the secret service, uucp,and the legion of doom.txt

黑客培训教程

privately owned and operated by Charles Boykin.  Sources close to the Texas 
Unix community assert that ATTCTC was shut down and seized by the US Secret 
Service because two of its userids belonged to suspected members of the Legion
of Doom.  Various credit card numbers and long distance dialing codes were 
allegedly found in files owned by these userids.

The Next Dominoes to Fall

In Austin, there's a small company called Steve Jackson Games that makes role 
playing games (a kind of grown-up make believe).  In their offices, SJG ran a 
computer called Illuminati.  This system was used by staff and customers to 
develop new game ideas.  SJG ran a BBS on Illuminati though which customers 
could provide feedback based on testing of potential new games.  One of these 
games was called GURPS Cyberpunk, named after the Cyberpunk genre of science 
fiction in which the plot often involves extensive penetration of computer
security.

The author of GURPS Cyberpunk, Loyd Blankenship, researched ways in which to 
lend a realistic "look and feel" to his game.  In his research, he developed 
extensive contacts with the hacker and phreaker underground, and acquired a 
comprehensive library of Phrack magazines, which he stored on Illuminati.

On the morning of March 1st, 1990, the staff of Steve Jackson Games arrived 
at work to find that the Secret Service had forced their way into the 
building and were searching and seizing "computer hardware and software
and records relating to computer hardware and software" for evidence in a 
"nationwide data piracy case" which Steve Jackson later learned was the Bell 
South 911 case.

When all was said and done that day, the Secret Service had taken the 
Illuminati computer, all staff personal computers and printers, modems, 
software, spare hardware, all material related to GURPS Cyberpunk, a laser
printer, a bag of nuts and bolts and some candy off the desk of Creede Lambard, 
who ran the Illuminati BBS.

On the 20th of February, a member of the Legion of Doom who identified himself
as "Erik Bloodaxe" posted an anonymous electronic mail message to the Usenet 
news group Comp.dcom.telcom saying, among other things, that: 

    "Frank [Darden, Jr.], Rob [Riggs] and Adam [Grant] were all definately 
    [sic] into very hairy systems.  The had basically total control of a 
    packet-switched network owned by Southern Bell (SBDN) ... through this 
    network they had access to every computer Southern Bell owned [...]"

On April 1st, in New York Newsday, a story appeared saying:

    "A government affidavit alleged that in June hackers believed to be Legion
    of Doom members planted software ""time bombs"" in AT&T's 5 ESS switching
    computers in Denver, Atlanta and New Jersey.  These programs . . .  were 
    defused by AT&T security personnel before they could disrupt phone service."


Elsewhere, Leonard Rose, sysop of a computer system called Netsys, was out 
driving his car one day when federal authorities pulled him over and arrested 
him.  On the 15th of May, he was indicted with five felony counts and charged 
with various violations of interstate transportation laws and the federal 
Computer Fraud and Abuse act.  Federal prosecutors allege that Rose hacked his
way into an AT&T computer and stole some of the source code for version 3.2 of
the Unix operating system.  He is also charged with distributing two "trojan
horse" programs that would infiltrate a Unix computer and replace the 
legitimate login program.  Once in place, the trojan horses acquired a valid 
userid and password each time a new person logged into the system.  Rose,
it is alleged, would later retrieve the list of stolen userids and passwords 
and gain any degree of access to a system that he wanted.

So far, during the course of their investigation, the US Secret Service and 
the FBI have raided 27 computer sites across the US and have seized the 
equivalent of 23,000 computer disks from suspects accused of contributing to
over $50 million in system thefts and damages.  The investigation continues 
into people who have violated the security of federal research centers, 
schools and private businesses, and extends far beyond the theft of a single
six page text file from Bell South headquarters.

Craig Neidorf, the 19 year old University of Missouri student who allegedly 
received the 911 file from Robert Riggs, has pleaded not guilty to charges of 
violating the federal Computer Fraud and Abuse Act of 1986.

Charlie Boykin, the AT&T employee who ran Killer/ATTCTC and was initially 
alerted by Richard Andrews about the 911 file theft was previously an active 
member of the Texas Unix community.  He hasn't been seen at any Unix function 
since the closure of ATTCTC.

According to the Associated Press, U.S. Attorney William Cook was granted a 
motion to prevent the 911 text file from becoming part of the public record 
during the trial.  The trial of Riggs and Neidorf began on April 16, 1990.

The Austin-based company Steve Jackson Games has been devastated by this 
affair.  In the days since the Secret Service seizure, SJG has suffered a 
monetary loss of $100,000, had to lay off 8 of their 17 staffers, and cancel
sixty percent of their 1990 product releases.  Jackson has approached the 
American Civil Liberties Union for assistance.


The Real Issues: What's the big deal?

That depends on who you ask.  

The Secret Service would probably tell you that any violation of computer 
security is a serious affair.  Unfortunately, the current criminal justice 
system evaluates all property crime in monetary terms: if it doesn't
cost a lot of money, then there's not a big crime involved.

The Chicago indictment against Riggs and Neidorf charges them with the theft 
and interstate transport of something valued over $5,000, namely the 911 file.
In other words, the crime lies in stealing something worth a lot of money, not
potentially endangering the safety of people in nine states.  Typically, 
computer crime is only investigated if a large monetary loss can be proven.

Some users and system operators of networked large multi-user systems would 
probably tell you that the big deal is that such computer systems aren't 
traditionally covered by common carrier statutes.  Common Carrier laws are
the laws that say if someone plots a crime over the telephone or through the 
US mail, the telephone company and the US Postal System cannot be held 
accountable for what was plotted over their common carrier. 

This is not the case with computer bulletin boards and network nodes, however. 
Federal authorities are placing a burden of responsibility on owners and 
operators of such computers to know the legality of everything stored on their
computer system.  On a system such as the NT VAX Cluster, that means knowing 
completely what's on 4.3 gigabytes of disk storage, and reading over 100 
megabytes of wide area network traffic each week.  In other words, someone 
would have to read up to sixty four thousand pages of text each week in order 
to be completely appraised just on new information that is either stored on 
the VAX cluster or passes through it on their way to another computer each 
week.  If the NT Computing Center employed five people who could read
100 words a second to do this, and they worked twenty four hours a day without
stopping, it would still take them twenty three days to read a week's worth 
of wide-area network traffic.

And to make matters worse, NT is, for all practical purposes, an end node on 
the wide area network circuit.  Most traffic that passes through here is 
eventually bound for someone at NT.  For most wide area network nodes, this is
not the case.  A site like UT at Austin, or Rice University has traffic 
passing through it, briefly being stored before being forwarded, for many 
national as well as international sites.  For those sites, not only would they 
need to hire many more people, but they would need to be foreign language 
interpreters as well.

Imagine a company that owns a telecommunications satellite being held 
responsible for all the conversations in all the languages that are going 
through it at all times.  It's a ridiculous thought and no legal authority would
expect that of RCA or NASA.  However, the equivalent is expected of every BBS
in the country and every wide area network node at this moment.

Unless lawmakers grant the same legal protection to computer bulletin boards 
and network nodes as the US Mail and telephone carriers, computer users in 
the not-to-distant future will only be able to look back at the age of
electronic mail and Usenet news.

People like the Legion of Doom have forced federal authorities to make apply 
existing laws to computers before they have sufficient technical preparation 
to do so.  Unfortunately, it looks like the only solution to inappropriate
seizures of computers by the Secret Service and FBI is the education that 
lawmakers and law enforcers will receive through the courts.  Once more 
phreakers and hackers are arrested and tried will it become apparent that
seizing the computers they use as conduits makes as much practical sense as 
seizing the laser printer at Steve Jackson Games not to mention the candy on 
Creede Lambard's desk.

In the case of computer security, the best and only effective offense is a
good defense.  No computer system is impregnable, but there is a point at 
which every hacker will decide that penetrating a system is more trouble than
it's worth.  It is especially important that all managers and system 
administrators of computer BBS's and network nodes be mindful of this.  

Just as barbed wire spawned a burgeoning wire cutter market, the popularity 
and usefulness of computer-based communication will ensure that there are 
always going to be hackers and phreakers.  There is a fine line between
making a computer secure enough to avoid compromise by a hacker, and 
accessible enough not to discourage legitimate use.  The best managers of 
computer systems will continue to walk that line without disturbing the
network of trust that makes such systems the powerful tools they are.