==Phrack Inc.== Volume Four, Issue Forty, File 13 of 14 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue 40 / Part 2 of 3 PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN MOD Indicted July 8, 1992 ~~~~~~~~~~~~ Taken from U.S. Newswire The following is the press release issued by the United States Attorney's Office in the Southern District of New York. Group of "Computer Hackers" Indicted First Use of Wiretaps in Such a Case NEW YORK -- A group of five "computer hackers" has been indicted on charges of computer tampering, computer fraud, wire fraud, illegal wiretapping, and conspiracy, by a federal grand jury in Manhattan, resulting from the first investigative use of court-authorized wiretaps to obtain conversations and data transmissions of computer hackers. A computer hacker is someone who uses a computer or a telephone to obtain unauthorized access to other computers. The indictment, which was filed today, alleges that Julio Fernandez, a/k/a "Outlaw," John Lee, a/k/a "Corrupt," Mark Abene, a/k/a "Phiber Optik," Elias Ladopoulos, a/k/a "Acid Phreak," and Paul Stira, a/k/a "Scorpion," infiltrated a wide variety of computer systems, including systems operated by telephone companies, credit reporting services, and educational institutions. According to Otto G. Obermaier, United States Attorney for the Southern District of New York, James E. Heavey, special agent in charge, New York Field Division, United States Secret Service, William Y. Doran, special agent in charge, Criminal Division, New York Field Division, Federal Bureau of Investigation, and Scott Charney, chief of the Computer Crime Unit of the Department of Justice, the indictment charges that the defendants were part of a closely knit group of computer hackers self-styled "MOD," an acronym used variously for "Masters of Disaster" and "Masters of Deception" among other things. The indictment alleges that the defendants broke into computers "to enhance their image and prestige among other computer hackers; to harass and intimidate rival hackers and other people they did not like; to obtain telephone, credit, information and other services without paying for them; and to obtain passwords, account numbers and other things of value which they could sell to others." The defendants are also alleged to have used unauthorized passwords and billing codes to make long distance telephone calls and to be able to communicate with other computers for free. Some of the computers that the defendants allegedly broke into were telephone switching computers operated by Southwestern Bell, New York Telephone, Pacific Bell, U.S. West and Martin Marietta Electronics Information and Missile Group. According to the indictment, such switching computers each control telephone service for tens of thousands of telephone lines. In some instances, the defendants allegedly tampered with the computers by adding and altering calling features. In some cases, the defendants allegedly call forwarded local numbers to long distance numbers and thereby obtained long distance services for the price of a local call. Southwestern Bell is alleged to have incurred losses of approximately $370,000 in 1991 as a result of computer tampering by defendants Fernandez, Lee, and Abene. The indictment also alleges that the defendants gained access to computers operated by BT North America, a company that operates the Tymnet data transfer network. The defendants were allegedly able to use their access to Tymnet computers to intercept data communications while being transmitted through the network, including computer passwords of Tymnet employees. On one occasion, Fernandez and Lee allegedly intercepted data communications on a network operated by the Bank of America. The charges also allege that the defendants gained access to credit and information services including TRW, Trans Union and Information America. The defendants allegedly were able to obtain personal information on people including credit reports, telephone numbers, addresses, neighbor listings and social security numbers by virtue of their access to these services. On one occasion Lee and another member of the group are alleged to have discussed obtaining information from another hacker that would allow them to alter credit reports on TRW. As quoted in the indictment, Lee said that the information he wanted would permit them "to destroy people's lives... or make them look like saints." The indictment further charges that in November 1991, Fernandez and Lee sold information to Morton Rosenfeld concerning how to access credit services. The indictment further alleges that Fernandez later provided Rosenfeld's associates with a TRW account number and password that Rosenfeld and his associates used to obtain approximately 176 TRW credit reports on various individuals. (In a separate but related court action, Rosenfeld pleaded guilty to conspiracy to use and traffic in account numbers of TRW. See below). According to Stephen Fishbein, the assistant United States attorney in charge of the prosecution, the indictment also alleges that members of MOD wiped out almost all of the information contained within the Learning Link computer operated by the Educational Broadcasting Corp. (WNET Channel 13) in New York City. The Learning Link computer provided educational and instructional information to hundreds of schools and teachers in New York, New Jersey and Connecticut. Specifically, the indictment charges that on November 28, 1989, the information on the Learning Link was destroyed and a message was left on the computer that said: "Happy Thanksgiving you turkeys, from all of us at MOD" and which was signed with the aliases "Acid Phreak," "Phiber Optik," and "Scorpion." During an NBC News broadcast on November 14, 1990, two computer hackers identified only by the aliases "Acid Phreak" and "Phiber Optik" took responsibility for sending the "Happy Thanksgiving" message. Obermaier stated that the charges filed today resulted from a joint investigation by the United States Secret Service and the Federal Bureau of Investigation. "This is the first federal investigation ever to use court- authorized wiretaps to obtain conversations and data transmissions of computer hackers," said Obermaier. He praised both the Secret Service and the FBI for their extensive efforts in this case. Obermaier also thanked the Department of Justice Computer Crime Unit for their important assistance in the investigation. Additionally, Obermaier thanked the companies and institutions whose computer systems were affected by the defendants' activities, all of whom cooperated fully in the investigation. Fernandez, age 18, resides at 3448 Steenwick Avenue, Bronx, New York. Lee (also known as John Farrington), age 21, resides at 64A Kosciusco Street, Brooklyn, New York. Abene, age 20, resides at 94-42 Alstyne Avenue, Queens, New York. Elias Ladopoulos, age 22, resides at 85-21 159th Street, Queens, New York. Paul Stira, age 22, resides at 114-90 227th Street, Queens, New York. The defendants' arraignment has been scheduled for July 16, at 10 AM in Manhattan federal court. The charges contained in the indictment are accusations only and the defendants are presumed innocent unless and until proven guilty. Fishbein stated that if convicted, each of the defendants may be sentenced to a maximum of five years imprisonment on the conspiracy count. Each of the additional counts also carries a maximum of five years imprisonment, except for the count charging Fernandez with possession of access devices, which carries a maximum of ten years imprisonment. Additionally, each of the counts carries a maximum fine of the greater of $250,000, or twice the gross gain or loss incurred. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - In separate but related court actions, it was announced that Rosenfeld and Alfredo De La Fe [aka Renegade Hacker] have each pleaded guilty in Manhattan Federal District Court to conspiracy to use and to traffic in unauthorized access devices in connection with activities that also involved members of MOD. Rosenfeld pled guilty on June 24 before Shirley Wohl Kram, United States District Judge. At his guilty plea, Rosenfeld admitted that he purchased account numbers and passwords for TRW and other credit reporting services from computer hackers and then used the information to obtain credit reports, credit card numbers, social security numbers and other personal information which he sold to private investigators. Rosenfeld added in his guilty plea that on or about November 25, 1991, he purchased information from persons named "Julio" and "John" concerning how to obtain unauthorized access to credit services. Rosenfeld stated that he and his associates later obtained additional information from "Julio" which they used to pull numerous credit reports. According to the information to which Rosenfeld pleaded guilty, he had approximately 176 TRW credit reports at his residence on December 6, 1991. De La Fe pled guilty on June 19 before Kenneth Conboy, United States District Judge. At his guilty plea, De La Fe stated that he used and sold telephone numbers and codes for Private Branch Exchanges ("PBXs"). According to the information to which De La Fe pleaded guilty, a PBX is a privately operated computerized telephone system that routes calls, handles billing, and in some cases permits persons calling into the PBX to obtain outdial services by entering a code. De La Fe admitted that he sold PBX numbers belonging to Bugle Boy Industries and others to a co-conspirator who used the numbers in a call sell operation, in which the co-conspirator charged others to make long distance telephone calls using the PBX numbers. De La Fe further admitted that he and his associates used the PBX numbers to obtain free long distance services for themselves. De La Fe said that one of the people with whom he frequently made free long distance conference calls was a person named John Farrington, who he also knew as "Corrupt." Rosenfeld, age 21, resides at 2161 Bedford Avenue, Brooklyn, N.Y. Alfredo De La Fe, age 18, resides at 17 West 90th Street, N.Y. Rosenfeld and De La Fe each face maximum sentences of five years, imprisonment and maximum fines of the greater of $250,000, or twice the gross gain or loss incurred. Both defendants have been released pending sentence on $20,000 appearance bonds. Rosenfeld's sentencing is scheduled for September 9, before Shirley Wohl Kram. De La Fe's sentencing is scheduled for August 31, before Conboy. ----- Contacts: Federico E. Virella Jr., 212-791-1955, U.S. Attorney's Office, S. N.Y. Stephen Fishbein, 212-791-1978, U.S. Attorney's Office, S. N.Y. Betty Conkling, 212-466-4400, U.S. Secret Service Joseph Valiquette Jr., 212-335-2715, Federal Bureau of Investigation Editor's Note: The full 23 page indictment can be found in Computer Underground Digest (CUD), issue 4.31 (available at ftp.eff.org /pub/cud/cud). _______________________________________________________________________________ EFF Issues Statement On New York Computer Crime Indictments July 9, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cambridge, MA -- The Electronic Frontier Foundation (EFF) issued a statement concerning the indictment of MOD for alleged computer-related crimes. This statement said, in part, that EFF's "staff counsel in Cambridge, Mike Godwin is carefully reviewing the indictment." EFF co-founder and president Mitchell Kapor said "EFF's position on unauthorized access to computer systems is, and has always been, that it is wrong. Nevertheless, we have on previous occasions discovered that allegations contained in Federal indictments can also be wrong, and that civil liberties can be easily infringed in the information age. Because of this, we will be examining this case closely to establish the facts." When asked how long the complete trial process might take, assistant U.S. attorney Fishbein said "I really couldn't make an accurate estimate. The length of time period before trial is generally more a function of the defense's actions than the prosecution's. It could take anywhere from six months to a year. _______________________________________________________________________________ Feds Tap Into Major Hacker Ring July 13, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Mary E. Thyfault (InformationWeek)(Page 15) Law enforcement officials are taking the gloves off-and plugging their modems in-in the battle against computer crime. In one of the largest such cases ever, a federal grand jury in Manhattan indicted five computer "hackers" -- part of a group that calls itself MOD, for Masters of Deception -- on charges of computer tampering, computer fraud, wire fraud, illegal wiretapping, and conspiracy. Some of the hackers are accused of stealing phone service and selling information on how to obtain credit reports. The victims (a dozen were named in the indictments, but numerous others are likely to have been hit as well) include three Baby Bells, numerous credit bureaus, and BankAmerica Corp. For the first time, investigators used court-authorized wiretaps to monitor data transmissions over phone lines. The wiretapping comes as the FBI is unsuccessfully lobbying Congress to mandate that telecom equipment and service companies build into new technology easier ways for securities agencies to tap into computer systems. Ironically, the success of this wiretap, some say, may undermine the FBI's argument. "They did this without the equipment they claim they need," says Craig Neidorf, founder of hacker newsletter Phrack. If convicted, the alleged hackers-all of whom are under 22 years old-could face 55 years each and a fine of $250,000, or twice the gross gain or loss incurred. One charged with possessing an access device could face an additional five years. The vulnerability of the victims' networks should be surprising, but experts say corporations continue to pay scant attention to security issues. For instance, despite the fact that the credit bureaus are frequent targets of hackers and claim to have made their networks more secure, in this case, most of the victims didn't even know they were being hit, according to the FBI. Two of the victims, value-added network service provider BT Tymnet and telco Southwestern Bell, both take credit for helping nab the hacker ring. "We played an instrumental role in first recognizing that they were there," says John Guinasso, director of global network security for Tymnet parent BT North America. "If you mess with our network and we catch you -- which we always do -- you will go down." _______________________________________________________________________________ Second Thoughts On New York Computer Crime Indictments July 13, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By John F. McMullen (Newsbytes) NEW YORK -- On Wednesday, July 9th, I sat at a press briefing in New York City's Federal Court Building during which law enforcement officials presented details relating to the indictment of 5 young computer "hackers". In describing the alleged transgressions of the indicted, United States Assistant Attorney Stephen Fishbein wove a tale of a conspiracy in which members of an evil sounding group called the "Masters of Destruction" (MOD) attempted to wreck havoc with the telecommunications system of the country. The accused were charged with infiltrating computer systems belonging to telephone companies, credit bureaus, colleges and defense contractors -- Southwestern Bell, BT North America, New York Telephone, ITT, Information America, TRW, Trans Union, Pacific Bell, the University of Washington, New York University, U.S. West, Learning Link, Tymnet and Martin Marietta Electronics Information and Missile Group. They were charged with causing injury to the telephone systems, charging long distance calls to the universities, copying private credit information and selling it to third parties -- a long list of heinous activities. The immediate reaction to the indictments were predictably knee-jerk. Those who support any so-called "hacker"-activities mocked the government and the charges that were presented, forgetting, it seems to me, that these charges are serious -- one of the accused could face up to 40 years in prison and $2 million in fines; another -- 35 years in prison and $1.5 million in fines. In view of that possibility, it further seems to me that it is a wasteful diversion of effort to get all excited that the government insists on misusing the word "hacker" (The indictment defines computer hacker as "someone who uses a computer or a telephone to obtain unauthorized access to other computers.") or that the government used wiretapping evidence to obtain the indictment (I think that, for at least the time being that the wiretapping was carried out under a valid court order; if it were not, the defendants' attorneys will have a course of action). On the other hand, those who traditionally take the government and corporate line were publicly grateful that this threat to our communications life had been removed -- they do not in my judgement properly consider that some of these charges may have been ill-conceived and a result of political considerations. Both groups, I think, oversimplify and do not give proper consideration to the wide spectrum of issues raised by the indictment document. The issues range from a simple black-and-white case of fraudulently obtaining free telephone time to the much broader question of the appropriate interaction of technology and law enforcement. The most clear cut cases are the charges such as the ones which allege that two of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee a/k/a "Corrupt" fraudulently used the computers of New York University to avoid paying long distance charges for calls to computer systems in El Paso, Texas and Seattle, Washington. The individuals named either did or did not commit the acts alleged and, if it is proven that they did, they should receive the appropriate penalty (it may be argued that the 5 year, $250,000 fine maximum for each of the counts in this area is excessive, but that is a sentencing issue not an indictment issue). Other charges of this black-and-white are those that allege that Fernandez and/or Lee intercepted electronic communications over networks belonging to Tymnet and the Bank of America. Similarly, the charge that Fernandez, on December 4, 1991 possessed hundreds of user id's and passwords of Southwestern Bell, BT North America and TRW fits in the category of "either he did it or he didn't." A more troubling count is the charge that the indicted 5 were all part of a conspiracy to "gain access to and control of computer systems in order to enhance their image and prestige among other computer hackers; to harass and intimidate rival hackers and people they did not like; to obtain telephone, credit, information, and other services without paying for them; and to obtain passwords, account numbers and other things of value which they could sell to others." To support this allegation, the indictment lists 26, lettered A through Z, "Overt Acts" to support the conspiracy. While this section of the indictment lists numerous telephone calls between some of the individuals, it mentions the name Paul Stira a/k/a "Scorpion" only twice with both allegations dated "on or about" January 24, 1990, a full 16 months before the next chronological incident. Additionally, Stira is never mentioned as joining in any of the wiretapped conversation -- in fact, he is never mentioned again! I find it hard to believe that he could be considered, from these charges, to have engaged in a criminal conspiracy with any of the other defendants. Additionally, some of the allegations made under the conspiracy count seem disproportionate to some of the others. Mark Abene a/k/a "Phiber Optik" is of possessing proprietary technical manuals belonging to BT North America while it is charged that Lee and Fernandez, in exchange for several hundred dollars, provided both information on how to illegally access credit reporting bureaus and an actual TRW account and password to a person, Morton Rosenfeld, who later illegally accessed TRW, obtained credit reports on 176 individuals and sold the reports to private detective (Rosenfeld, indicted separately, pled guilty to obtaining and selling the credit reports and named "Julio" and "John" as those who provided him with the information). I did not see anywhere in the charges any indication that Abene, Stira or Elias Ladopoulos conspired with or likewise encouraged Lee or Fernandez to sell information involving the credit bureaus to a third party Another troubling point is the allegation that Fernandez, Lee, Abene and "others whom they aided and abetted" performed various computer activities "that caused losses to Southwestern Bell of approximately $370,000." The $370,000 figure, according to Assistant United States Attorney Stephen Fishbein, was developed by Southwestern Bell and is based on "expenses to locate and replace computer programs and other information that had been modified or otherwise corrupted, expenses to determine the source of the unauthorized intrusions, and expenses for new computers and security devices that were necessary to prevent continued unauthorized access by the defendants and others whom they aided and abetted." While there is precedent in assigning damages for such things as "expenses for new computers and security devices that were necessary to prevent continued unauthorized access by the defendants and others whom they aided and abetted." (the Riggs, Darden & Grant case in Atlanta found that the defendants were liable for such expenses), many feel that such action is totally wrong. If a person is found uninvited in someone's house, they are appropriately charged with unlawful entry, trespassing, burglary -- whatever the statute is for the transgression; he or she is, however, not charged with the cost of the installation of an alarm system or enhanced locks to insure that no other person unlawfully enters the house. When I discussed this point with a New York MIS manager, prone to take a strong anti-intruder position, he said that an outbreak of new crimes often results in the use of new technological devices such as the nationwide installation of metal detectors in airports in the 1970's. While he meant this as a justification for liability, the analogy seems rather to support the contrary position. Air line hijackers were prosecuted for all sorts of major crimes; they were, however, never made to pay for the installation of the metal detectors or absorb the salary of the additional air marshalls hired to combat hijacking. I think the airline analogy also brings out the point that one may both support justifiable penalties for proven crimes and oppose unreasonable ones -- too often, when discussing these issues, observers choose one valid position to the unnecessary exclusion of another valid one. There is nothing contradictory, in my view, to holding both that credit agencies must be required to provide the highest possible level of security for data they have collected AND that persons invading the credit data bases, no matter how secure they are, be held liable for their intrusions. We are long past accepting the rationale that the intruders "are showing how insecure these repositories of our information are." We all know that the lack of security is scandalous; this fact, however, does not excuse criminal behavior (and it should seem evident that the selling of electronic burglar tools so that someone may copy and sell credit reports is not a public service). The final point that requires serious scrutiny is the use of the indictment as a tool in the on-going political debate over the FBI Digital Telephony proposal. Announcing the indictments, Otto G. Obermaier, United States Attorney for the Southern District of New York, said that this investigation was "the first investigative use of court-authorized wiretaps to obtain conversations and data transmissions of computer hackers." He said that this procedure was essential to the investigation and that "It demonstrates, I think, the federal government's ability to deal with criminal conduct as it moves into new technological areas." He added that the interception of data was possible only because the material was in analog form and added "Most of the new technology is in digital form and there is a pending statute in Congress which seeks the support of telecommunications companies to allow the federal government, under court authorization, to intercept digital transmission. Many of you may have read the newspaper about the laser transmission which go through fiber optics as a method of the coming telecommunications method. The federal government needs the help of Congress and, indeed, the telecommunications companies to able to intercept digital communications." The FBI proposal has been strongly attacked by the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and Computer Professionals for Social Responsibility (CPSR) as an attempt to institutionalize, for the first time, criminal investigations as a responsibility of the communications companies; a responsibility that they feel belongs solely to law-enforcement. Critics further claim that the proposal will impede the development of technology and cause developers to have to "dumb-down" their technologies to include the requested interception facilities. The FBI, on the other hand, maintains that the request is simply an attempt to maintain its present capabilities in the face of advancing technology. Whatever the merits of the FBI position, it seems that the indictments either would not have been made at this time or, at a minimum, would not have been done with such fanfare if it were not for the desire to attempt to drum up support for the pending legislation. The press conference was the biggest thing of this type since the May 1990 "Operation Sun Devil" press conference in Phoenix, Arizona and, while that conference, wowed us with charges of "hackers" endangering lives by disrupting hospital procedures and being engaged in a nationwide, 13 state conspiracy, this one told us about a bunch of New York kids supposedly engaged in petty theft, using university computers without authorization and performing a number of other acts referred to by Obermaier as "anti-social behavior" -- not quite as heady stuff! It is not to belittle these charges -- they are quite serious -- to question the fanfare. The conference was attended by a variety of high level Justice Department, FBI and Secret Service personnel and veteran New York City crime reporters tell me that the amount of alleged damages in this case would normally not call for such a production -- New York Daily News reporter Alex Michelini publicly told Obermaier "What you've outlined, basically, except for the sales of credit information, this sounds like a big prank, most of it" (Obermaier's response -- "Well, I suppose you can characterize that as a prank, but it's really a federal crime allowing people without authorization to rummage through the data of other people to which they do not have access and, as I point out to you again, the burglar cannot be your safety expert. He may be inside and laugh at you when you come home and say that your lock is not particularly good but I think you, if you were affected by that contact, would be somewhat miffed"). One hopes that it is only the fanfare surrounding the indictments that is tied in with the FBI initiative and not the indictments themselves. As an aside, two law enforcement people that I have spoken to have said that while the statement that the case is "the first investigative use of court- authorized wiretaps to obtain conversations and data transmissions of computer hackers," while probably true, seems to give the impression that the case is the first one in which data transmission was intercepted. According to these sources, that is far from the case -- there have been many instances of inception of data and fax information by law enforcement officials in recent years. I know each of the accused in varying degrees. The one that I know the best, Phiber Optik, has participated in panels with myself and law enforcement officials discussing issues relating to so-called "hacker" crime. He has also appeared on various radio and television shows discussing the same issues. His high profile activities have made him an annoyance to some in law enforcement. One hopes that this annoyance played no part in the indictment. I have found Phiber's presence extremely valuable in these discussions both for the content and for the fact that his very presence attracts an audience that might never otherwise get to hear the voices of Donald Delaney, Mike Godwin, Dorothy Denning and others addressing these issues from quite different vantage points. While he has, in these appearances, said that he has "taken chances to learn things", he has always denied that he has engaged in vandalous behavior and criticized those who do. He has also called those who engage in "carding" and the like as criminals (These statements have been made not only in the panel discussion, but also on the occasions that he has guest lectured to my class in "Connectivity" at the New School For Social Research in New York City. In those classes, he has discussed the history of telephone communications in a way that has held a class of professionals enthralled by over two hours. While my impressions of Phiber or any of the others are certainly not a guarantee of innocence on these charges, they should be taken as my personal statement that we are not dealing with a ring of hardened criminals that one would fear on a dark night. In summary, knee-jerk reactions should be out and thoughtful analysis in! We should be insisting on appropriate punishment for lawbreakers -- this means neither winking at "exploration" nor allowing inordinate punishment. We should be insisting that companies that have collected data about us properly protect -- and are liable for penalties when they do not. We should not be deflected from this analysis by support or opposition to the FBI proposal before Congress -- that requires separate analysis and has nothing to do with the guilt or innocence of these young men or the appropriate punishment should any guilt be established. _______________________________________________________________________________ New York Hackers Plead Not Guilty July 17, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New York City -- At an arraignment in New York Federal Court on Thursday, July 16th, the five New York "hackers," recently indicted on charges relating to alleged computer intrusion, all entered pleas of not guilty and were released after each signed a personal recognizance (PRB) bond of $15,000 to guarantee continued appearances in court. As part of the arraignment process, United States District Judge Richard Owen was assigned as the case's presiding judge and a pre-trial meeting between the judge and the parties involved. Charles Ross, attorney for John Lee, told Newsbytes "John Lee entered a not guilty plea and we intend to energetically and aggressively defend against the charges made against him." Ross also explained the procedures that will be in effect in the case, saying "We will meet with the judge and he will set a schedule for discovery and the filing of motions. The defense will have to review the evidence that the government has amassed before it can file intelligent motions and the first meeting is simply a scheduling one." Majorie Peerce, attorney for Stira, told Newsbytes "Mr. Stira has pleaded not guilty and will continue to plead not guilty. I am sorry to see the government indict a 22 year old college student for acts that he allegedly committed as a 19 year old." The terms of the PRB signed by the accused require them to remain within the continental United States. In requesting the bond arrangement, Assistant United States Attorney Stephen Fishbein referred to the allegations as serious and requested the $15,000 bond with the stipulation that the accused have their bonds co-signed by parents. Abene, Fernandez and Lee, through their attorneys, agreed to the bond as stipulated while the attorneys for Ladopoulos and Stira requested no bail or bond for their clients, citing the fact that their clients have been available, when requested by authorities, for over a year. After consideration by the judge, the same $15,000 bond was set for Ladopoulos and Stira but no co-signature was required. _______________________________________________________________________________ Young Working-Class Hackers Accused of High-Tech Crime July 23, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Mary B.W. Tabor with Anthony Ramirez (The New York Times)(Page B1, B7) Computer Savvy, With an Attitude Late into the night, in working-class neighborhoods around New York City, young men with code names like Acid Phreak and Outlaw sat hunched before their glowing computer screens, exchanging electronic keys to complex data-processing systems. They called themselves the Masters of Deception. Their mission: to prove their prowess in the shadowy computer underworld. Compulsive and competitive, they played out a cybernetic version of "West Side Story," trading boasts, tapping into telephone systems, even pulling up confidential credit reports to prove their derring-do and taunt other hackers. Their frequent target was the Legion of Doom, a hacker group named after a gang of comic-book villains. The rivalry seemed to take on class and ethnic overtones, too, as the diverse New York group defied the traditional image of the young suburban computer whiz. But Federal prosecutors say the members of MOD, as the group called itself, went far beyond harmless pranks. Facing Federal Charges On July 16, five young men identified by prosecutors as MOD members pleaded not guilty to Federal charges including breaking into some of the nation's most powerful computers and stealing confidential data like credit reports, some of which were later sold to private investigators. Prosecutors call it one of the most extensive thefts of computer information ever reported. The indictment says the men entered the computer systems of Southwestern Bell, TRW Information Services and others "to enhance their image and prestige among other computer hackers; to harass and intimidate rival hackers and other people they did not like; to obtain telephone, credit, information and other services without paying for them; and to obtain passwords, account numbers and other things of value which they could sell to others." With modems that link their terminals to other computers over ordinary telephone lines, young hackers have been making mischief for years. But as the nation relies more and more on vast networks of powerful computers and as personal computers become faster and cheaper, the potential for trouble has soared. For example, Robert Tappan Morris, a Cornell student, unleashed a program in 1988 that jammed several thousand computers across the country. A Polyglot Group But the world of computer hackers has been changing. Unlike the typical hackers of old -- well-to-do suburban youths whose parents could afford costly equipment -- the Masters of Deception are a polyglot representation of blue- collar New York: black, Hispanic, Greek, Lithuanian and Italian. They work their mischief often using the least expensive computers. One of the young men, 21-year-old John Lee, who goes by the name Corrupt, has dreadlocks chopped back into stubby "twists," and lives with his mother in a dilapidated walk-up in Bedford-Stuyvesant, Brooklyn. He bounced around programs for gifted students before dropping out of school in the 11th grade. Scorpion -- 22-year-old Paul Stira of Queens -- was his class valedictorian at Thomas A. Edison High School in Queens. Outlaw -- Julio Fernandez, 18, of the Bronx -- first studied computers in grade school. They met not on street corners, but via computer bulletin boards used to swap messages and programs. With nothing to identify them on the boards except their nicknames and uncanny abilities, the young men found the computer the great democratic leveler. Questions of Profit There may be another difference in the new wave of hackers. While the traditional hacker ethic forbids cruising computer systems for profit, some new hackers are less idealistic. "People who say that," said one former hacker, a friend of the MOD who insisted on anonymity, "must have rich parents. When you get something of value, you've got to make money." Mr. Lee, Mr. Fernandez, Mr. Stira and two others described as MOD members -- 20-year-old Mark Abene (Phiber Optik), and 22-year-old Elias Ladopoulos (Acid Phreak), both of Queens -- were charged with crimes including computer tampering, computer and wire fraud, illegal wiretapping and conspiracy. They face huge fines and up to five years in prison on each of 11 counts. The youths, on advice of their lawyers, declined to be interviewed. Prosecutors say they do not know just how and when youthful pranks turned to serious crime. Other hackers said the trouble began, perhaps innocently enough, as a computer war with ethnic and class overtones. The Masters of Deception were born in a conflict with the Legion of Doom, which had been formed by 1984 and ultimately included among its ranks three Texans, one of whom, Kenyon Shulman, is the son of a Houston socialite, Carolyn Farb. Banished From the Legion Mr. Abene had been voted into the Legion at one point. But when he began to annoy others in the group with his New York braggadocio and refusal to share information, he was banished, Legion members said. Meanwhile, a hacker using a computer party line based in Texas had insulted Mr. Lee, who is black, with a racial epithet. By 1989, both New Yorkers had turned to a new group, MOD, founded by Mr. Ladopoulos. They vowed to replace their Legion rivals as the "new elite." "It's like every other 18- or 19-year-old who walks around knowing he can do something better than anyone else can," said Michael Godwin, who knows several of the accused and is a lawyer for the Electronic Frontier Foundation of Cambridge, Massachusetts, which provides legal aid for hackers. "They are offensively arrogant." Hacker groups tend to rise and fall within six months or so as members leave for college, meet girls or, as one former hacker put it, "get a life." But the MOD continued to gather new members from monthly meetings in the atrium of the Citicorp Building in Manhattan and a computer bulletin board called Kaos. According to a history the group kept on the computer network, they enjoyed "mischievous pranks," often aimed at their Texas rivals, and the two groups began sparring. Texas-New York Sparring But in June 1990, the three Texas-based Legion members, including Mr. Shulman, Chris Goggans and Scott Chasin, formed Comsec Data Security, a business intended to help companies prevent break-ins by other hackers. Worried that the Texans were acting as police informers, the MOD members accused their rivals of defaming them on the network bulletin boards. Several members, including Mr. Abene, had become targets of raids by the Secret Service, and MOD members believed the Texans were responsible, a contention the Texans respond to with "no comment." But the sparring took on racial overtones as well. When Mr. Lee wrote a history of the MOD and left it in the network, Mr. Goggans rewrote it in a jive parody. The text that read, "In the early part of 1987, there were numerous amounts of busts in the U.S. and in New York in particular" became "In de early time part uh 1987, dere wuz numerous amounts uh busts in de U.S. and in New Yo'k in particular." Mr. Goggans said that it was not meant as a racist attack on Mr. Lee. "It was just a good way to get under his skin," he said. Exposing Identities MOD's activities, according to the indictment and other hackers, began to proliferate. Unlike most of the "old generation" of hackers who liked to joyride through the systems, the New Yorkers began using the file information to harass and intimidate others, according to prosecutors. Everything from home addresses to credit card numbers to places of employment to hackers' real names -- perhaps the biggest taboo of all -- hit the network. In the indictment, Mr. Lee and Mr. Fernandez are accused of having a conversation last fall in which they talked about getting information on how to alter TRW credit reports to "destroy people's lives or make them look like saints." The prosecutors say the youths also went after information they could sell, though the indictment is not specific about what, if anything, was sold. The only such information comes from another case earlier this month in which two other New York City hackers, Morton Rosenfeld, 21, of Brooklyn, and Alfredo de la Fe, 18, of Manhattan, pleaded guilty to a conspiracy to use passwords and other access devices obtained from MOD. They said they had paid "several hundred dollars" to the computer group for passwords to obtain credit reports and then resold the information for "several thousand dollars" to private investigators. News Media Attention Competition for attention from the news media also heated up. The former Legion members in Comsec had become media darlings, with articles about them appearing in Time and Newsweek. Mr. Abene and Mr. Ladopoulos also appeared on television or in magazines, proclaiming their right to probe computer systems, as long as they did no damage. In one highly publicized incident, during a 1989 forum on computers and privacy sponsored by Harper's magazine, John Perry Barlow, a freelance journalist and lyricist for the Grateful Dead, went head to head with Mr. Abene, or Phiber Optik. Mr. Barlow called the young hacker a "punk." According to an article by Mr. Barlow -- an account that Mr. Abene will not confirm or deny -- Mr. Abene then retaliated by "downloading" Mr. Barlow's credit history, displaying it on the computer screens of Mr. Barlow and other network users. Skirmishes Subside "I've been in redneck bars wearing shoulder-length curls, police custody while on acid, and Harlem after midnight, but no one has ever put the spook in me quite as Phiber Optik did at that moment," Mr. Barlow wrote. "To a middle- class American, one's credit rating has become nearly identical to his freedom." In recent months, hackers say, the war has calmed down. Comsec went out of business, and several Masters of Deception were left without computers after the Secret Service raids. Mr. Abene pleaded guilty last year to misdemeanor charges resulting from the raids. On the night before his arrest this month, he gave a guest lecture on computers at the New School for Social Research. Mr. Lee says he works part time as a stand-up comic and is enrolled at Brooklyn College studying film production. Mr. Stira is three credits shy of a degree in computer science at Polytechnic University in Brooklyn. Mr. Fernandez hopes to enroll this fall in the Technical Computer Institute in Manhattan. Mr. Ladopoulos is studying at Queens Community College. No trial date has been set. But the battles are apparently not over yet. A couple of days after the charges were handed up, one Legion member said, he received a message on his computer from Mr. Abene. It was sarcastic as usual, he said, and it closed, "Kissy, kissy." [Editor's Note: Article included photographs of Phiber Optik, Scorpion, Corrupt, and Outlaw.] _______________________________________________________________________________ Frustrated Hackers May Have Helped Feds In MOD Sting July 20, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By James Daly (ComputerWorld)(Page 6) NEW YORK -- Are hackers beginning to police themselves? The five men recently charged with cracking into scores of complex computer systems during the last two years may have been fingered by other hackers who had grown weary of the group's penchant for destruction and vindictiveness, members of the hacker community said. The arrest of the defendants, whom federal law enforcement officials claimed were members of a confederation variously called the "Masters of Deception" and the "Masters of Disaster" (MOD), was cause for celebration in some quarters where the group is known as a spiteful fringe element. "Some of these guys were a big pain," said one source who requested anonymity for fear that unindicted MOD members would plot revenge. "They used their skills to harass others, which is not what hacking is all about. MOD came with a 'you will respect us' attitude, and no one liked it." Said another: "In the past few months, there has been a lot of muttering on the [bulletin] boards about these guys." In one episode, MOD members reportedly arranged for the modem of a computer at the University of Louisville in Kentucky to continually dial the home number of a hacker bulletin board member who refused to grant them greater access privileges. A similar threat was heard in Maryland. In the indictment, the defendants are accused of carrying on a conversation in early November 1991 in which they sought instructions on how to add and remove credit delinquency reports "to destroy people's lives . . . or make them look like a saint." Unlike many other hacker organizations, the members of MOD agreed to share important computer information only among themselves and not with other hackers. Officials Mum Who exactly helped the FBI, Secret Service and U.S. Attorney General's Office prepare a case against the group is still anyone's guess. Assistant U.S. Attorney Stephen Fishbein is not saying. He confirmed that the investigation into the MOD began in 1990, but he would not elaborate on how or why it was launched or who participated. FBI and Secret Service officials were equally mute. Some observers said that if the charges are true, the men were not true "hackers" at all. "Hacking is something done in the spirit of creative playfulness, and people who break into computer security systems aren't hackers -- they're criminals," said Richard Stallman, president of the Cambridge, Massachusetts-based Free Software Foundation, a public charity that develops free software. The foundation had several files on one computer deleted by a hacker who some claimed belonged to the MOD. The MOD hackers are charged with breaking into computer systems at several regional telephone companies, Fortune 500 firms including Martin Marietta Corp., universities and credit-reporting concerns such as TRW, Inc., which reportedly had 176 consumer credit reports stolen and sold to private investigators. The 11-count indictment accuses the defendants of computer fraud, computer tampering, wire fraud, illegal wiretapping and conspiracy. But some hackers said the charges are like trying to killing ants with a sledgehammer. "These guys may have acted idiotically, but this was a stupid way to get back at them," said Emmanuel Goldstein, editor of 2600, a quarterly magazine for the hacker community based in Middle Island, New York. Longtime hackers said the MOD wanted to move into the vacuum left when the Legion of Doom began to disintegrate in late 1989 and early 1990 after a series of arrests in Atlanta and Texas. Federal law enforcement officials have described the Legion of Doom as a group of about 15 computer enthusiasts whose members re-routed calls, stole and altered data and disrupted telephone services. _______________________________________________________________________________ Downloaded From P-80 International Information Systems 304-744-2253 12yrs+