==Phrack Inc.== Volume Three, Issue 28, File #10 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXVIII/Part 2 PWN PWN PWN PWN October 7, 1989 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Grand Jury Indicts Student For Crippling Nationwide Computer Network 7/26/89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Markoff (New York Times) After more than eight months of delay, the Justice Department said Wednesday that a federal grand jury in Syracuse, N.Y., had indicted the 24-year-old Cornell University graduate student who has been blamed for crippling a nationwide computer network with a rogue software program. The student, Robert Tappan Morris, was charged with a single felony count under a 1986 computer crimes law, the Computer Fraud and Abuse Act. Justice Department officials said the indictment was the first under a provision of the law that makes it illegal to gain unauthorized access to federal computers. A spokesman for the Justice Department said Wednesday that the indictment had been delayed simply because of the time taken to develop evidence. But legal experts familiar with the case said the department had been stalled in efforts to prosecute Morris because of an internal debate over whether it might be impossible to prove the charges. Under the 1986 law, prosecutors must show that Morris intended to cripple the computer network. As a result of this concern, the U.S. attorney in Syracuse, Frederick J. Scullin Jr., had considered a plea bargain in which Morris would have pleaded guilty to a misdemeanor charge. This approach was apparently resisted, however, by Scullin's superiors in Washington, who wanted to send a clear signal about the seriousness of computer crime. Three bills now pending before Congress would make it easier than with the 1986 law to prosecute malicious invasion of computer systems. The indictment charges that Morris was the author of a computer program that swept through a national network composed of more than 60,000 computers November 2, 1988 jamming as many as 6,000 machines at universities, research centers and military installations. The software, which computer hackers call a "virus," was supposed to hide silently in the computer network, two of Morris' college friends said, but because of a programming error it multiplied wildly out of control. The friends said Morris' idea had been to simply to prove that he could bypass the security protection of the network. According to Wednesday's indictment, Morris gained unauthorized access to computers at the National Aeronautics and Space Administration's Ames Research Center in Moffett Field, California; the U.S. Air Force Logistics Command at Wright Patterson Air Force Base in Dayton, Ohio; the University of California at Berkeley, and Purdue University. The indictment charges that the program shut down numerous computers and prevented their use. It charges Morris with causing "substantial damage" at many computer centers resulting from the loss of service and the expense incurred diagnosing the program. The felony count carries a maximum penalty of five years in prison and a fine of $250,000, in addition to which the convicted person can be ordered to pay restitution to those affected by his program. Morris' lawyer, Thomas A. Guidoboni, said his client intended to plead not guilty. Morris, who now lives in the Boston area, was scheduled to be arraigned on Wednesday, August 2, before Gustave J. DiBianco, a U.S. magistrate in Syracuse. Morris' father, Robert, the chief scientist for the National Security Agency, said the family planned to stand behind their son. "We're distressed to hear of the indictment," he said. After realizing that his program had run amok, Morris went to his family home in Arnold, Maryland, and later met with Justice Department officials. The 1986 law was the first broad federal attempt to address the problem of computer crime. Morris is charged with gaining unauthorized access to computers, preventing authorized access by others and causing more than $1,000 in damage. The incident raised fundamental questions about the security of the nation's computers and renewed debate over the who should be responsible for protecting the nation's non-military computer systems. Last year Congress settled a debate between the National Security Agency and the National Institute of Standards and Technology by giving authority over non-military systems to the civilian agency. Last week, however, a General Accounting Office report based on an investigation of the incident recommended that the Office of Science and Technology Policy coordinate the establishment of an interagency group to address computer network security. The incident has also bitterly divided computer scientists and computer security experts around the country. Some have said they believe that "an example" should be made of Morris to discourage future tampering with computer networks. Others, however, have argued that Morris performed a valuable service by alerting the nation to the laxity of computer security controls. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Other articles about Robert Tappan Morris, Jr. and the Internet Worm are; "Computer Network Disrupted By 'Virus'" (11/03/88) PWN XXII -Part 2 "Virus Attack" (11/06/88) PWN XXII -Part 2 "The Computer Jam: How It Came About" (11/08/88) PWN XXII -Part 2 "US Is Moving To Restrict {...} Virus" (11/11/88) PWN XXII -Part 2 * "FBI Studies Possible Charges In Virus" (11/12/88) PWN XXII -Part 2 "Big Guns Take Aim At Virus" (11/21/88) PWN XXII -Part 3 "Congressman Plan Hearings On Virus" (11/27/88) PWN XXII -Part 3 "Pentagon Severs Military {...} Virus" (11/30/88) PWN XXII -Part 3 * "Networks Of Computers At Risk From Invaders" (12/03/88) PWN XXII -Part 4 * "Computer Virus Eradication Act of 1988" (12/05/88) PWN XXII -Part 4 * "Breaking Into Computers {...}, Pure and Simple" (12/04/88) PWN XXIV -Part 1 * "Cornell Panel Concludes Morris {...} Virus" (04/06/89) PWN XXVI -Part 1 "Robert T. Morris Suspended From Cornell" (05/25/89) PWN XXVII -Part 2 "Justice Department Wary In Computer Case" (05/28/89) PWN XXVII -Part 2 * - Indicates that the article was not directly related to Robert Morris, but did discuss him as well as the Internet Worm incident. _______________________________________________________________________________ The Free World Incident July 5, 1989 ~~~~~~~~~~~~~~~~~~~~~~~ Special Thanks to Brew Associates of Phortune 500 [Some articles edited for this presentation --KL] Numb: 84 of 98 7/2/89 at 8:56 pm Subj: ... Sect: General Messages From: Major Havoc Here is the story... Evidently, someone got into Chesapeake & Potomac's (C&P) computer systems, and added call forwarding to the telephone line that the Free World is being run on. It was not done through social engineering, because there was not an order pending on my line. Therefore, I had "free" call waiting on my line. What the individual who did this does not realize is that service cannot be changed on my line unless it is typical service, because because my father is a retired VP from C&P. The phone lines at this location are paid for by C&P, so the only way that the service on these lines could have been changed is directly via the C&P computer systems. I had a long talk with C&P security, and they know who the individual was that made the changes in the system. My parents (since I do not even really live here anymore) are supposed to be signing papers that will have this individual prosecuted sometime next week, because he was foolish enough to leave something for them to track down. My guess is that it was someone who was denied access to the system that has some type of grudge to hold or something. I will have the pleasure of seeing this individual serve time, if they are not a minor. C&P Security questioned me in person and asked me if I had any information on different incidents concerning central office burglaries or theft of C&P property. Some of you may be getting a BIG surprise REAL soon. The bottom line is that I am not going to put up with this hassle much longer. The mere fact that I am under possible investigation for something that I am not involved with is really starting to get me upset. I am 20 years old, and I have a nice 32K salary job, and I am not going to tolerate these situations any longer. I have been doing this for so long, that it is about time that I got some kind of recognition, and not more grief from a bunch of worthless Christmas modemers. Shape up or pay the consequences. -Major Havoc - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 86 of 98 7/2/89 at 11:54 pm Subj: Hmm.. Sect: General Messages From: Weatherman I would do the same thing. If some guy thinks he is being really slick and does something like that just to cause trouble, they deserve a rude awakening to real life. Keep us posted on the situation. I can see your point as to your job and age and everything since I am in the same boat. I am not going to sacrifice my future life for any reason. Unfortunately, I don't make 32k yet. \%\%eatherman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 87 of 98 7/3/89 at 12:07 pm Subj: Umm... Sect: General Messages From: Lost Carrier Major Havoc -- The only part of your message I am concerned about is "I had a long talk with C&P security and a lot of you will be in for a big surpirse," or something to that effect. I hate surprises. Which of us? heh. LC, 2af - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 89 of 98 7/3/89 at 4:03 pm Subj: .... Sect: General Messages From: Raving Lunatic I am shocked. Major Havoc turning people in? About time, I guess it takes income and responsibilities for most geeks to grow up and I am glad Havoc is not going to tolerate it. Would be interesting to at least hear the alias(es) of the people/person that did the forwarding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 90 of 98 7/3/89 at 5:03 pm Subj: I find this interesting... Sect: General Messages From: The Mechanic I have seen Major Havoc post several messages recently (both here [The Free World bulletin board] and elsewhere) on the topic of telephone security. While it was not explicitly mentioned, it was implied that some activities discussed might not be entirely legal. In fact, there is a logon message encouraging users to post as much as possible, as well as upload and download software, including software that may be copyrighted. Now we see a message from MHavoc that some of us may be looking forward to "BIG Surprises." I do not know about you, but I'm going to think twice before I post *anything* to this system, at least until I am assured that material on this board is not being monitored by C&P personnel. I think that if MHavoc wants this system to go anywhere, he is going to have to *prove* to us that he is not going to be narcing on people as a result of what they post. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 91 of 98 7/3/89 at 5:23 pm Subj: ... Sect: General Messages From: Major Havoc The information was not supplied by myself. It was information that was read to me by C&P security people. I stood there plainly denying that I even knew what a modem was. The bottom line is that you do not have to worry about me. You need to worry about the information that they already have. They merely asked me if I knew anything about it. Of course I did not...seriously, I don't even know. -Major Havoc - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 93 of 98 7/3/89 at 8:29 pm Subj: ... Sect: General Messages From: Juan Valdez I am sure Major Havoc cannot reveal the name of the person who did it, since he is under investigation, it would make matters more difficult to make his name public. I am sure we'd all like to know maybe after everything is all done with. This thing about C&P cracking down scares me. I know that I have not done anything like what you mentioned and I am not connected to anything directly as far as I know. Now you are getting me paranoid. Mike - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 94 of 98 7/3/89 at 9:31 pm Subj: Hmm... Sect: General Messages From: Mr. Mystery When it becomes possible, please post his name, and, more importantly, the date of his court appearance. Might be worth watching. - MR. MYSTERY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 95 of 98 7/3/89 at 11:10 pm Subj: That Sect: General Messages From: The Killer Is he a local or just an upset user. What sort of stuff was the phone company upset about? Phreakers or people tampering with their equipment? That is pretty messed up. So long as my ass is clean, I really hope you get the idiot. I am curious -- Is he a phone company employee? How did he get into the system? [Killer/USAlliance] - FW:301/486-4515 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 96 of 98 7/4/89 at 2:26 am Subj: Things......... Sect: General Messages From: Hellraiser Would I be correct to assume that this board is completely "private." At any rate, I would be interested in knowing who this person causing the disturbance is/was (drop a hint). Numb: 97 of 98 7/4/89 at 6:33 pm Subj: Jesus... Sect: General Messages From: The Disk Jockey Geez... Someone learns a few LMOS commands and they seem obsessed with doing stupid things. I have absolutely no idea why people would act wary towards Havoc, I am sure that I and anyone else who ran a board would, given the chance, burn the person disrupting the system. What the hell did you think? Havoc should just let it slide? I think not. People like that (doers of such cute call forwarding things) should be screwed. They are the people that give you a bad reputation. -The Disk Jockey I hope he gets nailed, I just find it hard to believe that he left any information that could lead back to him, as someone who was at least smart enough to get into an LMOS or equivalent could have at least some common sense, but I suppose his acts dictate otherwise. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Numb: 98 of 98 7/4/89 at 7:21 pm Subj: Well... Sect: General Messages From: Microchip When it was on interchat, it said Major Havoc was fed up and it was going to do this until we all calmed down - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - For those who never found out, the perpetrator of the call forwarding was none other than SuperNigger (who is also responsible for crashing Black Ice). There never was any solid proof that could be used and any comments about him leaving a trail to follow back to him were bluffs. -KL _______________________________________________________________________________ Conman Loses Prison Phone Privileges September 23, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ About a year ago there was a plot to steal $69 million from the First National Bank of Chicago through a fraudulent wire-transfer scheme masterminded by a man named Armand Moore. Using the telephone and a computer -- the tools of his trade, Mr. Moore planned to transfer money from the accounts of corporate customers at First National to his account in Switzerland. He needed some inside help to bring it off, and he found two young guys in the wire transfer room at the bank who were willing to help. Both of the clerks were fellows in their early twenties, who had worked for the bank a couple years each. Both had come from families living in a ghetto neighborhood on the south side of Chicago; but their families had raised them to be honest. Both had been average high school students; neither had any previous criminal record of any sort; both had been given a break by an employer who treated them fairly and allowed them to rise to positions of trust: handling huge sums of money -- about a hundred million dollars a day -- in the wire-transfer unit at the bank. Both showed great promise; then Armand Moore came along. Moore wined and dined these two kids; showed them the best of times and what it was like to have a fancy apartment in a wealthy neighborhood instead of living with your parents in an inner-city ghetto. Its not that they weren't guilty -- after all, they did provide the secret passwords and phrases which bank employees say to one another on the telephone, and they did press the buttons which sent $69 million dollars on its way to Europe -- but they would not have done it if Armand Moore had not been there. So instead of a career at the bank, the guys exchanged it for an indictment for bank fraud; loss of their jobs; humiliation for themselves and their families; and the right to say "convicted of bank fraud" on future job applications. Naturally, they are blacklisted in the banking and computer industries for the rest of their lives. One of the guys said Armand had promised to give him money to buy his mother a new coat. The job at First National was bungled as we all know, two young guys had their lives ruined, and the court took all this into consideration when Armand Moore was sentenced to ten years in prison last June. But as Paul Harvey would say, "...then there is the rest of the story...." It seems Armand Moore was no stranger to bank fraud. He had previously pulled a couple of smaller jobs, using a telephone and a computer to net about a million dollars from two banks in the Detroit area. The FBI had not previously connected him with those jobs. He had this money stashed away, waiting for him when he got released from prison, which in this latest scheme, would be a lot sooner than the government expected. Mr. Moore is the sort of fellow who could sell the proverbial ice-box to an Eskimo... or a newspaper subscription to a blind man... he can get anybody to do anything it seems... by flirting with them, showering them with attention, and if necessary, just bribing them. Now two more lives have been ruined by Armand Moore, and his only regret is he got caught. Since his trial in June, Armand Moore has been a guest of the government at the federal penitentiary in downtown Chicago. As a long term resident, he's gotten to know a lot of the folks, including the employees of the prison. In particular, he got to be very good friends with Randy W. Glass, age 28, an employee of the prison in the computer facility there. Glass' duties include entering data into the prison computer about the inmates, their sentences and other data. Oh... is the story becoming clearer now? Glass and his wife live in Harvey, IL, a middle class suburb on the south side of Chicago. It seems like so many other people who meet Armand Moore, Glass enjoyed the company of this older, very sophisticated and friendly chap. After several meetings in the past three months, Glass was finally seduced by Moore's money, like everyone else who meets him. That, plus his pleasant manners, his smooth conversation and his assurance that nothing could go wrong led to Glass finally agreeing to accept a $70,000 bribe in exchange for punching a few buttons on the computer to show Armand Moore's sentence was complete; him and a couple other inmates who were sharing the same room at the prison. Just change a few details, punch a few buttons -- and to be on the safe side, do it from home with your modem and terminal, using the Warden's password which I just happen to have and will give to you in exchange for your cooperation. $70,000 was hard to resist. But Glass was a prudent man, and he asked what guarantee would he have of payment once Armand Moore was released. After all, hadn't he promised those fellows at the bank all sorts of things and then tried to skip town immediately when he thought the transfer had gone through? He would even cheat his fellow crooks, wouldn't he? Moore offered a $20,000 "down payment" to show his intentions. A confederate outside the prison would meet Glass' wife and give her the money. Then the job would be done, and following Moore's untimely release from the joint, the rest would be paid. The deal was made, alleges the government, and Armand Moore used a pay phone at the prison that day to call his stepsister and have her arrange to meet Mrs. Glass. The money would be exchanged; Glass was off two days later and would make the necessary "adjustments" from his home computer; the prison roll would reflect this on the next morning's roster of prisoners with the notation "Time Served/Release Today." They would meet that evening and exchange the rest of the money. All telephones at the prison, including the public pay phones, are subject to monitoring. A sign on each pay phone advises that "your call may be monitored by an employee authorized to do so." The FBI alleges that recordings were made of Moore on the phone telling his stepsister that she should "...work with Randy, a person affiliated with the law..." and that she would meet Mrs. Glass the next day. With a court ordered tap obtained a few minutes later, the FBI heard Stephanie Glass agree to meet Moore's stepsister at 5:45 AM the next morning in a parking lot in Richton Park, IL. At the appointed time the next morning, the two cars met in the parking lot, and the FBI alleges the one woman handed the other a package containing $20,000 in cash. The FBI videotaped the meeting and waited until Mrs. Glass had driven away. They followed her home, and arrested her at that time. Randy Glass was arrested at the prison when he arrived for work about an hour later. Armand Moore was arrested in his cell at the prison once Glass had been taken into custody. To do it the other way around might have caused Glass to get tipped off and run away. On Thursday, September 21, 1989 Mr. & Mrs. Glass and Armand Moore appeared before United States Magistrate Joan Lefkow for arraignment and finding of probable cause. Finding probable cause, she ordered all three held without bail at the prison until their trial. Randy Glass is now, so to speak, on the wrong side of the bars at the place where he used to work. He was suspended without pay at the time of his arrest. At the hearing, Magistrate Lefkow directed some particularly acid comments to Mr. Moore, noting that he was forbidden to ever use the telephone again for any reason for the duration of his confinement, and was forbidden to ever be in the vicinity of the computer room for any reason, also for the duration. She noted, "...it seems to me you continue to seek the conspiracy's objectives by using the telephone, and convincing others to manipulate the computer..." you stand here today and show no remorse whatsoever except that you were caught once again. Your prison record notes that on two occasions, prison staff have observed you using the telephone and "...pressing the touchtone buttons in a peculiar way during the call..." and that you were counseled to stop doing it. I will tell you now sir that you are not to use the telephone for any reason for the remainder of your current sentence. I find probable cause to hold you over for trial on the charge of bribery of a government employee. Stay away from the phones and computers at the prison Mr. Moore!" Like Gabriel Taylor at the First National Bank, neither Randy Glass or his wife had any prior arrest record or conviction. In a foolish moment of greed, spurred on by a friendly fellow who Randy really enjoyed talking to "...because he was so smart and well-educated..." they now get to face prison and the loss of everything in their lives. When all three were leaving the courtroom Thursday, Armand Moore snickered and smiled at the audience. He'll find other suckers soon enough. _______________________________________________________________________________ Downloaded From P-80 International Information Systems 304-744-2253 12yrs+