mail
drops under false names, and other means to disguise themselves, they have
been extremely difficult to catch.  They also conspire with many others to
exchange information such as stolen long distance carrier authorization
codes, credit card numbers, and technical information relating to the
unauthorized invasion of computer systems and voice mail

                                - 10 -

messaging computers, often across state or national borders, making
the investigation of a typical conspiracy extremely complex.  Many of
these persons are juveniles or young adults, associate electronically
only with others they trust or who have "proven" themselves by
committing crimes in order to gain the trust of the group, and use
characteristic "hacker jargon."  By storing and trading information
through a network of BBS's, the hackers increase the number of
individuals attacking or defrauding a particular victim, and therefore
increase the financial loss suffered by the victim.
    15.  For all of the above reasons, the U.S. Secret Service established
a computer crime investigation project in the Phoenix field office,
utilizing an undercover computer bulletin board.  The purpose of the
undercover BBS was to provide a medium of communication for persons
engaged in criminal offenses to exchange information with each other and
with the sysop (CI 404-235) about their criminal activities.  The bulletin
board began operating on September 1, 1988 at 11:11 p.p., Mountain
Standard Time, was located at 11459 No. 28th Drive, Apt. 2131, Phoenix,
Arizona, and was accessed through telephone number (602) 789-9269.  It was
originally installed on a Commodore personal computer, but on January 13,
1989 was reconfigured to operate on an Amiga 2000 personal computer.
    16.  The system was operated by CI 404-235, a volunteer paid
confidential informant to the U.S. Secret Service.  CI 404-235 was
facing no criminal charges.  Over the past eighteen

                                - 11 -

months, information by CI 404-235 (see paragraph 16) has consistently
proved to be accurate and reliable.  The Arizona Attorney General's
office executed six search warrants related to affiant's investigation
in 1989 and 1990 (affiant participated in three of these).  Evidence
obtained in those searches corroborated information previously given
to affiant or to George Mehnert, Special Agent of the Arizona Attorney
General's office by CI 404-235.  In over a dozen instances, CI
404-235's information was verified through other independent sources,
or in interviews with suspects, or by means of a dialed number
recorder (pen register).  One arrest in New York has been made as a
result of CI 404-235's warning of planned burglary which did occur at
a NYNEX (New York regional Bell operating company) office.  Throughout
this investigation, CI 404-235 has documented the information provided
to the affiant by means of computer printouts obtained from the
undercover BBS and from suspect systems, and consensual tape
recordings of voice conversations or voice-mail messages.
    17.  Because many of the criminal bulletin board systems require that
a new person seeking access to the telephone code or credit card sections
contribute stolen card information to demonstrate "good faith," when asked
to do so, CI 404-235 has "posted," (left on the system in a message)

Sprint, MidAmerican or ComSystems authorization codes given to affiant by
investigators at these companies for that purpose.

                                - 12 -


                       EVIDENCE IN HACKER CASES

    18.  Computer hackers and persons operating or using computer bulletin
board systems commonly keep records of their criminal activities on paper,
in handwritten or printout form, and magnetically stored, on computer hard
drives, diskettes, or backup tapes.  They also commonly tape record
communications such as voice mail messages containing telephone
authorization codes and credit cards.  On several occasions, affiant
has interviewed George Mehnert, Special Agent, Arizona Attorney
General's office and R.E. "Sandy" Sandquist, Security Manager, U.S.
Sprint, about the types of evidence normally found in connection with
computer/ communications crimes.  Both have assisted more than 20
search teams in the execution of search warrants in such cases.  Both
Mehnert and Sandquist stated that because of the sheer volume of
credit card numbers, telephone numbers and authorization codes, and
computer passwords, and other information necessary to conduct this
type of criminal activity, in almost every case, they have found a
large volume of paper records and magnetically-stored evidence at
scenes being searched.  Because of the ease of storing large amounts
of information on computer storage media such as diskettes, in a very
small space, computer hackers and bulletin board users or operators
keep the information they have collected for years, rather than
discarding it.  Mehnert stated that in virtually every
communications/computer crime case he has investigated, the suspect was
found to have records in his possession dating

                                - 13 -

back for years -- Mehnert stated that it is common in such cases to
find records dating from 1985 and sometimes, even earlier.
    19.  Sandquist confirmed Mehnert's experience, stating that hackers
and phone phreaks typically also keep a notebook listing the location of
information especially important to them, for easy access.  Mehnert has
seized several of these "hacker notebooks" in computer/communications
crime cases; they were usually found quite close to the computer system,
or in the hacker's possession.  Both Mehnert and Sandquist stated that it
is common for a person involved in the theft of communications services
(long distance voice or data calls, voice mail boxes, etc.) also to be
involved in the distribution or use of stolen credit cards and/or numbers;
hackers and phone phreaks often trade codes for credit cards, or the
reverse.  Both Mehnert and Sandquist stated that it is common to find
credit card carbons at locations being searched for stolen telephone
authorization codes.
    20.  Both Mehnert and Sandquist also stated other evidence commonly
found in connection with these cases includes telephone lineman tools and
handsets (used for invading telephone company pedestal or cross-boxes and
networks, or for illegal interception of others' communications), tone
generators (for placing fraudulent calls by electronically "fooling"
the telephone network into interpreting the tones and legitimate
electronic switching signals), computer systems (including central
processing unit, monitor or screen, keyboard, modem for

                                - 14 -

computer communications, and printer), software programs and
instruction manuals.  Sysops of bulletin boards also commonly keep
historical backup copies of the bulletin board contents or message
traffic, in order to be able to restore the system in the event of a
system crash, a power interruption or other accident.  An important
piece of evidence typically found in connection with a criminal
bulletin board is the "user list" -- sysops normally keep such a list
on the BBS, containing the real names and telephone numbers of users
who communicate with each other only by "handles."  The user list is a
very substantial piece of evidence linking the co-conspirators to the
distribution of telephone codes and credit cards through the BBS
messages or electronic mail.
    21.  Mehnert and Sandquist stated that it is also common to find lists
of voice mailboxes used by the suspect or his co-conspirators, along with
telephone numbers and passwords to the voice mailboxes.  Many suspects
also carry pagers to alert them to incoming messages.


                              CRIMINAL VIOLATIONS

    22.  Criminal violations may include, but are not limited to, the
following crimes:
    23.  Wire fraud:  18 U.S.C. ~ 1343 prohibits the use of interstate
wire communications as part of a scheme to defraud, which includes
obtaining money or property (tangible or intangible) by a criminal or
the loss of something of value by the victim.  Investigation by your
affiant has determined that

                                - 15 -

the actions of the computer hackers, phone phreaks and bulletin board
operators detected in this investigation defrauded telephone companies
whose customer authorization codes were exchanged through the BBS's)