==Phrack Inc.== Volume Three, Issue Thirty-one, Phile #10 of 10 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN Issue XXXI, Part Three PWN PWN Compiled by Phreak_Accident PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Comp.dcom.telecom ----------------- The following is excerpts from comp.dcom.telecom regard the now "Infamous" Legion Of Doom busts. I know most of you have seen some of these somewhere-sometime, but I thought I would try to get these out for those unfortunate souls that don't have Usenet access. I know there have been many controversies over the following material and the busts as a whole -- Henceforth, Phrack Inc. will not comment on any of such busts. Mainly because we don't want to jeopardize any current investigations concerning LOD and others. Leave it alone. It's old news. Let this sum it up for you guys and then forget about it. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Newsgroups: comp.dcom.telecom Subject: CBS News Special Report - "The Busting of The Mentor" Message-ID: <4747@accuvax.nwu.edu> Date: 5 Mar 90 06:11:49 GMT Sender: news@accuvax.nwu.edu Organization: Capital Area Central Texas Unix Society, Austin, TX Lines: 37 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 145, Message 6 of 6 ...I've just gotten a new update on the Mentor's recent apprehension by the Feds. Thought you might like to hear something as close to as direct from the Mentor as possible under the circumstances. From: Daneel Olivaw #96 @5283 Date: Sun Mar 04 19:55:28 1990 I'll have to play the Mentor for now (with permission granted). If you haven't heard the rumors, here is the truth. The Mentor was awakened at 6:30am on Thursday (3/1/90) with the gun of a Secret Service agent pointed at his head. The SS proceded to search and seize for the next 4 1/2 hours. Things taken include an AT with 80mb HD, HP LaserJet II, various documents, and other thing. They then proceded to raid his office at work, and sieze the computer and laser printer there. Lost in the shuffle was a complete novel (being written and due in 2 weeks), and various other things. Across town: Those of you who know Erik Bloodaxe, he was also awakened, and his house searched. Neither have been charged with anything, but they expect to at least be called as witnesses at the case of the Phrack Boys (Knight Lightning and Tarren King) in Chicago April 15. Apparently, they did a shoddy job, as they tagged a book that Mentor had borrowed from me (Quarterman's "The Matrix"), and then forgot to take it, oh well.... It ain't lookin so lovely. Also the UT computer systes are under *VERY* close watch, as they were/are being hacked on by hackers around the world, including some in Australia, and England. OM From: cosell@bbn.com (Bernie Cosell) Newsgroups: comp.dcom.telecom Subject: Keeping Copies of Illegal Things (was Re: Jolnet, Again) Message-ID: <4725@accuvax.nwu.edu> Date: 4 Mar 90 04:36:50 GMT Sender: news@accuvax.nwu.edu Organization: TELECOM Digest Lines: 52 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 143, Message 3 of 8 }TELECOM Digest Sat, 3 Mar 90 20:45:00 CST Special: Jolnet, Again This isn't misc.legal, and this isn't the time to be excessively picky and critical, but: }Here is how he told the tale of the '911 software': }The software showed up on his system one day, almost two years ago. It }came to him from netsys, where Len Rose was the sysadmin. According to }Andrews, when he saw this file, and realized what it was, he knew the }thing to do was to 'get it to the proper authorities as soon as }possible',... }ME> "After you passed it along to Boykin, did you then destroy the }file and get it off your site?" }RA> "Well, no... I kept a copy also." It strikes me that this is a KEY faux pas, regardless of good intentions or not. }But then, said Andrews, a funny thing happened several months later. }The folks at AT&T, instead of being grateful for the return of their }software came back to Andrews to (in his words) 'ask for it again.' }Somehow, they either never got it the first time; got it but suspected }there were still copies of it out; or were just plain confused. Just so, and if RA *supplied* another copy, I suspect they'd interpret that as pretty convincing evidence that it WAS further distributed, and with RA's knowledge. I know that they didn't actually contact him and ask/tell him to expunge all copies of the stuff, but his actions clearly demonstrated his knowledge of just what it was he was messing with, and I think they could easily show that he incurred an obligation to act prudently with it, or else [just guessing now] he could be liable to being an accessory after the fact. }So he was contacted by the feds about a year ago, and it was at that }point he decided it was in his best interest to cooperate with any }investigation going on. Perhaps his sudden cooperation was less out of pangs of conscience that it might have appeared... [not to besmirch his motives here, only to point out that a call from the FBI pointing out that while you may not have really DONE anything, your actions _could_ end up landing you in court with some serious potential badness going down (and none of this untested cheesiness about the the technicalities of bbs's and such... nice mainstream legal liability), could be pretty persuasive at converting a concerned, but out-of-the-loop, citizen into an active helper]. /Bernie\ From: dattier@chinet.chi.il.us (David Tamkin) Newsgroups: comp.dcom.telecom Subject: Seizures Spreading Message-ID: <4724@accuvax.nwu.edu> Date: 4 Mar 90 05:55:20 GMT Sender: news@accuvax.nwu.edu Organization: TELECOM Digest Lines: 15 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 143, Message 2 of 8 News is that Illuminati BBS, a system run by a company named Steve Jackson Games somewhere in Texas, was also shut down and its equipment seized by the federal government because two suspected Legion of Doom members were among its users. [Moderator's Note: And I suspect the raids will continue during the next week or two. I wonder which sites will be next? Each place they raid, the local crackers point their fingers at each other like naughty children, and to make themselves seem like the good guys they say, "Have you talked to so-and-so yet?". Let's see now: netsys, jolnet, attctc, illuminati, (your name here?)... Apparently even getting rid of incriminating evidence won't work any longer, if someone upstream of you tattled. PT] From: mosley@peyote.cactus.org (Bob Mosley III) Newsgroups: comp.dcom.telecom Subject: Austin, TX BBS Shut Down From Joinet Bust Fallout Message-ID: <4723@accuvax.nwu.edu> Date: 4 Mar 90 17:22:26 GMT Sender: news@accuvax.nwu.edu Organization: Capital Area Central Texas Unix Society, Austin, TX Lines: 28 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 143, Message 1 of 8 This hit most BBS's in the Austin area on Thursday. It's believed the bust came down Wednesday morning. In a nutshell, here's what happened: Wednesday morning, Feb. 28, the offices of Steve Jackson Games, inc., were raided by FBI and Secret Service officials. The establishment was shit down, and all computer systems, including the Illuminati BBS, were confiscated. At that time, a 'retired' member of the LoD, who was identified as 'The Mentor' was arrested. The charges reportedly are related to the recent 911 bust that has shut down joinet and attatc (or whatever Killerused to be called). His home system was confiscated, complete with an entire collection of "Phrack" issues and related paraphanalia. As of this writing, the Mentor is reportedly out on bail, sans system and network connection. The Illuminati BBS is still down, although SJ Games is back in operation, and no charges have been filed against any of the employees other than The Mentor. The systems owned by SJ Games have not been returned as of this writing. Finally, rumors were trickling in early this morning (Saturday, 3/4) that two BBS's in Dallas, three in Houston, and one in San Antonio were busted by the same authorites in relation to the same case. [in light of the Mentor's posted defense of the LoD, I kinda thought you'd like to see this one! - OM] From: telecom@eecs.nwu.edu (TELECOM Moderator) Newsgroups: comp.dcom.telecom Subject: Jolnet, Again Message-ID: <4701@accuvax.nwu.edu> Date: 4 Mar 90 02:45:00 GMT Sender: news@accuvax.nwu.edu Organization: TELECOM Digest Lines: 350 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Special: Jolnet, Again TELECOM Digest Sat, 3 Mar 90 20:45:00 CST Special: Jolnet, Again Today's Topics: Moderator: Patrick Townson Re: AT&T Sourcecode: Poison! (Chip Rosenthal) Jolnet Seizure (Mike Riddle) Article Regarding JOLNET/e911/LoD/Phrack (Ben Rooney) A Conversation With Rich Andrews (TELECOM Moderator) Killer/attctc Permanently Down (Charlie Boykin) ---------------------------------------------------------------------- From: Chip Rosenthal Subject: Re: AT&T Sourcecode: Poison! Date: 3 Mar 90 00:00:00 GMT Organization: Unicom Systems Development, Austin (yay!) [Moderator's Note: Original date of 2/25 changed to prevent premature expiration. PT] You've got a lot of nerve, Patrick. telecom@eecs.nwu.edu (TELECOM Moderator) writes: >We're told by a deep-throat type that AT&T is on the war path about >their software [...] Like jolnet, netsys went down abruptly, with >*everything* confiscated [...] Now comes news that attcdc [sic], formerly >known as killer went off line in a hurry..... Yessir, after all your complaints about that about anonymous Legion of Doom message, this is a really crummy thing to post. Based upon unattributed conversations, you imply that Len Rose and Charlie Boykin were involved in wrongdoing which lead to the shutdown of their systems. I don't know Len personally, but have had uucp connections with him in the past. Charlie, on the other hand, I do know personally. He is very well regarded in the Dallas/Fort Worth area, and was voted "1989 DFW Administrator of the Year" by the DFW lunch-bunch...errr....DFW Association of Unix System Administrators. You have cast some crummy aspersions towards these guys. Since I know them, I will wait for the facts to come in. Others who don't know them could very well jump to conclusions on the basis of this posting. Was this message really called for? Chip Rosenthal | Yes, you're a happy man and you're chip@chinacat.Lonestar.ORG | a lucky man, but are you a smart Unicom Systems Development, 512-482-8260 | man? -David Bromberg ------------------------------ Date: Wed, 28 Feb 90 21:38:39 EST From: Mike Riddle Subject: Jolnet Seizure Reply-to: Mike.Riddle@p6.f666.n285.z1.fidonet.org Organization: DRBBS Technical BBS, Omaha, Ne. 402-896-3537 Has anyone tried a novel legal approach to the case of equipment seizure as "evidence"? As I remember the Electronic Communications Privacy Act, it contains specific procedures for authorities to obtain copies/listings of data on a system (which system may have been used for illegal purposes, but whose operator is not at the moment charged). From this I think a creative attorney could construct an argument that the national policy was not to seize equipment, merely to obtain all the information contained therein. After all, it's the data that caused any harm. Also, the Federal Rules of Evidence, and most state rules, provide that computer generated copies are "originals" for evidentiary purposes. I hope that someone close enough to the scene can keep us informed about what is happening on this one. {standard disclaimer goes here--don't pay any attention to me!} --- Ybbat (DRBBS) 8.9 v. 3.07 r.1 * Origin: [1:285/666.6@fidonet] The Inns of Court, Papillion, NE (285/666.6) --- Through FidoNet gateway node 1:16/390 Mike.Riddle@p6.f666.n5010.z1.fidonet.org ------------------------------ From: brooney@sirius.uvic.ca Date: 3 Mar 90 2:36 -0800 Subject: Article Regarding JOLNET/e911/LoD/Phrack The following is an article I received five days ago which contains, to my knowledge, information as yet unpublished in comp.dcom.telecom regarding the ongoing JOLNET/e911/LoD discussion. It was printed in a weekly magazine with a publishing date of Feb. 27 but other than that I have no exact idea of when the events mentioned herein took place. - Ben Rooney MISSOURI STUDENT PLEADS INNOCENT TO 911 CHARGES [Knight Lightning], a 19-year-old University of Missouri student, has pleaded not guilty to federal allegations that he invaded the 911 emergency phone network for 9 states. As reported earlier, he was indicted this month along with [The Prophet], 20, of Decatur, Ga. Both are charged with interstate transportation of stolen property, wire fraud, and violations of the federal Computer Fraud and Abuse Act of 1986. Prosecutors contend the two used computers to enter the 911 system of Atlanta's Bell South, then copied the program that controls and maintains the system. The stolen material later allegedly was published on a computer bulletin board system operating in the Chicago suburb of Lockport. Authorities contend Neidorf edited the data for an electronic publication known as "Phrack." According to Associated Press writer Sarah Nordgren, in a recent hearing on the case Assistant U.S. Attorney William Cook was granted a motion to prevent the 911 program from becoming part of the public record during the trial. U.S. District Judge Nicholas Bua set April 16 for a trial. The 911 system in question controls emergency calls to police, fire, ambulance and emergency services in cities in Alabama, Mississippi, Georgia, Tennessee, Kentucky, Louisiana, North Carolina, South Carolina and Florida. --------------------------------------- Article from "A Networker's Journal" by Charles Bowen. Info-Mat Magazine (Vol. 6, No. 2) [Moderator's Note: {Info-Mat Magazine}, by the way, is the excellent electronic journal distributed on many BBS machines throughout the United States who are fortunate enough to be accepted as part of the magazine's distribution network. I personally wish it was distributed on Usenet as well: it is well written and very informative. PT] ------------------------------ Date: Sat, 3 Mar 90 19:34:54 CST From: TELECOM Moderator Subject: A Conversation With Rich Andrews After the first articles appeared here relating to the seizure of Jolnet, and the indictment of some people for their part in the theft of '911 software', I got various messages from other folks in response. Some were published, while others were just personal correspondence to me. One from Chip Rosenthal was held over, and is included in this special issue today. One writer, whose comments were attributed to 'Deep Throat' spent some time on two occassions on the phone, in a conference call between himself, David Tamkin and myself. What was lacking in the several messages which appeared over the past week were comments from Rich Andrews, system administrator of Jolnet. I got one note from someone in Canada who said Andrews wanted to speak with me, and giving a phone number where I could call Andrews at his place of employment. I put in a call there, with David Tamkin on the other line and had a long discussion with Andrews, who was aware of David being on the line with me. I asked Andrews if he had any sort of net access available to him at all -- even a terminal and modem, plus an account on some site which could forward his mail to telecom. You see, I thought, and still think it is extremely important to include Rich Andrews in any discussion here. He assured me he did have an account on a Chicago area machine, and that a reply would be forthcoming within hours. I had a second conversation with him the next morning, but without David on the line. He again told me he would have a response to the several articles written in the Digest ready and in the email 'very soon'. This was on Wednesday morning, and we estimated his message would be here sometime later in the day -- certainly by midnight or so, when I am typically working up an issue of the Digest. Midnight came and went with no message. None showed up Thursday or Friday. I deliberatly withheld saying anything further in the hopes his reply would be here to include at the same time. I guess at this point we have to go on without him. When David Tamkin and I talked to him the first time, on Tuesday evening this past week, the first thing Andrews said to us, after the usual opening greetings and chitchat was, "I've been cooperating with them for over a year now. I assume you know that." We asked him to define 'them'. His response was that 'them' was the United States Secret Service, and the Federal Bureau of Investigation. He said this without us even asking him if he was doing so. We asked him to tell us about the raid on his home early in February. He said the agents showed up that Saturday afternoon with a warrant, and took everything away as 'evidence' to be used in a criminal prosecution. ME> "If you have been working and cooperating with them for this long, why did they take your stuff?" RA> "They wanted to be sure it would be safe, and that nothing would be destroyed." ME> "But if you wanted to simply keep files safe, you could have taken Jolnet off line for a few weeks/months by unplugging the modems from the phone jacks, no? Then, plugged in a line when you wanted to call or have a trusted person call you." RA> "They thought it was better to take it all with them. It was mostly for appearance sake. They are not charging me with anything." ME> "Seems like a funny way to treat a cooperative citizen, at least one who is not in some deep mess himself." He admitted to us that several crackers had accounts on Jolnet, with his knowledge and consent, and that it was all part of the investigation going on ... the investigation he was cooperating in. Here is how he told the tale of the '911 software': The software showed up on his system one day, almost two years ago. It came to him from netsys, where Len Rose was the sysadmin. According to Andrews, when he saw this file, and realized what it was, he knew the thing to do was to 'get it to the proper authorities as soon as possible', so he chose to do that by transferring it to the machine then known as killer, a/k/a attctc, where Charlie Boykin was the sysadmin. Andrews said he sent it to Boykin with a request that Boykin pass it along to the proper people at AT&T. ME> "After you passed it along to Boykin, did you then destroy the file and get it off your site?" RA> "Well, no... I kept a copy also." ME> "Did Charlie Boykin pass it along to AT&T as you had requested?" RA> "I assume he did." But then, said Andrews, a funny thing happened several months later. The folks at AT&T, instead of being grateful for the return of their software came back to Andrews to (in his words) 'ask for it again.' Somehow, they either never got it the first time; got it but suspected there were still copies of it out; or were just plain confused. So he was contacted by the feds about a year ago, and it was at that point he decided it was in his best interest to cooperate with any investigation going on. Andrews pointed out that the '911 software' was really just ".... a small part of what this is all about..." He said there was other proprietary information going around that should not be circulating. He said also the feds were particularly concerned by the large number of break-ins on computers which had occurred in the past year or so. He said there have been literally "....thousands of attempts to break into sites in the past year....", and part of his cooperation with the authorities at this time dealt with information on that part of it. We asked him about killer/attctc: ME> "You knew of course that killer went off line very abruptly about a week ago. What caused that? It happened a week or so after the feds raided you that Saturday." RA> "Well the official reason given by AT&T was lack of funds, but you know how that goes...." Now you'd think, wouldn't you, that if it was a funding problem -- if you can imagine AT&T not having the loose change in its corporate pocket it took to provide electrical power and phone lines to attctc (Charlie got no salary for running it) -- that at least an orderly transition would have taken place; i.e. an announcement to the net; an opportunity to distribute new maps for mail and news distribution, etc; and some forthcoming shut down date -- let's say March 1, or April 1, or the end of the fiscal year, or something.... But oh, no... crash boom, one day it is up, the next day it is gone. ME> "What do you know about the temporary suspension of killer some time ago? What was that all about?" RA> "It was a security thing. AT&T Security was investigating Charlie and some of the users then." Andrews referred to the previous shutdown of killer as 'a real blunder by AT&T', but it is unclear to me why he feels that way. We concluded our conversation by Andrews noting that "there is a lot happening out there right now." He said the [Phrack] magazine distribution, via netsys, attctc and jolnet was under close review. "One way to get them (crackers) is by shutting down the sites they use to distribute stuff..." And now, dear reader, you know everything I know on the subject. Well, almost everything, anyway.... From other sources we know that Len Rose of netsys was in deep trouble with the law *before* this latest scandal. How deep? Like he was ready to leave the country and go to the other side of the world maybe? Like he was in his car driving on the expressway when they pulled him over, stopped the car and placed him under arrest? Deep enough? This latest thing simply compounded his legal problems. Patrick Townson ------------------------------ Date: Fri Mar 2 06:59:23 1990 From: Charlie Boykin Subject: Killer/attctc Is Permanently Down Hello, Regarding a couple of things as well as a message from Bill Huttig. The system WAS shut down a couple of years ago - for three weeks - as part of a security inquiry. It has been in continous operation since. On July 4, 1989, it was moved to a Customer Demonstration location at the Dallas Infomart and the node name changed to attctc (for AT&T Customer Technology Center). The system was closed down on February 20, 1990 after 5 years of operation. There are no charges pending and the "management" of the system have been ostensibly cleared of any illegal activities. As of now, there are no intentions of returning the system to service. There are hopeful plans and proposals that could conceivably result in the system being placed back in service in a different environment and under different management. Respectfully, Charles F. Boykin Formerly sysop\@attctc (killer) ------------------------------ End of TELECOM Digest Special: Jolnet, Again ****************************** --------------- [reprinted without permission from the Feb. 12th, 1990 issue of Telephony] ALLEGED HACKERS CHARGED WITH THEFT OF 911 DATA Dawn Bushaus, Assistant Editor Four alleged computer hackers were indicted last week on charges that they schemed to steal and publish proprietary BellSouth Corp. emergency data. The alleged activity could have produced disruptions in 911 networks nationwide, according to federal officials. The case could raise new concerns about the security of local exchange carriers' internal computer networks, which house data records on customers, equipment and operations. "Security has always been a concern for the telephone companies," said Peter Bernstein, an analyst with Probe Research. "If you can crack the 911 system, what does that say about the operational support system or the billing system?" A federal grand jury in Chicago handed down two indictments charging [The Prophet], 20, of Decatur, Ga., and [Knight Lightning], 19, of Chesterfield, Mo., with wire fraud, violations of the 1986 Computer Fraud Act and interstate transportation of stolen property. Facing similar criminal charges in Atlanta are [The Urvile], 22, and [The Leftist], 23. The four, alleged to be part of a closely knit group of hackers calling themselves the Legion of Doom, reportedly participated in a scheme to steal the BellSouth 911 data, valued at $80,000, and publish it in a hacker magazine known as "Phrack." The Legion of Doom reportedly is known for entering telephone companies' central office switches to reroute calls, stealing computer data and giving information about accessing computers to fellow hackers. According to the Chicago indictment, XXXXX, also known as "The Prophet," stole a copy of the BellSouth 911 program by using a computer outside the company to tap into the BellSouth computer. Riggs then allegedly transferred the data to a computer bulletin board in Lockport, Ill. XXXXXXX, also known as "Knight Lightning," reportedly downloaded the information into his computer at the University of Missouri, Columbia, where he edited it for publication in the hacker magazine, the indictment said. The indictment also charges that the hackers disclosed the stolen information about the operation of the enhanced 911 system to other hackers so that they could illegally access the system and potentially disrupt or halt other systems across the country. The indictments followed a year-long investigation, according to U.S. Attorney Ira Raphaelson. If convicted, the alleged hackers face 31 to 32 years in prison and $122,000 in fines. A BellSouth spokesman said the company's security system discovered the intrusion, which occurred about a year ago, and the company then notified federal authorities. Hacker invasion in the BellSouth network is very rare, the spokesman said, adding that the company favors "stringent laws on the matter." The indictment solicited concern about the vulnerability of the public network to computer hacking. ---------------- From: MM02885@swtexas.bitnet Newsgroups: comp.dcom.telecom Subject: Re: Hacker Group Accused of Scheme Against BellSouth Message-ID: <4153@accuvax.nwu.edu> Date: 20 Feb 90 11:16:00 GMT Sender: news@accuvax.nwu.edu Organization: TELECOM Digest Lines: 95 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 118, message 3 of 6 <<< SYS$ANCILLARY:[NOTES$LIBRARY]GENERAL.NOTE;1 >>> -< General Discussion >- ============================================================================== Note 155.6 the MENTOR of the tree tops 6 of 6 SWT::RR02026 "Ray Renteria [ F L A T L I N E ] " 89 lines 20-FEB-1990 00:18 -< Life, The Universe, & LOD >- To set the record straight, a member of LOD who is a student in Austin and who has had his computer account at UT subpoenaed by the DA out of Chicago because of dealings with the above happenings: My name is Chris, but to the computer world, I am Erik Bloodaxe. I have been a member of the group known as Legion of Doom since its creation, and admittedly I have not been the most legitimate computer user around, but when people start hinting at my supposed Communist-backed actions, and say that I am involved in a world-wide consipracy to destroy the nations computer and/or 911 network, I have to speak up and hope that people will take what I have to say seriously. Frank, Rob and Adam were all definately into really hairy systems. They had basically total control of a packet-switched network owned by Southern Bell (SBDN)...through this network they had access to every computer Southern Bell owned...this ranging from COSMOS terminals up to LMOS front ends. Southern Bell had not been smart enough to disallow connections from one public pad to another, thus allowing anyone who desired to do so, the ability to connect to, and seize information from anyone else who was using the network...thus they ended up with accounts and passwords to a great deal of systems. This was where the 911 system came into play. I don't know if this system actually controlled the whole Southern Bell 911 network, or if it was just a site where the software was being developed, as I was never on it. In any case, one of the trio ended up pulling files off of it for them to look at. This is usually standard proceedure: you get on a system, look around for interesting text, buffer it, and maybe print it out for posterity. No member of LOD has ever (to my knowledge) broken into another system and used any information gained from it for personal gain of any kind...with the exception of maybe a big boost in his reputation around the underground. Rob took the documentation to the system and wrote a file about it. There are actually two files, one is an overview, the other is a glossary. (Ray has the issue of PHRACK that has the files) The information is hardly something anyone could possibly gain anything from except knowledge about how a certain aspect of the telephone company works. The Legion of Doom used to publish an electronic magazine called the LOD Technical Journal. This publication was kind of abandoned due to laziness on our part. PHRACK was another publication of this sort, sent to several hundred people over the Internet, and distributed widely on bulletin boards around the US. Rob sent the files to PHRACK for the information to be read. One of PHRACK's editors, Craig, happened to be the one who received the files. If Rob had sent the files to one address higher, Randy would have been the one who would probably be in trouble. In anycase, Craig, although he may have suspected, really had no way to know that the files were propriatary information and were stolen from a Southern Bell computer. The three Atlanta people were busted after having voice and data taps on their lines for 6 months. The Phrack people were not busted, only questioned, and Craig was indicted later. What I don't understand is why Rob and Craig are singled out more often than any other people. Both of them were on probation for other incidents and will probably end up in jail due to probation violations now. Frank and Adam still don't know what is going on with their cases, as of the last time I spoke with them. The whole bust stemmed from another person being raided and rolling over on the biggest names he could think of to lighten his burden. Since that time, Mr. William Cook, the DA in Chicago, has made it his life's goal to rid the world of the scourge of LOD. The three Atlanta busts, two more LOD busts in New York, and now, my Subpoena. People just can't seem to grasp the fact that a group of 20 year old kids just might know a little more than they do, and rather than make good use of us, they would rather just lock us away and keep on letting things pass by them. I've said this before, you cant stop burglars from robbing you when you leave the doors unlocked and merely bash them in the head with baseball bats when they walk in. You need to lock the door. But when you leave the doors open, but lock up the people who can close them for you another burglar will just walk right in. If anyone really wants to know anything about what is going on or just wants to offer any opinions about all this directly to me, I'm erikb@walt.cc.utexas.edu but my account is being monitored so don't ask anything too explicit. ->ME ----------- Well, as some of you may already know, the people that put out Phrack were busted recently. Up until now, details were scarce, but things are starting to appear in the news. [reprinted without permission from the Milwaukee Journal Wed. Feb. 7th] Chicago, Ill. - AP - A computer hacker broke into the 911 emergency telephone network covering nine states in the South and another intruder passed on the access data to other hackers, authorities said. [The Prophet], 20, of Decatur, GA., and [Knight Lightning], 19, of Chesterfield, MO., were indicted Tuesday by a federal grand jury and accused of computer crimes, said acting US Atty. Ira H. Raphaelson. He said Riggs was a member of the so-called Legion of Doom hackers group, whose members are involved in numerous illegal activities. Riggs and two other alleged members also were indicted in Atlanta and charged in other computer break-ins. The government would not say if any emergency calls were disrupted or whether other damage was done during the tampering. ------------ Name: The Prophet #104 Date: Tue Feb 06 23:55:15 1990 Imagine that you're deaf, dumb, blind, and paralyzed from the neck down and totally unable to experience or communicate with the outside world. How long could you retain your sanity? How many of you would choose to die instead? How many of you think you could muster the willpower to create your own little mental world to live in for the rest of your life, and how long do you think the hospital would wait before putting you out of your misery? -The Prophet ------------ Name: The Mentor #1 Date: Sat Jan 20 02:58:54 1990 Welp, Phrack magazine is dead. Those of you who pay attention to BITNET know that the phrack accounts at U of M have been shut down. The story is as follows... Government agents (not sure of the dept., probably SS) have apparently been monitoring the e-mail of the Phrack kids (Knight Lightning & Taran King) for some time now. Apparently, a portion of a file sent to them (and subsequently published) contained copyrighted information. This is all they needed. They have now seized the entire Phrack net mailing list (over 500 accounts), plust every piece of information that Randy & Craig have (and they have a *LOT*) on real names, addresses and phone numbers. This is evolving directly out of the busts of three LOD members (Urvile, Leftist & Prophet). The Prophet (who is on probation) is apparently being threatened with a prison term if he doesn't cooperate. We don't know for sure if he cooperated or not, but what would you do in the same position? The same officials are apparently *VERY* interested in our co-sys, Mr. Bloodaxe. His net account is being watched, etc. I'll let him tell the story. board only. I will be adding a secure (and I mean fucking secure) encryption routine into the e-mail in the next 2 weeks - I haven't decided exactly how to implement it, but it'll let two people exchange mail encrypted by a password only know to the two of them. Hmmmm... carry this conversation to the programming board. Anyway, I do not think I am due to be busted, but then again, I don't do anything but run a board. Still, there is that possibility. I assume that my lines are all tapped until proven otherwise. There is some question to the wisdom of leaving the board up at all, but I hae (have) personally phoned several government investigators and invited them to join us here on the board. If I begin to feel that the board is putting me in any kind of danger, I'll pull it down with no notice - I hope everyone understands. It looks like it's sweeps-time again for the feds. Let's hope all of us are still around in 6 months to talk about it. The Mentor Legion of Doom! [Phoenix Project has been down for some time now.] --------------- Newsgroups: comp.dcom.telecom Subject: The Purpose and Intent of the Legion of Doom Message-ID: <4248@accuvax.nwu.edu> From: anytown!legion@cs.utexas.edu (Legion of Doom) Date: 22 Feb 90 04:42:04 GMT Sender: news@accuvax.nwu.edu Organization: Anytown USA Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 121, message 4 of 5 Lines: 51 [Moderator's Note: This anonymous message came in the mail today. PT] Well, I had to speak up. There has been a lot of frothing (mostly by people who believe everything that they read in the paper) about Legion of Doom. I have been involved in the group since 1987, and dislike seeing irresponsible press concerning our "plot to crash 911" or our "links to organized crime." LOD was formed to bring together the best minds from the computer underground - not to do any damage or for personal profit, but to share experiences and discuss computing. The group has *always* maintained the highest ethical standards of hacker (or "cracker," as you prefer) ethics. On many occasions, we have acted to prevent abuse of systems that were *dangerous* to be out - from government systems to Easter Seals systems. I have known the people involved in this 911 case for many years, and there was *absolutely* no intent to interfere with or molest the 911 system in any manner. While we have occasionally entered a computer that we weren't supposed to be in, it is grounds for expulsion from the group and social ostracism to do any damage to a system or to attempt to commit fraud for personal profit. The biggest crime that has been committed is that of curiosity. Kim, your 911 system is safe (from us, at least). We have been instrumental in closing many security holes in the past, and had hoped to continue to do so in the future. The list of computer security people who count us as allies is long, but must remain anonymous. If any of them choose to identify themselves, we would appreciate the support. I am among the people who no longer count themselves as "active" members of the group. I have been "retired" for well over a year. But I continue to talk to active members daily, and support the group through this network feed, which is mail-routed to other LODers, both active and accessible. Anyone who has any questions is welcome to mail us - you'll find us friendly, although a bit wary. We will also be glad to talk voice with anyone if they wish to arrange a time to call. In spite of all the media garbage, we consider ourselves an ethical, positive force in computing and computer security. We hope others will as well. The Mentor/Legion of Doom legion%anytown.uucp@cs.utexas.edu [Moderator's Note: As an 'ethical, positive force in computing', why can't you sign your name to messages such as the above? Usually I don't even consider anonymous messages for publication in the Digest; but your organization has a perfect right to tell your side of the story, and I am derelict if I don't print it. Real names and addresses go a long way toward closing credibility gaps here. PT] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - There you go. It's over now, forget it and move on. Nothing more to report on the subject that hasn't been printed, typed, spoken, or heard in the last couple of months. _______________________________________________________________________________ Phrack 31 - .end Downloaded From P-80 International Information Systems 304-744-2253 12yrs+