**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.11 (May 29, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.11 / File 3 of 4 *** *************************************************************** Date: Thu, 25 May 90 21:15:01 cdt From: rampac@ecoville..edu(Rambo Pacifist) To: tk0jut2%niu.bitnet@uicvm.uic.edu Subject: Stings and such BEWARE OF STINGS: Law enforcement may be using stings, so be suspicious of new boards that seem too good to be true or that are run by sysops without references or a history of participation elsewhere. Here's a couple of things I thought readers might be interested in. I've stuck a few comments in parentheses and following each article. +*++*++*++*++*++*++*++*++*++*++*++*+ From: DEDICATED COMPUTER CRIME UNITS, by J. Thomas McEwen. Washington: U.S. Department of Justice. Appendix A, pp. 101-103, "Sting Operations." +*++*++*++*++*++*++*++*++*++*++*++*+ While most bulletin boards have been established for legitimate purposes, there are also "pirate" or "elite" boards that contain illegal information or have been established to advance an illegal activity. Security on these boards is tightly controlled by the owners. With these bulletin boards, users usually have to contact the owner directly to obtain a password for access to different levels of the system. A degree of trust must therefore be established before the owner will allow access to the board, and the owners develop "power" over who can use the system. (Comment: Gosh, never knew I was doing all this back when I was doing sysop! If I could only remember what I did with all that power! Guess the guy who wrote this hasn't been on a board since the original RBBS.) Pirate boards have been found with a variety of illegal information on them including the following: *Stolen credit card account numbers *Long distance telephone service codes *Telephone numbers to mainframe computers, including passwords and account numbers *Procedures for making illegal drugs *Procedures for making car bombs *Hacking programs *Tips on how to break into computer systems *Schematics for electronic boxes (e.g., black box) (Comment: What's with this shit about "pirate boards?" If these guys can't tell the diff between our boards, what makes them think they can figure out what goes on there? Who do they think they're kidding? Anybody ever seen codez posted on an elite pirate board? You can also find illegal information in letters in the post office, on short wave bands, and in libraries. Does that mean that these places should be shut down too?) These boards obviously are a threat to communities, and their existence has gained the attention of some police departments. STING OPERATIONS WITH BULLETIN BOARDS The experiences of the Maricopa County, Arizona, Sheriff's department and the Fremont, California, Police Department are very instructive on how local departments can establish their own bulletin boards and become part of the network with other boards. Members of the Maricopa County Sheriff's Department were the first in the country to establish such a board. Their board resulted in over 50 arrests with the usual charge being telecommunications fraud. (Comment: Would this be entrapment? Think about it: Setting up a board to entice people to commit legal acts! And they call US unethical?) In September, 1985, the Fremont Police Department established a bulletin board for the primary purpose of gathering intelligence on hackers and phreakers in the area. The operation was partially funded by VISA, Inc., with additional support from Wells Fargo Bank, Western Union, Sprint, MCI, and ITT. After establishing their bulletin board, they advertised it on other boards as the newest "phreak board" in the area. Within the first four days, over 300 calls were received onthe board. During the next three months, the board logged over 2,500 calls from 130 regular users. Through the bulletin board, they persuaded these groups that they had stolen or hacked long-distance telephone service codes and credit card account numbers. They were readily accepted and were allowed access to pirate boards in the area. The board was operated for a total of three months. During that period, over 300 stolen credit card account numbers and long-distance telephone service codes were recovered. Passwords to many government, educational, and corporate computers were also discovered on other boards. The operation resulted in the apprehension of eight teenage in the area who were charged with trafficking in stolen credit card acconts, trafficking in stolen long-distance telephone service codes, and possession of stolen property. Within the next week, seven more teenagers in California and other states were arrrested based on information from this operation. It was estimated that this group had been illegally accessing between ten and fifteen businesses and institutions in California. They were regularly bypassing the security of these systems with stolen phone numbers and access codes. One victim company estimated that it intended to spend $10,000 to improve its security and data integrity procedures. Other victimized businesses were proceeding along the same lines. -->End of Article<-- ******************************************************************** We can't let this stuff pass without comment. Consider this: 1. They guy who wrote it doesn't know the difference between a pirate board and other kinds of boards. This is supposed to be an authoritative study? By calling any board he doesn't like a PIRATE board means that he's just assumed that pirates steal codez. Even the phedz ought to know better, especially if they've been investigating. Even the lamest of BBSers know that you hardly ever find codez on a real pirate board. This kind of ignorance is scary! 2. The list of stuff found on p/h boards may include all the stuff McEwen sees. But, except for carding, the rest of the stuff is rarely illegal. Possession of information is still a right, and it's generally not illegal to explain how to hack or run numbers. Even info on making drugs or bombs is not illegal. It's only illegal if you *DO IT!* 3. Claiming that these boards are "obviously a threat to communities" REALLY SUCK! How many hackers have bombed buildings? Have sold drugs made from info of a BBS? By making this claims, the police can start coming down on any board they don't like, just because some lamer said they're "dangerous." Sounds like the beginning of a police state. 4. How nice that a bunch of banks funded some stings. Hey, don't they have computers of their own they can set up? How much money does it take to set up a board? Sounds like those cops had a scam of their own going! 5. Setting up stings may not be legal entrapment (but it could be in some instances). In rare cases, a sting might be justified if something serious is going on. But to set up a board and collect info on users is a dangerous breach of privacy. Even on the best elite boards I've been on, only a fraction of the total users are involved in any illegal activity. GET THAT YOU NARC BASTARDS? DARN FEW ARE ENGAGED IN ILLEGAL ACTIVITY!. Even in the Freemont sting, it sounds like only a handful (8 arrests out of 130 users?!) were doing indictable stuff. Even if twice, hey, even triple, that number were active, that's still darn few for a board that's supposed to attract "criminals." It means the other users are just filed away in police intelligence dossiers. Such casual use of sting operations is undemocratic. You don't have to support hackers to see when the cops have gone too far. Stings, raids, confiscation without due process all suck. Oh-here's a laugh! The phedz distinguish between "confiscation," a legal term that means you've a crook and you can have your property taken away, and stuff they take while searching for evidence. They say they don't confiscate stuff they take in a raid, because you get it back eventually. But unless I'm missing something, the pigs still went in and took your stuff, and you don't have, you can't get it, and you can't even get copies of crucial programs you may need. Call it what you want, they grab it! We're coming closer to a police state, NOT because there's a crackdown on hackers, but because the way it's being done is dangerous. They're treating anything they don't like about computer users like they do drug crimes, and even using drug laws. There's a good article in the New York Times (May 6, 1990: Section E, p. 5) on how the drug war is eroding our rights. Current police tactics won't lead to more respect for law, but to cynicism and growing disrespect. Agents claim that computer abuse is creating a new generation of immoral citizens. Maybe, but law enforcement abuse is creating a much larger population of suspicion of "rights" and disrespect for repressive law. Here's another pro-sting rap by Ken Rosenblatt, the long-time hard-ass prosecutor in San Jose: +*++*++*++*++*++*++*++*++*++*++*++*+ From: "Deterring Computer Crime," by Kenneth Rosenblatt. From the Department of Justice's Computer Crime Conference in September, 1989, pages 9-10. +*++*++*++*++*++*++*++*++*++*++*++*+ In addition to investigating computer trespass and thefts after they occur, local task forces would have the manpower and expertise to concentrate on "bulletin board infiltrations." Many legitimate computer users communicate with each other via "bulletin boards." Those boards consist of a single computer operated by an organization, such as a computer users group. Members access these boards by telephone with their own computers to exchange information. (Commercial databases are essentially large bulletin boards which charge members for access). Cyberpunks operate so-called "pirate" bulletin boards. Those boards frequently offer stolen information to a select gropu willing to contribute same. These boards can be treasure troves of stolen passwords, telephone access cards, credit card numbers, and illegally copied software. Although these "pirate" boards are usually open to the public, the illegal information can only be accessed by persons given special passwords by the operators of those boards. With patience, skilled police officers using their own computers can convince cyberpunks that they are similarly inclined toard mischief and gain their confidence and access to those "secret levels." Police then obtain search warrants for telephone records, obtain the operator's home address, and seize the computer containing the stolen credit card numbers. Task forces can run their own fake "pirate" boards, allowing "cyberpunks" to provide them with illegal information. Telephone traps reveal the source of the information and the criminal. Local task forces will become familiar with local boards. -->End of Article<-- +*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*++*++*++*++*++*++*++*++*++*++*++*+ Commentary: 1. This guy is totally out of touch with reality. Cyberpunks operate pirate boards? Hasn't he ever read Cyberpunk Magazine or been on a cyboard? Doesn't he know that you get passwords when you log on a system? Sure, a few boards may have pws to get you around, but usually access levels are determined in config settings. Maybe it seems petty, but this kind of blatant ignorance shows that this guy, one who's saying he should nail all us computer bad guys, doesn't have even the most basic info about what it is he's after. Does that scare anybody else besides me? 2. These so-called "treasure troves" of illegal information are usually more often false info, old info, or just something that's been made up by kids with phallic insecurity who want to show off. Yeh, yeh, I know; there's some really fine stuff out there. But not that much, and you can't go around busting boards just 'cause some bozos are gaming it up. 3. This stuff about setting up fake boards sounds like they're trying to create crime to justify having jobs that let them play with computers. There was a story, I think it was in Todd Gitlin's book about the sixties, when a bunch of lefties at at SDS conference set up a "how to bomb" session. All the other lefties knew it was a joke to see how many phedz would show up, so they stayed away. Sure 'nuff, a bunch of short haired, wing-tipped "hippy lookin' dudez" attended it. Maybe we ought to set up a few fake boards of our own and get these sting types hooked on hacking. Think about it! -->Commentary by Rambo Pacifist<-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+