home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Telecom
/
1996-04-telecom-walnutcreek.iso
/
security-fraud
/
len.rose.indictment-1
< prev
next >
Wrap
Internet Message Format
|
1991-06-22
|
184KB
From telecom@eecs.nwu.edu Tue Jun 18 02:08:33 1991
Received: from hub.eecs.nwu.edu by gaak.LCS.MIT.EDU via TCP with SMTP
id AA11996; Tue, 18 Jun 91 02:07:41 EDT
Resent-Message-Id: <9106180607.AA11996@gaak.LCS.MIT.EDU>
Received: from nuacc.acns.nwu.edu by delta.eecs.nwu.edu id aa03919;
17 Jun 91 2:04 CDT
Received: from NIU.BITNET by nuacc.acns.nwu.edu; Mon, 17 Jun 91 01:59 CDT
Date: Mon, 17 Jun 91 01:52 CDT
From: TK0JUT1@mvs.cso.niu.edu
Subject: Len Rose File (indictments, posts, press releases, etc)
To: TELECOM@eecs.nwu.edu
Message-Id: <5C308E8B6D3F004CC4@nuacc.acns.nwu.edu>
X-Envelope-To: TELECOM@EECS.NWU.EDU
Resent-Date: Tue, 18 Jun 91 1:08:31 CDT
Resent-From: telecom@eecs.nwu.edu
Resent-To: ptownson@gaak.LCS.MIT.EDU
Status: RO
The following information was compiled by Brendan Kehoe, CuD archivist, on the
LEN ROSE events for those who seek more background information.
The Following is the original press release from Len Rose's
indictment in May.of the Len Rose sage.
+++++++++++++++++++++
U.S. Department of Justice
United States Attorney
District of Maryland
--------------------------------------------------------------
United States Courthouse, Eighth Floor
101 West Lombard Street
Baltimore, Maryland 20201
301/339-2940
301/922-4822
May 15, 1990
PRESS RELEASE FROM THE UNITED STATES ATTORNEY
FOR THE DISTRICT OF MARYLAND
FOR IMMEDIATE RELEASE
Breckinridge L. Willcox, United States Attorney for the District
of Maryland, and Joseph Coppola, Special Agent in Charge of the
United States Secret Service in Baltimore, today announced the
indictment of a Middletown, Maryland man on computer fraud and
related charges. Indicted by a federal grand jury was Leonard
Rose, 31, a computer consultant, of Willow Tree Drive, on charges
that between May, 1988 and January, 1990, he entered into a
scheme to steal and publish highly proprietary computer source
codes for AT&T UNIX computer systems to other computer hackers,
and that he distributed to other computer hackers various
programs designed to gain them unauthorized access to computer
systems. The five count Indictment charges Rose with Interstate
Transportation of Stolen Property, and violations of the Computer
Fraud and Abuse Act of 1986.
Specifically, the Indictment charges that Rose, also
known as "Terminus", received a copy of AT&T highly proprietary
- 1 -
and closely held UNIX 3.2 source code. The Indictment alleges
that on or about January 8, 1990, Rose, knowing the source code
to have been stolen converted, and taken by fraud, transfered the
source code to another computer hacker. The source code was
thereafter transmitted to other hackers. The Indictment charges
that Rose was associated with a closely knit group of computer
hackers known as the "Legion of Doom" whose members are involved
in numerous activities including gaining unauthorized access to
computer systems for a variety of illegal purposes. The
Indictment charges Rose with distributing two "trojan horse"
programs that allowed computer hackers to gain unauthorized
access to computer systems, and with the interstate
transportation of AT&S's stolen proprietary source code.
If convicted on all counts of the Indictment, Rose
faces a maximum possible prison sentence of (unreadable).
In announcing the return of the Indictment, Mr. Willcox
noted that the allegations of the Indictment have far reaching
implications for the security of computer systems throughout the
United States. Mr. Willcox stated, "People who invade the
computer systems of others for profit or personal amusement
create immediate and serious consequences for the public at
large. Unless checked by aggressive law enforcement, computer
hackers will interfere with the security and privacy of financial
records and data, telecommunications systems, and countless other
aspects of our daily life. The Indictment indicates that those
who choose to use their intelligence and talent to disrupt these
networks will be vigorously prosecuted."
Coppola added: "The Secret Service has been charged
with enforcement of the computer fraud statutes. The Baltimore
Office will aggressively pursue computer fraud in Maryland and
wherever else hackers may operate."
Willcox stated that the Indictment is the result of a
lengthy investigation by agents of the United States Secret
Service in Baltimore, Chicago, and elsewhere. This investigation
of the Legion of Doom members started in Chicago, let to
Missouri, and then to Maryland. Related federal indictments are
currently pending in Chicago and Atlanta. Willcox further noted
that technical and expert assistance was provided to the United
States Secret Service by the telecommunication companies including
AT&T. Willcox particularly praised the actions of AT&T for
bringing its intrusion problems to the attention of law
enforcement officials and for its assistance to the Secret
Service.
Willcox added "This investigation has revealed that
these hackers accessed a number of computer systems belonging to
federal research centers, educational institutions, and private
businesses. Our investigation is continuing in an effort to
identify all the participants and to establish the extent and
consequences of the unauthorized access."
Assistant United States Attorney David P. King
presented the case to the federal grand jury.
- 3 -
** END PRESS RELEASE **
++++++++++++++++++++++++++++++++++
>From CuD 1.12:
Date: Thu, 7 Jun 90 0:21:34 CDT
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Crackers, Kapor and Len Rose
[...]
Late Tuesday night, David Tamkin and I had a chance to speak at length with
someone close to the scene involving Len Rose. Some things were off the
record, at the request of Mr. Rose's attorney, and I agreed to honor that
request.
Apparently the Secret Service seized *every single electronic item* in his
household -- not just his computers. I am told they even took away a box
containing his Army medals, some family pictures, and similar. It is my
understanding his attorney has filed a motion in court to force the Secret
Service to return at least *some* of his computer equipment, since without
any of it, he is unable to work for any of his clients at all without at
least one modem and computer.
I am told the Secret Service broke down some doors to a storage area in the
basement rather than simply have him unlock the area with a key. I am told
further that he was advised he could pick up his fax machine (which had
been seized, along with boxes and boxes of technical books, etc), but that
when he did so, he was instead arrested and held for several hours in the
County Jail there.
Mr. Rose believes he will be found innocent of charges (rephrased) that he
was the 'leader of the Legion of Doom', and that he had broken into
'numerous computers over the years'.
I invited Mr. Rose and/or his attorney to issue a detailed statement to the
Digest, and promised that upon receipt it would be run promptly. I don't
think such a statement will be coming any time soon since his attorney has
pretty much ordered him to be silent on the matter until the trial.
If the things he says about the Secret Service raid on his home are
determined to be factual, then combined with complaints of the same nature
where Steve Jackson Games is concerned I would have to say it seems to me
the Secret Service might have been a bit less zealous.
The revelations in the weeks and months ahead should be very interesting.
One of the items I will include in the special issues on Thursday night is
the report which appeared in the {Baltimore Sun} last weekend. This case
seems to get more complicated every day.
PT
--
>From CuD 1.13:
Computer Consultant Could get 32 Years If Convicted of Source-Code Theft
Baltimore - A Middletown, Md., man faces as many as 32 years in prison and
nearly $1 million in fines if convicted of being involved in the "Legion of
Doom" nationwide group of Unix computer buffs now facing the wrath of
federal investigators.
The U.S. Attorney's Office here on May 15 announced the indictment of
Leonard Rose, 31, a computer consultant also known as "Terminus," on
charges that he stole Unix source code from AT&T and distributed two
"Trojan Horse" programs designed to allow for unauthorized access to
computer systems. Incidents occurred between May, 1988 and January, 1990,
according to the indictment.
The five-count indictment, handed down by a federal grand jury, charges
Rose with violations of interstate transportation laws and the federal
Computer Fraud and Abuse Act. Rose faces as many as 32 years in prison,
plus a maximum fine of $950,000.
He is the third person to be indicted who was accused of being connected
with the so-called Legion of Doom. Robert J. Riggs, a 21-year-old DeVry
Institute student from Decatur, Ga., and Craig M. Neidorf, 19, a
University of Missouri student from Columbia, Mo., also have been indicted.
Rose's indictment stemmed from a federal investigation that began in
Chicago and led investigators to Missouri and Maryland, assistant U.S.
Attorney David King said. While executing a search warrant in Missouri,
investigators uncovered evidence Rose was transporting stolen Unix 3.2
source code, King said. Investigators then obtained a warrant to search
Rose's computer system and found the stolen source code, King added.
He said the Trojan Horse programs were substitutes for a legitimate sign-in
or log-in program, with a separate shell for collecting user log-ins or
passwords.
"Whoever substituted [the Trojan Horse program] could get passwords to use
the system any way he or she wanted to," King said.
The indictment was a result of a long-term investigation by the U.S. Secret
Service, and was issued one week after federal authorities raided computer
systems at 27 sites across the United States. Investigators seized 23,000
computer disks from suspects accused of being responsible for more than $50
million in thefts and damages. The Secret Service at that time announced
that five people have been arrested in February in connection with the
investigation.
King said he was unaware if Rose indictment was related to the raids made
earlier this month.
"We don't just go out and investigate people because we want to throw them
in jail. We investigate them because they commit an offense. The grand
jury was satisfied," King said.
The U.S. Attorney's Office said the investigation revealed individuals had
accessed computers belonging to federal research centers, schools and
private businesses. King would not name any of the victims involved.
Rose was associated with the Legion of Doom and operated his own computer
system known as Netsys, according to the indictment. His electronic mailing
address was Netsys!len, the document said.
The Legion, according to the indictment, gained fraudulent, unauthorized
access to computer systems for the purpose of stealing software; stole
proprietary source code and other information; disseminated information
about gaining illegal access, and made telephone calls at the expense of
other people.
Well that is the latest in the Summer '90 busts. I just hope that everyone
arrested by the government receives as fair a deal that Robert Morris
received for his little prank. Because I doubt Mr. Morris was given
special treatment because his dad works for the NSA...
--
>From CuD 1.14:
-------------
Forwarded from Telecom Digest
-------------
In article <8820@accuvax.nwu.edu> henry@garp.mit.edu writes:
>
>In reply to Frank Earl's note ... I would reckon one of the problems
>is that most people don't know where the FBI's jurisdiction begins or
>where the Secret Service's jurisdiction ends. I had a visit on Friday
>afternoon from an FBI agent and it seemed to be mostly reasonable,
>except he identified himself as being from a unit that I wouldn't
>associate with this sort of investigation.
Secret Service jurisdiction over computer crimes is set out in
18 USC 1030(d):
The United States Secret Service shall, in addition to any other agency
having such authority, have the authority to investigate offenses under
this section. [18 USC 1030 is titled "Fraud and related activity in
connection with computers.] Such authority of the United States Secret
Service shall be exercised in accordance with an agreement which shall
be entered into by the Secretary of the Treasury and the Attorney
General.
There is a similar provision in 18 USC 1029, which concerns
"Fraud and related activity in connection with access devices."
Mike Godwin, UT Law School
--
>From CuD 1.26:
Date: 28 July, 1990
From: Moderators
Subject: Moderators' Corner
+++++++++++++++++++
LEN ROSE UPDATE
+++++++++++++++++++
As of Friday, Aug. 3, Len Rose's case awaits trial in federal court in
Baltimore. According to one source, Len was offered an arrangement in which
he could plead guilty to one count of computer fraud and receive at least
some prison time, but would have his computer equipment returned, or take
the case to trial and take his chances.
Len is currently represented by a public defender because of lack of
resources to retain a specialist in computer crime cases. He remains
unemployed, and has moved into a motel with his family. He told us that,
because his equipment and crucial files were seized, his business was
essentially shut down and he was deprived of his livelihood. This means that
he not only cannot support his family, but cannot retain legal counsel of
his choice. He said he was feeling isolated and "abandoned" and wasn't
sure what his legal options were.
We will present a detailed update of Len's situation in CuD 1.27. Len's
public defender can be contacted at (301)-381-4646.
--
>From CuD 1.27:
Date: 9 August, 1990
From: Moderators
Subject: Moderators' Corner
+++++++++++++++++
Len Rose Update
+++++++++++++++++
We talked with Len Rose last night, and he indicates that his trial,
scheduled for this month, will most likely be delayed until February, 1991.
The counts against him resemble those of Craig Neidorf and the "Atlanta 3."
We will provide a detailed summary of our conversation as well as a copy of
the indictment in CuD 1.28 on Monday.
--
>From CuD 1.28:
Date: 11 August, 1990
From: Jim Thomas
Subject: Len Rose Interview
********************************************************************
*** CuD #1.28: File 2 of 4: Len Rose Interview ***
********************************************************************
The Len Rose case seems to present problems for many people. Some, who
ordinarily support Constitutional rights, seem to have backed away from
this case, perhaps because of the seriousness of the charges, or perhaps
because his case does not seem as "pure" as those of some other defendants.
Some people are also concerned that Len's brush with the law "taints" him.
We feel that Len's case deserves attention comparable to other recent
cases. The charges in the indictment, as explained to us, are no more
serious than those in the indictment's of others, and the charges do not
seem to be as serious as the media depicts them. More importantly, the duel
model process of justice that ostensibly guides criminal proceedings must
be applied to all equally, whether the defendant is squeaky clean or a
homicidal maniac. We are troubled by those who think that, because Len has
had a previous legal problem, he is less deserving of legal help. Often, it
is precisely those whose image is the most tarnished who are most at risk
in the judicial process. If the issues are worthy and potentially affect
others, then it is in everybody's interests to assure that justice is
served.
CuD recently talked at length with Len about his current situation. We
have not talked with Len's attorney nor have we seen copies of motions or
of the evidence. Len's current attorney is a public defender who has been
busy in the multiple calls we made daily for three days. He has not
returned our calls. Those who have the time to try to obtain information
from him may contact him at:
Jim Kraft (the attorney)
Kraft, Balcerzak and Bartlett
7050 Oakland Mills Road
Columbia, MD 21046 (phone: 301-381-4646).
Len informs us that the case number is CR-90-0202, Federal Court, Baltimore.
*******************************************************************
WHO IS LEN ROSE?
Len Rose is a 31 year old computer programmer who lives in Pennsylvania.
He has been married for 10 years and has a son, five years old, and a two
year old daughter. He served six years in the army and, he informed us,
received the highest peacetime medal and "held a top secret clearance until
this happened." Len broke his leg in three places in early August during a
fishing outing with his son when he fell off a 35 foot cliff, "but at least
I kept my son from falling," he said. Prior to his arrest, Len operated
his own computer system and was a computer consultant. One specialty area
was Unix systems.
WHAT IS LEN CHARGED WITH?
Len told us that there are five counts against him under Title 18. Two are
for computer fraud and three are for transporting allegedly stolen goods in
excess of $5,000 across state lines. (See File 3, this issue, for a copy
of the indictment).
According to Len, the two fraud counts were for allegedly altering
"login.c," which is source code for unix login programs, which was modified
to perform a trojan horse function to record login names and passwords and
store them in a file system. Len said he wrote the program because
somebody was attacking his own system, and he installed the program on his
system to see what accounts were being attacked. He indicated that login.c
is being valued in the indictment at $75,000, a value reminiscent of the
inflated E911 file charges that federal prosecutors in Chicago charged was
worth over $79,000. Under cross-examination, it was determined that the
information in the E911 files could be obtained in a $13 manual. The other
fraud count was for sending out a password scanner that he wrote himself
that scans passwords and tries to decrypt them. "You can find more powerful
programs n the net," he said, "such as Crypt Breakers Workbench and COPS,
which are archived on uunet to name just two {sources}."
According to Len, "The things I wrote were so trivial, a first year
computer science student could have written them. What it did was take a
word out of a dictionary file and encrypt it, and it compared the encrypted
form to the encrypted password in the password file. It was a very mindless
program. I had written it a long time ago, and used it many times myself
and when I was doing it for security {consulting}. That's all I used it
for, on any system concerned with security. In fact, it was obsolete,
because when ATT released system V 3.2 backin 1988, they stopped using the
file /etc/password and went to the /etc/shadow which was only readable by
the root account or super user accounts. This program {in question} can't
be installed without being able to control the system. I couldn't be used
by a normal user."
The three transportation counts apparently stemmed from multiple sendings
of this file. He sent the program to an e-mail publication, but the
program did not arrive intact, so he re-sent it, which, he said, was the
basis of the second count. The final count, for the same program,
occured because he deleted his own program and received a copy of the
program he had previously sent.
Len related a story that sounded similar to SS Agent Timothy Foley's
account of the initial questioning of Craig Neidorf. Len said he was
originally asked about the E911 files, and that the agents told him that he
was not in any trouble. Len said, "I told them everything I knew. I
cooperated with them to the fullest extent possible, because I trusted
them. I didn't try to hide anything. I told them everything, and they were
after this 911 stuff. They said I wouldn't be prosecuted if I told them
everything, but they did. They told me to tell them now and it won't
matter, but if it came out later.....I told him about the source code."
Len emphasized that he did not steal the source code and that he used it
only to learn Unix.
Contrary to some reports both in the media and circulating on the nets, Len
adamantly denies ever being a member of the Legion of Doom, a denial
confirmed by LoD members and a recent LoD listing of participants. "I never
said I was a member of LoD, that was nothing out of my mouth. I never had
any association with them, and only knew some of the people. I considered
it a kids group, immature, and I never had any involvement with any group
anywhere. I was not a joiner," he said.
WHAT WAS LEN'S PREVIOUS OFFENSE?
Because of the rumors circulating about an earlier offense, we asked Len to
tell us what he could. The case has not yet been resolved, although it will
be concluded within the next few days. It occured in 1989, and was
unrelated to the current situation. It was a state offense for felony
theft, which resulted from an attempt to recover computer equipment that he
believed at the time to be rightfully his, and was the consequence of a
dispute between himself and a company he felt had "ripped him off." On the
streets, we called this "midnight repossession." "It was very stupid. I had
never been n trouble before that and I am very ashamed," he said. The
details of the case can be more fully elaborated after it is fully
resolved.
WHAT'S LEN'S STATUS NOW?
The trial was originally scheduled for August 20, but it appears now that
it may be postponed until February. Until then, Len has no computer
equipment, and he said that the judge would not consider a motion to return
it because the judge perceived that he could use it to commit further
crime. As a consequence, Len has no source of income, and said that he has
lost his home, his credit rating and credit cards, his business, and some
of his friends. "I've lost everything." He is currently immobilized because
of his leg fracture, and will be in casts of various types for at least
eight weeks and may require surgery. His situation has put severe strains
on his finances, psyche, and domestic life. He indicated that he could no
longer afford to retain his original attorney, Carlos Recio of Deso and
Greenberg in Washington, D.C., and was currently represented by a public
defender. His income was slashed by one-twentieth, and he estimated he has
barely made $5,000 this year. He lost his office and currently works from a
single room in a friend's company. He feels that his reputation has been
unjustifiably destroyed, largely by distorted media representations and
rumors and added, "The press has been as damaging as the Secret Service."
If Len's account is accurate, then it would seem to raise many of the same
questions addressed by the EFF, CuD, 2600 Magazine, and others interested
in protecting the Constitutional rights of computerists. Len is not being
charged with theft, but with violations that raise the definition of
property, the legal rights of programmers, the status of source could that
seems to be fairly accessible, and other evolving issues in the
still-tenuous relationship between technology and law. It also raises the
issue of "cruel and unusual punishment." If the summary of the indictment
is correct, it would appear that the consequences resulting from Len's
situation far exceed the crime, and any additional sanctions, especially if
they involve incarceration, will be neither in the interests of Len, or,
ultimately, of society. To deprive an individual who has been a
contributing member to society of a means of livelihood would seem to serve
little purpose in this or any other case. Some argue that the courts are
the best forum to decide both the guilt/innocence and the fate of
defendants. But, justice is not always served in the legal process,
especially in the grey area of ambiguous laws enforced by technologically
untrained investigators and prosecutors. Regardless of what one might
think of Len's judgment in some of his behaviors, we must nonetheless ask:
If Len's account is accurate, at what point does the punishment become too
great? For Len Rose, the immediate goal is modest: "I just want to get my
home back again."
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: 12 August, 1990
From: Moderators
Subject: Len Rose Indictment
********************************************************************
*** CuD #1.28: File 3 of 4: Len Rose Indictment ***
********************************************************************
Len Rose provided the following copy of his indictment, which we have
edited only with a spell-checker. The five counts against Len seem quite
general, and in many ways are similar both in style and substance to those
filed against Craig Neidorf. The perhaps obligatory reference to the
Legion of Doom is made in count one without establishing the defendant's
connection to it, the value of the alleged "property" established as
over $5,000 (Len informs us that the value is established at about $75,000)
seems absurdly over-stated given the apparent nature of the "property" in
question, he is being charged with sending a program that he wrote that is
much less powerful than similar programs readily accessible to the public,
and the charges themselves seem sufficiently vague and ambiguous that they
could apply to many forms of knowledge or information.
We do not publish the indictment as a "Len Rose Issue." Instead, we suggest
that the document below reflects the continued misuse of law as a means to
control information. What is the precise nature of the information in
question? Was it used by the defendant to defraud? Is there any evidence
that he, or anybody else, intended to use it to defraud? The following
indictment, like the indictment in the Neidorf case, seems vague, and from
the trickles of information coming in, it seems that none of the evidence
strongly supports any of the counts. If true, it seems like deja vous all
over again.
********************************************************************
Subject: Len Rose Indictment
Date: Sun, 12 Aug 90 15:29:14 -0400
From: lsicom2!len@CDSCOM.CDS.COM
IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF MARYLAND
UNITED STATES OF AMERICA *
* Criminal No.
v. * - -
*
LEONARD ROSE, a/k/a/ "Terminus" * (Computer Fraud, 18 U.S.C.
* S 1030(a) (6); Interstate
* Transportation of Stolen
* Property, 18 U.S.C. S 2314;
* Aiding and Abetting, 18
* U.S.C. S 2)
Defendant. *
* * * * * * * * *
INDICTMENT
COUNT ONE
The Grand Jury for the District of Maryland charges:
FACTUAL BACKGROUND
1. At all times relevant to this Indictment, American Telephone & Telegraph
Company ("AT&T"), through it's subsidiary, Bell Laboratories ("Bell Labs"),
manufactured and sold UNIX (a trademark of AT&T Bell Laboratories)
computer systems to customers throughout the United States of America.
2. At all times relevant to this Indictment, AT&T sold computer programs
("software") designed to run on the UNIX system to those customers. This
software is designed and manufactured by AT&T;some software was available
to the public for purchase, other software was internal AT&T software
(such as accounting and password control programs) designed to operate
with the AT&T UNIX system.
3. At all times relevant to this indictment, computer hackers were individuals
involved with gaining unauthorized access to computer systems by various
means . These means included password scanning (use of a program that
employed a large dictionary of words, which the program used in an attempt
to decode the passwords of authorized computer system users), masquerading
as authorized users, and use of trojan horse programs.
4. At all times relevant to this Indictment, the Legion of Doom ("LOD") was
a loosely-associated group of computer hackers. Among other activities,
LOD members were involved in:
a. Gaining unauthorized access to computer systems for purposes of
stealing computer software programs from the companies that owned the
programs;
b. Gaining unauthorized access to computer systems for purpose of using
computer time at no charge to themselves, thereby fraudulently obtaining
money and property from the companies that owned the computer systems;
c. Gaining unauthorized access to computer systems for the purpose of
stealing proprietary source code and information from the companies
that owned the source code and information;
d. Disseminating information about their methods of gaining unauthorized
access to computer systems to other hackers;
e. Gaining unauthorized access to computer systems for the purpose of
making telephone calls at no charge to themselves, obtaining and using
credit history and data for individuals other than themselves, .and
the like.
5. At all times relevant to this Indictment, LEONARD ROSE JR. a/k/a
"Terminus", was associated with the LOD and operated his own computer
system, identified as Netsys. His electronic mailing address was
netsys!len
COMPUTER TERMINOLOGY
6. For the purpose of this Indictment, an "assembler" is a computer program
that translates computer program instructions written in assembly language
(source code) into machine language executable by a computer.
7. For the purpose of this Indictment, a "compiler" is a computer program
used to translate as computer program expressed in a problem oriented
language (source code) into machine language executable by a computer.
8. For the purpose of this Indictment, a "computer" is an internally
programmed, automatic device that performs data processing.
9. For the purpose of this Indictment, a "computer network" is a set of
related, remotely connected terminals and communications facilities,
including more than one computer system, with the capability of
transmitting data among them through communications facilities, such as
telephones.
10.For the purposes of this Indictment, a "computer program" is a set of
data representing coded instructions that, when executed by a computer
causes the computer to process data.
11.For the purposes of this Indictment, a "computer system" is a set of
related, connected, or unconnected computer equipment, devices, or software.
12.For the purposes of this Indictment, electronic mail ("e-mail") is a
computerized method for sending communications and files between
computers on computer networks. Persons who send and receive e-mail are
identified by a unique "mailing" address, similar to a postal address.
13.For the purposes of this Indictment a "file" is a collection of related
data records treated as a unit by a computer.
14.For the purposes of this Indictment, "hardware" is the computer and all
related or attached machinery, including terminals, keyboard, disk drives,
tape drives, cartridges, and other mechanical, magnetic, electrical, and
electronic devices used in data processing.
15.For the purposes of this Indictment, a "modem" is a device that modulates
and demodulates signals transmitted over data telecommunications
facilities.
16.For the purposes of this Indictment, "software" is a set of computer
programs, procedures, and associated documentation.
17.For the purposes of this Indictment, "source code" is instructions
written by a computer programmer in a computer language that are used as
input for a compiler, interpreter, or assembler. Access to source code
permits a computer user to change the way in which a given computer
system executes a program, without the knowledge of the computer system
administrator.
18.For the purposes of this Indictment, "superuser privileges" (sometimes
referred to as "root") are privileges on a computer system that grant
the "superuser" unlimited access to the system, including the ability
to change the system's programs, insert new programs, and the like.
19.For the purposes of this Indictment, a "trojan horse" is a set of
computer instructions secretly inserted into a computer program so that
when the program is executed, acts occur that were not intended to be
performed by the program before modification.
20.For the purposes of this Indictment, "UNIX" (a trademark of AT&T Bell
Laboratories) is a computer operating system designed by AT&T Bell
Laboratories for use with minicomputers and small business computers,
which has been widely adopted by businesses and government agencies
throughout the United States.
COMPUTER OPERATIONS
21.For the purposes of this Indictment, typical computer operations are as
described in the following paragraphs. A computer user initiates
communications with a computer system through his terminal and modem.The
modem dials the access number for the computer system the user wishes to
access and, after the user is connected to the system, the modem
transmits and receives data to and from the computer.
22.Once the connection is established, the computer requests the user's login
identification and password. If the user fails to provide valid login and
password information, he cannot access the computer.
23.Once the user has gained access to the computer, he is capable of
instructing the computer to execute existing programs. These programs are
composed of a collection of computer files stored in the computer's
memory. The commands that make up each file and, in turn, each program, are
source code. Users who have source code are able to see all of the
commands that make up a particular program. They can change these commands,
causing the computer to perform tasks that the author of the program did
not intend.
24.The user may also copy certain files or programs from the computer he has
accessed; if the user is unauthorized, this procedure allows the user to
obtain information that is not otherwise available to him.
25.In addition, once a user has accessed a computer, he may use it's network
connections to gain access to other computers. Gaining access from one
computer to another permits a user to conceal his location because login
information on the second computer will reflect only that the first
computer accessed the second computer.
26.If a user has superuser privileges, he may add, replace, or modify existing
programs in the computer system. The user performs these tasks by
"going root"; that is, by entering a superuser password and instructing
the computer to make systemic changes.
27. On or about January 13, 1989, in the State and District of Maryland, and
elsewhere,
LEONARD ROSE JR. a/k/a Terminus
did knowingly, willfully, intentionally, and with intent to defraud,
traffic in (that is, transfer, and otherwise dispose of to another, and
obtain control of with intent to transfer and dispose of) information
through which a computer may be accessed without authorization, to wit:
a trojan horse program designed to collect superuser passwords, and by
such conduct affected interstate commerce.
18 U.S.C. S 1030(a) (6)
18 U.S.C. S 2
COUNT TWO
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. On or about January 9, 1990, in the State and District of Maryland,
and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did knowingly, willfully, intentionally, and with intent to defraud,
traffic in (that is, transfer, and otherwise dispose of to another, and
obtain control of with intent to transfer and dispose of) information
through which a computer may be accessed without authorization, to wit:
a trojan horse login program, and by such conduct affected interstate
commerce.
18 U.S.C. S 1030(a) (6)
18 U.S.C. S 2
COUNT THREE
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. That on or about May 13, 1988 in the State and District of Maryland,
and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did cause to be transported, transmitted, and transformed in interstate
commerce goods, wares, and merchandise of the value of $5000 or more, to
wit: computer source code that was confidential, proprietary information
of AT&T, knowing the same to have been stolen, converted, and taken by
fraud.
18 U.S.C. S 2314
18 U.S.C. S 2
COUNT FOUR
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. That on or about January 15, 1989 in the State and District of Maryland
,
and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did cause to be transported, transmitted, and transformed in interstate
commerce goods, wares, and merchandise of the value of $5000 or more, to
wit: computer source code that was confidential, proprietary information
of AT&T, knowing the same to have been stolen, converted, and taken by
fraud.
18 U.S.C. S 2314
18 U.S.C. S 2
COUNT FIVE
And the Grand Jury for the District of Maryland further charges:
1. Paragraphs 1 through 26 of Count One are incorporated by reference,
as if fully set forth.
2. That on or about January 8, 1990 in the State and District of Maryland,
and elsewhere,
LEONARD ROSE JR. a/k/a/ Terminus
did cause to be transported, transmitted, and transformed in interstate
commerce goods, wares, and merchandise of the value of $5000 or more, to
wit: computer source code that was confidential, proprietary information
of AT&T, knowing the same to have been stolen, converted, and taken by
fraud.
18 U.S.C. S 2314
18 U.S.C. S 2
____________________
Breckinridge L. Wilcox
--
>From CuD 2.00:
Date: Undated
From: Anonymous
Subject: Len Rose's Search Warrant
********************************************************************
*** CuD #2.00: File 3 of 5: Len Rose's Search Warrant ***
********************************************************************
UNITED STATES DISTRICT COURT
District of Maryland
APPLICATION AND AFFIDAVIT
FOR SEARCH WARRANT
In the matter of the Search of:
Residence of
7018 Willow Tree Drive CASE NUMBER: 90-0002G
Middletown, Maryland
I Timothy Foley being duly sworn depose and say:
I am a Special Agent and have reason to believe that on the property or
premises known as: the residence at 7018 Willow Tree Drive, Middletown,
Maryland (see attachment B) in the District of Maryland there is now
concealed a certain person or property ,namely (see attachment A) which is
concerning a violation of Title 18 United States code,Sections 2314 and 1030.
The facts to support a finding of Probable Cause are as follows: (see
attachment C)
Sworn to before me and subscribed in my presence
February 1,1990 at Baltimore Maryland
Clarence F. Goetz,U.S. Magistrate
ATTACHMENT A
computer hardware (including central processing unit(s),monitors,memory
devices, modem(s), programming equipment,communications equipment,disks,
prints,and computer software (including but not limited to memory disks,
floppy disks, storage media) and written material and documents relating
to the use of the computer system (including networking access files,
documentation relating to the attacking of computer and advertising the
results of the computer attack (including telephone numbers and location
information), which constitute evidence,instrumentalities and fruits of
federal crimes, including interstate transportation of stolen property
(18 USC 2314) and interstate transportation of computer access information
(18 USC 1030(a)(6)). This warrant is for the seizure of the above described
computer and computer data and for the authorization to read information
stored and contained on the above described computer and computer data.
ATTACHMENT B
Two level split-foyer style house with a upper story overhang on either
side of a central indentation for the front door. House is white upper
with red brick lower portion under the overhanging upper story. Front
door is white. There is a driveway on the lefthand side of the house as
you face the front. Mail box is situated on a post adjacent to the
driveway and mailbox displays the number 7018.
ATTACHMENT C
State of Maryland )
) SS
County of Frederick )
AFFIDAVIT
1. I, Timothy Foley, am a Special Agent of the United States Secret Service
and have been so employed for the past two years. I am presently assigned
to the Computer Fraud Section of the United States Secret Service in
Chicago. Prior to that I was employed as an attorney of law practicing
in the City of Chicago and admitted to practice in the State of Illinois.
I am submitting this affidavit in support of the search warrant for the
premises known as the residence of Leonard Rose at 7018 Willow Tree Drive
in Middletown, Maryland.
2. This affidavit is based upon my investigation and information provided
to me by Special Agent Barbara Golden of the Computer Fraud Section of
the United States Secret Service in Chicago. S.A. Golden has been
employed by the Secret Service for 13 years, and has been a Special Agent
with the Secret Service for 3 years and by other agents of the United
States Secret Service.
3. I have also received technical information and investigative assistance
from the experts in the fields of telecommunications, computer technology,
software development and computer security technology, including:
a. Reed Newlin, a Security Officer of Southwestern Bell, who has numerous
years of experience in operations,maintenance and administration of
telecommunication systems as an employee of the Southwestern Bell
Telephone Company.
b. Henry M. Kluepfel, who has been employed by the Bell System or its
divested companies for the last twenty-four years. Kleupfel is
presently employed by Bell Communications Research, (Bellcore) as
a district manager responsible for coordinating security technology
and consultation at Bellcore in support of its owners, the seven (7)
regional telephone companies, including BellSouth Telephone Company
and Southwestern Bell Telephone Company. Mr. Kleupfel has participated
in the execution of numerous Federal and State search warrants relative
to telecommunications and computer fraud investigations. In addition,
Mr. Kleupfel has testified on at least twelve (12) occasions as an
expert witness in telecommunications and computer fraud related
crimes.
c. David S. Bauer, who has been employed by Bell Communications Research,
(Bellcore) since April 1987. Bauer is a member of the technical staff
responsible for research and development in computer security
technology and for consultation in support for its owners, the seven
(7) regional telephone companies, including BellSouth. Mr. Bauer is
an expert in software development,communications operating systems,
telephone and related security technologies. Mr. Bauer has conducted
the review and analysis of approximately eleven (11) computer hacking
investigations for Bellcore. He has over nine (9) years of professional
experience in the computer related field.
d. At all times relevant to this affidavit, "computer hackers" were
individuals involved with the unauthorized access of computer systems
by various means. The assumed names used by the hackers when contacting
each other were referred to as "hacker handles."
Violations Involved
-------------------
5. 18 USC 2314 provides federal criminal sanctions against individuals
who knowingly and intentionally transport stolen property or property
obtained by fraud, valued at $5,000.00 or more, in interstate commerce.
My investigation has revealed that on or about January 8, 1990
Leonard Rose, using the hacker handle Terminus, transported a stolen
or fraudulently obtained computer program worth $77,000.00 from
Middletown, Maryland to Columbia, Missouri.
6. 18 USC 1030(a) (6) provides federal criminal sanctions against
individuals who knowingly and with intent to defraud traffic in
interstate commerce any information through which a computer may be
accessed without authorization in interstate commerce. My investigation
has revealed that on or about January 8,1990 Leonard Rose trafficked
a specially modified copy of AT&T Unix source code SVR 3.2 in interstate
commerce from Middletown, Maryland to Columbia,Missouri. (Source code
is a high level computer language which frequently uses English letters
and symbols for constructing computer programs. Programs written in
source code can be converted or translated by a "compiler" program into
object code for use by the computer.) This Unix source code SVR 3.2 had
been specially modified so that it could be inserted by a computer hacker
into any computer using a Unix operating system and thereafter enable the
hacker to illegally capture logins and passwords used by legitimate
users of the computer.
Discovery of the Altered Unix Source Code
-----------------------------------------
7. For the past seven (7) months I have been one of the United States
Secret Service agents involved in a national investigation into attacks
on telephone computer switches by various computer "hackers" including
an organization referred to as the Legion of Doom (LOD).
8. My investigation to date has disclosed that hackers have stolen sensitive
proprietary information from various telecommunications organizations
and published this information in "hacker" publications such as "Phrack"
newsletter. On Janurary 18,1990 Craig Neidorf (hacker handle Knight
Lightning) the editor and co-publisher of "PHRACK" was caught in
possession of various stolen computer files including the source code
for UNIX SVR3.2 and the text file for the Bell South's enhanced 911 (E911)
system.
9. On January 18,1990 Reed Newlin, Southwestern Bell, and I conducted an
examination of the computer files of Craig Neidorf, a hacker known to us
as Knight Lightning,at the University of Missouri at Columbia in Columbia,
Missouri (referred to hereafter simply as Neidorf computer files).
Newlin's examination of the Neidorf computer files extended from the night
of January 18 into the early morning hours of January 19. Later on
January 19 Newlin advised me that his examination of the Neidorf computer
files had disclosed the existence of what he believed to be proprietary
AT&T UNIX SVR3.2 source code in among Neidorf's computer files. He further
advised me that the AT&T source code appeared to have been modified into
a hacker tutorial which would enable a computer hacker to illegally
obtain password and login information from computers running on a UNIX
operating system.
10. On January 29, 1990 I interviewed Craig Neidorf and he advised me that
Leonard Rose (hacker handle "Terminus") had provided him with the AT&T
UNIX SVR3.2 source code which had been taken by me from his computer
files on the computers at the University of Missouri. (Neidorf is soon to
be indicted in Chicago for violations of 18 USC 1030,1343, and 2314.
Neidorf's interview took place while he was aware of the potential
charges which might be brought against him.)
11. Neidorf's identification of Leonard Rose (Terminus) as his source for
the stolen UNIX source code is corroborated by the physical evidence.
That evidence also shows that Terminus knew the code was stolen. On
January 20, 21, and 31, 1990 I personally examined the 19 pages of AT&T
UNIX SVR3.2 found in the Neidorf computer files by Newlin. On pages one
and two of the AT&T document the author of the file identifies himself
by the hacker handle "Terminus". On the first page of the document
Terminus advised Neidorf that the source code came originally from AT&T
"so it's definitely not something you wish to get caught with".
Terminus also inserts the following warning into the text of the program
on the first page: "Warning: this is AT&T proprietary source code. Do
NOT get caught with it.." On page 26 of the program Terminus also states:
"Hacked by Terminus to enable stealing passwords.. This is obviously
not a tool for initial system penetration, but instead will allow you
to collect passwords and accounts once it's been installed. Ideal for
situations where you have a one-shot opportunity for super user
privileges.. This source code is not public domain..(so don't get
caught with it).
In addition to these warnings from Terminus the AT&T source code also
carries what appears to be the original warnings installed in the
program by AT&T on pages 2,5,6,7,26 and 28:
Copyright (c) 1984 AT&T
All rights reserved
THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
The copyright notice above does not evidence and actual or intended
publication of the source code.
12. On January 26 and 30, 1990 copies of the UNIX SVR 3.2 source code
found in the Neidorf computer files and discussed above were sent to
UNIX experts with AT&T (Mr. Al Thompson) and Bellcore (Mr. David Bauer
and Mr. Hank Kleupfel) for their evaluation.
13. On January 30, 1990 Al Thompson of AT&T advised me that his initial
review of the document and the initial review of the document by AT&T's
software licensing group had disclosed the following:
a. The document was in fact a copy of the AT&T UNIX SVR3.2 source
code login program.
b. The program's value was approximately $75,000.00
c. Neither Leonard Rose nor Craig Neidorf were licensed to own or
possess the source code in question.
d. The source code provided to him had been made into a tutorial
for hackers which could be used to install "trap doors" into
a computer and it's operating system. These trap doors would
enable a hacker to illegally obtain the passwords and logins
of the legitimate users of a computer running on a UNIX
operating system.
Identification of Leonard Rose as Terminus
------------------------------------------
14. The AT&T Unix SVR3.2 source code described in paragraphs 9 through
13 above reflected that a hacker named Terminus was the author of
the modifications.
15. On January 15 and 30, 1990 David Bauer of Bellcore advised me that
Terminus is the hacker handle for an individual named Leonard Rose
who resides in Maryland. Bauer advised me that in e-mail between
Terminus and a hacker known as the Prophet (Robert Riggs), on October
9, 1988 Terminus had identified himself as:
Len Rose
Len@Netsys.COM,postmaster@Netsys.COM
301-371-4497
Netsys,Inc. 7018 Willowtree Drive Middletown MD 21769
16. In addition, Bauer's examination disclosed that Terminus received
e-mail at the following addresses: "len@ames.arc.nasa.gov" or
"len@netsys.com". The address "len@ames.arc.nasa.gov" indicates
that the author has the account "len" on the system named "Ames"
in the domain "arc" that is owned and operated by the National
Air and Space Agency of the United States government.
17. My continuing review on January 25,1990 of the Neidorf computer files
disclosed that Rose was continuing to send e-mail to Neidorf and to
receive e-mail from Neidorf. On December 28,1989,Leonard Rose
(Terminus) sent an e-mail message to Neidorf in which Rose gives his
address as 7018 Willowtree Drive in Middletown, Maryland 21769 and
gives his e-mail address as follows:
"len@netsys.netsys.com"
18. On January 30, 1990 I was advised by individuals with the Computer
Emergency Reaction team (CERT) that the e-mail address
"len@netsys.netsys.com" is located at 7018 Willowtree Drive,Middletown,
Maryland 21769. CERT is an organization located at the Carnegie-Mellon
Institute and funded by the Defense Advanced Research Projects Agency.
It records contain information about the location of many computers
in the United States.
19. There is additional evidence identifying Terminus as Leonard Rose.
On January 30, 1990 I received a May 24,1987 copy of "Phrack"
magazine from Hank Kluepfel of Bellcore wherein hacker Taran King
(Randy Tischler) interviewed and "profiled" Terminus (a/k/a Leonard
Rose). The personal background information in the article included
the following:
Handle: Terminus
Call him: Len
Past Handles: Terminal Technician
Handle Origin: Terminal Technician originated because of
Len's view of himself as a hacker. Terminus
was an offshoot of that and, although it
is an egotistical view, it means he has
reached the final point of being a
proficient hacker.
Date of birth: 1/10/59
Age at current date: 29
Height: 5'9"
Weight: About 190 lbs.
Eye Color: Hazel
Hair Color: Brown
Computers: 6800 home brew system, Apple II,Altair
S100, 2 Apple II+s,IBM PC,IBM XT,IBM 3270,
IBM AT, and 2 Altos 986's
Sysop/Co-Sysop: MetroNet,MegaNet, and NetSys Unix
Terminus is further described as an electronic engineer and he designs
boards for different minicomputers like PDP-11s,Data Generals,Vaxes,
and Perkin-Elmer who also writes software and writes computer code in
machine language.
20. My January 25 review of the Neidorf computer files also disclosed a
January 9,1990 e-mail message from Rose to Neidorf at 12:20 am which
corroborated the fact that Rose had sent Neidorf the UNIX SVR3.2
source code on or around January 7,1990. In this message Rose tells
Neidorf that he (Rose) lost his copy of what he sent to Neidorf the
other night because his (Rose's) hard drive had crashed.
21. My January 25 review also disclosed a second e-mail message from Rose
to Neidorf on January 9,1990, at 3:05 pm . This message indicates that
Neidorf had sent a copy of the requested source code back to Rose as
requested (see paragraph 20 above). Rose's message began:
"RE: UNIX file" and stated that the copy of the stolen source code
received back from Neidorf had some type of "glitch".
22. These messages reflect that Rose still has at least one copy of the
UNIX SVR3.2 source code in his possession.
23. On January 29,1990 Craig Neidorf advised me that on or around January
9, 1990 he received a copy of the Unix SVR3.2 source code which was
telecommunicated to him via Bitnet from Leonard Rose in Maryland.
24. On January 30,1990, Hank Kluepfel of Bellcore advised me that based
upon his background experience and investigation in this case and
investigating approximately 50 other incidents this year involving
the unauthorized use of other computer systems,hackers that run
computer bulletin boards typically keep and use the following types
of hardware,software and documents to execute their fraud schemes and
operate their bulletin boards:
a. Hardware - a central processing unit,a monitor, a modem,a keyboard,
a printer, and storage devices (either floppy disks or auxiliary
disk units),telephone equipment (including automatic dialing
equipment,cables and connectors), tape drives and recording equipment.
b. Software - hard disks, and floppy disks containing computer programs,
including, but not limited to software data files, e-mail files,
UNIX software and other AT&T proprietary software.
c. Documents - computer related manuals, computer related textbooks,
looseleaf binders, telephone books,computer printouts,videotapes
and other documents used to access computers and record information
taken from the computers during the above referred to breakins.
25. Based upon the above information and my own observation, I believe
that at the residence known as 7018 Willow Tree Drive, Middletown,
Maryland there is computer hardware (including central processing
unit(s),monitors,memory devices,modem(s),programming equipment,
communication equipment,disks,prints and computer software (including
but not limited to memory disks,floppy disks,storage media) and
written material and documents relating to the use of the computer
system (including networking access files,documentation relating to the
attacking of computer and advertising the results of the computer
attack (including telephone numbers and location information.) This
affidavit is for the seizure of the above described computer and
computer data and for the authorization to read information stored
and contained on the above described computer and computer data
which are evidence of violations of 18 USC 2314 and 1030, as well as
evidence,instrumentalities or fruits of the fraud scheme being
conducted by the operator of the computer at that location.
Location to be Searched
26. On January 31, 1990 I was advised by S.A. John Lewis, USSS in
Baltimore that 7018 Willow Tree Drive in Middletown, Maryland
is a two-level split-foyer style house with an upper story
overhang on either side of a central indentation for the front door.
The front door is white. There is a driveway on the left side of the
house as you face the front. A mail box is situated on a post next
to the driveway and displays the number 7018.
27. Request is made herein to search and seize the above described
computer and computer data and to read the information contained
in and on the computer and computer data.
Special Agent TIMOTHY FOLEY
United States Secret Service
Sworn and Subscribed to before
me this 1st day of February, 1990
Clarence E. Goetz
United States Magistrate
--
>From CuD 2.03:
Date: Tue, 11 Sep 90 01:34:49 -0400
From: len@NETSYS.NETSYS.COM
Subject: Len Rose's experience with the Secret Service
********************************************************************
*** CuD #2.03: File 2 of 4: Len Rose's Experience with the S.S. ***
********************************************************************
[Jim Thomas suggested I write something for the digest and I have been
casting around for ideas.. All I really can think about nowadays is my
own situation. I have become quite a bore to my friends I am sure.]
Please excuse any vestiges of self-pity you may detect.
The Day It Happened:
I left my home around eleven am to drive down to Washington DC to meet
with a potential client. After several hours with them , I started the
drive back through the rush hour traffic. It was just a few minutes
after five pm that I pulled into my driveway in Middletown Md. I remember
getting out of the car and noticing that someone was in the back yard.
He was wearing a blue wind breaker and was neatly dressed. We had been
trying to sell a Jeep , and I assumed he was interested in buying the
car. "What can I do for you" I asked.. I remember being slightly pissed
that this person had just been hanging around the back of my home. He
flipped his jacket aside and I saw a badge on his belt and a gun
in a shoulder holster. "Please go into the house" he replied. I was
pretty shaken and asked "What have I done wrong?" .. without answering
the question, he took my arm and sort of marched me into the front door
of my home. Upon entering, two agents pulled me up from the foyer, and
put me against the wall while searching me. Then I remember being shown
the front of a search warrant and then taken into my master bedroom.
The door was shut and I didn't leave the room for more than five hours.
They introduced themselves, and I asked them what this was about. Foley
replied "We will ask the questions" .. "Do you know any of these hackers?"
I was asked about 10 or 15 names, and out of them I said I recognized
one or two from seeing articles here and there but hadn't had any contact
with them. I remember Foley getting angry. "You had better cooperate,
let's try again". I reiterated that I knew none of them. He said "You
are not telling us the truth" ... I told him I had little contact with
hackers and had been away from that scene for quite some time. He then
scoffed and said "You have a hacker handle don't you... What is It?"
I paused, and then replied "Terminus, but I haven't used it or gone by
that in a very long time" He said "Right, like last month..." I thought
about that and then I started to feel sick inside.. I knew that I had
sent Craig Neidorf a copy of login.c which had been modified to perform
certain functions that basically made it a trojan horse. I used that
handle since I didn't want the world to know that Len Rose was sending
someone proprietary source code through mail.. He shoved a photocopy of a
printout under my nose and asked me if I recognized it.. I looked at it
and said, "Yes.. " .. He asked me If I had made the modifications and
placed certain comments within the source. "Yes" again. "But I never used
it" I blurted out.
"We are only interested in the 911 software and Rich Andrews" they said.
[I never had anything to do with 911 software and after an extensive search
of my systems that night by a certain AT&T employee they seemed to agree.]
"Did Rich Andrews send you a copy of the 911 software?" Foley asked me.
I told them no, no one had sent me anything of the sort. I told them
that Rich had found some portion of 911 software on his system and
sent it to Charley Boykin at killer to see if it was serious. Rich had
told me before, and I sort of approved of the idea. I remember Rich
saying that he'd had no response whatsoever..
[I wish he had told me the truth, but that is for him to explain why]
"We want dirt on Rich Andrews.." Special Agent Timothy Foley said.
"We feel he has been less then cooperative.." and "Do you know he is
a convicted felon" I replied "Yes" but he is a good friend and I
know he hasn't done anything wrong. He is not involved with hackers.
Foley asked me about any dealings I had with Rich. I realized then
that lying wouldn't do me any good, so I told them everything I could
remember. What I had to say must not have been good enough, as Foley
kept saying I wasn't going to get anywhere unless I told them all the
truth. It took me a long time to convince them that was all I knew.
During the interrogation, my legal problems in Virginia were brought up,
and I mentioned that I might be acquitted. Jack Lewis said "If you get
off in Virginia, I'll make sure we burn you for this" .. I felt then
that I was completely shut off from reality.
Foley then asked me to tell them anything illegal I had done.
Jack Lewis said "It would be better if you tell us now, because if we
discover anything else later it will be very serious". By this time, I
was scared and I remember telling them that I had copies of AT&T System V
v3.1, System V v3.2 and various other pieces of software which had been
given to me by certain employees of AT&T (without the benefit of a license
agreement). "Where is it" they asked.. I told them that I had a couple
9 track tapes with prominent labels on a tape rack.
I remember asking several times to see my wife, and to go to the bathroom.
Each time I was told I couldn't. If I hadn't been so scared I would have
asked for an attorney, but my mind had shutdown completely. About 6 hours
later I was finally led out of my bedroom and told to sit at the kitchen
table and not to move. Foley and Lewis sat with me and put a sheet of
paper in front of me and told me to write a statement. "What do you want
me to write about" I asked. Foley said "Everything you told us about
Rich Andrews and also everything about the Trojan horse login program."
"Make sure you mention the System V source code"..
So, as they were finishing loading up the moving truck, I sat there and
wrote about two pages of information.
It was about midnight, when they left, but not before handing me a
subpoena to appear before the Grand Jury.
They told me to tell Rich Andrews my main Unix system had crashed, and
not to let him know that the SS had been there. I felt pretty bad about
this because I kept thinking they were going to get him. He must have
called siz or seven times the day after the "raid". I couldn't tell him
anything, since I assumed my line was tapped.
I remember going outside as they were starting to leave and looking into
the back of the moving truck. The way some of the equipment was packed, I
knew it wouldn't survive the trip into Baltimore. I asked for permission
to re-pack several items (CPUs,Hard Disks, and a 9 track drive) and received
it. As I watched my belongings pull away , I remember feeling so helpless,
and confused. It was only then did it sink in that every material possession
that really mattered to me (other than my home), was gone. All I had to
show for it was a sketchy 20 page inventory..
Later, my wife told me what had gone on until I came home. The SS
arrived around 3 pm, and had knocked on the door. She opened the door,
and 5 or 6 agents pushed her back into the foyer. They took her by the
arms and moved her over to a sofa in the living room. They had a female
agent with them, and this person was detailed to stay with her. She was
not allowed to make phone calls, or answer them (until much later in the
evening.) My children were also placed there. My son, who was 4 at the
time refused to submit to their authority (guns didn't scare him) would
get up often and follow agents around. From what my wife recalls, they
were amused at first , then later became less enthusiastic about that.
She wasn't allowed to feed the kids until after I had been released
from the interrogation session. She remembers getting up several times,
to go to the bathroom or to retrieve diapers,etc. and being told to get
back onto the sofa. The female agent even followed her into the bathroom.
The massive search of every nook and cranny of our home encompassed much
more than computer equipment. To this day, I feel there is a direct
link between my previous legal problem in Virginia, and the extent of the
search that day. In fact, the SS had obtained items seized from me by
Virginia and had them in their posession before the raid ever took place.
I remember going down to the SS office a couple days later to
voluntarily answer the subpoena. I set up my equipment for them. Although
they had labled most cables and connectors, there was some confusion.
I remember showing them how to use my systems, and in particular how to
do a recursive directory listing of every file contained within. After a
while, once they made sure they had backups , I was allowed to type a few
commands at a terminal in order to retrieve an ascii text file (a resume).
Later, while being escorted back out to the front of their offices,
I saw a large room filled with stacks of boxes and equipment cases which
had constituted the entire sum of my office and all equipment,software,and
documentation. I was feeling pretty numb, and remember asking the agents
there to please take care of everything, since I hoped to get it back.
In reflection, it seems pretty pitiful.
It was this day that they told me I would be prosecuted, and I remember
driving back from Baltimore feeling betrayed. Even though I had completely
cooperated with them, and had been told I would not be prosecuted. When I
got home, I was crying .. I couldn't handle this anymore. My sister was
there and I remember she gave me three vallium.. I calmed down and in
fact got pretty high from it.
[The following is something the SS allege I did]
Allegedly from a phone booth that night I called Rich Andrews and warned
him to get rid of any source code or software he shouldn't have.. At this
time I was also alleged to have told Rich that I was leaving the country,
and would go to Korea with my wife and kids. [If I did do this, I never
said anything about leaving] .. They apparently had either tapped his line,
or he told them about my call. [I would have been stupid to say this, since
Korea has extradition treaties with the US]
My Arrest:
Several days later, I received a sudden call from Special Agent John Lewis
and he told me to come down and pick up my fax machine. (I had been
pestering them about it so I could fax my resume out to headhunters so I
could find a job)..
[ Ironically, I had been hired a week before by Global Computer Systems,
in New Jersey to work as a contractor at AT&T's 3B2 Hotline in South
Plainfield New Jersey .. I knew that after this AT&T wouldn't have anything
to do with me and in fact was informed so the night of the raid ]
Upon entering the SS office (Feb. 6) around 5 pm, I waited outside in
the waiting room.. I had been doing some house painting and wasn't dressed
very well. Jack Lewis came out and brought me back to one of their offices
He held out his hand (as if to shake it) and instead put hand cuffs on my
hand. He then locked the other to an eyebolt on the desk. He sat down
across from me and told me to empty my pockets.. I complied, and then he
started writing an inventory of my posessions.
Jack Lewis looked up from his writing and said "You fucked us,Len!"
"What do you mean?" I said. "You called Rich Andrews, and warned him to
get rid of anything he shouldn't have,you fucked us!" .. I didn't reply.
He then told me to pull my shoestrings out of my sneakers, and I did..
He called another agent in to witness the contents of his inventory,sealed
the envelope and then told me I was going to jail.. About 15 minutes later
he released the handcuffs from the desk, and put my arms behind my back and
handcuffed them.
I was led into the hallway, while he finished some last minute details..
He was nice enough to let me make a phone call, when I asked him..I promptly
called a friend in Philadelphia. I knew he would know what to do.. Because
my wife didn't speak English well, and would also have been hysterical
I couldn't count on her to be much help.
They drove me over to the Baltimore City Jail,told the bored looking turnkey
at the desk to hold me for the night.
I was pretty hungry but I had missed the evening meal , and despite
repeated pleas to make my "phone call" the jailers ignored me.
The people in the cells next to mine were an interesting lot.
One was in for killing someone, and the other was in for a crack bust..
Someone in the cell block was drugged out, and kept screaming most of
the night.. I didn't sleep much that night, and the with the cold steel
slab they call a bed it wouldn't have been possible anyway. Sometime
around 9 am a jailer appeared and let me out.
I was then turned back over to the SS and they drove me back to the
Federal Building... They put me in another holding cell and I was there
for about 2 hours. A Federal Marshal came and took me to a court room,
where I was charged with a criminal complaint of transporting stolen
property over interstate lines with a value of $5000 or more.
The conditions for my release were fairly simple..
Sign a signature bond placing my home as collateral, and surrender
my passport. Fortunately my wife had come down earlier and Agent Lewis
had told her to get my passport or I wouldn't be released .. She drove
the 120 mile round trip and found it.. She returned, I was brought down
to the courtroom and the magistrate released me.
We retained an attorney that day, and several weeks later they agreed to
drop all charges. I am told this was to give both sides some time to work
out a deal. Against the better judgement of my (then) attorney I offered to
meet with the Assistant U.S. attorney if they would bring someone down from
Bell Labs. My thinking was that surely a Unix hacker would understand the
ramifications of my changes to the login.c source and corroborate my
explanations for the public domain password scanner. They also wanted me
to explain other "sinister" activities , such as why I had an alias for
the Phrack editors, and I knew a Unix person from the labs would know what
I meant when I said it made it easier for people to get to .BITNET sites.
I was a complete fool,and the person from Bell Labs got me in even worse
trouble when he told them I had other "trojan" software on the systems.
He was referring to a public domain implementation of su.c which David Ihnat
(chinet) had written to allow people to share su access without actually
knowing the root password. "But it is public domain software," I cried.
The Bell Labs person turned and told David King (Asst. US Attorney) that
I was lying. He went on to say that there was a considerable amount of
R&D source code on my machines. Things that no one should possess outside of
AT&T, like Korn shell and AwkCC.
My attorney (Mr. Carlos Recio of Deso, and Greenberg - Washington DC) was
furious with me. All he could say was that "I told you so.." and I realized
I had been stupid. I had hoped if I could explain the situation to the govt.
and have someone from AT&T verify what I said was true, then they would
realize I was just a typical Unix freak, who hadn't been involved in anything
more sinister than possibly having things I shouldn't have.
After a few months the best deal Mr. King offered was for me to plead
guilty to 2 felony counts (Computer Fraud) and I would receive a sentence
of 17 months in prison. I refused to take the deal, [ Perhaps I may live
to regret that decision when my trial begins in 91.. ]
In May I was formally charged with 5 felony counts.. The rest is history..
Present Day:
In better times I never lacked for work, and lived in a world where I
spent more on phone bills per month (uucp traffic), than I have earned
in the last four months.
I am sitting here (rather lying, since I cannot get up) by the laptop
computer (on loan to me from a friend) . Lately, I have grown to feel
that without this little laptop and it's modem linking me to the network
I would have been driven mad a long time ago.Reading Usenet news has been
my only solace lately. During the day I spend hours calling around to all
the head hunters asking for work.Since I still have a fax machine,
I am able to fax my resume around. So far, I haven't had much luck in
finding anything at all. Since all this happened , it seems that I have
been blacklisted. A few companies expressed interest, but later called
back and asked me if I was the "LoD hacker" and I told them yes.. They
weren't interested anymore (I cannot blame them).
I guess the Unix Today articles have cost me more than any of the others..
I lost a great contract ($500 a day) with a major bank in Manhattan when
they saw the first article.. In various articles from various newspapers,
I have been called the "Mastermind of the Legion of Doom" and other bizarre
things.
The lies told by the US Attorney in Baltimore in their press release
were printed verbatim by many papers.. The usual propaganda about the
Legion's activities in credit card fraud, breakins and the threat to the
911 system were all discussed in that press release and cast a bad light
on me.
I have had the good fortune to have a friend in Philadelphia who has
loaned me office space in his firm's building. Such an arrangement lends
an air of credibility to Netsys Inc. Too bad I have no clients or contracts.
Since I broke my leg pretty badly (The doctor says I will be in a cast for
six months and maybe some surgery) ,I haven't been able to visit the
"office" but I have an answering machine there and I check my calls daily.
We (my wife and two children) moved to the Philadelphia suburbs in order
to put as much distance as possible from the SS Agent John "Jack" Lewis
who is based in Baltimore.
I realize that the SS have offices in every city, and agents to spare
but it made me feel better knowing that he is in Baltimore and I am here.
Anyway, at this point I am trying to find a few system admin jobs, and
would take any salary they offered me. I am scared about the next few
months since I cannot even get a job as a laborer or a 7-11 clerk since
my leg is screwed.. My wife (who has a liberal arts degree) is looking
for a job in this area.. We hope she can get a job working minimum wage
in some department store or as a waitress.
We have enough money to last another month I guess. Then I am not sure
what we will do, since we haven't any relatives who will take us in.
I have never been un-employed since leaving high school, and It's a
pretty bad feeling. One day , If I survive this, I will never forget
what has happened. I can't help feeling that there is a thin veneer
of freedom and democracy in this country, and agencies like the Secret
Service are really far more powerful than anyone had realized.
I know that my friends within AT&T (E. Krell for one) feel I have
"stolen" from their company. I can only laugh at this attitude since
I have probably done more for AT&T than he has. Those of you who knew
me before can attest to this. While it was "wrong" to possess source code
without a license,I never tried to make money from it. I wrote a Trojan
Horse program, which in all honesty was done to help defend my own systems
from attack (it is currently installed as /bin/login on my equipment).
Any allegations that I installed it on other systems are completely false.
[ in fact, most of the source code was given to me by AT&T employees ]
As far as the public domain password scanner program, well.. I realize
that most of you know this, but items far more powerful can be obtained
from any site that archives comp.sources.unix,and comp.sources.misc ..
I used it as a legitimate security tool when doing security audits on
my own systems and clients. It wasn't very good really, and considering it
was obsolete (System V 3.2 /etc/shadow) anyway, it's usefulness was limited.
Since the SS will be reading this article with interest, I want to
point out that I will fight you to the end. Someday I hope you will
realize you made an honest mistake and will rectify it. Perhaps there
was some justification I am not aware of, but I doubt it. If I have to
go to prison for this, perhaps it will benefit society. Who knows what
what Len Rose would have done if left to continue his criminal pursuits.
I hope to get my equipment, and software back and then re-start my life.
There have been repeated motions to get my equipment back , but the judge
has summarily denied them saying I will commit crimes If I get it back.
I have offered to assist the SS in saving evidence,and to sign any agreement
they choose regarding validity of that evidence.
I may take up begging soon , and ask for help from someone who is rich.
It's going to be winter soon and I don't look forward to being on the
street.
Len
--
>From CuD 2.09:
From: Moderators
Subject: Len Rose Arrest
Date: October 26, 1990
********************************************************************
*** CuD #2.09: File 2 of 8: Len Rose Arrest ***
********************************************************************
Len Rose was arrested on state charges of "computer tampering" in
Naperville, Ill., Naperville police confirmed Monday night. Len obtained
a job at Interactive Systems Corporation, a software consulting firm, in
Naperville and began Monday, October 15. Friday, he was fired. Bail was
initially set at $50,000, and as of late Friday afternoon, he remained
in jail.
Len's wife speaks little English and is stuck in Naperville, lacking both
friends and resources. Len currently has no money to post bond, and this
leaves he and his family in a dreadful situation.
We caution readers to remember that, under our Constitution, Len is
*innocent* unless proven otherwise, but there is something quite
troublesome about this affair. Hopefully, we'll soon learn what specific
charges and what evidence led to those charges. Even if a "worst case"
scenario evolves, there are surely better ways to handle such cases in less
intrusive and devastating ways. Devastated lives and full invocation of
the CJ process are simply not cost effective for handling these types of
situations.
--
>From CuD 2.14:
From: Moderators
Subject: Len Rose Indicted
Date: 29 November, 1990
********************************************************************
*** CuD #2.14: File 2 of 8: Len Rose Indicted ***
********************************************************************
"Man is Charged in Computer Crime"
By Joseph Sjostrom
From: Chicago Tribune, 28 November, 1990: Section 2, p. 2
Du Page County prosecutors have indicted a Naperville resident in
connection with an investigation into computer tampering.
Leonard Rose, 31, of 799 Royal St. George St., Naperville, was charged by
the Du Page County grand jury last week with violating the 1988 "computer
tampering" law that prohibits unauthorized entry into a computer to copy,
delete or damage programs or data contained in it.
Rose, who lived in Baltimore until last September or October, is under
federal indictment there for allegedly copying and disseminating a valuable
computer program owned by AT&T. The Du Page indictment charges him with
copying the same program from the computer of a Naperville software firm
that employed him for a week in October.
His alleged tampering with computers there was noticed by other employees,
according to Naperville police. A search warrant was obtained for Rose's
apartment last month, and two computers and a quantity of computer data
storage discs were confiscated, police said.
The Du Page County and federal indictments charge that Rose made
unauthorized copies of the AT&T Unix Source Code, a so-called operating
system that gives a computer its basic instructions on how to function.
The federal indictment says Rose's illegal actions there were commited
between May 1988 and January 1990. The Du Page County indictment alleges
he tampered with the Naperville firm's computers on Oct. 17.
(end article)
*************************************
Although we have not yet seen the indictment, we have been told that charges
were made under the following provisions of the Illinois Criminal Code:
*************************************
From: SMITH-HURD ILLINOIS ANNOTATED STATUTES
COPR. (c) WEST 1990 No Claim to Orig. Govt. Works
CHAPTER 38. CRIMINAL LAW AND PROCEDURE
DIVISION I. CRIMINAL CODE OF 1961
TITLE III. SPECIFIC OFFENSES
PART C. OFFENSES DIRECTED AGAINST PROPERTY
ARTICLE 16D. COMPUTER CRIME
1990 Pocket Part Library References
16D-3. COMPUTER tampering
s 16D-3. COMPUTER Tampering. (a) A person commits the offense of COMPUTER
tampering when he knowingly and without the authorization of a COMPUTER'S
owner, as defined in Section 15-2 of this Code, or in excess of the authority
granted to him:
(1) Accesses or causes to be accessed a COMPUTER or any part thereof, or a
program or data;
(2) Accesses or causes to be accessed a COMPUTER or any part thereof, or a
program or data, and obtains data or services;
(3) Accesses or causes to be accessed a COMPUTER or any part thereof, or a
program or data, and damages or destroys the COMPUTER or alters, deletes or
removes a COMPUTER program or data;
(4) Inserts or attempts to insert a "program" into a COMPUTER or COMPUTER
program knowing or having reason to believe that such "program" contains
information or commands that will or may damage or destroy that COMPUTER, or
any other COMPUTER subsequently accessing or being accessed by that COMPUTER,
or that will or may alter, delete or remove a COMPUTER program or data from
that COMPUTER, or any other COMPUTER program or data in a COMPUTER
subsequently accessing or being accessed by that COMPUTER, or that will or may
cause loss to the users of that COMPUTER or the users of a COMPUTER which
accesses or which is accessed by such "program".
(b) Sentence.
(1) A person who commits the offense of COMPUTER tampering as set forth in
subsection (a)(1) of this Section shall be guilty of a Class B misdemeanor.
(2) A person who commits the offense of COMPUTER tampering as set forth in
subsection (a)(2) of this Section shall be guilty of a Class A misdemeanor and
a Class 4 felony for the second or subsequent offense.
(3) A person who commits the offense of COMPUTER tampering as set forth in
subsection (a)(3) or subsection (a)(4) of this Section shall be guilty of a
Class 4 felony and a Class 3 felony for the second or subsequent offense.
(c) Whoever suffers loss by reason of a violation of subsection (a)(4) of this
Section may, in a civil action against the violator, obtain appropriate
relief. In a civil action under this Section, the court may award to the
prevailing party reasonable attorney's fees and other litigation expenses.
(end Ill. Law)
+++++++++++++++++++++++++++++++++++++++++
Illinois employs determinate sentencing, which means that the judge is
bound by sentencing guidelines established by law for particular kinds of
offenses (See Illinois' Univied Code of Corrections, Chapter 38, Sections
1005-8-1, 1006-8-2, 1005-5-3.1, and 1005-3.2).
Computer tampering carries either a Class 4 felony sentence, which can
include prison time of from one to three years, or a Class A misdemeanor
sentence. With determinate sentencing, the judge selects a number between
this range (for example, two years), and this is the time to be served.
With mandatory good time, a sentence can be reduced by half, and an
additional 90 days may be taken off for "meritorious good time." Typical
Class 4 felonies include reckless homicide, possession of a controlled
substance, or unlawful carrying of a weapon.
A Class A misdemeanor, the most serious, carries imprisonment of up to one
year. Misdemeanants typically serve their time in jail, rather than prison.
Ironically, under Illinois law, it is conceivable that if an offender were
sentenced to prison for a year or two as a felon, he could be released
sooner than if he were sentenced as a misdemeanant because of differences
in calculation of good time.
From: bill <bill@GAUSS.GATECH.EDU>
Subject: Len Rose Outcome (from AP wire)
Date: Sat, 23 Mar 91 14:29:14 EST
********************************************************************
*** CuD #3.10--File 3 of 5: AP Story on Len Rose ***
********************************************************************
BALTIMORE (AP) -- A computer hacker pleaded guilty Friday to stealing
information from American Telephone & Telegraph and its subsidiary
Bell Laboratories.
Under an agreement with prosecutors, Leonard Rose pleaded guilty in
U.S. District Court to one count of sending AT&T source codes via
computer to Richard Andrews, an Illinois hacker, and a similar wire
fraud charge involving a Chicago hacker.
Prosecutors said they will ask that Rose be sentenced to two
concurrent one-year terms. Rose is expected to be sentenced in May.
Neither Rose nor his attorney could be immediately reached for comment
late Friday.
"Other computer hackers who choose to use their talents to interfere
with the security and privacy of computer systems can expect to be
prosecuted and to face similar penalties," said U.S. Attorney
Breckinridge L. Willcox.
"The sentence contemplated in the plea agreement reflects the serious
nature of this new form of theft," Willcox said.
Rose, 32, was charged in May 1990 in a five-count indictment following
an investigation by the Secret Service and the U.S. Attorney's offices
in Baltimore and Chicago.
He also had been charged with distributing "trojan horse" programs,
designed to gain unauthorized access to computer systems, to other
hackers.
Prosecutors said Rose and other hackers entered into a scheme to steal
computer source codes from AT&T's UNIX computer system.
The plea agreement stipulates that after he serves his sentence, Rose
must disclose his past conduct to potential employers that have
computers with similar source codes.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: Anonymous
Subject: Len Rose Pleads Guilty (Washington Post)
Date: Mon, 25 Mar 91 11:22:13 PST
********************************************************************
*** CuD #3.10--File 4 of 5: Washington Post Story on Len Rose ***
********************************************************************
Source: Washington Post, March 23, 1991, pp A1, A10
"'Hacker' Pleads Guilty in AT&T CASE: Sentence Urged for
Md. Man Among Stiffest Yet for Computer Crime"
By Mark Potts/Washington Post Staff Writer
BALTIMORE, March 22--A computer "hacker" who was trying to help others
steal electronic passwords guarding large corporate computer systems
around the country today pleaded guilty to wire fraud in a continuing
government crackdown on computer crime.
Federal prosecutors recommended that Leonard Rose Jr., 32, of
Middletown, Md., be sent to prison for one year and one day, which
would be one of the stiffest sentences imposed to date for computer
crime. Sentencing is scheduled for May before U.S. District Judge J.
Frederick Motz.
Cases such as those of Rose and a Cornell University graduate student
who was convicted last year of crippling a nationwide computer network
have shown that the formerly innocent pastime of hacking has
potentially extreme economic ramifications. Prosecutors, industry
officials and even some veteran hackers now question the once popular
and widely accepted practice of breaking into computer systems and
networks in search of information that can be shared with others.
"It's just like any other form of theft, except that it's more subtle
and it's more sophisticated," said Geoffrey R. Garinther, the
assistant U.S. attorney who prosecuted the Rose case.
Rose--once part of a group of maverick hackers who called themselves
the Legion of Doom--and his attorneys were not available for comment
after the guilty plea today. The single fraud count replaced a
five-count indictment of the computer programmer that was issued last
May after a raid on his home by Secret Service agents.
According to prosecutors, Rose illegally obtained information that
would permit him to secretly modify a widely used American Telephone &
(See HACKER, A10, Col 1)
Telegraph Co. Unix software program--the complex instructions that
tell computers what to do. The two former AT&T software employees who
provided these information "codes" have not yet been prosecuted.
Rose altered the AT&T software by inserting a "Trojan horse" program
that would allow a hacker to secretly gain access to the computer
systems using the AT&T Unix software and gather passwords used on the
system. The passwords could then be distributed to other hackers,
permitting them to use the system without the knowledge of its
rightful operators, prosecutors said.
Rose's modifications made corporate purchasers of the $77,000 AT&T
Unix program vulnerable to electronic break-ins and the theft of such
services as toll-free 800 numbers and other computer-based
telecommunications services.
After changing the software, Rose sent it to three other computer
hackers, including one in Chicago, where authorities learned of the
scheme through a Secret Service computer crime investigation called
Operation Sun Devil. Officials say they do not believe the hackers
ever broke into computer systems.
At the same time he pleaded guilty here, Rose pleaded guilty to a
similar charge in Chicago; the sentences are to be served
concurrently, and he will be eligible for parole after 10 months.
Rose and his associates in the Legion of Doom, whose nickname was
taken from a gang of comic-book villains, used names like Acid Phreak
Terminus--Rose's nickname--as their computer IDs. They connected their
computers by telephone to corporate and government computer networks,
outwitted security screens and passwords to sign onto the systems and
rummaged through the information files they found, prosecutors said.
Members of the group were constantly testing the boundaries of the
"hacker ethic," a code of conduct dating back to the early 1960s that
operates on the belief that computers and the information on them
should be free for everyone to share, and that such freedom would
accelerate the spread of computer technology, to society's benefit.
Corporate and government computer information managers and many law
enforcement officials have a different view of the hackers. To them,
the hackers are committing theft and computer fraud.
After the first federal law aimed at computer fraud was enacted in
1986, the Secret Service began the Operation Sun Devil investigation,
which has since swept up many members of the Legion of Doom, including
Rose. The investigation has resulted in the arrest and prosecution of
several hackers and led to the confiscation of dozens of computers,
thousands of computer disks and related items.
"We're authorized to enforce the computer fraud act, and we're doing
it to the best of our ability," Garry Jenkins, assistant director of
investigations for the Secret Service, said last summer. "We're not
interested in cases that are at the lowest threshold of violating the
law...They have to be major criminal violations before we get
involved."
The Secret Service crackdown closely followed the prosecution of the
most celebrated hacker case to date, that of Robert Tappan Morris
Cornell University computer science graduate student and son of a
computer sicentist at the National Security Agency. Morris was
convicted early last year of infecting a vast nationwide computer
network in 1988 with a hugely disruptive computer "virus," or rogue
instructions. Although he could have gone to jail for five years, Mo
$10,000, given three years probation and ordered to do 400 hours of
community service work.
Through Operation Sun Devil and the Morris case, law enforcement
authorities have begun to define the boundaries of computer law.
Officials are grappling with how best to punish hackers and how to
differentiate between mere computer pranks and serious computer
espionage.
"We're all trying to get a handle for what is appropriate behavior in
this new age, where we have computers and computer networks linked
together," said Lance Hoffman, a computer science professor at George
Washington University.
"There clearly are a bunch of people feeling their way in various
respects," said David R. Johnson, an attorney at Wilmer, Cutler &
Pickering and an expert on computer law. However, he said, "Things
are getting a lot clearer. It used to be a reasonably respectable
argument that people gaining unauthorized access to computer systems
and causing problems were just rambunctious youth." Now, however, the
feeling is that "operating in unauthorized computing spaces can be an
antisocial act," he said.
Although this view is increasingly shared by industry leaders, some
see the risk of the crackdown on hackers going to far. Among those
concerned is Mitch Kapor, the inventor of Lotus 1-2-3, the
best-selling computer "spreadsheet" program for carrying out
mathematical and accounting analysis. Kapor and several other
computer pioneers last year contributed several hundred thousands
dollars to set up the Electron Freedom Foundation, a defense fund for
computer hackers.
EFF has funded much of Rose's defense and filed a friend-of-the-court
brief protesting Rose's indictment.
--end of article--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: brendan@CS.WIDENER.EDU(Brendan Kehoe)
Subject: Washington Post Retraction to Original Story
Date: Wed, 27 Mar 91 08:49:00 EST
From: The Washington Post, Tuesday March 26, 1991, Page A3.
CORRECTION [to Saturday March 23, 1991 article]
"Leonard Rose, Jr., the Maryland computer hacker who pleaded guilty
last week to two counts of wire fraud involving his illegal possession
of an American Telephone & Telegraph Co. computer program, was not a
member of the "Legion of Doom" computer hacker group, as was reported
Saturday, and did not participate in the group's alleged activities of
breaking into and rummaging through corporate and government computer
systems."
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Moderators
Subject: Len Rose's "Guilt" and the Washington Post
Date: March 28, 1991
********************************************************************
*** CuD #3.10--File 5 of 5: Len Rose and the Washington Post ***
********************************************************************
Although Len Rose accepted a Federal plea bargain which resolved
Federal charges against him in Illinois and Maryland, and state
charges in Illinois, he will not be sentenced until May. Therefore,
many of the details of the plea or of his situation cannot yet be made
public. Len pleaded guilty to two counts of violating Title 18 s.
1343:
18 USC 1343:
Sec. 1343. Fraud by wire, radio, or television
Whoever, having devised or intending to devise any scheme or
artifice to defraud, or for obtaining money or property by
means of false or fraudulent pretenses, representations, or
promises, transmits or causes to be transmitted by means of
wire, radio, or television communication in interstate or
foreign commerce, any writings, signs, signals, pictures,
or sounds for the purpose of executing such scheme or
artifice, shall be fined not more than $1000 or imprisoned
not more than five years, or both.
In our view, Len's case was, is, and continues to be, a political
case, one in which prosecutors have done their best to create an
irresponsible, inaccurate, and self-serving imagery to justify their
actions in last year's abuses in their various investigations.
Len's guilty plea was the result of pressures of family, future, and
the burden of trying to get from under what seemed to be the
unbearable pressure of prosecutors' use of law to back him into
corners in which his options seemed limited. The emotional strain and
disruption of family life became too much to bear. Len's plea was his
attempt to make the best of a situation that seemed to have no
satisfactory end. He saw it as a way to obtain the return of much of
his equipment and to close this phase of his life and move on. Many of
us feel that Len's prosecution and the attempt to make him out to be a
dangerous hacker who posed a threat to the country's computer security
was (and remains) reprehensible.
The government wanted Len's case to be about something it wasn't. To
the end, they kept fomenting the notion that the case involved
computer security--despite the fact that the indictment, the statute
under which he was charged, or the evidence DID NOT RELATE TO
security. The case was about possession of proprietary software, pure
and simple.
The 23 March article in the Washington Post typifies how creative
manipulation of meanings by law enforcement agents becomes translated
into media accounts that perpetuate the the type of witch hunting for
which some prosecutors have become known. The front page story
published on March 23 is so outrageously distorted that it cannot pass
without comment. It illustrates how prosecutors' images are
translated into media narratives that portray an image of hackers in
general and Len in particular as a public threat. The story is so
ludicrously inaccurate that it cannot pass without comment.
Mark Potts, the author of the story, seems to convict Len of charges
of which even the prosecutors did not accuse him in the new
indictment. According to the opening paragraph of the story, Len
pleaded guilty to conspiring to steal computer account passwords. This
is false. Len's case was about possessing and possessing transporting
unlicensed software, *NOT* hacking! Yet, Potts claims that Rose
inserted a Trojan horse in AT&S software that would allow other
"hackers" to break into systems. Potts defers to prosecutors for the
source of his information, but it is curious that he did not bother
either to read the indictments or to verify the nature of the plea.
For a major story on the front page, this seems a callous disregard of
journalistic responsibility.
In the original indictment, Len was accused of possessing login.c, a
program that allows capturing passwords of persons who log onto a
computer. The program is described as exceptionally primitive by
computer experts, and it requires the user to possess root access, and
if one has root privileges, there is little point in hacking into the
system to begin with. Login.c, according to some computer
programmers, can be used by systems administrators as a security
device to help identify passwords used in attempts to hack into a
system, and at least one programmer indicated he used it to test
security on various systems. But, there was no claim Len used this
improperly, it was not an issue in the plea, and we wonder where Mark
Potts obtained his prosecutorial power that allows him to find Len
guilty of an offense for which he was not charged nor was at issue.
Mark Potts also links Len directly to the Legion of Doom and a variety
of hacking activity. Although a disclaimer appeared in a subsequent
issue of WP (a few lines on page A3), the damage was done. As have
prosecutors, Potts emphasizes the LoD connection without facts, and
the story borders on fiction.
Potts also claims that Len was "swept up" in Operation Sun Devil,
which he describes as resulting "in the arrest and prosecution of
several hackers and led to the confiscation of dozens of computers,
thousands of computer disks and related items." This is simply false.
At least one prosecutor involved with Sun Devil has maintained that
pre-Sun Devil busts were not related. Whether that claim is accurate
or not, Len was not a part of Sun Devil. Agents raided his house when
investigating the infamous E911 files connected to the Phrack/Craig
Neidorf case last January (1990). Although Len had no connection with
those files, the possession of unlicensed AT&T source code did not
please investigators, so they pursued this new line of attack.
Further, whatever happens in the future, to our knowledge *no*
indictments have occured as the result of Sun Devil, and in at least
one raid (Ripco BBS), files and equipment were seized as the result of
an informant's involvement that we have questioned in a previous issue
of CuD ( #3.02). Yet, Potts credits Sun Devil as a major success.
Potts also equates Rose's activities with those of Robert Morris, and
in so-doing, grossly distorts the nature of the accusations against
Len. Equating the actions to which Len pleaded guilty to Morris
grossly distorts both the nature and magnitude of the offense. By
first claiming that Len modified a program, and then linking it to
Morris's infectious worm, it appears that Len was a threat to computer
security. This kind of hyperbole, based on inaccurate and
irresponsible reporting, inflames the public, contributes to the
continued inability to distinguish between serious computer crime and
far less serious acts, and would appear to erroneously justify AT&T's
position as the protector of the nets when, in fact, their actions are
far more abusive to the public trust.
After focusing for the entire article on computer security, Potts
seems to appear "responsible" by citing the views of computer experts
on computer security and law. But, because these seem irrelevant to
the reality of Len's case, it is a classic example of the pointed non
sequitor.
Finally, despite continuous press releases, media announcements, and
other notices by EFF, Potts concludes by claiming that EFF was
established as "a defense fund for computer hackers." Where has Potts
been? EFF, as even a rookie reporter covering computer issues should
know, was established to address the challenges to existing law by
rapidly changing computer technology. Although EFF provided some
indirect support to Len's attorneys in the form of legal research, the
EFF DID NOT FUND ANY OF LEN'S defense. Len's defense was funded
privately by a concerned citizen intensely interested in the issues
involved. The EFF does not support computer intrusion, and has made
this clear from its inception. And a final point, trivial in context,
Potts credits Mitch Kapor as the sole author of Lotus 1-2-3, failing
to mention that Jon Sachs was the co-author.
The Washington Post issued a retraction of the LoD connection a few
days later. But, it failed to retract the false claims of Len's plea.
In our view, even the partial LoD retraction destroys the basis, and
the credibility, of the story. In our judgement, the Post should
publicly apologize and retract the story. It should also send Potts
back to school for remedial courses in journalism and ethics.
Some observers feel that Len should have continued to fight the
charges. To other observers, Len's plea is "proof" of his guilt. We
caution both sides: Len did what he felt he had to do for his family
and himself. In our view, the plea reflects a sad ending to a sad
situation. Neither Len nor the prosecution "won." Len's potential
punishment of a year and a day (which should conclude with ten months
of actual time served) in prison and a subsequent two or three year
period of supervised release (to be determined by the judge) do not
reflect the the toll the case took on him in the past year. He lost
everything he had previously worked for, and he is now, thanks to
publications like the Washington Post, labelled as a dangerous
computer security threat, which may hamper is ability to reconstruct
his life on release from prison. We respect Len's decision to accept
a plea bargain and urge all those who might disagree with that
decision to ask themselves what they would do that would best serve
the interests both of justice and of a wife and two small children.
Sadly, the prosecutors and AT&T should have also asked this question
from the beginning. Sometimes, it seems, the wrong people are on
trial.
********************************************************************
*** CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose ***
********************************************************************
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: Northern District (Ill.) Press Release on Len Rose
Date: Fri, 29 Mar 91 19:10:13 EST
Information Release
US Department of Justice
United States Attorney
Northern District of Illinois
March 22, 1991
FRED FOREMAN, United States Attorney for the Northern District of
Illinois, together with TIMOTHY J. McCARTHY, Special Agent In Charge
of the United States Secret Service in Chicago, today announced the
guilty plea of LEONARD ROSE, 32, 7018 Willowtree Drive, Middletown,
Maryland to felony charges brought against him in Chicago and in
Baltimore involving Rose trafficing with others in misappropriated
AT&T computer programs and computer access programs between May 1988
and February 1, 1990. Under the terms of plea agreements submitted to
the United States District Court in Maryland, Rose will serve an
agreed, concurrent one year prison term for his role in each of the
fraud schemes charged.
In pleading guilty to the Baltimore charges, Rose admitted that on
October 5, 1989, he knowingly received misappropriated source code(1)
for the AT&T UNIX computer operating system from a former AT&T technical
contractor. The UNIX operating system is a series of computer programs
used on a computer which act as an interface or intermediary between a
user and the computer system itself. The UNIX operating system, which is
licensed by AT&T at $77,000 per license, provides certain services to
the computer user, such as the login program which is designed to
restrict access to a computer system to authorized users. The login
program is licensed by AT&T at $27,000 per license.
In pleading guilty to the Chicago charges, Rose admitted that, after
receiving the AT&T source code, he modified the source code governing
the computer's login program by inserting a secret set of instructions
commonly known as a "trojan horse." This inserted program would cause
the computer on which the source code was installed to perform
functions the program's author did not intend, while still executing
the original program so that the new instructions would not be detected.
The "trojan horse" program that Rose inserted into the computer
program enabled a person with "system administrator" privileges to
secretly capture the passwords and login information of authorized
computer users on AT&T computers and store them in a hidden file. These
captured logins and passwords could later be recovered from this
hidden file and used to access and use authorized users' accounts
without their knowledge. The program did not record unsuccessful login
attempts.
In connection with the Chicago charge, Rose admitted that on January
7, 1990, he transmitted his modified AT&T UNIX login program containing
the trojan horse from Middletown, Maryland to a computer operator in
Lockport, Illinois, and a student account at the University of
Missouri, Columbia Campus.
In pleading guilty to the Chicago charges, Rose acknowledged that when
he distributed his trojan horse program to others he inserted several
warnings so that the potential users would be alerted to the fact that
they were in posession of proprietary AT&T information. In the text of
the program Rose advised that the source code originally came from
AT&T "so it's definitely not something you wish to get caught with."
and "Warning: This is AT&T proprietary source code. DO NOT get caught
with it." The text of the trojan horse program also stated:
Hacked by Terminus to enable stealing passwords.
This is obviously not a tool to be used for initial
system penetration, but instead will allow you to
collect passwords and accounts once it's been
installed. (I)deal for situations where you have a
one-shot opportunity for super user privileges..
This source code is not public domain..(so don't get
caught with it).
Rose admitted that "Terminus" was a name used by him in
communications with other computer users.
In addition to these warnings, the text of Rose's trojan horse program
also retained the original warnings installed in the program by AT&T:
Copyright (c) 1984 AT&T
All rights reserved
THIS IS UNPUBLISHED PROPRIETARY
SOURCE CODE OF AT&T
This copyright notice above does
not evidence any actual or intended
publication of the source code.
Inspection of this modified AT&T UNlX login source code by AT&T's UNIX
licensing group revealed that the modified source code was in fact a
"derivative work" based upon the standard UNIX login source code, which
was regarded by AT&T as proprietary information and a trade secret of
AT&T, which was not available in public domain software.
In pleading guilty to the federal charges in Chicago and Baltimore, Rose
also acknowledged that, after being charged with computer fraud and
theft in federal court in Baltimore, he became employed at Interactive
Systems Inc. in Lisle, Illinois. He acknowledged that his former
employers at Interactive would testify that he was not authorized by
them to obtain copies of their AT&T source code which was licensed to
them by AT&T. Rose further admitted that John Hickey, a Member of
Technical Staff with AT&T Bell Laboratories in Lisle, Illinois,
correctly determined that Rose had downloaded copies of AT&T source code
programs from the computer of Interactive to Rose's home computers in
Naperville. The computers were examined after they were seized by the
Naperville Police Department, executing a State search warrant,
As part of the plea agreement charges filed by the DuPage County State's
Attorney's Office will be dismissed without prejudice to refiling. The
forfeited UNIX computer seized will be retained by the Naperville Police
Department.
Commenting on the importance of the Chicago and Baltimore cases, Mr.
Foreman noted that the UNIX computer operating system, which is involved
in this investigation, is used to support international, national, and
local telephone systems. Mr. Foreman stated, "The traffic which flows
through these systems is vital to the national health and welfare.
People who invade our telecommunications and related computer systems
for profit or personal amusement create immediate and serious
consequences for the public at large. The law enforcement community and
telecommunications industry are attentive to these crimes, and those who
choose to use their intelligence and talent in an attempt to disrupt
these vital networks will find themselves vigorously prosecuted."
Mr. Foreman also stated that the criminal information filed in Chicago
and a companion information in Baltimore are the initial results of a
year long investigation by agents of the United States Secret Service in
Chicago, Maryland, and Texas. Mr. Foreman praised the cooperation of the
DuPage County State's Attorney's Office and the Naperville Police
Department in the investigation. He also acknowledged AT&T's technical
assistance to the United States Secret Service in analyzing the computer
data seized pursuant to search warrants in Chicago, Baltimore and
Austin, Texas.
TIMOTHY J. McCARTHY, Special Agent ln Charge of the United States Secret
Service in Chicago, noted that Rose's conviction is the latest result of
the continuing investigation of the computer hacker organization, the
"Legion of Doom." This investigation being conducted by the United
States Secret Service in Chicago, Atlanta, New York and Texas, and has
resulted in convictions of six other defendants for computer related
crimes.
Assistant United States Attorney William J. Cook, who heads the Computer
Fraud and Abuse Task Force, and Assistant United States Attorneys
Colleen D. Coughlin and David Glockner supervised the Secret Service
investigation in Chicago.
----------
(1) The UNIX operating system utility programs are written initially
in a format referred to as "source code," a high-level computer
language which frequently uses English letters and symbols for
constructing computer programs. The source code was translated, using
another program known as a compiler, into another form of program
which a computer can rapidly read and execute, referred to as the
"object code."
********************************************************************
*** CuD #3.13: File 2 of 4: Response to Len Rose Article (1) ***
********************************************************************
From: mnemonic (Mike Godwin)
Subject: Response to RISKS DIGEST (#11.43-- Len Rose Case)
Date: Wed, 10 Apr 91 22:18:43 EDT
{Moderators' Note: The following article was written by Mike Godwin in
response to a post by Jerry Leichter in RISKS #11.43.}
++++
Jerry Leichter <leichter@lrw.com> writes the following:
>With all the verbiage about whether Len Rose was a "hacker" and why he did
>what he in fact did, everyone has had to work on ASSUMPTIONS.
This is false. I have worked closely on Len's case, and have access to
all the facts about it.
>Well, it turns
>out there's now some data: A press release from the US Attorney in Chicago,
>posted to the Computer Underground Digest by Gene Spafford.
In general, a press release is not data. A press release is a document
designed to ensure favorable press coverage for the entity releasing it.
There are a few facts in the press release, however, and I'll deal with
them below.
[Jerry quotes from the press release:]
> In pleading guilty to the Chicago charges, Rose acknowledged that when
> he distributed his trojan horse program to others he inserted several
> warnings so that the potential users would be alerted to the fact that
> they were in posession of proprietary AT&T information. In the text of
> the program Rose advised that the source code originally came from
> AT&T "so it's definitely not something you wish to get caught with."
> and "Warning: This is AT&T proprietary source code. DO NOT get caught
> with it."
Although I am a lawyer, it does not take a law degree to see that this
paragraph does not support Jerry's thesis--that Len Rose is interested
in unauthorized entry into other people's computers. What it does
show is that Len knew that he had no license for the source code in
his possession. And, in fact, as a careful reader of the press release
would have noted, Len pled guilty only to possession and transmission
of unlicensed source, not to *any* unauthorized entry or any scheme
for unauthorized entry, in spite of what is implied in the press
release.
[Jerry quotes "Terminus's" comments in the modified code:]
>Hacked by Terminus to enable stealing passwords.
>This is obviously not a tool to be used for initial
>system penetration, but instead will allow you to
>collect passwords and accounts once it's been
>installed. (I)deal for situations where you have a
>one-shot opportunity for super user privileges..
>This source code is not public domain..(so don't get
>caught with it).
>
>I can't imagine a clearer statement of an active interest in breaking into
>systems, along with a reasonable explanation of how and when such code could
>be effective.
Indeed, it *can* be interpreted as a clear statement of an active
interest in breaking into systems. What undercuts that interpretation,
however, is that there is no evidence that Len Rose ever broke into
any systems. Based on all the information available, it seems clear
that Rose had authorized access in every system for which he sought
it.
What's more, there is no evidence that anyone ever took Rose's code
and used it for hacking. There is no evidence that anyone ever took
any *other* code of Rose's and used it for hacking.
What Rose did is demonstrate that he could write a password-hacking
program. Jerry apparently is unaware that some computer programmers
like to brag about the things they *could* do--he seems to interpret
such bragging as evidence of intent to do illegal acts. But in the
absence of *any* evidence that Rose ever took part in unauthorized
entry into anyone's computers, Jerry's interpretation is unfounded,
and his posted speculations here are both irresponsible and cruel, in
my opinion.
Rose may have done some foolish things, but he didn't break into
people's systems.
>The only thing that will convince me, after reading this, that Rose was NOT an
>active system breaker is a believable claim that either (a) this text was not
>quoted correctly from the modified login.c source; or (b) Rose didn't write
>the text, but was essentially forced by the admitted duress of his situation
>to acknowledge it as his own.
In other words, Jerry says, the fact that Rose never actually tried
to break into people's systems doesn't count as evidence "that Rose was
NOT an active system breaker." This is a shame. One would hope that
even Jerry might regard this as a relevant fact.
Let me close here by warning Jerry and other readers not to accept
press releases--even from the government--uncritically. The government
has a political stake in this case: it feels compelled to show that
Len Rose was an active threat to other people's systems, so it has
selectively presented material in its press release to support that
interpretation.
But press releases are rhetorical devices. They are designed to shape
opinion. Even when technically accurate, as in this case, they can
present the facts in a way that implies that a defendant was far more
of a threat than he actually was. This is what happened in Len Rose's
case.
It bears repeating: there was no evidence, and the government did not
claim, that Len Rose had ever tried to break into other people's
systems, or that he took part in anyone else's efforts to do so.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: louisg <louisg@VPNET.CHI.IL.US>
Subject: Response to recent comments concerning Len Rose
Date: Wed, 17 Apr 91 23:53:44 CDT
********************************************************************
*** CuD #3.13: File 3 of 4: Response to Len Rose Article (2) ***
********************************************************************
In CuD 312 Mr. James Davies wrote a letter expressing his feelings on
the Len Rose case. I feel that he and many others are missing the
larger point of the issue, as I will try to describe.
>Subject: Len Rose
>From: jrbd@CRAYCOS.COM(James Davies)
>Keith Hansen and Arel Lucas in CuD #3.11 shared with us their letter
>to AT&T expressing their anger at the arrest and conviction of Len
>Rose (among other things). Well, I have to disagree with their
>conclusions in this case -- Len Rose is not an innocent martyr,
>crucified by an evil corporation for benevolently giving unpaid
>support to AT&T software users, as Hansen and Lucas attempted to
>portray him.
Mr. Davies is quite correct when he states that Len was not innocent
of certain criminal acts as defined by current law. The trial has
come and gone, and Len pleaded guilty. Mr. Davies even provides
evidence of Mr. Rose's intent. Whether it is 'court-quality' evidence
or not, it should convince the reader that Len was guilty of something
or other. By checking the references that Mr. Davies provides, his
case of Rose's guilt is made even stronger. I am stating this since I
want to make it *clear* that I am NOT questioning the guilt of Mr. Rose.
What I must question, however, is what happened to Mr. Rose.
Mr. Rose commited white-collar crimes. He did not physically injure
or maim or kill anyone. His crime was money-related. He did not
steal from a 75 year-old on social security, giving her a kick in the
ribs for good luck on his way out. The way he was treated, however,
suggests that he committed a crime of the most heinous nature.
For a felony violent crime, I could understand and even in some cases
promote strict treatment of the accused before the trial. For a white
collar crime that does not threaten the solvency of a company or
persons I cannot.
Len Rose posed a risk to no person or company after his warrant was
served. Before he was even put on trial, he had almost all of his
belongings taken away, was harassed (in my opinion) by the
authorities, and left without a means for supporting himself and his
family. Why? Because he had Unix source code. Does this seem just to
you? It would be very different if he had 55 warrants for rape and
murder in 48 states listing him as the accused, but he didn't. He
lost everything *before* the trial, and, as a result, was almost
forced into pleading guilty. All this for copyright violations, as I
see it, or felony theft as others may see it.
The problem here is the *same* as in the Steve Jackson case. The
person who was served the warrant (he wasn't even charged yet!!!!)
lost everything. They were punished not only before a conviction,
before a trial, but before they were even charged with a crime!!!
This, for a non-violent, white-collar crime that did not directly
threaten a person or company with bankruptcy. In Jackson's case, he
was even innocent!
>Personally, I think that Rose is guilty of the exact same sort of
>behaviour that gives hackers a bad name in the press, and I think that
>you're crazy to be supporting him in this. Save your indignation for
>true misjustices, ok?
If this isn't an injustice, then I don't know what is. If this sort
of treatment of the accused seems just to you, Mr. Davies, then may I
suggest a position in the secret police of some Fascist country as a
fitting career move on your part. The fact that Len was guilty does
not nullify the maltreatment of him, his family, and his equipment
before his trial. It in no wise makes it right. This sort of action
gives law enforcement a bad name. I'm sure that I would share your
views if the accused was a habitual criminal and he
presented a threat to the public. He wasn't, and presented little or
no threat at the time of the warrant. Law enforcement is there to
protect the public, and not to convict the guilty. That is a job for
the courts and a jury of one's peers as stipulated in the U.S.
Constitution. I suggest you glance at it before you restate that
there was no "misjustice" (sic) here.
********************************************************************
*** CuD #3.14: File 2 of 6: Comments on Len Rose Articles ***
********************************************************************
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: Comments on your comments on Len Rose
Date: Sat, 30 Mar 91 14:41:02 EST
{Moderators' comment: Spaf just sent his latest book, PRACTICAL UNIX
SECURITY, co-authored with Simson Garfinkel to the publishers
(O'Reilly and Associates ((the Nutshell Handbook people). It's
approximately 475 pages and will available in mid-May. From our
reading of the table of contents, and from preview comments
("definitive," destined to be the "standard reference"), it looks like
something well-worth the $29.95 investment.}
There is little doubt that law enforcement has sometimes been
overzealous or based on ignorance. That is especially true as
concerns computer-related crimes, although it is not unique to that
arena. Reporting of some of these incidents has also been incorrect.
Obviously, we all wish to act to prevent future such abuses,
especially as they apply to computers.
However, that being the case does not mean that everyone accused under
the law is really innocent and the target of "political" persecution.
That is certainly not reality; in some cases the individuals charged
are clearly at fault. By representing all of them as innocents and
victims, you further alienate the moderates who would otherwise be
sympathetic to the underlying problems. By trying to represent every
individual charged with computer abuse as an innocent victim, you are
guilty of the same thing you condemn law enforcement of when they
paint all "hackers" as criminals.
In particular, you portray Len Rose as an innocent whose life has been
ruined through no fault of his own, and who did nothing to warrant
Federal prosecution. That is clearly not the case. Len has
acknowledged that he was in possession of, and trafficing in, source
code he knew was proprietary. He even put multiple comments in the
code he modified stating that, and warning others not to get caught
with it. The patch he made would surreptitiously collect passwords
and store them in a hidden file in a public directory for later use.
The argument that this patch could be used for system security is
obviously bogus; a system admin would log these passwords to a
protected, private file, not a hidden file in a public directory.
Further, your comments about having root access are not appropriate,
either, for a number of reasons -- sometimes, root access can be
gained temporarily without the password, so a quick backdoor is all
that can be planted. Usually, crackers like to find other ways on
that aren't as likely to be monitored as "root", so getting many user
passwords is a good idea. Finally, if passwords got changed, this
change would still allow them to find new ways in, as long as the
trojan wasn't found.
The login changes were the source of the fraud charge. It is
certainly security-related, and the application of the law appears to
be appropriate. By the comments Len made in the code, he certainly
knew what he was doing, and he knew how the code was likely to be
used: certainly not as a security aid. As somebody with claimed
expertise in Unix as a consultant, he surely knew the consequences of
distributing this patched code.
An obvious claim when trying to portray accused individuals as victims
is that their guilty pleas are made under duress to avoid further
difficulties for their family or some other third party. You made
that claim about Len in your posting. However, a different
explanation is just as valid -- Len and his lawyers realized that he
was guilty and the evidence was too substantial, and it would be more
beneficial to Len to plead guilty to one charge than take a chance
against five in court. I am inclined to believe that both views are
true in this case.
Your comments about Len's family and career are true enough, but they
don't mean anything about his guilt or innocence, do they? Are bank
robbers or arsonists innocent because they are the sole means of
support for their family? Should we conclude they are "political"
victims because of their targets? Just because the arena of the
offenses involves computers does not automatically mean the accused is
innocent of the charges. Just because the accused has a family which
is inconvenienced by the accused serving a possible jail term does
not mean the sentence should be suspended.
Consider that Len was under Federal indictment for the login.c stuff,
then got the job in Illinois and knowingly downloaded more source code
he was not authorized to access (so he has confessed). Does this
sound like someone who is using good judgement to look out for his
family and himself? It is a pity that Len's family is likely to
suffer because of Len's actions. However, I think it inappropriate to
try and paint Len as a victim of the system. He is a victim of his
own poor judgement. Unfortunately, his family has been victimized by
Len, too.
I share a concern of many computer professionals about the application
of law to computing, and the possible erosion of our freedoms.
However, I also have a concern about the people who are attempting to
abuse the electronic frontier and who are contributing to the decline
in our freedoms. Trying to defend the abusers is likely to result in
a loss of sympathy for the calls to protect the innocent, too. I
believe that one reason the EFF is still viewed by some people as a
"hacker defense fund" is because little publicity has been given to
the statements about appropriate laws punishing computer abusers;
instead, all the publicity has been given to their statements about
defending the accused "hackers."
In the long term, the only way we will get the overall support we need
to protect innocent pursuits is to also be sure that we don't condone
or encourage clearly illegal activities. Groups and causes are judged
by their icons, and attempts to lionize everyone accused of computer
abuse is not a good way to build credibility -- especially if those
people are clearly guilty of those abuses. The Neidorf case is
probably going to be a rallying point in the future. The Steve
Jackson Games case might be, once the case is completed (if it ever
is). However, I certainly do not want to ask people to rally around
the cases of Robert Morris or Len Rose as examples of government
excess, because I don't think they were, and neither would a
significant number of reasonable people who examine the cases.
I agree that free speech should not be criminalized. However, I also
think we should not hide criminal and unethical behavior behind the
cry of "free speech." Promoting freedoms without equal promotion of
the responsibility behind those freedoms does not lead to a greater
good. If you cry "wolf" too often, people ignore you when the wolf is
really there.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Moderators (Jim Thomas)
Subject: Moving toward Common Ground? Reply to Gene Spafford
Date: April 26, 1991
********************************************************************
*** CuD #3.14: File 3 of 6: Moving toward Common Ground? ***
********************************************************************
Gene Spafford's comments raise a number of issues, and my guess is
that he and other "moderates" are not that far apart from those of us
considered "extremists." His post was sent in March, but we received
it on April 24, so some of his comments about Len Rose have already
received sufficient response (see Mike Godwin in CuD 3.13). We are
more concerned with the potential points of converenge on which
"moderates" and "radicals" might agree.
Gene raises several issues: 1) The tone of some critics of recent
"hacker" cases tends to be divisive and inhibits coming together on
common ground; 2) There exists a danger in "crying wolf" in that cases
in which legitimate abuses may have occured or that directly raise
important issues about civil liberties will be ignored because of
excessive concern with cases that are perceived as less meritorious or
in which the defendants may not seem sympathetic; c) An aggressive
social response is required to reverse the apparent trend in computer
abuse. We disagree with none of these issues. There is, however, room
for legitimate disagreement on how these issues should be addressed,
and there is room for conciliation and compromise.
Although many cases of law enforcement response to alleged computer
abuse have been reported, only a few have generated any significant
attention. These cases have not generally centered around issues of
guilt or innocence, but on broader concerns. Other than general
reporting of cases, CuDs own attention has been limited to:
STEVE JACKSON GAMES: Few, if any, think the search of Steve Jackson's
company and seizure of his equipment was acceptable. The seizure
affidavit indicated that the justification for the raid was grossly
exaggerated and its implementation extreme. There have been no
arrests resulting from that raid, but the questions it raised have not
yet been resolved.
LEN ROSE: Whatever one thinks of Len Rose's behavior, the actions of
AT&T and law enforcement raise too many issues to be ignored whatever
Len's own culpability (or lack of it). The initial indictments, press
releases, and prosecutor media comments connected Len to E911, the
Legion of Doom, and computer security when the case was actually about
possesion of unlicensed proprietary software. We have never denied the
importance of either issue. Our concern continues to be the
misconceptions about the nature of the case, what we see as an extreme
response to a relatively minor incident, and the way the laws were used
to inflate charges. These are all debatable issues, but the nets were
buzzing with claims of Len's guilt, the need to "send a message to
hackers," and other claims that reinforced the legitimacy of charges
and sanctions that still seem inappropriate. The fact that some still
see it as a security case, others as a piracy case, others as
justice-run-amok, and still others as a signal to examine the limits
of criminalization illustrates the significance of the events: If we
can't agree on the issues involved without yelling at each other, then
how can we even begin to address the issues?
3. CRAIG NEIDORF/PHRACK: When the prosecution dropped the case against
Craig Neidorf for publishing alleged proprietary information valued at
nearly $80,000 when it was found that the information was available to
the public for under $14, most people thought it was a victory.
However, the logic that impelled prosecution did not stop with Craig,
and our concern continues to be over the apparent unwillingness of
some law enforcement agents to recognize that this was not just a
prosecutorial "mistake," but part of a pattern in which excessive
claims are made to justify raids, indictments, or prosecution.
THE HOLLYWOOD HACKER: Again, this is not a case of guilt or innocence,
but one in which existing laws are sufficiently vague to
over-criminalize relatively minor alleged acts. The apparent
philosophy of prosecutors to "send a message" to "hackers" in a case
that is not a hacker case but the sting of an investigative journalist
seems another use of over-prosecution. There is also the possibility
of a vindictive set-up by Fox of a freelance reporter who is alleged
to have done what may be a common practice at Fox (see the post, this
issue, citing Murray Povich).
RIPCO: Dr. Ripco's equipment was seized and his BBS shut down, but no
charges have been filed against him. He remains in limbo, his
equipment has not been returned, and he still does not know why.
Here, the issue of sysop liability, the reliability of informants, and
the legal status of private e-mail are raised.
THE "ATLANTA THREE:" The Riggs, Darden, and Grant case became an issue
after the guilty verdict. We can think of no instance of anybody ever
defending their actions for which they were indicted or in proclaiming
them innocent after (or even before) their plea. At state in the
debates was not that of guilt or a defense of intrusions, but of
sentencing and the manner in which it was done.
OPERATION SUN DEVIL: Operation Sun Devil, according to those
participating in it, began in response to complaints of fraudulent
credit card use and other forms of theft. The "hacking community"
especially has been adamant in its opposition to "carding" and
rip-off. Here, the issue was the intrusive nature of searches and
seizures and the initial hyperbole of law enforcement in highly
visible press releases in their initial euphoria following the raids.
In an investigation that began "nearly two years" prior to the May 8,
1990 raids, and in the subsequent 12 months of "analysis of evidence,"
only two indictments have been issued. Both of those were relegated to
state court, and the charges are, in the scheme of white collar crime,
are relatively minor. There have also been questions raised about
whether the evidence for prosecution might not have either already
existed prior to Sun Devil or that it could have readily been obtained
without Sun Devil. The key to the indictment seems to be a ubiquitous
informant who was paid to dig out dirt on folks. For some, Sun Devil
raises the issue of use of informants, over-zealousness of
prosecutors, and lack of accountability in seizures. We fully agree
that if there is evidence of felonious activity, there should be a
response. The question, however, is how such evidence is obtained and
at what social and other costs.
Many may disagree with our perspective on these cases, but several
points remain: 1) Each of them raises significant issues about the
methods of the criminal justice system in a new area of law; 2) Each
of them serves as an icon for specific problems (privacy, evidence,
ethics, language of law, media images, sysop liability to name just a
few); and 3) In each of them, whatever the culpable status of the
suspects, there exists an avenue to debate the broader issue of the
distinction between criminal and simply unethical behavior.
Among the issues that, if discussed and debated, would move the level
of discussion from personalities to common concerns are:
1. Overzealous law enforcement action: Prosecutors are faced with the
difficult task of enforcing laws that are outstripped by technological
change. Barriers to this enforcement include lack of resources and
technical expertise, ambiguity of definitions, and vague laws that
allow some groups (such as AT&T) who seem to have a history of
themselves attempting to use their formidable economic and corporate
power to jockey for legal privilege. Legal definitions of and
responses to perceived inappropriate behavior today will shape how
cyberspace is controlled in the coming decades. Questionable actions
set bad precedents. That is why we refer to specific cases as ICONS
that symbolize the dangers of over-control and the problems
accompanying it.
2. Media distortions: This will be addressed in more detail in a
future CuD, because it is a critically important factor in the
perpetuation of public and law enforcements' misconceptions about the
CU. However, concern for distortion should be expanded to include how
we all (CuD included) portray images of events, groups, and
individuals. Some law enforcers have complained about irresponsible
media accuracy when the alleged inaccuracies have in fact come from
law enforcement sources. But, media (and other) distortions of CU news
is not simply a matter of "getting the facts straight." It also
requires that we all reflect on how we ourselves create images that
reinforce erroneous stereotypes and myths that in turn perpetuate the
"facts" by recursive rounds of citing the errors rather than the
reality.
CuD AS PRO HACKER: The CuD moderators are seen by some as defending
cybercrime of all kinds, and as opposing *any* prosecution of
"computer criminals. Why must we constantly repeat that a) we have
*never* said that computer intrusion is acceptable, and b) we fully
believe that laws protecting the public against computer abuse are
necessary. This, so I am told, "turns many people off." We have been
clear about our position. There are occasions when discussion can
reflect a variety of rhetorical strategies, ranging from reason to
hyperbole. As long as the issues remain forefront, there seems nothing
wrong with expressing outrage as a legitimate response to outrageous
acts.
4. Crime and ethics in the cyber-frontier: These issues, although
separate, raise the same question. Which behaviors should be
sanctioned by criminal or civil penalties, and which sanctioned by
collective norms and peer pressure? Unwise acts are not necessarily
criminal acts, and adducing one's lack of wisdom as "proof" of
criminality, and therefore sanctionable, is equally unwise. There are
degrees of abuse, some of which require criminal penalties, others of
which do not. The CU has changed largely because the number of
computer users has dramatically increased make the "bozo factor" (the
point at which critical mass of abusing bozos has been reached making
them a group unto themselves) has a significant impact on others.
There are also more opportunities not only to abuse, but to identify
and apprehend abusers, which increases the visibility of the bozos. We
can, as we did with the problems of crime, poverty, drugs, and other
ills, declare a "war" on it (which most certainly means that we've
lost before we've begun). Or, we can peruse a more proactive course
and push for equitable laws and just responses to computer abuse while
simultaneously emphasizing ethics. We fully agree that netethics
should occur in schools, on the nets, in articles, and every other
place where cybernauts obtain models and images of their new world.
But, just as we should identify and work toward ethical behavior
within the CU, we must also demand that others, such as AT&T, some law
enforcement agents, BellSouth, et. al., do the same. It is hardly
ethical to claim that a commodity valued at under $14 is worth over
$79,000, and it is hardly ethical to compare possession of proprietary
software with index crimes such as theft, arson, or embezzlement.
Whether our own perspective is correct or not, the point is that what
does or does not count as ethical behavior can no longer be assumed,
but requires a level of debate the extends beyond netlynchings of
individual suspects.
Gene Spafford, like many others who share his view, is a productive
and competent computer specialist who sees the dark side of computer
abuse because he defends against it. I, like many others who share my
view, see the dark side of law enforcement because, as a
criminologist, I have been immersed in the abuses and fight against
them. Our different experiences give us different demons to fight, an
occasional windmill or two with which to joust, and a dissimilar
arsenal that we use in our battles. Nonetheless, even though there is
not total agreement on precisely which is a windmill and which a
monster, Gene suggests that there is shared agreement on a minimal
common reality and some common goals for making it more manageable. I
fully, absolutely, and unequivocally agree with Gene:
I agree that free speech should not be criminalized.
However, I also think we should not hide criminal and
unethical behavior behind the cry of "free speech.
Promoting freedoms without equal promotion of the
responsibility behind those freedoms does not lead to a
greater good. If you cry "wolf" too often, people ignore
you when the wolf is really there.
I would only respond that his observation be taken to heart by all
sides.
********************************************************************
*** CuD #3.21: File 7 of 7: Len Rose Sentenced ***
********************************************************************
From: Barbara E. McMullen and John F. McMullen
Subject: Len Rose Sentenced (Reprint from Newsbytes)
Date: 12 June, 1991
LEN ROSE SENTENCED TO 1 YEAR 06/12/91
BALTIMORE, MARYLAND, U.S.A., 1991 JUNE 12 (NB) -- Leonard Rose, Jr., a
computer consultant also known as "Terminus", was sentenced to a year
and a day in prison for charges relating to unauthorized sending of
AT&T UNIX source code via telephone to another party. Rose is
scheduled to begin serving his sentence on July 10th.
The original indictment against Rose was for interstate transportation
of stolen property and violations of the Computer Fraud and Abuse Act
but those charges were dropped and replaced by a single charge of wire
fraud under a plea agreement entered into in March. The charges
involving the violation of the Computer Fraud and Abuse Act had been
challenged in a friend of the court brief filed in January by the
Electronic Frontier Foundation (EFF) who challenged the statute as
"unconstitutionally vague and overbroad and in violation of the First
Amendment guarantees of freedom of speech and association." The issues
raised by EFF were not resolved as the charges to which they objected
were dropped as part of the plea agreement.
In his plea, Rose admitted to receiving misappropriated UNIX source
code and modifying it to introduce a trojan horse into the login
procedures; the trojan horse would allow its developer to collect
passwords from unsuspecting persons logging on to a system containing
this code. Rose admitted that he transmitted the modified code via
telephone lines to a computer operator in Lockport, IL and a student
account at the University of Missouri. He also admitted putting
warnings in the transmitted code saying "Warning: This is AT&T
proprietary source code. DO NOT get caught with it."
U.S. District Judge J. Frederick Motz, in sentencing Rose, ordered him
to sell his computer equipment and to inform potential employers of
his conviction. Assistant United States Attorney Geoffrey Garinther,
who prosecuted Rose, explained these portions of the sentence to
Newsbytes, saying "The equipment was seized as evidence during the
investigation and was only returned to him as part of the agreement
when it became evident that he had no means of supporting his wife and
two children. It was returned to him for the sole purpose of selling
the equipment for this purpose and, although he has not yet sold it,
he has shown evidence of efforts to do so. The judge just formalized
the earlier agreement in his sentence. The duty to inform potential
employers puts the burden of proof on him to insure that he is not
granted "Root" privileges on a system without the employer's
knowledge."
Garinther added "I don't have knowledge of the outcome of all the
cases of this type in the country but I'm told that this is one of the
stiffest sentences a computer hacker has received. I'm satisfied
about the outcome."
Jane Macht, attorney for Rose, commenting to Newsbytes on the
sentence, said "The notification of potential employers was a
negotiated settlement to allow Len to work during the three years of
his supervised release while satisfying the government's concern that
employers be protected." Macht also pointed out that many reports of
the case had glossed over an important point,"This is not a computer
intrusion or security case; it was rather a case involving corporate
computer software property rights. There were no allegations that Len
broke into anyone's system. Further, there are no reported cases of
anyone installing his modified code on any system. It should be
understood that it would require a system manager or someone else with
'superuser' status to install this routine into the UNIX login
procedure. The publishing of the routine did not, as has been
reported, open the door to a marked increase in unauthorized computer
access."
Macht said that she believed that Rose had reached an agreement to
sell the computer equipment. He had been offering it through the
Internet for $6,000, the amount required to prepay his rent for the
length of his prison sentence. Because of his financial circumstances,
which Macht referred to as a "negative net worth", the judge did not
order any restitution payments from Rose to AT&T.
(Barbara E. McMullen & John F. McMullen/19910612)
Date: Fri, 14 Jun 91 20:41:43 CDT
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Well Len, Was it Worth a Prison Term?
The Len Rose saga came to an end this past week when a federal judge
considered the circumstances involved and chose to impose punishment
by placing Len in the custody of the Attorney General of the United
States, or his authorized representative for a period of one year.
As in all such cases where the court finds the defendant poses no
immediate danger to the community, Len was given a one month period
from the imposition of punishment to get his personal affairs in order
before beginning his sentence.
At some point in time between now and July 10 mutually convenient to
Len, his attorney and the government, Len will surrender to the United
States Marshall, and be escorted to the penitentiary. As the first
order of business at the penitentiary receiving room, he'll be
required to submit to a complete strip-search accompanied by a rather
indelicate probing to insure that he does not have in his possession
any drugs; weapons with which he might harm himself, the staff or
other inmates; or other contraband.
He'll surrender his identity completely: driver's license, credit
cards, social security card -- anything which identifies Len Rose as
Len Rose will be taken from him and returned when he is released. For
the time he is incarcerated, he will be a number stamped on the
uniform he is given to wear. Or, he may be in a minimum security
institution and be permitted to wear his 'street clothes', but without
a shred of ID in his wallet. His ID will be his prison serial number.
But there will still be the initial and occassional thereafter strip
search and urine test on demand.
Len's wife, who barely speaks English will be left alone to fend for
herself for several months. She'll raise the two children the best she
can, on whatever money she has available to her. It won't be easy, but
then, it wasn't easy when Len was locked up before for a week in the
Dupage Jail in Wheaton, IL while the state charges were pending here.
Speaking of the kids, I wonder if Len has explained all this to them
yet. I wonder if they know, or are old enough to understand their dad
is going to prison, and why ...
When Len is released, he'll be 'allowed to' carry the tag "ex-con"
with him when he applies for work and tries to make new friends. One
part of his punishment is that in the future he must reveal his status
to prospective employers. Needless to say, the Internal Revenue
Service and the Justice Department trade files all the time ... so Len
will want to be super-honest on his federal taxes in the future, since
he can probably expect to be audited once or twice in the first five
years or so following his release.
I wonder if it was all worth it ... if Len had it to do over again if
he would do the same things he did before, or if he might consider the
consequences more carefully.
Despite the intensive crackdown we have seen by the federal government
in the past few years against 'white collar' and computer crime, there
are still those folks around who either (a) don't think it applies to
them, or (b) don't think they will get caught, or (c) don't understand
what the big fuss is all about in the first place.
If you don't think (c) is still possible, consider the recent thread
in comp.org.eff.talk -- yes, I know, *where else* !! -- on the student
who got suspended from school for two quarters after downloading and
distributing the system password file on the machine he had been
entrusted to use. The fact that the debate could go on endlessly for
message after message actually questioning what, if anything the chap
did wrong tells us plenty about the mentality and 'social respsonsi-
bility' of EFF devotees, but that is a whole new topic in itself.
The point is, some of us are simply getting very tired of the
break-ins, the fraudulent messages, the fact that in order to telnet
to a different site we can no longer do so direct from dialup servers
without a lot of rig-a-ma-role because computer (ab)users have stolen
all the trust which used to exist between sites, and the increasing
scarcity of 'guest' accounts on various sites because the sysadmins
are tired of being eaten alive with fraudulent and destructive usage.
Users had better wise up to one fact: the federal government is going
to continue to crack down on abusers of the net and this media. And
please, none of your hysterical freedom of speech arguments in my
mail, thank you. No one gives an iota what you write about, but when
you get your hands in the password file, rip off root or wheel
accounts, run programs deceptive to other users designed to rip off
their accounts also and generally behave like a two-bit burglar or
con-artist, expect to get treated like one when you get caught.
And you *will* get caught. Then you can go sit and commiserate with
Len Rose. If Len Rose has half the brain I think he has, he will come
out of the penitentiary a better person than when he went in. The
penitentiary can be, and frequently is a therapeutic experience, at
least for the people who think about what it was that caused them to
get there in the first place.
I feel very sorry about what has happened to Len Rose. I feel worse
about the circumstances his wife and children are in. But the
socially irresponsible behavior (which some people who call themselves
'socially responsible' seem to condone or wink at) has to stop. Now.
A US Attorney involved in prosecuting computer crime once said, "users
need an example when they log in of what to expect when they screw up
while on line ..." Indeed we do ... and Len Rose will serve as such.
And a knowledgeable sysadmin who is quietly cooperating with the
government tells me a federal grand jury is <thisclose> to returning
another cycle of indictments. Need I say more?
So Len, *was* it all worth it?
Patrick Townson
Date: Sat, 15 Jun 91 20:29:56 CDT
From: TELECOM Moderator <telecom@EECS.NWU.EDU>
Subject: TELECOM Digest V11 #459
TELECOM Digest Sat, 15 Jun 91 20:29:33 CDT Volume 11 : Issue 459
Inside This Issue: Moderator: Patrick A. Townson
Re: Well Len, Was it Worth a Prison Term? [Mike Godwin]
Re: Well Len, Was it Worth a Prison Term? [Jim Thomas]
Re: Well Len, Was it Worth a Prison Term? [Mark Brown]
Re: Well Len, Was it Worth a Prison Term? [Jim Youll]
Re: Well Len, Was it Worth a Prison Term? [Clint Fleckenstein]
----------------------------------------------------------------------
Date: Sat, 15 Jun 91 11:54:24 -0400
From: Mike Godwin <mnemonic@eff.org>
Subject: Re: Well Len, Was it Worth a Prison Term?
Organization: The Electronic Frontier Foundation
I have to say that in all the postings I have ever seen Pat Townson
write, his posting about Len Rose is the most shameful and morally
indefensible.
I find it incredibly ironic that Townson, after all this time, seems
to have so little sense of what Len Rose actually *did* and of what he
didn't do.
Let's detail some of Pat's many, many factual and moral errors:
In article <telecom11.453.1@eecs.nwu.edu> telecom@eecs.nwu.edu
(TELECOM Moderator) writes:
> The Len Rose saga came to an end this past week when a federal judge
> considered the circumstances involved and chose to impose punishment
> by placing Len in the custody of the Attorney General of the United
> States, or his authorized representative for a period of one year.
The judge didn't decide to give Rose a year in prison. That was a
product of the plea agreement between the government and Rose's
attorney.
> Speaking of the kids, I wonder if Len has explained all this to them
> yet. I wonder if they know, or are old enough to understand their dad
> is going to prison, and why ...
"Dear children,
"Your father is going to prison because he possessed and transmitted
unlicensed source code. Hundreds of other Unix consultants have done
the same thing, but I was targeted because I wrote an article for
{Phrack Magazine} about how to modify login.c for hacking purposes,
and that article, while never published, was found in a search of
Craig Neidorf's room. The prosecutor and the phone company tried to
put Neidorf into prison, but when their distortions came to light they
dropped the case. They searched my system for the same E911 document,
but when they didn't find it, they decided to find something else to
prosecute me for -- namely, the unlicensed Unix source code.
"Children, lots of people, including Patrick Townson, will call me a
hacker and say I got convicted because of breakins into other people's
computers. Patrick Townson lies if he says this. I never broke in to
anyone's computer. I was always given access to systems by sysadmins
who were authorized to give me that access.
"My children, as I spend that time in prison, be aware that some
people will, without shame, distort the facts of my case in order to
use me as a cheap moral lesson. If you must hate them, don't hate them
because of what they say, but because they have chosen to be
hypocritical. Hate them because they have friends who possess
unlicensed source code, but they've never reported those friends to
the U.S. Attorney. Hate them because they make blanket condemnations
without bothering to learn the facts."
> I wonder if it was all worth it ... if Len had it to do over again if
> he would do the same things he did before, or if he might consider the
> consequences more carefully.
Have you asked this question of all Unix consultants who possess
unlicensed source code, Pat? No, I didn't think so.
> If you don't think (c) is still possible, consider the recent thread
> in comp.org.eff.talk -- yes, I know, *where else* !! -- on the student
> who got suspended from school for two quarters after downloading and
> distributing the system password file on the machine he had been
> entrusted to use. The fact that the debate could go on endlessly for
> message after message actually questioning what, if anything the chap
> did wrong tells us plenty about the mentality and 'social respsonsi-
> bility' of EFF devotees, but that is a whole new topic in itself.
This is a particularly contemptible slam at EFF, which is as concerned
with your rights as it is of those who are self-proclaimed hackers.
EFF has never approved of unauthorized computer intrusion, and we have
never doubted that the Georgia student who distributed the password
file was wrong to do so.
Pat, up until this point, I regarded you as something of a friend.
I've spoken to you on the phone, asked for your help, and been willing
to offer mine.
But this whole paragraph about "EFF devotees" convinces me that you
really have no moral center, and no ability to distinguish between
what some people write and what other people believe. I would never
dream of attributing every opinion posted in your newsgroup to
"comp.dcom.telecom devotees."
Of course, that's because I actually consider the moral consequences
of labelling people.
> The point is, some of us are simply getting very tired of the
> break-ins, the fraudulent messages, the fact that in order to telnet
> to a different site we can no longer do so direct from dialup servers
> without a lot of rig-a-ma-role because computer (ab)users have stolen
> all the trust which used to exist between sites, and the increasing
> scarcity of 'guest' accounts on various sites because the sysadmins
> are tired of being eaten alive with fraudulent and destructive usage.
Len Rose never did a breakin, and never took any action that limited
the use of telnet or guest accounts. Neither has EFF.
> Users had better wise up to one fact: the federal government is going
> to continue to crack down on abusers of the net and this media. And
> please, none of your hysterical freedom of speech arguments in my
> mail, thank you. No one gives an iota what you write about, but when
> you get your hands in the password file, rip off root or wheel
> accounts, run programs deceptive to other users designed to rip off
> their accounts also and generally behave like a two-bit burglar or
> con-artist, expect to get treated like one when you get caught.
Who is the "you" in this paragraph, Pat? EFF? You were just talking
about EFF. Has anyone at EFF *ever* said that "freedom of speech"
encompasses breakins?
No. It is your contemptible distortion to attribute that view to us.
> And you *will* get caught. Then you can go sit and commiserate with
> Len Rose. If Len Rose has half the brain I think he has, he will
> come out of the penitentiary a better person than when he went in.
> The penitentiary can be, and frequently is a therapeutic experience,
> at least for the people who think about what it was that caused them
> to get there in the first place.
What do you think caused Len Rose to get there, Pat?
> I feel very sorry about what has happened to Len Rose.
This seems two-faced after you've spent a whole posting gloating about
it.
> I feel worse about the circumstances his wife and children are in.
> But the socially irresponsible behavior (which some people who call
> themselves 'socially responsible' seem to condone or wink at) has to
> stop. Now.
First of all, there is no statute outlawing "social irresponsibility."
If there were, you would have committed a felony with your distortions
in this posting.
> A US Attorney involved in prosecuting computer crime once said, "users
> need an example when they log in of what to expect when they screw up
> while on line ..." Indeed we do ... and Len Rose will serve as such.
Is the U.S. Attorney Bill Cook, Pat? The AUSA who cost Craig Neidorf
$100,000 because he didn't know that the E911 document was not a
program, and that the information in it was publicly available and not
a trade secret? Bill Cook has never been held accountable for what he
did to Craig Neidorf.
> And a knowledgeable sysadmin who is quietly cooperating with the
> government tells me a federal grand jury is <thisclose> to returning
> another cycle of indictments. Need I say more?
Yes, you need to say more. This time around there are forces in the
community that, unlike you, will act to keep both the government and
the phone companies honest.
> So Len, *was* it all worth it?
Len no doubt thanks you for the charity you have shown him in kicking
him when he is down.
Was it worth it, Pat, to take still another slam at Len, and to
alienate people who are working to preserve *your* rights in the
process?
Mike Godwin, mnemonic@eff.org
(617) 864-1550 EFF, Cambridge, MA
------------------------------
Date: Sat, 15 Jun 91 01:15 CDT
From: TK0JUT1@mvs.cso.niu.edu
Subject: Well Len, Was it Worth a Prison Term?
The Moderator's comments in TELECOM Digest #453 giving his view of the
Len Rose sentencing are disingenuous. After some moralizing about Len,
the Moderator leaps to examples of hackers and other intruders, then
adduces these examples as justification for Len's sentencing. Len
*WAS NOT* busted for hacking, but for possession of AT&T source code
and for sending it across state lines. Check the evidence and charges.
He did not send this stuff to a "hacker" in Illinois. Rich Andrews,
the Illinois recipient, was not accused of hacking. Two programs,
including login.c were sent to {Phrack}, but the {Phrack} editor was
never accused of being, nor is there any evidence that he ever was, a
hacker. And, contrary to another post in the same issue of TCD, there
is no evidence that the programs Len possessed or sent were ever used
in criminal activity.
Both public and non-public court records and documents indicate that
the issue was explicitly one of unauthorized possession of proprietary
software. Counter-assertions by Len's critics will not change this.
There is little disagreement that Len may have acted unwisely. The
question is whether his actions justify a prison sentence, and to my
mind the answer is an emphatic *NO!*.
It is absurd to imply that somehow Len failed to learn from a
"crackdown." The case was the beginning of the so-called "crackdowns,"
and his actions are no more a message to "hackers" and "phreaks" than
double-parking tickets are to auto thieves.
There are six levels of prisons in the federal system, with level-1
being the most minimum of the bunch. Len will most likely be sentenced
to one of these as a first-time, minor, non-violent offender. But,
despite the term "country club prison," there is no such thing as an
easy-time prison. Contrary to the Moderator's comment, prisons are
rarely "therapeutic" places. I've been in and around them since 1980,
and the number of offenders coming out the better because of their
prison experience are few.
Len's ten month stay and subsequent probation period will cost the
tax-payers upwards of $30,000. There are alternatives to incarceration
that are less costly while simultaneously serving the ends of the need
for sanctions. Even if we assume that Len is guilty of all the charges
invented by his critics, his incarceration is simply not worth it for
society.
To answer the Moderator's question about whether "it was worth it:"
No, an unjust sentence never is. Nor is anything served by
exaggeration and hyperbole that, in this case, attempts to claim
otherwise.
Jim Thomas Sociology / Criminal Justice Northern Illinois University
[Moderator's Note: Jim Thomas is one of the Moderators of Computer
Underground Digest, a mailing list on the internet with roots going
back to 'hacker' discussions in TELECOM Digest in the past. PAT]
------------------------------
From: Mark Brown <mbrown@testsys.austin.ibm.com>
Subject: Well Len, Was it Worth a Prison Term?
Date: Sat, 15 Jun 91 11:27:06 CST
Patrick:
Yes, Len Rose deserves jail, based upon what I know.
> The fact that the debate could go on endlessly for
> message after message actually questioning what, if anything the chap
> did wrong tells us plenty about the mentality and 'social respsonsi-
> bility' of EFF devotees, but that is a whole new topic in itself.
There is no cause so right that one cannot find a fool who believes
in it.
I respectfully submit that you are way off base here.
Cheers,
DISCLAIMER: My views may be, and often are, independent of IBM official policy.
Mark Brown IBM PSP Austin, TX. (512) 823-3741 VNET: MBROWN@AUSVMQ
MAIL: mbrown@testsys.austin.ibm.com
------------------------------
From: Jim Youll <bgsuvax!jyoull@cis.ohio-state.edu>
Subject: Re: Well Len, Was it Worth a Prison Term?
Date: 15 Jun 91 16:32:21 GMT
Reply-To: Jim Youll <bgsuvax!jyoull@cis.ohio-state.edu>
Organization: Bowling Green State University B.G., Oh.
In article <telecom11.453.1@eecs.nwu.edu> telecom@eecs.nwu.edu
(TELECOM Moderator) writes:
> The Len Rose saga came to an end this past week when a federal judge
[etc...]>
[... discussion of impoverished wife, kids]
> Users had better wise up to one fact: the federal government is going
Oh, thank God. I feel much better knowing that the feds are going
to continue their wholly uninformed pursuit of people committing
crimes the feds don't even understand. Maybe you have forgotten Steve
Jackson Games. I haven't.
> to continue to crack down on abusers of the net and this media. And
> please, none of your hysterical freedom of speech arguments in my
> mail, thank you.
None here.
> And you *will* get caught. Then you can go sit and commiserate with
> Len Rose. If Len Rose has half the brain I think he has, he will come
> out of the penitentiary a better person than when he went in. The
> penitentiary can be, and frequently is a therapeutic experience, at
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Bull!!!!!!!!!!
Male-male gang rape can *LEAD* to therapy, is maybe what you
mean here...
> least for the people who think about what it was that caused them to
> get there in the first place.
> I feel very sorry about what has happened to Len Rose. I feel worse
> about the circumstances his wife and children are in. But the
> socially irresponsible behavior (which some people who call themselves
> 'socially responsible' seem to condone or wink at) has to stop. Now.
> And a knowledgeable sysadmin who is quietly cooperating with the
> government tells me a federal grand jury is <thisclose> to returning
> another cycle of indictments. Need I say more?
Yeah, you might mention that the grand juries generally haven't the
slightest idea what a computer is, let alone a computer-oriented
crime. I'm not invoking any of the free-speech or other arguments and
don't intend to, but when law enforcement makes a mockery of justice
as it has in many, many computer-crime cases, and when we see
corporations inflate their alleged losses by factors of a hundred or a
thousand, then something is terribly wrong, and simply focusing on the
vicious pursuit of real or alleged criminals just serves to draw
attention away from the very real problems caused by runaway egos of
prosecutors.
If I had to analyze the nerds who come up with the loss figures, I'd
say they're trying for a big number to please their superiors and to
gain fame . A two million dollar crime that you stopped looks a
hell of a lot better than a $200 crime. People who are not computer-
literate will generally believe what they're told by "experts". (Well,
true of any field).
> So Len, *was* it all worth it?
Your compassion for your fellow man overwhelms me.
Sure, Higdon goes after an outfit that makes its *entire profit*
entrapping and prosecuting people who may not have committed a crime
at all (anyone who has access to a telephone and incorrect information
can dial a 950- number, for cryin' out loud). Shows that they are
rude, incompetent.
I see a direct parallel in the prosecution and entrapment of people in
the current "crackdown" on computer crime. It's a government fad and
in its wake are going to be a lot of innocent victims, and I'm not
just talking about wives and children.
Disclaimer: Messages originating from this address are mechanically
generated. Management assumes no responsibility for the contents thereof.
Jim Youll, aka jyoull@andy.bgsu.edu, 419/354-2110
------------------------------
Date: Sat, 15 Jun 91 18:30:03 -0500
From: Clint Fleckenstein <fleckens@plains.nodak.edu>
Subject: Re: Well Len, Was it Worth a Prison Term?
Organization: North Dakota Higher Ed Computing Network
Sorry to ask a stupid question, but what did he do? :)
It's been a while. I got in a lot of trouble on the net myself back
in 1987, and got bounced out of school.
Clint Fleckenstein DoD #5150 fleckens@plains.nodak.edu
[Moderator's Note: What Len Rose was *convicted* of doing was being in
possession of AT&T computer source code illegally, and transporting
the code across state lines. And Al Capone was sent to prison for
failure to pay his income tax. Would you care to discuss your case
with us here?
Thanks to all who wrote me on this issue; I've got more articles in
the queue to continue this thread tomorrow, and will summarize a
rebuttal of my own, also probably tomorrow space permitting. PAT]
------------------------------
End of TELECOM Digest V11 #459
******************************
Received: (from NIU for <telecomlist-request@mailinglists.eecs.nwu.edu> via BSMT
P)
Received: (from NIU for MAILER@NIU via NJE)
(UCLA/Mail V1.410 M-SMTP-3517-393); Sun, 16 Jun 91 00:20:20 CDT
Received: from eecs.nwu.edu by mvs.cso.niu.edu (IBM MVS SMTP R1.0.2) with TCP;
Sun, 16 Jun 91 00:20:06 LCL
Received: from mailinglists.eecs.nwu.edu by delta.eecs.nwu.edu id ab09806;
15 Jun 91 23:38 CDT
Received: from mailinglists.eecs.nwu.edu by delta.eecs.nwu.edu id ab24310;
15 Jun 91 22:30 CDT
Date: Sat, 15 Jun 91 21:44:35 CDT
From: TELECOM Moderator <telecom@EECS.NWU.EDU>
[To]: telecom@eecs.nwu.edu
Subject: TELECOM Digest V11 #460
Message-ID: <9106152144.ac18147@delta.eecs.nwu.edu>
TELECOM Digest Sat, 15 Jun 91 21:44:11 CDT Volume 11 : Issue 460
Inside This Issue: Moderator: Patrick A. Townson
Re: Len Rose Sent to Prison [Craig Neidorf]
Re: Well Len, Was it Worth a Prison Term? [John Richard Bruni]
Re: Well Len, Was it Worth a Prison Term? [Owen M. Hartnett]
Re: Fighting Phone Hackers in SoCal [Jeff Sicherman]
Re: Fighting Phone Hackers in SoCal [John Higdon]
Re: Fighting Phone Hackers in SoCal [Nick Sayer]
Re: Does a National Phonebook Exist? [Don Froula]
----------------------------------------------------------------------
Date: Sat, 15 Jun 91 10:54:22 CDT
From: Craig Neidorf <C483307@umcvmb.bitnet>
Subject: Re: Len Rose Sent to Prison
In TELECOM Digest, Volume 11 : Issue 453, Scott Dorsey writes:
> In article <telecom11.448.1@eecs.nwu.edu> bill@eedsp.gatech.edu
> writes:
>> BALTIMORE (AP) -- A computer hacker has been sentenced to a year
>> and a day in prison for stealing information from American Telephone &
>> Telegraph and its subsidiary Bell Laboratories.
>> Leonard Rose Jr., 32, an unemployed computer consultant, pleaded
>> guilty in March to one count of sending AT&T source codes via computer
>> to a hacker in Illinois, and a similar wire fraud charge involving a
>> Chicago hacker.
> He did indeed send a copy of the System V login source code to
> someone who may have used it in the commission of a crime.
Who is this person that you believe he sent the System V login source
code to that may have used it in the commission of a crime?
>> The judge did not order restitution to AT&T because Rose has what
>> one of his attornies called "a negative net worth."
> This is indeed true. He did not have such a condition until
> spending huge amounts of money for defense.
Speaking as someone who knows what really happened to Len and how the
system really treats a criminal defendant, I will inform you of a
couple of things.
Len Rose did not spend huge amounts on his defense. When Rose was
first raided by the Secret Service in March 1990, the agents seized
all of his computers and everything related (and a lot of things
unrelated). They effectively deprived him of his livelihood as a
private Unix consultant. They had their reasons and I'm not going to
argue about those. However, Len had little money to begin with and
was already deep into debt before these incidents happened. He lost
his house and his truck.
Len Rose had a court appointed attorney for a while and there are some
things you should know about how that works. You can only get court
appointed counsel if you cannot afford an attorney and you must prove
this to the court by bringing in all of your financial files.
Later attornies like Sheldon Zenner and Jane Macht were paid for by
friends of Len Rose and there was a donation fund for his family's
living expenses to which many people contributed.
Craig Neidorf (C483307 @ UMCVMB.MISSOURI.EDU)
[Moderator's Note: Mr. Neidorf was a defendant in one of the criminal
prosecutions associated with the Legion of Doom. He is (was?) the
publisher and editor of {Phrack}, an electronic journal whose name is
a contraction of the two words 'phreak' and 'hack'. He was found not
guilty of the charges lodged against him, and the government dropped
its prosecution of him when it was discovered that the information he
published (relating to the complaint) was available to the public from
other sources. PAT]
------------------------------
From: John_Richard_Bruni@cup.portal.com
Subject: Re: Well Len, Was it Worth A Prison Term?
Date: Fri, 14 Jun 91 22:40:24 PDT
Pat,
I grant you all of what you said in your preface to the Len Rose
topics, yet I still wonder. As a journalist I keep coming across
references to computer fraud totalling somewhere between $2 BILLION to
$20 billion a year. There must be some fire to all this smoke. Yes,
the hackers make life more problematical for those who like (as I do)
open exchange of information on the computer nets. The security
requirements are a hassle.
But in the course of researching a novel that has hackers in it, it
slowly came to me that the real troublemakers are much more deeply
buried in the system. I know of 'Phone Phreaks' who have written
themselves into the system since ESS-4 came out. These guys are not
just hacking the phone company, they are so far into to it that for
all intents and purposes they *ARE* the phone company. Darksiders
like these make hackers look like small fry ... which for the most
part they are. I still think Cal Tech and MIT oughta get the good
hackers and make them into useful members of society. Universities do
a much better job of that on smart people than jails do.
Put the moles in jail, if you can find 'em. Most of them probably
have Swiss bank accounts by now and have retired to the Riviera.
That's my two cents worth, and I know it's controversial. But I was
forced to decide what I thought of all this when, in the course of
researching my book, I made friends with both hackers and 'trackers.'
That's all, folks!
------------------------------
From: "Owen M. Hartnett" <omh@cs.brown.edu>
Subject: Re: Well Len, Was it Worth a Prison Term?
Date: 16 Jun 91 00:26:13 GMT
Reply-To: "Owen M. Hartnett" <omh@cs.brown.edu>
Organization: Brown University Department of Computer Science
In article <telecom11.453.1@eecs.nwu.edu> telecom@eecs.nwu.edu
(TELECOM Moderator) writes:
(in a very fine article)
> When Len is released, he'll be 'allowed to' carry the tag "ex-con"
> with him when he applies for work and tries to make new friends. One
> part of his punishment is that in the future he must reveal his status
> to prospective employers.
Something about the above bothers me, from a legal standpoint. Wasn't
there a movement quite a few years ago that said, in effect, that
since ex-cons have little chance of employment once they've told their
prospective bosses that they're ex-cons, that requirements to do so
were being mitigated, so that they would stand a better chance of
rehabilitating once they got out?
This seems probably the most harsh of the requirements. Does a bank
robber have to inform a prospective employer of his past history, even
if said employer doesn't ask? This sounds almost unconstitutional, if
not cruel and unusual punishment.
Owen Hartnett omh@cs.brown.edu
[Moderator's Note: In your example, it probably would be unreasonable
to force a garage mechanic to tell a prospective employer he had
robbed a bank. It would not be as unreasonable to force the same
person to reveal this if he applied for employment as a bank teller.
In the case at hand, I quoted the court's decision without really
agreeing with it. If Len goes into non-computer employment, it should
not have to be discussed. If he goes into computer-related employment,
well ... I'd be reluctant to make him wear that ball and chain his
whole life. PAT]
