home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Night Owl 6
/
Night Owl's Shareware - PDSI-006 - Night Owl Corp (1990).iso
/
033a
/
gvtvsbbs.zip
/
STEVE.JAK
< prev
next >
Wrap
Text File
|
1990-11-24
|
43KB
|
790 lines
Date: Tue, 22 May 90 14:49:22 EDT
From: ruderman@sbcs.sunysb.edu (David Ruderman)
Subject: Follow-up on Fed Raids on Hackers (Including factual information)
THE FOLLOWING TWO ARTICLES ARE FROM THE JUST-RELEASED SPRING EDITION OF
2600 MAGAZINE, THE HACKER QUARTERLY. WE FEEL THAT THE CURRENT HAPPENINGS IN
THE COMPUTER WORLD ARE EXTREMELY SIGNIFICANT FOR ANYONE WHO HAS ANY
INTEREST IN COMMUNICATIONS AND/OR TECHNOLOGY. WE'D BE MOST INTERESTED IN
ANY FEEDBACK ON THIS TOPIC. [See the end of this message.]
************************
ARTICLE ONE: AN OVERVIEW
************************
A year ago, we told the stories of Kevin Mitnick and Herbert Zinn, two
hackers who had been sent to prison. It was then, and still is today, a
very disturbing chain of events: mischief makers and explorers imprisoned
for playing with the wrong toys and for asking too many questions. We said
at the time that it was important for all hackers to stand up to such gross
injustices. After all, they couldn't lock us all up.
It now appears that such an endeavor may indeed be on the agendas of some
very powerful U.S. governmental agencies. And even more frightening is the
realization that these agencies don't particularly care who or what gets
swept up along with the hackers, as long as all of the hackers get swept
up. Apparently, we're considered even more of a threat than we had
previously supposed.
In retrospect, this doesn't come as a great deal of a surprise. In fact, it
now seems to make all too much sense. You no longer have to be paranoid or
of a particular political mindset to point to the many parallels that we've
all been witnesses to. Censorship, clampdowns, "voluntary" urine tests, lie
detectors, handwriting analysis, surveillance cameras, exaggerated crises
that invariably lead to curtailed freedoms.... All of this together with
the overall view that if you're innocent, you've got nothing to hide. And
all made so much more effective through the magic of high tech. Who would
you target as the biggest potential roadblock if not the people who
understand the technology at work? It appears the biggest threats to the
system are those capable of manipulating it.
What we're about to tell you is frightening, plain and simple. You don't
have to be a hacker to understand this. The words and ideas are easily
translatable to any time and any culture.
Crackdown
"We can now expect a crackdown...I just hope that I can pull through this
one and that my friends can also. This is the time to watch yourself. No
matter what you are into.... Apparently the government has seen the last
straw in their point of view.... I think they are going after all the
'teachers'...and so that is where their energies will be put: to stop all
hackers, and stop people before they can become threats."
This was one of the reactions on a computer bulletin board to a series of
raids on hackers, raids that had started in 1989 and spread rapidly into
early 1990. Atlanta, St. Louis, and New York were major targets in what was
then an undetermined investigation.
This in itself wouldn't have been especially alarming, since raids on
hackers can almost be defined as commonplace. But this one was different.
For the very first time, a hacker newsletter had also been shut down.
Phrack was an electronic newsletter published out of St. Louis and
distributed worldwide. It dealt with hacker and phone phreak matters and
could be found on nearly all hacker bulletin boards. While dealing with
sensitive material, the editors were very careful not to publish anything
illegal (credit card numbers, passwords, Sprint codes, etc.). We described
"Phrack World News" (a regular column of Phrack) in our Summer 1989 edition
as "a must-read for many hackers". In many ways Phrack resembled 2600, with
the exception of being sent via electronic mail instead of U.S. Mail. That
distinction would prove to be Phrack's undoing.
It now turns out that all incoming and outgoing electronic mail used by
Phrack was being monitored by the authorities. Every piece of mail going in
and every piece of mail coming out. These were not pirated mailboxes that
were being used by a couple of hackers. These had been obtained legally
through the school the two Phrack editors were attending. Privacy on such
mailboxes, though not guaranteed, could always be assumed. Never again.
It's fairly obvious that none of this would have happened, none of this
could have happened had Phrack been a non-electronic magazine. A printed
magazine would not be intimidated into giving up its mailing list as Phrack
was. Had a printed magazine been shut down in this fashion after having all
of their mail opened and read, even the most thick-headed sensationalist
media types would have caught on: hey, isn't that a violation of the First
Amendment?
Those media people who understood what was happening and saw the
implications were very quickly drowned out in the hysteria that followed.
Indictments were being handed out. Publisher/editor Craig Neidorf, known in
the hacker world as Knight Lightning, was hit with a seven count indictment
accusing him of participating in a scheme to steal information about the
enhanced 911 system run by Bell South. Quickly, headlines screamed that
hackers had broken into the 911 system and were interfering with emergency
telephone calls to the police. One newspaper report said there were no
indications that anyone had died or been injured as a result of the
intrusions. What a relief. Too bad it wasn't true.
In actuality there have been very grievous injuries suffered as a result of
these intrusions. The intrusions we're referring to are those of the
government and the media. The injuries have been suffered by the defendants
who will have great difficulty resuming normal lives even if all of this is
forgotten tomorrow.
And if it's not forgotten, Craig Neidorf could go to jail for more than 30
years and be fined $122,000. And for what? Let's look at the indictment:
"It was... part of the scheme that defendant Neidorf, utilizing a computer
at the University of Missouri in Columbia, Missouri would and did receive a
copy of the stolen E911 text file from defendant [Robert J.] Riggs [located
in Atlanta and known in the hacker world as Prophet] through the Lockport
[Illinois] computer bulletin board system through the use of an interstate
computer data network.
"It was further part of the scheme that defendant Neidorf would and did
edit and retype the E911 Practice text file at the request of the defendant
Riggs in order to conceal the source of the E911 Practice text file and to
prepare it for publication in a computer hacker newsletter.
"It was further part of the scheme that defendant Neidorf would and did
transfer the stolen E911 Practice text file through the use of an
interstate computer bulletin board system used by defendant Riggs in
Lockport, Illinois.
"It was further part of the scheme that the defendants Riggs and Neidorf
would publish information to other computer hackers which could be used to
gain unauthorized access to emergency 911 computer systems in the United
States and thereby disrupt or halt 911 service in portions of the United
States."
Basically, Neidorf is being charged with receiving a stolen document. There
is nothing anywhere in the indictment that even suggests he entered any
computer illegally. So his crimes are receiving, editing, and transmitting.
Now what is contained in this document? Information about how to gain
unauthorized access to, disrupt, or halt 911 service? Hardly. The document
(erroneously referred to as "911 software" by the media which caused all
kinds of misunderstandings) is quoted in Phrack Volume 2, Number 24 and
makes for one of the dullest articles ever to appear in the newsletter.
According to the indictment, the value of this 20k document is $79,449.
[See story that follows this one]
Shortly after the indictments were handed down, a member of the Legion of
Doom known as Erik Bloodaxe issued a public statement. "[A group of three
hackers] ended up pulling files off [a Southern Bell system] for them to
look at. This is usually standard procedure: you get on a system, look
around for interesting text, buffer it, and maybe print it out for
posterity. No member of LOD has ever (to my knowledge) broken into another
system and used any information gained from it for personal gain of any
kind...with the exception of maybe a big boost in his reputation around the
underground. [A hacker] took the documentation to the system and wrote a
file about it. There are actually two files, one is an overview, the other
is a glossary. The information is hardly something anyone could possibly
gain anything from except knowledge about how a certain aspect of the
telephone company works."
He went on to say that Neidorf would have had no way of knowing whether or
not the file contained proprietary information.
Prosecutors refused to say how hackers could benefit from the information,
nor would they cite a motive or reveal any actual damage. In addition, it's
widely speculated that much of this information is readily available as
reference material.
In all of the indictments, the Legion of Doom is defined as "a closely knit
group of computer hackers involved in: a) disrupting telecommunications by
entering computerized telephone switches and changing the routing on the
circuits of the computerized switches; b) stealing proprietary computer
source code and information from companies and individuals that owned the
code and information; c) stealing and modifying credit information on
individuals maintained in credit bureau computers; d) fraudulently
obtaining money and property from companies by altering the computerized
information used by the companies; e) disseminating information with
respect to their methods of attacking computers to other computer hackers
in an effort to avoid the focus of law enforcement agencies and
telecommunication security experts."
Ironically, since the Legion of Doom isn't a closely knit group, it's
unlikely that anyone will be able to defend the group's name against these
charges -- any defendants will naturally be preoccupied with their own
defenses. (Incidentally, Neidorf was not a part of the Legion of Doom, nor
was Phrack a publication of LOD, as has been reported.)
The Hunt Intensifies
After learning of the Phrack electronic mail surveillance, one of the
system operators of The Phoenix Project, a computer bulletin board in
Austin, Texas, decided to take action to protect the privacy of his users.
"I will be adding a secure encryption routine into the e-mail in the next 2
weeks - I haven't decided exactly how to implement it, but it'll let two
people exchange mail encrypted by a password only known to the two of
them.... Anyway, I do not think I am due to be busted...I don't do anything
but run a board. Still, there is that possibility. I assume that my lines
are all tapped until proven otherwise. There is some question to the wisdom
of leaving the board up at all, but I have personally phoned several
government investigators and invited them to join us here on the board. If
I begin to feel that the board is putting me in any kind of danger, I'll
pull it down with no notice - I hope everyone understands. It looks like
it's sweeps-time again for the feds. Let's hope all of us are still around
in 6 months to talk about it."
The new security was never implemented. The Phoenix Project was seized
within days.
And the clampdown intensified still further. On March 1, the offices of
Steve Jackson Games, a publishing company in Austin, were raided by the
Secret Service. According to the Associated Press, the home of the managing
editor was also searched. The police and Secret Service seized books,
manuals, computers, technical equipment, and other documents. Agents also
seized the final draft of a science fiction game written by the company.
According to the Austin American-Statesman, the authorities were trying to
determine whether the game was being used as a handbook for computer crime.
Callers to the Illuminati bulletin board (run by Steve Jackson Games),
received the following message:
"Before the start of work on March 1, Steve Jackson Games was visited by
agents of the United States Secret Service. They searched the building
thoroughly, tore open several boxes in the warehouse, broke a few locks,
and damaged a couple of filing cabinets (which we would gladly have let
them examine, had they let us into the building), answered the phone
discourteously at best, and confiscated some computer equipment, including
the computer that the BBS was running on at the time.
"So far we have not received a clear explanation of what the Secret Service
was looking for, what they expected to find, or much of anything else. We
are fairly certain that Steve Jackson Games is not the target of whatever
investigation is being conducted; in any case, we have done nothing illegal
and have nothing whatsoever to hide. However, the equipment that was seized
is apparently considered to be evidence in whatever they're investigating,
so we aren't likely to get it back any time soon. It could be a month, it
could be never.
"To minimize the possibility that this system will be confiscated as well,
we have set it up to display this bulletin, and that's all. There is no
message base at present. We apologize for the inconvenience, and we wish we
dared do more than this."
Apparently, one of the system operators of The Phoenix Project was also
affiliated with Steve Jackson Games. And that was all the authorities
needed.
Raids continued throughout the country with reports of more than a dozen
bulletin boards being shut down. In Atlanta, the papers reported that three
local LOD hackers faced 40 years in prison and a $2 million fine.
Another statement from a Legion of Doom member (The Mentor, also a system
operator of The Phoenix Project) attempted to explain the situation:
"LOD was formed to bring together the best minds from the computer
underground - not to do any damage or for personal profit, but to share
experiences and discuss computing. The group has always maintained the
highest ethical standards.... On many occasions, we have acted to prevent
abuse of systems.... I have known the people involved in this 911 case for
many years, and there was absolutely no intent to interfere with or molest
the 911 system in any manner. While we have occasionally entered a computer
that we weren't supposed to be in, it is grounds for expulsion from the
group and social ostracism to do any damage to a system or to attempt to
commit fraud for personal profit.
"The biggest crime that has been committed is that of curiosity.... We have
been instrumental in closing many security holes in the past, and had hoped
to continue to do so in the future. The list of computer security people
who count us as allies is long, but must remain anonymous. If any of them
choose to identify themselves, we would appreciate the support."
And The Plot Thickens
Meanwhile, in Lockport, Illinois, a strange tale was unfolding. The public
UNIX system known as Jolnet that had been used to transmit the 911 files
had also been seized. What's particularly odd here is that, according to
the electronic newsletter Telecom Digest, the system operator, Rich
Andrews, had been cooperating with federal authorities for over a year.
Andrews found the files on his system nearly two years ago, forwarded them
to AT&T, and was subsequently contacted by the authorities. He cooperated
fully. Why, then, was his system seized as well? Andrews claimed it was all
part of the investigation, but added, "One way to get [hackers] is by
shutting down the sites they use to distribute stuff."
The Jolnet raid caused outrage in the bulletin board world, particularly
among administrators and users of public UNIX systems.
Cliff Figallo, system administrator for The Well, a public UNIX system in
California, voiced his concern. "The assumption that federal agents can
seize a system owner's equipment as evidence in spite of the owner's lack
of proven involvement in the alleged illegal activities (and regardless of
the possibility that the system is part of the owner's livelihood) is scary
to me and should be to anyone responsible for running a system such as
this."
Here is a sampling of some of the comments seen around the country after
the Jolnet seizure:
"As administrator for Zygot, should I start reading my users' mail to make
sure they aren't saying anything naughty? Should I snoop through all the
files to make sure everyone is being good? This whole affair is rather
chilling."
"From what I have noted with respect to Jolnet, there was a serious crime
committed there -- by the [federal authorities]. If they busted a system
with email on it, the Electronic Communication Privacy Act comes into play.
Everyone who had email dated less than 180 days old on the system is
entitled to sue each of the people involved in the seizure for at least
$1,000 plus legal fees and court costs. Unless, of course, the
[authorities] did it by the book, and got warrants to interfere with the
email of all who had accounts on the systems. If they did, there are strict
limits on how long they have to inform the users."
"Intimidation, threats, disruption of work and school, 'hit lists', and
serious legal charges are all part of the tactics being used in this
'witch-hunt'. That ought to indicate that perhaps the use of pseudonyms
wasn't such a bad idea after all."
"There are civil rights and civil liberties issues here that have yet to be
addressed. And they probably won't even be raised so long as everyone acts
on the assumption that all hackers are criminals and vandals and need to be
squashed, at whatever cost...."
"I am disturbed, on principle, at the conduct of at least some of the
federal investigations now going on. I know several people who've taken
their systems out of public access just because they can't risk the seizure
of their equipment (as evidence or for any other reason). If you're a
Usenet site, you may receive megabytes of new data every day, but you have
no common carrier protection in the event that someone puts illegal
information onto the Net and thence into your system."
Increased Restrictions
But despite the outpourings of concern for what had happened, many system
administrators and bulletin board operators felt compelled to tighten the
control of their systems and to make free speech a little more difficult,
for their own protection.
Bill Kuykendall, system administrator for The Point, a public UNIX system
in Chicago, made the following announcement to the users of his system:
"Today, there is no law or precedent which affords me... the same legal
rights that other common carriers have against prosecution should some
other party (you) use my property (The Point) for illegal activities. That
worries me....
"I fully intend to explore the legal questions raised here. In my opinion,
the rights to free assembly and free speech would be threatened if the
owners of public meeting places were charged with the responsibility of
policing all conversations held in the hallways and lavatories of their
facilities for references to illegal activities.
"Under such laws, all privately owned meeting places would be forced out of
existence, and the right to meet and speak freely would vanish with them.
The common sense of this reasoning has not yet been applied to electronic
meeting places by the legislature. This issue must be forced, or electronic
bulletin boards will cease to exist.
"In the meantime, I intend to continue to operate The Point with as little
risk to myself as possible. Therefore, I am implementing a few new
policies:
"No user will be allowed to post any message, public or private, until his
name and address has been adequately verified. Most users in the
metropolitan Chicago area have already been validated through the telephone
number directory service provided by Illinois Bell. Those of you who
received validation notices stating that your information had not been
checked due to a lack of time on my part will now have to wait until I get
time before being allowed to post.
"Out of state addresses cannot be validated in the manner above.... The
short term solution for users outside the Chicago area is to find a system
closer to home than The Point.
"Some of the planned enhancements to The Point are simply not going to
happen until the legal issues are resolved. There will be no shell access
and no file upload/download facility for now.
"My apologies to all who feel inconvenienced by these policies, but under
the circumstances, I think your complaints would be most effective if made
to your state and federal legislators. Please do so!"
These restrictions were echoed on other large systems, while a number of
smaller hacker bulletin boards disappeared altogether. We've been told by
some in the hacker world that this is only a phase, that the hacker boards
will be back and that users will once again be able to speak without having
their words and identities "registered". But there's also a nagging
suspicion, the feeling that something is very different now. A publication
has been shut down. Hundreds, if not thousands, of names have been seized
from mailing lists and will, no doubt, be investigated. The facts in the
911 story have been twisted and misrepresented beyond recognition, thanks
to ignorance and sensationalism. People and organizations that have had
contact with any of the suspects are open to investigation themselves. And,
around the country, computer operators and users are becoming more paranoid
and less willing to allow free speech. In the face of all of this, the
belief that democracy will triumph in the end seems hopelessly naive. Yet,
it's something we dare not stop believing in. Mere faith in the system,
however, is not enough.
We hope that someday we'll be able to laugh at the absurdities of today.
But, for now, let's concentrate on the facts and make sure they stay in the
forefront.
==> Were there break-ins involving the E911 system? If so, the entire story
must be revealed. How did the hackers get in? What did they have access to?
What could they have done? What did they actually do? Any security holes
that were revealed should already have been closed. If there are more, why
do they still exist? Could the original holes have been closed earlier and,
if so, why weren't they? Any hacker who caused damage to the system should
be held accountable. Period. Almost every hacker around seems to agree with
this. So what is the problem? The glaring fact that there doesn't appear to
have been any actual damage. Just the usual assortment of gaping security
holes that never seem to get fixed. Shoddiness in design is something that
shouldn't be overlooked in a system as important as E911. Yet that aspect
of the case is being side-stepped. Putting the blame on the hackers for
finding the flaws is another way of saying the flaws should remain
undetected.
==> Under no circumstance should the Phrack newsletter or any of its
editors be held as criminals for printing material leaked to them. Every
publication of any value has had documents given to them that were not
originally intended for public consumption. That's how news stories are
made. Shutting down Phrack sends a very ominous message to publishers and
editors across the nation.
==> Finally, the privacy of computer users must be respected by the
government. It's ironic that hackers are portrayed as the ones who break
into systems, read private mail, and screw up innocent people. Yet it's the
federal authorities who seem to have carte blanche in that department. Just
what did the Secret Service do on these computer systems? What did they
gain access to? Whose mail did they read? And what allowed them to do this?
Take Exception
It's very easy to throw up your hands and say it's all too much. But the
facts indicate to us that we've come face to face with a very critical
moment in history. What comes out of this could be a trend-setting
precedent, not only for computer users, but for the free press and every
citizen of the United States. Complacency at this stage will be most
detrimental.
We also realize that one of the quickest ways of losing credibility is to
be shrill and conspiracy-minded. We hope we're not coming across in this
way because we truly believe there is a significant threat here. If Phrack
is successfully shut down and its editors sent to prison for writing an
article, 2600 could easily be next. And so could scores of other
publications whose existence ruffles some feathers. We cannot allow this to
happen.
In the past, we've called for people to spread the word on various issues.
More times than not, the results have been felt. Never has it been more
important than now. To be silent at this stage is to accept a very grim and
dark future.
*************************************************
ARTICLE TWO: A REVIEW OF THE E911 DOCUMENT ITSELF
*************************************************
Documentation on the E911 System
March 1988
$79,449, 6 pages
Bell South Standard Practice
660-225-104SV
Review by Emmanuel Goldstein
It otherwise would have been a quickly forgotten text published in a hacker
newsletter. But due to all of the commotion, the Bell South E911 document
is now very much in the public eye. Copies are extremely easy to come by,
despite Bell South's assertion that the whole thing is worth $79,449.
While we can't publish the actual document, we can report on its contents
since it's become a news story in itself. But don't get excited. There
really isn't all that much here.
Certain acronyms are introduced, among them Public Safety Answering Point
(PSAP), also known as Emergency Service Bureau (ESB). This is what you get
(in telco lingo) when you dial 911. The importance of close coordination
between these agencies is stressed. Selective routing allows the 911 call
to be routed to the proper PSAP. The 1A ESS is used as the tandem office
for this routing. Certain services made available with E911 include Forced
Disconnect, Alternative Routing, Selective Routing, Selective Transfer,
Default Routing, Night Service, Automatic Number Identification, and
Automatic Location Identification.
We learn of the existence of the E911 Implementation Team, the brave men
and women from Network Marketing who help with configuration in the
difficult cutover period. This team is in charge of forming an ongoing
maintenance subcommittee. We wouldn't want that juicy tidbit to get out,
now would we?
We learn that the Switching Control Center (SCC) "is responsible for
E911/1AESS translations in tandem central offices". We're not exactly
shocked by this revelation.
We also find out what is considered a "priority one" trouble report. Any
link down to the PSAP fits this definition. We also learn that when ANI
fails, the screens will display all zeroes.
We could go on but we really don't want to bore you. None of this
information would allow a hacker to gain access to such a system. All it
affords is a chance to understand the administrative functions a little
better. We'd like to assume that any outside interference to a 911 system
is impossible. Does Bell South know otherwise? In light of their touchiness
on the matter, we have to wonder.
We'd be most interested in hearing from people with more technical
knowledge on the subject. What does this whole escapade tell us? Please
write or call so the facts can be brought forward.
*************************************************************************
2600 MAGAZINE WANTS TO HEAR YOUR THOUGHTS AS WELL AS ANY ADDITIONAL FACTS
YOU MAY BE ABLE TO SHARE WITH US. POST PUBLIC COMMENTS HERE. YOU CAN SEND
PRIVATE MAIL TO 2600@well.sf.ca.us OR 2600 EDITORIAL DEPARTMENT, P.O. BOX
99, MIDDLE ISLAND, NY 11953. IF YOU WANT TO CALL US, OUR PHONE NUMBERS
ARE: (516) 751-2600 (VOICE/MACHINE) OR (516) 751-2608 (FAX).
*************************************************************************
Date: 27 May 90 03:50:07 EDT (Sun)
From: aha@m-net.ann-arbor.mi.us (Brian Sherwood)
Subject: Steve Jackson Games & A.B. 3280
> Computer Gaming World (Golden Empire Publications)
> June, 1990, Number 72, Page 8
> Editorial by Johnny L. Wilson
It CAN Happen Here
Although Nobel Prize-winning novelist Sinclair Lewis is probably best
known for 'Main Street', 'Babbitt', 'Elmer Gantry', and 'Arrowsmith', my
personal favorites are 'It Can't Happen Here' and 'Kingsblood Royal'. The
latter is an ironic narrative in which who suffers from racial prejudice
toward the black population discovers, through genealogical research, that
he himself has black ancestors. The protagonist experienced a
life-challenging discovery that enabled Lewis to preach a gospel of civil
rights to his readership.
The former is, perhaps, Lewis' most lengthy novel and it tells how a
radio evangelist was able to use the issues of morality and national
security to form a national mandate and create a fascist dictatorship in
the United States. As Lewis showed how patriotic symbolism could be
distorted by power-hungry elite and religious fervor channeled into a
political movement, I was personally shaken. As a highschool student,
reading this novel, for the first time, I suddenly realized what lewis
intended for his readers to realize. "It" (a dictatorship) really CAN
happen here, There is an infinitesimally fine line between protecting the
interests of society and encumbering the freedoms of the self-same society
in the name of protection.
Now it appears that the civil liberties of game designers and gamers
themselves are to be assaulted in the name of protecting society. In
recent months two unrelated events have taken place which must make us
pause: the raiding of Steve Jackson Games' offices by the United States
Secret Service, and the introduction of A.B. 3280 into the California State
Assembly by Assemblyperson Tanner.
On March 1, 1990, Steve Jackson Games (a small pen and paper game
company) was raided by agents of the United States Secret Service. The
raid was allegedly part of an investigation into data piracy and was,
apparently, related to the latest supplement from SJG entitled, GURPS
Cyberpunk (GURPS stands for Generic Universal Role-Playing System). GURPS
Cyberpunk features rules for a game universe analogous to the dark futures
of George Alec Effinger ('When Gravity Fails'), William Gibson
('Neuromancer'), Norman Spinrad ('Little Heroes'), Bruce Sterling ('Islands
in the Net'), and Walter Jon Williams ('Hardwired').
GURPS Cyberpunk features character related to breaking into networks and
phreaking (abusing the telephone system).Hence, certain federal agents are
reported to have made several disparaging remarks about the game rules
being a "handbook for computer crime". In the course of the raid (reported
to have been conducted under the authority of an unsigned photocopy of a
warrant; at least, such was the only warrant showed to the employees at
SJG) significant destruction allegedly occurred. A footlocker, as well as
exterior storage units and cartons, were deliberately forced open even
though an employee with appropriate keys was present and available to lend
assistance. In addition, the materials confiscated included: two
computers, an HP Laserjet II printer, a variety of computer cards and
parts, and an assortment of commercial software. In all, SJG estimates that
approximately $10,000 worth of computer hardware and software was
confiscated.
The amorphous nature of the raid is what is most frightening to me. Does
this raid indicate that those who operate bulletin board systems as
individuals are at risk for similar raids if someone posts "hacking"
information on their computer? Or does it indicate that games which
involve "hacking" are subject to searches and seizures by the federal
government? Does it indicate that writing about "hacking" exposes one to
the risk of a raid? It seems that this raid goes over the line of
protecting society and has, instead, violated the freedom of its citizenry.
Further facts may indicate that this is not the case, but the first
impression strongly indicates an abuse of freedom.
Then there is the case of California's A.B 3280 which would forbid the
depiction of any alcohol or tobacco package or container in any video game
intended primarily for use by minors. The bill makes no distinction
between positive or negative depiction of alcohol or tobacco, does not
specify what "primarily designed for" means, and defines 'video game' in
such a way that coin-ops, dedicated game machines, and computer games can
all fit within the category.
Now the law is, admittedly, intended to help curb the use and abuse of
alcohol and tobacco among minors. Yet the broad stroke of the brush with
which it is written limits the dramatic license which can be used to make
even desirable points in computer games. For example, Chris Crawford's
'Balance of the Planet' depicts a liquor bottle on a trash heap as part of
a screen talking about the garbage problem. Does this encourage alcohol
abuse? In 'Wasteland', one of the encounters involves two winos in an
alley. Does their use of homemade white lightening commend it to any
minors that might be playing the game?
One of the problems with legislating art is that art is designed to both
reflect and cast new light and new perspectives on life. As such,
depiction of any aspect of life may be appropriate, in context.
Unfortunately for those who want to use the law as a means of enforcing
morality, laws cannot be written to cover every context.
We urge our California readers to oppose A.B. 3280 and help defend our
basic freedoms. We urge all of our readers to be on the alert for any
governmental intervention that threatens our freedom of expression. "It"
not only CAN happen here, but "it" is very likely to if we are not careful.
Date: 30 May 90 05:15:22 GMT
From: chuq@Apple.COM Subject:
Re: Steve Jackson Games & A.B. 3280 (Sherwood, RISKS-9.96)
A couple of points that aren't in this report. According to reports I've
seen elsewhere, the person working on for Jackson Games was a former Legion
of Doom member, who was also working on a book of interviews of Doom
members. If what I just said actually is true, having a known hacker
writing a 'manual' on hacking, even a fictional one, is something the
Secret Service would want to keep an eye on -- imagine, for instance, that
the fictional game instructions are actually true and the supplement was
published as a way of passing them around in a covert way.
Now, everything I've heard indicates this isn't what happened: it really is
fictional material. But it's an interesting concept in theory.
> The amorphous nature of the raid is what is most frightening to me. Does
>this raid indicate that those who operate bulletin board systems as
>individuals are at risk for similar raids if someone posts "hacking"
>information on their computer?
If you're running a BBS that's supporting a group of system crackers, you
are, at least, contributory to felony crimes. Sure you should worry about
someone knocking on your door. A BBS that's on the up-and-up should have no
worries, though.
>Or does it indicate that games which involve "hacking" are subject to
>searches and seizures by the federal government? Does it indicate that
>writing about "hacking" exposes one to the risk of a raid? It seems that
>this raid goes over the line of protecting society and has, instead,
>violated the freedom of its citizenry.
Not if the Legion of Doom angle is true. This is not to imply that Steve
Jackson or Jackson games was at all involved with any Doomers, but more
likely stuck in the middle.
Chuq Von Rospach <+> chuq@apple.com <+> [This is myself speaking]
Date: Thu, 31 May 90 17:03:04 EDT
From: man@cs.brown.edu
Subject: More on the Steve Jackson Games raid
I have a friend who's involved with Steve Jackson games and here is his
response to the articles that have appeared recently in RISKS. -Mark
[I had to edit a bit to make it self contained, rather than
including all of the previous items. PGN]
Date: Thu, 31 May 90 14:03 EDT
From milliken@BBN.COM Thu May 31 14:04:19 1990
Subject: Re: Debate on SJG raid in comp.risks
Re: Sherwood, RISKS-9.96:
To the best of my understanding, this account is correct except for trivial
details (not a footlocker, but some filing cabinets were broken open in the
account SJ himself wrote).
Re: Von Rospach, RISKS-9.97
> the person working on for Jackson Games was a former Legion of Doom
member...
This first part of this also appears to be true -- Loyd was apparently
associated with some bunch of crackers sometime in the past, and apparently
discussed some of the stuff he was doing with Cyberpunk with them, in the
way of reality-checking. However, Cyberpunk was certainly *not* a "manual
on hacking" -- I haven't read my copy yet, but I'm quite certain the game
rules don't go into details of breaking computer security -- it just has
abstract security programs and "cracking" programs as things that exist in
the game world. These things also exist in cyberpunk novels, which is why
they're in the book.
>If you're running a BBS that's supporting a group of system crackers, you
>are, at least, contributory to felony crimes...
The problem was that SJG *was* clean, as far as I know -- the Secret
Service just went overboard in their search for "contamination". I believe
guilt-by-association is not a tenable legal theory in the US. Grounds for
some amount of suspicion, yes. But search and seizure?
>Or does it indicate that games which involve "hacking" are subject to ...
>Not if the Legion of Doom angle is true....
The Legion of Doom connection appears to have been there, but very tenuous.
The Feds seem to have been unable to draw the line between fantasy and
reality, and appear to have been operating under a "guilty until proven
innocent" premise as far as the seizure of equipment went. As far as I
know, the Secret Service had no direct evidence that SJG or the BBS had
*anything* to do with their case -- mere proximity to the principals seems
to have triggered the raid. I would expect that they would have done more
research before swooping down and carting off someone's business equipment.
I can understand how the raid happened, and even sympathize somewhat with
the motivations of the Secret Service, but I think that they definitely
stepped over the line here. One of the principles of the law in this
country is that the innocent shouldn't be harmed in the pursuit of the
guilty. ---Walter
Date: Fri, 1 Jun 90 09:15 EST
From: WEBB3840@SNYPLAVA.BITNET
Subject: RE:Steve Jackson Games
The chance of GURPS Cyperpunk being used as a manual for computer crime is
very slight indeed. In Cyperpunk fiction, a hacker's interface with the
computer network he or she is trying to operate in is an actual physical
connection with the computer. This connection is usually in the form of a
direct link to a person's brain through jacks surgically implanted in their
skull. It is my understanding that Steve Jackson Games used the same
method of interfacing with computers in GURPS Cyperpunk. This would make
it a little difficult for a person to use the game rules a handbook for
crime. Unless they had a friend real handy with tools...:-).
Stephen J. Webb
------------------------------
Date: Fri, 01 Jun 90 11:17 PDT
From: ZENITH <ZENITH@l66a.ladc.bull.com>
Subject: Re: Steve Jackson Games and A.B. 3280 (Von Rospach, 9.97)
Chuq Von Rospach (chuq@apples.com) writes:
If you're running a BBS that's supporting a group of system crackers, you
are, at least, contributory to felony crimes.
By law? Why? We don't hold a package delivery service like UPS liable if
they happen to deliver burglary tools; why is the owner/operator of a BBS
treated differently for what seems to me an equivalent offense? Von Rospach
goes on to say:
A BBS that's on the up-and-up should have no worries, though.
That seems to be the central issue; it shouldn't be tossed off so casually.
The Bill of Rights is predicated on the assumption that the innocent have a
legitimate reason to worry about the effects of actions taken by their
government; governments to that point (and since) had not been terribly
worried about who got chewed up by the wheels of justice, so long as some
"guilty" party was convicted. Human nature has not changed much in the
intervening years--there are still those who hold to the creed of "Kill 'em
all; let God sort them out". We the innocent still need protection from
those who would elevate expedience over justice; if ease of implementation
and administration becomes the primary criterion by which we judge our
laws, we are in deep trouble. I have noticed a disturbing trend in society,
towards a belief that it is better that 100 innocents should suffer than
one guilty critter should go free; it is difficult to reconcile this notion
with that of "innocent until proven guilty".
- Andy -
Date: 2 Jun 90 22:01:48 GMT
From: jharkins@sagpd1.UUCP (Jim Harkins)
Subject: Re: Steve Jackson Games (Webb, RISKS-10.01)
>The chance of GURPS Cyperpunk being used as a manual for computer crime is
>very slight indeed.
I don't see where this is relevant. Its perfectly legal to buy books on
how to make illegal stuff like explosives, check out the warnings
section(s) in college chemistry books, not to mention stuff like The Poor
Mans James Bond. There are some very good cookbooks on committing murder
(see the mystery section of Waldenbooks). Should we have thrown Agatha
Christi in the slammer? So what would make it illegal to give even a step
by step list of instructions for breaking into a computer?
It seems to me that the act of commiting a crime is illegal, but the
knowledge of how to commit that crime isn't. I think we can all figure out
on our own how to stick a gun into a cashiers face to get money, but we
haven't done anything wrong until we actually do it. Nor have I done
anything wrong by offering a suggestion on improving your monthly income
:-) Of course, if I suspect that you did use my suggestion then by not
finking on you I am breaking the law. jim