seisure warrent documents for ripco bbs.txt

1000 HOWTOs for various needs [WINDOWS]

gained valuable property because their fraud scheme provided them with
telephone customer authorization codes and other access devices which
in turn could be used by them to obtain telephone services and
property which would be charged to the victim companies.  Their scheme
also provided them with access to private branch exchange (PBX)
numbers and codes which could be used to obtain telephone service
which was charged to the victim companies.
    24.  Computer fraud and abuse:  18 U.S.C. ~ 1030 prohibits
unauthorized access to a federal interest computer with intent to defraud.
Intent to defraud has the same meaning as in the wire fraud statute above.
A federal interest computer is defined as "one of two or more computers
used in committing the offense, not all of which are located in the same
state," as well as computers exclusively for the use of a financial
institution or the United States Government, among others defined in the
statute.  This section also prohibits unauthorized access to financial
records and information contained in consumer reporting agency files.
    25.  Access device fraud:  18 U.S.C. ~ 1029 prohibits the
unauthorized possession of 15 or more unauthorized or counterfeit
"access devices" with intent to defraud, and

                                - 16 -

trafficking in authorized access devices with an intent to defraud and
an accompanying $1,000 profit to the violator or loss to the victim.
These prohibitions also apply to members of a conspiracy to commit
these offenses.  Intent to defraud has the same meaning as in the wire
fraud statute above.  "Access devices" includes credit cards, long
distance telephone authorization codes and calling card numbers, voice
mail or computer passwords, and PINS (personal identification
numbers).  An "unauthorized access device" is any access device
obtained with the intent to defraud, or is lost, stolen, expired,
revoked, or cancelled.
    26.  Other offenses:  other federal statutes violated in this case may
include 18 U.S.C. ~ 1962 and 1963 which prohibit the commission of two or
more acts of racketeering (including two or more acts in violation of 18
U.S.C. ~ 1343 and/or 1029), and permits forfeiture of the
instrumentalities used or obtained in the execution of a crime; and 18
U.S.C. ~ 371, the federal conspiracy statute.

                                   PROBABLE CAUSE
                         BULLETIN BOARD SYSTEM 312-528-5020

    27. CI 404-235 has accessed a public electronic bulletin board at
312-528-5020 over three dozen times between 4/7/89 and 12/31/90.  The
most recent access was on 4/28/90.  In the "Phone Phun" subsection of
the BBS, CI 404-235 has regularly seen messages posted by users of the
BBS, which contain long distance carrier customer

                                - 17 -

authorization codes, references to hacking, and to credit cards and
credit bureaus.  This affidavit is in support of a search warrant for
two premises where evidence of the operation of the BBS is expected to
be found.  CI 404-235 provided to affiant copies of messages posted to
the BBS, including the following:


           Numb   12 (54r4q9kl-12)
            Sub   miscellaneous...
           From   DON THOMPSON (#689)
             To   all
           Date   03/17/89  03:55:00  PM


           o.k.:

           1999:   322300       342059
                   366562       344129
                   549259       549296
                   492191       496362
                   422000       549659

    28.  In the above message, "1999" refers to the last four digits of
the local access number assigned to Starnet, a long distance network owned
by ITT Metromedia Communications.  To use such codes, a caller dials the
local access number, the customer authorization code, and the area code
and number to be called.  Marty Locker, ITT Security, verified that the
local access number 950-1999 is Starnet's (Starnet's authorization codes
and six digits long).  Loss figures on the above are unknown.
    29.  On 3/20/89, user #452 "Blue Adept" replies to a previous message,
as follows:


                                - 18 -


Numb   25  (54r4q9kl-25)
 Sub   Reply to: Reply to: Legal expenses
>From   BLUE DEPT (#452)
  To   all
Date   03/20/89 08:42:00 AM

1999 is starnet.  they've busted several people I know.
they live to bust people.  mainly with extraordinarily
large fines.  I've heard of them taking it to court
though.  first person they busted was the
Diskmaster/Hansel.  really cool guy.  hacked em 300
times with the applecat and they busted him.  he didn't

"Hacked em 300 times" refers to the number of timers that
"Diskmaster/Hansel" is supposed to have attempted to hack out a Starnet
customer authorization code.  "Applecat" is the name of a modem (computer
communications device) and related software program which automates the
code-hacking process.


Numb  69 (54r4q9kl-69)
 Sub  loop
>From  JOE FRIDAY  (#120)
To    all
Date  03/25/89  07:10:00 PM

IF ANYONE HAS A LOOP FOR THE 404 AREACODE I WOULD APPR.
IT VERY MUCH!!  IF THERE ARE ANY REAL PHREAKS THAT STILL
DO HACK ALOT LEAVE I THINCK YOU MIGHT BENEIFIT FROM IT.

18002370407-8010464006ACN-
8205109251-
IF ANYONE STILL GETS INTO LMOSE LEAVE ME A MESSAGE..

    30.  On 4/17/90 Mark Poms, Director of Security, Long Distance
Service of Washington D.C., verified the following:   1)
1-800-237-0407 is his company's assigned 1-800-line number.
Authorization code 8010464006 has suffered $6, 287.22 in fraud

                                - 19 -

losses, and 8205109251 has suffered $970.34 in fraud losses.
    31.  In the above message, "LOOP" refers to a telephone company "loop
around test line".  Hackers commonly exchange information on loops, in
order to be able to communicate with each other without divulging their
home telephone numbers.  If two hackers agree to call a loop number at a
certain time, they loop allows them to speak with each other -- neither

hacker needs to know or to dial the other's telephone number.  "LMOSE"
refers to a type of computer system (LMOS) operated by Bell regional
operating companies (local telephone companies).  This computer system
contains data such as subscriber records, and the LMOS system is solely
for the use of telephone company employees for the purpose of maintaining
telephone service.  (Explanations provided by Bellcore computer security
technical staff member David Bauer.)


Numb  136  (56r5q9kl-136)
 Sub  Suicide?
>From  THE RENEGADE CHEMIST (#340)
To    All
Date  04/18/89  05:33:00 PM



9501001
074008
187438
057919
068671
056855
054168
071679

                                - 20 -


    32.  On 3/20/90 Karen Torres, MidAmerican Communications, a long
distance carrier which a local access number of 950-1001 as valid
MidAmerican customer authorization codes.  She advised that all but the
invalid code were terminated "due to hacking".

     950-1001
074008    Valid code, no loss
187438    Valid code, no loss
057919    Invalid
068671    Valid code, no loss
056855    Valid code, no loss
054168    Valid code, no loss
071697    Valid code, no loss


Numb  109  (53r3q0k2-109)
 Sub  Reply to: Reply to: Reply to: Reply to:
          Reply to:  John Anderson
>From  BRI PAPE (#22)
To    ALL...
Date  06/28/89  05:31:00 AM

ANOTHER valid code..


AND A DIVERTER...

215-471-0083..(REMAIN QUIET)

    33.  950-0488 is the local access number for ITT Metromedia
Communications, according to Marty Locker, ITT Security.  Fraud,
losses, if any, on this customer authorization code are unknown.
    34.  On 4/16/90, Kathy Mirandy, Director of Communications,
Geriatrics and Medical Center Incorporated,

                                - 21 -

United Health Care Services, in Philadelphia, PA, verified that
1-215-471-0083 is her company's telephone number.  She stated that
between 12/28/88 nand 5/15/89, her company suffered a fraud loss of
$81,912.26 on that number.  In the above message,

"diverter" refers to a common hacker/phone phreak term for a means of
placing telephone calls through a telephone facility which belongs to
someone else.  The hacker "diverts" his call through the other
facility, and if the outgoing "diverted" call is a long distance call,
the owner of the facility is billed for the call as though it
originated from the victim telephone facility.
    35.  On 7/3/89, CI 404-235 accessed the BBS and observed the
following message, a copy of which was provided to the affiant:


Numb  137  (56r3q0k2-137)
 Sub  dib.
>From  POWER ASSIST  (#524)
To    *
Date  07/02/89  12:01:00 AM

Divertors:   1800 543 7300
                  543 3300

I'm not sure if this is a 800 to 800 : 800 777 2233

    36.  On 4/18/90 Delores L. Early, Associate General Counsel of the
Arbitron Company, Laurel, Maryland, verified that 1-800-543-7300 is
listed to her company.  She advised that her company suffered a direct
fraud loss by October, 989 of $8,100 on that line, as well as
additional expenses in for form of the installation of "an elaborate
security procedure to prevent this

                                - 22 -

type of fraudulent use," and lost employee time in identifying and
correcting the problem.  "800 to 800" refers to whether the "divertor"
posted in the above message can be used to call out to another 800
number.


Numb  113 (53r6q0k2-113)
 Sub  Codes
>From  BLUE STREAK  (#178)
  To  ALL
Date  07/26/89  05:05:00  AM

Here is a code:
1800-476-3636
388409+acn


950-0266
487005
8656321
6575775
oops first one is 4847 not 487

Blue Streak.

Blee blee blee thats all pholks.

    37.  On 4/2/90. Dana Berry. Senior Investigator, Teleconnect (a
division of Tele*Com USA, a long distance carrier), verified that 1-800-
476-3636 code 388409 is her company's authorization code and it has
suffered a fraud loss of x176.21 {transcrib. note: portion of dollar
figure (first digit) is illegible on copy of affidavit}
    38.  On 4/20/90, Christy Mulligan, ComSystems Security, whose company
is assigned the local access number 950-0266, verified the following:

                                - 23 -

              1) 4847005         $2,548.75 loss due to fraud
              2) 8656321         $2,000.00 loss due to fraud
              3) 6575775         $  753.61 loss due to fraud



Numb   122  (57r3qlk2-122)
 Sub   TRW
>From   NEMESIS TKK (#311)
To     Garth
Date   09/30/89  04:01:00 AM