home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
cud3
/
cud323c.txt
< prev
next >
Wrap
Text File
|
1992-09-20
|
10KB
|
207 lines
------------------------------
From: John Higdon and Dennis Rears
Subject: More on Thrifty-Tel
Date: June 25, 1991
********************************************************************
*** CuD #3.23: File 1 of 4: More on Thrifty-Tel ***
********************************************************************
{Moderators' note: The following is reprinted from Telecom Digest}
Date: Sat, 15 Jun 91 02:24 PDT
From: John Higdon <john@zygot.ati.com>
Mark Seecof <marks@capnet.latimes.com> quotes the {LA Times}:
> ``Little Phone Company on a Hacker Attack''
> By Susan Christian, Times Staff Writer.
On June 13, the {San Jose Mercury} ran a story about Ms. Bigley's
courageous efforts. The writer, Alex Barnum, did a little more
investigating and presented a little more balanced picture than Ms.
Christian. Excerpts below:
Firm's Big Phone Fees Hang up Hackers
by Alex Barnum, Mercury Staff Writer
"A year ago, Thrifty Tel Inc. won approval from the state Public
Utilities Commission ot charge unauthorized users of its long-distance
lines a 'special' rate: a $3,000 'set-up' charge, a $3,000 daily line
fee, $200 an hour for labor and the costs of investigating and
prosecuting the offender.
"Since then, the Garden Grove company has netted $500,000 and caught
72 hackers, ranging from an 11-year-old girl to a grandma-grandpa team
of professional phone hackers."
[Doesn't sound as if Thrifty Tel came off too badly on that one, does
it? That's $500,000 NET profit on hackers. JH]
"But while many have applauded Thrifty Tel's ingenuity, others have
criticized the company for taking the law into its own hands. Some Los
Angeles law enforcement officials, in fact, say the approach borders
on extortion ...
"Others charge that Thrifty Tel is deliberately baiting its long-distance
system with lax security to catch hackers and bring in new revenue.
Thrifty Tel is 'a vigilante,' says John Higdon, a San Jose phone
network expert." [blush]....
"Even a single call can cost a hacker more than $6,000. And Thrifty
Tel charges an extra $3,000 for every access code the hacker uses.
Since about half of Thrifty Tel's hacker 'customers' are minors, their
parents usually wind up footing the bill.
"Moreover, as a condition of the settlement, Thrifty Tel requires
hackers to hand over their computers which mirrors a provision in the
criminal code. Bigley usually turns the computer over to authorities,
although she says she kept one once. [She kept more than that
according to her own conversation with me. JH]
"While praising Bigley's basic strategy, law enforcement officials say
she has taken it a step too far. 'She can threaten a civil suit, but
not criminal charges,' says one official. 'You don't use a criminal
code to enforce a civil settlement.'"...
"Other critics charge that Thrifty Tel is deliberately baiting hackers
with antiquated switching technology and short access codes that are
easier to hack than the more modern, secure technology and 14-digit
access codes of the major long-distance carriers."
Mr. Barnum has all the quotes from Ms. Bigley that the {LA Times}
article had, which essentially contain the circular argument that it
costs money to upgrade to FGD and why should Thrifty have to spend
that money on account of "thugs and criminals" while whining about all
the losses suffered at the hands of the hackers. Thrifty's technique
looks more like a profit center than hacker "prevention".
****************************************************************
{Moderators' note: The following is reprinted from TELECOM Digest, #476}.
Date: Fri, 21 Jun 91 11:07:35 EDT
From: "Dennis G. Rears (FSAC)" <drears@pica.army.mil>
Subject: Re: Speaking in Defense of ThriftyTel (was Fighting Hackers)
Kurt Guntheroth <kurt@tc.fluke.com> writes:
> John Higdon says:
>> Mr. Barnum has all the quotes from Ms. Bigley that the {LA Times}
>> article had, which essentially contain the circular argument that it
>> costs money to upgrade to FGD and why should Thrifty have to spend
>> that money on account of "thugs and criminals" while whining about all
>> the losses suffered at the hands of the hackers. Thrifty's technique
>> looks more like a profit center than hacker "prevention".
> Let's suppose ThriftyTel is deliberately baiting hackers (though using
> older equipment because it is cheap sounds more reasonable to me).
> How can this be considered more reprehensible than stealing network
> services in the first place? I find it quite just that a company
> should hang hackers with their own rope. If ThriftyTel was posting
> the access codes on pirate BBS's, this might be going a bit too far on
> the entrapment side, but there is no evidence this is happening.
Have you ever heard of an attractive nuisance? Granted it may be
stretching a point, but hey we are talking about California? :-) It
could be argued that ThriftyTel has created an attractive nuisance by
not securing their systems in accordance with industry standards; just
like the homeowner who does not build a secure enough fence to keep
the little cretins out of his/her pool.
> And whoever asked whether ThriftyTel was inducing minors to enter into
> an unenforceable contract, or an ex-post-facto contract, this may be
> true. The hackers do have the option of refusing the contract and
> letting ThriftyTel make good on its threat to initiate criminal
> proceedings if it can. Probably most hackers, caught crouched over
> the body with the smoking gun in their hand, and with the knowledge of
> their guilt in mind, are reluctant to test their luck in court.
Contract, hell it is extortion. As any first year law student could
tell you the following must exist to be a contract:
o legality of object # OK
o mutual consideration # OK
o contractual capacity # OK; minors create
# a voidable contract
o manifestion of consent
(offer/acceptance) # NO
o meeting of the minds
The hacker is not aware of the offer (tariff), there is no manifestion
of consent, and there is not meeting of the minds.
Another point, California has the Uniform Commercial Code, thus the
statue of frauds would apply. This means the contract (including
acceptance) must be in writing for amount of over $500.00.
One last point if they are saying a contract was formed, it becomes a
civil matter only not a criminal. Either it is a contract in all
cases or a contract in no cases. If they decide it is a contract they
have to sue for breach of contract; they can't have criminal charges
too. They must be consistent.
BTW, I don't approve of what the hackers/phreakers are doing either,
but ThriftyTel response is just as abusive of the laws as
hackers/phreakers. We are still innocent until proven guilty, and
there is no way I can tolerate any company or government "official"
altering this.
dennis
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Subject: Re: Speaking in Defense of ThriftyTel (was Fighting Hackers)
Date: 21 Jun 91 12:32:56 PDT (Fri)
From: John Higdon <john@mojave.ati.com>
Kurt Guntheroth <kurt@tc.fluke.com> writes:
> Record me as a supporter of ThriftyTel.
You are overlooking a major flaw in Thrifty Tel's scam. In the United
States, the system of jurisprudence requires the plaintiff in a civil
case to 1.) prove damages and 2.) show mitigation of damages. Thrifty
Tel does neither.
In a five-day period, Thrifty Tel whisked a "Hacker Tariff" through
the CPUC without comment, showing, documentation, or any justification
WHATSOEVER. This tariff, which provides for "charges" that are around
three hundred times the company's going rate for services, is then
used in civil suits to claim damages. Thrifty Tel sits back in court,
presents the logs showing the intruder's usage and then holds up this
bogus tariff. In other words, TT has at no time ever proved its claim
for the extortion it pulls on the "criminals and thugs" that it so
actively crusades against.
Concerning point two, let me give you an analogy. Let us suppose that
I have decided to go into the banking business, but find that the cost
of constructing a vault is prohibitively expensive. So I leave all the
cash sitting around in the tellers' drawers. Word gets around that my
bank is an easy mark, and consequently I find that frequently the cash
has been cleaned out by thieves the night before. To combat this, I
install a very sophisticated intrusion detection system with cameras
and the like. I am now able to identify the thieves and I manage to
get a law passed that allows my bank to claim damages against the
burglars at about three hundred times the value of the cash stolen.
Obviously, a bank vault would solve the lion's share of my problem,
but why should I have to pay for a vault when it is "criminals and
thugs" that are at the root of my "losses"? This is precisely the
argument that TT uses when it is suggested that it upgrade its
equipment and use FGD instead of FGB.
Of course, FGD would not allow it to skim intraLATA traffic from
Pac*Bell as it now does, but that is a different matter altogether.
Believe me when I tell you that Thrifty Tel has no moral high ground
to stand on.
John Higdon <john@zygot.ati.com> (hiding out in the desert)
********************************************************************
>> END OF THIS FILE <<
***************************************************************************