801 lines
37 KiB
Plaintext
801 lines
37 KiB
Plaintext
|
||
|
||
****************************************************************************
|
||
>C O M P U T E R U N D E R G R O U N D<
|
||
>D I G E S T<
|
||
*** Volume 2, Issue #2.16 (December 10, 1990) **
|
||
*> SPECIAL ISSUE: "ATLANTA THREE" SENTENCING MEMORANDUM <*
|
||
****************************************************************************
|
||
|
||
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
|
||
GENERALIST: Brendan Kehoe (BRENDAN@CS.WIDENER.EDU)
|
||
ARCHIVISTS: Bob Krause / Alex Smith
|
||
|
||
USENET readers can currently receive CuD as alt.society.cu-digest.
|
||
|
||
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
|
||
information among computerists and to the presentation and debate of
|
||
diverse views. CuD material may be reprinted as long as the source is
|
||
cited. Some authors, however, do copyright their material, and those
|
||
authors should be contacted for reprint permission.
|
||
It is assumed that non-personal mail to the moderators may be reprinted
|
||
unless otherwise specified. Readers are encouraged to submit reasoned
|
||
articles relating to the Computer Underground.
|
||
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
DISCLAIMER: The views represented herein do not necessarily represent the
|
||
views of the moderators. Contributors assume all responsibility
|
||
for assuring that articles submitted do not violate copyright
|
||
protections.
|
||
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
||
The following is the prosecution's sentencing memorandum submitted to the
|
||
judge. Although it specifies that the defendants were cooperative and
|
||
requests a "downward" departure from the sentencing guidelines, it
|
||
nonetheless requests prison time. In our view, the sentence was unduly
|
||
harsh, and the memorandum reflects a number of substantial inaccuracies,
|
||
distortions, and questionable arguments in making the claim that prison is
|
||
necessary. In the next issue of CuD (2.17), we will print two responses to
|
||
this memo, including that of the EFF.
|
||
|
||
The first issue of EFF NEWS, the official newsletter of the Electronic
|
||
Frontier Foundation, will be distributed this week. More detailed
|
||
information on this, including how to obtain it, will be in the next issue.
|
||
|
||
The sentence was imposed Friday, November 16, 1990. Robert Riggs received
|
||
a sentence of 21 months incarceration. Franklin E. Darden, Jr., and Adam
|
||
E. Grant each received 14 months incarceration (seven months of it to be
|
||
served in a half-way house). All were additionally required to pay
|
||
$233,000 each in restitution, but all are responsible for the full sum of
|
||
about $700,000 should any of the others default. For a complete discussion
|
||
of the sentence, see John and Barbara McMullen's article in CuD 2.14.
|
||
|
||
********************************************************************
|
||
|
||
IN THE UNITED STATES DISTRICT COURT
|
||
|
||
FOR THE NORTHERN DISTRICT OF GEORGIA
|
||
|
||
ATLANTA DIVISION
|
||
|
||
UNITED STATES OF AMERICA :
|
||
: CRIMINAL ACTION
|
||
v. :
|
||
: NO. 1:90-CR-31
|
||
:
|
||
ADAM E. GRANT, a/k/a The :
|
||
Urvile, and a/k/a Necron 99, :
|
||
FRANKLIN E. DARDEN, JR., a/k/a :
|
||
The Leftist, and :
|
||
ROBERT J. RIGGS, a/k/a :
|
||
The Prophet :
|
||
|
||
GOVERNMENT'S SENTENCING MEMORANDUM AND S.G. SS 5K1.1 MOTION
|
||
|
||
Now comes the United States of America, by and through counsel
|
||
Joe D. Whitley, United States Attorney for the Northern District
|
||
of Georgia, and Kent B. Alexander, Assistant United States Attorney
|
||
for the Northern District of Georgia, and shows the court the
|
||
following:
|
||
|
||
From September 1987 through July 21, 1989, the defendants
|
||
regularly broke into proprietary telephone computer systems, stole
|
||
access information, distributed that information toothers
|
||
throughout the country, and, in the process, regularly used
|
||
unauthorized long distance/data network services. In all, they
|
||
stole approximately $233,880 worth of logins/passwords and connect
|
||
addresses (i.e., access information) from BellSouth. BellSouth
|
||
spend approximately $1.5 million in identifying the intruders into
|
||
their system and has since then spent roughly $3 million more to
|
||
further secure their network.
|
||
|
||
Although the government is going to recommend a downward
|
||
departure from the Sentencing Guidelines, the three defendants
|
||
are clearly criminals who have caused a significant amount of damage
|
||
|
||
|
||
- 1 -
|
||
|
||
and should be punished accordingly. Moreover, the computer
|
||
"hacker"%1% world is watching this case very closely, and the Court
|
||
should send a message that illegal computer hacking activities will
|
||
not be tolerated.
|
||
|
||
In this sentencing memorandum the government will describe the
|
||
investigation in the case, summarize some of the evidence that
|
||
would have been presented at trial, and describe the defendants'
|
||
cooperation. Finally, the government will emphasize the role this
|
||
case has played and will continue to play in curbing abuses in the
|
||
hacker community.
|
||
|
||
I. _THE INVESTIGATION_
|
||
|
||
In June of 1989, a computer threat and a computer intrusion sparked
|
||
a massive federal investigation into the computer hacking
|
||
activities of a self-proclaimed elite group of roughly 20 hackers
|
||
called "Legion of Doom." The threat involved an anonymous all to
|
||
an Indiana Bell security representative from a computer hacker. The
|
||
hacker, who has since been identified as an associate of the
|
||
defendants, will e called "John Doe" for purposes of this
|
||
memorandum. John Doe said that five telephone switches (telephone
|
||
company computers that route calls) would be programmed to shut
|
||
down the telephone system throughout the country. AT&T
|
||
investigators conducted a nationwide search and discovered "logic"
|
||
|
||
|
||
________________________
|
||
%1%The government uses the term "hacker" to describe a person
|
||
who uses computers for criminal activity. The Court should note,
|
||
however, that the term "hacker" can also be used to describe
|
||
legitimate computer users. At one time all computer users were
|
||
known as "hackers," and some computer users still identify
|
||
themselves as "hackers."
|
||
|
||
- 2 -
|
||
|
||
bombs" (time delayed programs) in AT&T computers located in
|
||
Colorado, Georgia, and New Jersey. The logic bombs were programmed
|
||
to shut down service in portions of those states.
|
||
|
||
Aside from the hacker logic bomb threat, a June 1989 intrusion into
|
||
the BellSouth network also prompted the federal investigation.
|
||
A computer hacker broke into the BellSouth network and rerouted
|
||
calls from a probation office in Delray Beach, Florida to a New
|
||
York Dial-A-Porn number. Although creative and comical at first
|
||
blush, the rerouting posed a serious threat to the security of the
|
||
telephone system. If a hacker could reroute all calls to the
|
||
probation office, he or she could do the same to calls placed to
|
||
this Court, a fire station, a police station or any other telephone
|
||
customer in the country. Again, none of the three defendants are
|
||
implicated in this dangerous prank, though an investigation of the
|
||
intrusion ultimately led investigators to the illegal activities
|
||
of the three defendants and other members of a self-proclaimed
|
||
elite group of hackers called the Legion of Doom. The Legion of
|
||
Doom is described in a hacker "magazine" article filed separately
|
||
as _Government Exhibit A_.
|
||
|
||
In mid-June 1989, BellSouth%2% assembled a major security task
|
||
force consisting of 42 full-time employees to investigate the
|
||
intrusions. It assigned the employees to work 12-hour round-the-
|
||
clock shifts for nearly a month. To BellSouth's credit, the
|
||
management decided to go public with the intrusions by alerting the
|
||
|
||
________________________
|
||
|
||
%2%For purposes of this memorandum, "BellSouth" also refers to
|
||
Southern bell Telephone and Telegraph Company and BellSouth
|
||
Advanced Network, subsidiaries of BellSouth.
|
||
|
||
- 3 -
|
||
|
||
United States Secret Service%3%.
|
||
|
||
On June 21, 1990 %sic%, a confidential "hacker" informant admited
|
||
that "The Urvile" in Atlanta (defendant Adam Grant) had provided
|
||
him with the access information necessary to break into the
|
||
BellSouth computer network. Based on that evidence and further
|
||
investigation, this office and the Secret Service arranged for a
|
||
court-authorized dial number recorder ("DNR") (i.e., pen register)
|
||
to be placed on the telephone lines of defendants Adam E. Grant,
|
||
Franklin E. Darden, Jr., and Robert J. Riggs.
|
||
|
||
From July 11 through July 21, 1989, a pattern emerged showing
|
||
that all three defendants were making outgoing calls and "looping"
|
||
the calls around the country and into the BellSouth computer
|
||
network. "Looping" is a system hackers use to transfer their calls
|
||
through a number of telephone companies and data networks (e.g.,
|
||
Telenet) to gain free telephone service and to avoid detection by
|
||
the authorities. The defendants would often start their loops by
|
||
patching into the Georgia Tech computer system, courtesy of access
|
||
numbers provided by defendant Grant. After looping the calls,
|
||
defendants used unauthorized connect addresses and logins/passwords
|
||
to break into the BellSouth system. Connect addresses are the
|
||
computer equivalent of a street address and logins/passwords are
|
||
like keys to houses (computers) on the street. The DNR records
|
||
|
||
________________________
|
||
|
||
%3%All computer systems using modems (telephone computer links)
|
||
are susceptible to computer hacker break-ins, but most companies
|
||
do not "go public" when break-ins occur for fear of bad publicity.
|
||
Unfortunately, when companies pretend such problems do not exist,
|
||
other companies develop a false sense of security with regard to
|
||
hacker intrusions. Fortunately, BellSouth took the public route.
|
||
|
||
- 4 -
|
||
|
||
also revealed that the defendants were speaking with one another
|
||
and with backs from all around the country. Once BellSouth pin-
|
||
pointed the break-ins and determined that the hackers were
|
||
downloading BellSouth information (i.e., stealing information and
|
||
copying it into their own system), the Secret Service had enough
|
||
information to obtain a search warrant.
|
||
|
||
On July 21, 1989, the Secret Service executed search warrants
|
||
on all of the defendants' residences. At the same time, the Secret
|
||
Service executed a search warrant in Indiana on the home of the
|
||
"John Doe" hacker mentioned above. That hacker has since been
|
||
charged and convicted on computer fraud charges.
|
||
|
||
During the searches, the Secret Service uncovered thousands
|
||
of pages of proprietary telephone industry information, hundreds
|
||
of diskettes, a half-dozen computers and reams of incriminating
|
||
notes. After BellSouth and the Secret Service analyzed all the
|
||
evidence and interviewed the defendants and other hackers, the
|
||
government was able to piece the case together and seek an
|
||
indictment from the grand jury.
|
||
|
||
II. _THE EVIDENCE_
|
||
|
||
A. _What the Evidence Generally Shows_
|
||
|
||
If the case had gone to trial, the evidence would have shown
|
||
that defendants Grant, Darden and Riggs used a variety of methods
|
||
to break into the BellSouth telephone systems. To start, they and
|
||
other Legion of Doom ("LOD") members would go "trashing" or
|
||
"dumpster diving" (i.e., scavenging through dumpsters) behind
|
||
BellSouth offices, usually in the dead of night. They took memos,
|
||
|
||
- 5 -
|
||
|
||
printouts, and other documents. Additionally, when back at their
|
||
personal computers, they created hacking programs to break into the
|
||
BellSouth systems and obtained access information from fellow
|
||
hackers. Using all of these tools, the defendants broke into over
|
||
a dozen BellSouth computer systems. Once in the systems, the
|
||
defendants would scan the files for information they wanted to
|
||
steal and get into other computer systems of other entities,
|
||
including Credit Bureaus, hospitals, banks%4% and other private
|
||
corporations.
|
||
|
||
Among other information, the defendants downloaded BellSouth
|
||
passwords and connect addresses which they could later use to
|
||
return into the particular system they were scanning or to get into
|
||
other systems. Defendants also downloaded subscriber information
|
||
on individual customers. By getting subscriber information, the
|
||
defendants could change customer services (e.g., call waiting) and
|
||
obtain access to Credit Bureau information. Defendants Grant and
|
||
Darden also figured out how to wire tap telephone calls using a
|
||
BellSouth computer system called LMOS. Darden admits monitoring
|
||
friends' calls, but claims to have only done it with the knowledge
|
||
of the friends. Evidence recovered from Grant's dorm room
|
||
indicates that he monitored calls as well. The government has no
|
||
direct evidence that defendant Riggs monitored calls, though the
|
||
Secret Service did recover LMOS access information in the search
|
||
of Riggs' residence.
|
||
|
||
________________________
|
||
|
||
%4%During a meeting with the Secret Service, defendant Grant
|
||
admitted breaking into a bank in the State of Texas and altering
|
||
deposit records.
|
||
|
||
- 6 -
|
||
|
||
The defendants and other LOD members freely exchanged
|
||
information they stole from BellSouth. Although it does not appear
|
||
that defendants themselves used this information to transfer any
|
||
money to themselves, they clearly exploited the services of the
|
||
telephone companies and data networks when making and receiving
|
||
hundreds of hours of free long distance service.
|
||
|
||
During the course of the conspiracy, the defendants and other
|
||
LOD members illegally amassed enough knowledge about the
|
||
telecommunications computer systems to jeopardize the entire
|
||
telephone industry. During one interview, defendant Darden
|
||
nonchalantly revealed that the defendants could have easily shut
|
||
down telephone service throughout the country.
|
||
|
||
The defendants freely and recklessly disseminated access
|
||
information they had stolen. By doing so, they paved the way for
|
||
others to easily commit fraud. For instance, in early 1989, Adam
|
||
Grant introduced defendants Robert Riggs and Frank Darden to a 15-
|
||
year old hacker, already identified as "John Doe." Based largely
|
||
on the information from the defendants, John Doe managed to steal
|
||
approximately $10,000. Basically, Doe used the information from
|
||
the defendants to reroute calls, enter Credit Bureaus, and have
|
||
Western Union ire money from credit card accounts captured from
|
||
the Credit Bureau records.
|
||
|
||
Defendants claimed that they never personally profited from
|
||
their hacking activities, with the exception of getting
|
||
unauthorized long distance and data network service. At the very
|
||
least, however they should have foreseen the activity of people
|
||
|
||
- 7 -
|
||
|
||
like John Doe, particularly in light of articles on computer
|
||
hacking, stealing and fraud which they collected and authored (some
|
||
of which are described in Section B below).
|
||
|
||
Defendants disseminated much of their knowledge and stolen
|
||
information posting the information on electronic bulletin board
|
||
services ("BBS's"). A BBS is a computerized posting service
|
||
allowing hackers to post messages to one another, usually 24 hours
|
||
a day. Most BBS's around the country are perfectly legal and allow
|
||
legitimate computer users to communicate with each other. The LOD
|
||
created a BBS named "Black Ice," however, primarily to foster
|
||
fraudulent computer activities. Excerpts from the Black Ice BBS
|
||
are filed separately hereto as _Government Exhibit B. A review of
|
||
the Black Ice printouts reveals that defendants all realized that
|
||
braking into the telephone computer systems was illegal and that
|
||
they took precautions not to get caught. Of great concern are the
|
||
frequent references to law enforcement and national security
|
||
computer systems.
|
||
B. _Specific Examples of Items Recovered from Each Defendant_
|
||
|
||
A brief review of some of the evidence recovered from each of
|
||
the defendants' residences during the July 21, 1989, searches will
|
||
shed further light on the criminal nature of their conduct. Please
|
||
bear in mind, however, that what follows is a description of only
|
||
a very small portion of the immense amount of material recovered
|
||
from each defendant.
|
||
1. _ADAM E. Grant_
|
||
--Hundreds of telephone numbers, connect addresses,
|
||
logins/passwords, and loops for various Bell
|
||
|
||
- 8 -
|
||
|
||
computer systems.
|
||
|
||
-- Files on how to hack voice mail, how to hack Bell
|
||
company passwords, war dialing programs, time bombs,
|
||
Georgia Tech computer accounts.
|
||
|
||
-- Articles and tutorials on a number of topics. The
|
||
articles outline information about a topic, while
|
||
tutorials outline how-to steps to accomplish
|
||
specific objectives (e.g., stealing access codes).
|
||
Grant had articles and tutorials on hacking into the
|
||
telephone system, building blue boxes (i.e., devices
|
||
that simulate computer tones and allow free
|
||
telephone access), using "loops," using Telenet,
|
||
getting "root" access to BellSouth systems, (i.e.,
|
||
free run of the system), planting "trojan horses"
|
||
into UNIX (a trojan horse is essentially a time lapsed
|
||
computer program and UNIX is the computer system
|
||
used by BellSouth). Some article/tutorials titles
|
||
include "Building Blue Boxes," "How to Rip off Pay
|
||
Stations," "Hacking Telco Outside Plant," "Hacking
|
||
Satellite Transponders," Defeating the Total
|
||
Network," "UNIX Security Issues," and "UNIX for the
|
||
Educated" by Urvile.
|
||
|
||
-- One article specifically addressed malicious damage
|
||
to and slowing down of a UNIX system. This article
|
||
is noteworthy because it includes details on how to
|
||
bring a central office of the telephone system "to
|
||
its knees" by inserting a program to continually
|
||
make directories on a disk until the switch (i.e.,
|
||
BellSouth office computer that routes phone calls)
|
||
runs out of disk space.
|
||
|
||
-- Three letters to Grant from Georgia Tech complaining
|
||
about his abuse of the system. The letters,
|
||
attached as _Exhibit C_, indicate that Georgia Tech
|
||
was very concerned about Grant's abuses of their
|
||
system.
|
||
|
||
-- Credit Bureau report on Bruce Dalrymple. Grant
|
||
tutored the former Georgia Tech basketball star and
|
||
broke into the Credit Bureau to get Dalrymple's
|
||
credit history. Grant and the other defendants
|
||
essentially had the power to review millions of
|
||
citizens' credit histories by breaking into Credit
|
||
Bureaus.
|
||
|
||
-- Numerous phone numbers of military installations.
|
||
|
||
-- Detailed information on LMOS, the system through
|
||
which Darden and Grant tapped into other parties'
|
||
|
||
- 9 -
|
||
|
||
|
||
computer systems.
|
||
|
||
|
||
-- AT&T Mail access numbers.
|
||
|
||
-- MCI credit card access numbers.
|
||
|
||
-- Telenet system addresses.
|
||
|
||
-- List of user accounts on the Georgia Tech computer
|
||
system.
|
||
|
||
2. _FRANKLIN E. DARDEN
|
||
|
||
-- Hundreds of telephone numbers, connect addresses,
|
||
logins/passwords, and loops for various Bell
|
||
computer systems.
|
||
|
||
-- Files on Secret Service interrogation methods,
|
||
computer-related laws/arrests, methods to defraud
|
||
long distance carriers, and social engineering
|
||
(getting information by pretending to work for the
|
||
phone company).
|
||
|
||
-- Articles and tutorials on blue and silver boxing,
|
||
hacking voice mail systems, tapping a neighbors'
|
||
phone, blue boxing, "military boxing" installing
|
||
small transmitters on neighbors' terminal boxes.
|
||
Titles of some of the articles included "How to Make
|
||
Flash Bombs," "Hacking Voice Mail Systems," Hacking
|
||
the Hewlett-Packard 3000 Computer," and "Art of Blue
|
||
Box Construction."
|
||
|
||
-- Extensive information on LMOS, including tutorials
|
||
and handwritten notes concerning illegally wire
|
||
tapping telephone lines.
|
||
|
||
-- Sprint codes and Telenet addresses and passwords.
|
||
|
||
-- Unauthorized Credit Bureau reports on other
|
||
individuals stolen from CBI.
|
||
|
||
-- Information on credit card fraud using Western
|
||
Union. Interestingly, the John Doe mentioned above
|
||
spoke with Darden many times concerning computer
|
||
information and ultimately devised a credit card
|
||
fraud scheme using Western Union Wires.
|
||
|
||
-- A listing of credit card fraud laws in Michigan.
|
||
|
||
- 10 -
|
||
|
||
-- UNIX tutorial by The Urvile.
|
||
|
||
3. _ROBERT RIGGS_
|
||
|
||
-- Hundreds of telephone numbers, connect addresses,
|
||
logins/passwords, and loops for various Bell
|
||
computer systems.
|
||
|
||
-- File on "netcatch.c" a program designed to
|
||
eavesdrop on computer-to-computer communications.
|
||
|
||
-- Articles and tutorials concerning hacking passwords,
|
||
understanding telephone security systems, and
|
||
understanding voicemail systems. The articles
|
||
tutorial titles included "Hacking COSMOS Part 2,"
|
||
"BellSouth's central System for Main Frame
|
||
Operations," "MVS from the Ground Up" by Riggs, and
|
||
"UNIX Use and Security from the Ground Up" by Riggs.
|
||
|
||
-- The E911 file. This file which is the subject of
|
||
the Chicago indictment, is noteworthy because it
|
||
contains the program for the emergency 911 dialing
|
||
system. As the court knows, any damage to that very
|
||
sensitive system could result in a dangerous
|
||
breakdown in police, fire, and ambulance services.
|
||
The evidence indicates that Riggs stole the E911
|
||
program from BellSouth's centralized automation
|
||
system, AIMSX. Riggs also managed to get "root"
|
||
privileges to the system (i.e., free run of the
|
||
system). Bob Kibler of BellSouth Security estimates
|
||
the value of the E911 file, based on R&D costs, is
|
||
$24,639.05.
|
||
|
||
-- Handwritten note listing Riggs' top three goals:
|
||
"Learn LMOS" %the system connected to monitoring
|
||
phone lines%; "Learn PREDICTOR" %the BellSouth
|
||
mechanized system concerning maintenance of
|
||
telephone systems outside of the main office%; and
|
||
%Learn C Programming" %computer programming%.
|
||
|
||
-- Sprint access information
|
||
|
||
-- Password hacking programs.
|
||
|
||
-- Urvile's COSNIX tutorial (a how-to lesson relating
|
||
to breaking into a BellSouth system).
|
||
|
||
All three defendants obviously stored significant amounts of
|
||
information in their home relating to illegal activities. In
|
||
|
||
- 11 -
|
||
|
||
fairness to defendant Riggs, however, the Court should know that
|
||
Rigs had less evidence of illegal activity than Grant and Darden.
|
||
Apparently, defendant Riggs temporarily ceased illegal computer
|
||
activities after his computer fraud conviction in North Carolina
|
||
and parted company with some of his records. Eventually, however,
|
||
he again started to break into the BellSouth computer systems. By
|
||
the time of the search on July 21, 1989, rant, Darden and Riggs
|
||
were breaking into bellSouth computer systems and other computer
|
||
systems at will and were routinely downloading information.
|
||
|
||
III. _DEFENDANTS' PRIOR CONDUCT_
|
||
|
||
All of the defendants have been "hacking" for several years.
|
||
Defendant Riggs, however, is the only one with a prior conviction.
|
||
That conviction is described in _Government Exhibit D_ (filed
|
||
separately).
|
||
|
||
IV. _DEFENDANT'S COOPERATION AND THE GOVERNMENT'S RECOMMENDATION
|
||
OF A DOWNWARD DEPARTURE_
|
||
|
||
All three defendants have provided significant cooperation
|
||
that has fueled further investigation into the activities of a
|
||
number of computer hackers around the country. In light of the
|
||
substantial assistance each defendant has provided, as described
|
||
below, the government movees for this Court to make a downward
|
||
departure pursuant to S.G. 5K1 in the amount of three levels for
|
||
defendants Grant and Darden and two levels for defendant Riggs.
|
||
|
||
A. _Cooperation of Adam E. Grant_
|
||
|
||
1. July 21, 1989 - After the search of his residence,
|
||
Grant gave a statement to the United States Secret Service. He was
|
||
|
||
- 12 -
|
||
|
||
not forthcoming and generally denied any wrongdoing. By the time
|
||
he pled guilty, however, Grant had realized the severity of the
|
||
crime and was very forthcoming with helpful information.
|
||
|
||
2. July 16, 1990 - Grant spent approximately 2-3 hours
|
||
meeting with Assistant United States Attorneys from Chicago
|
||
regarding the Craig Neidorf Case. Grand provided valuable
|
||
information to assist in the prosecution of the case. Grant agreed
|
||
to testify, though when the prosecutors called him at the last
|
||
minute to fly to Chicago, he declined because of his school
|
||
schedule. Ultimately, the Chicago office did not need him to
|
||
testify.
|
||
|
||
3. August 9, 1990 - Grant met with a number of Secret
|
||
Service agents and representatives of BellSouth to discuss all
|
||
aspects of the investigation in Atlanta and divulge information
|
||
about other members of the Legion of Doom. The meeting lasted more
|
||
than 8 hours and Grant provided a substantial amount of helpful
|
||
information. Special Agent William Gleason says that Grant was
|
||
very cooperative.
|
||
|
||
4. October 8, 1990 through October 10, 1990 - Grant
|
||
traveled to Detroit, Michigan to meet with investigators and a
|
||
prosecutor there regarding the investigation of a fellow Legion of
|
||
Doom member. While there, he testified before the grand jury.
|
||
According to Assistant United States Attorney David Debold, Grant
|
||
was cooperative.
|
||
|
||
5. October 12, 1990 - Grant met for approximately 4
|
||
hours with BellSouth security officers. He discussed a number of
|
||
|
||
- 13 -
|
||
|
||
matters, including what he believed could be future hacking efforts
|
||
against BellSouth and measures BellSouth should take to protect
|
||
their system.
|
||
|
||
- 14 -
|
||
|
||
B. _Cooperation of Franklin E. Darden, Jr._
|
||
|
||
1. July 21, 1989 - After the search of his residence,
|
||
Darden provided a very detailed statement to the United States
|
||
Secret Service describing his activities and the activities of the
|
||
Legion of Doom. Based in part on that statement, the Secret
|
||
Service and BellSouth were able to further their investigation into
|
||
the identities and illegal acts of other members of the Legion of
|
||
Doom.
|
||
|
||
2. July 24, and July 28 - Darden volunteered to
|
||
meet and did meet with the Secret Service and the undersigned
|
||
counsel and thoroughly answered all questions posed to him.
|
||
Particularly in the early stages of cooperation, Darden provided
|
||
more helpful information than any defendant.
|
||
|
||
3. July 1990 - Darden traveled to Chicago and spent
|
||
three days waiting to testify and occasionally meeting with
|
||
Assistant United States Attorneys. The Chicago authorities called
|
||
him one morning during work, and Darden flew to Chicago by that
|
||
evening. Although Darden did not have to testify, he was ready and
|
||
willing to do so. Also, he had met with the Chicago prosecutors
|
||
a week or so earlier in Atlanta.
|
||
|
||
4. August 7, 1990 - Darden met in the Atlanta field
|
||
office of the Secret Service with Secret Service agents, BellSouth
|
||
representatives and other investigators. The meeting lasted most
|
||
of the day. According to Special Agent William Gleason,Darden was
|
||
very forthcoming and provided valuable leads for other cases.
|
||
5. October 1990 - Darden traveled to Detroit Michigan
|
||
|
||
- 15 -
|
||
|
||
to meet with investigators and the prosecutors there regarding the
|
||
investigation of a fellow Legion of Doom Member. He also testified
|
||
before the grand jury. According to Assistant United States
|
||
Attorney David Debold, Darden was very cooperative and offered
|
||
evidence that will be very useful in prosecuting the Detroit
|
||
hacker.
|
||
|
||
C. _Cooperation of Robert J. Riggs_
|
||
|
||
1. July 21, 1989 - After the search of his residence,
|
||
defendant Riggs provided a very detailed statement to the United
|
||
States Secret Service describing his activities and the activities
|
||
of the Legion of Doom. Based in part on that statement, the Secret
|
||
Service and BellSouth were able to further their investigation into
|
||
the identities and illegal acts of other members of the Legion of
|
||
Doom.
|
||
|
||
2. May 23, 1990 - Defendant Riggs met with Chicago
|
||
Assistant United States Attorneys and the undersigned counsel to
|
||
discuss the case generally and the activities of other Legion of
|
||
Doom members. Mr. Riggs provided helpful leads in pursuing other
|
||
hackers.
|
||
|
||
|
||
3. July 17, 1990 - Riggs met again with two Assistant
|
||
United States Attorneys from Chicago who were in Atlanta and spent
|
||
several hours discussing the prosecution of Craig Neidorf and
|
||
related computer hacker matters. The prosecutors found Mr. Riggs'
|
||
statements very helpful.
|
||
|
||
4. July 1990 - Riggs traveled to Chicago and was there
|
||
for several days before his testimony in that case. The testimony
|
||
|
||
- 16 -
|
||
|
||
was somewhat helpful, though the prosecutors felt defendant Riggs
|
||
was holding back and not being as open as he had been in the
|
||
earlier meeting.
|
||
|
||
5. August 8, 1990 - Riggs met in the Atlanta field
|
||
office of the Secret Service agents, BellSouth representatives, and
|
||
other investigators from around the country. The meeting lasted
|
||
roughly 5 hours. According to Special Agent William Gleason, Riggs
|
||
was less forthcoming than either Darden or Grant and seemed to have
|
||
more of a problem recalling details. He did, however, provide some
|
||
helpful information.
|
||
|
||
|
||
6. October 13, 1990 - Riggs traveled to Detroit,
|
||
Michigan to meet with investigators and the prosecutor there
|
||
regarding the activities of a fellow member of the Legion of Doom.
|
||
He also testified before the grand jury. According to Assistant
|
||
United States Attorney David Debold, Riggs was helpful, but Mr.
|
||
Debold had a difficult time prying information from Riggs without
|
||
asking very specific questions. Mr. Debold said he did not know
|
||
whether Riggs was evasive or simply quiet.
|
||
|
||
Defendant Riggs strikes the undersigned counsel as an
|
||
unusually quiet and pensive person. Throughout the investigation,
|
||
he has been cooperative, but because of his nature, he sometimes
|
||
comes across as uninterested and evasive. The bottom line is that
|
||
he provided helpful information that furthered several
|
||
investigations around the country, though his assistance was not
|
||
as substantial as that of Grant and Darden; hence the
|
||
recommendation of only a two-level departure.
|
||
|
||
- 17 -
|
||
|
||
V. _DEFENDANTS' MOTIVATION_
|
||
|
||
All three defendants belonged to the self-proclaimed elite
|
||
group of hackers called Legion of Doom. As described in _Exhibit_
|
||
_A_, 15 members of this group lived in cities throughout the country
|
||
and used personal computers and modems to break into a host of
|
||
other computer systems. Their main motivation: To obtain power
|
||
through information and intimidation. Basically, they wanted to
|
||
own "Ma Bell."
|
||
|
||
In their quest for power, the defendants and other LOD members
|
||
in the group fixated on the telephone industry for two reasons.
|
||
First, the telephone industry has one of the most complicated and
|
||
challenging computer systems in the world. Second, telephones link
|
||
all computers throughout the world to each other and a mastery of
|
||
the telephone system would allow the defendants to break into
|
||
computer systems virtually anywhere. The defendants and other LOD
|
||
members engaged in an arcane game of technological one-upmanship.
|
||
Whoever could break into the most systems and steal the most
|
||
information would be considered the superior hacker. For instance,
|
||
LOD members were designated at certain levels (e.g., The Urvile,
|
||
Level 8) to reflect their degree of expertise.
|
||
|
||
Once the defendants figured out how to master a computer
|
||
system, they would often assert their bragging rights by
|
||
documenting their methods of break-ins and sharing the information
|
||
with hackers around the country. Although each defendant claims
|
||
to have carefully restricted access to the information, there could
|
||
be no realistic safeguards. From the start, the information was
|
||
|
||
- 18 -
|
||
|
||
stolen and, by definition, no longer safeguarded. Moreover, the
|
||
defendants commonly made the information available to all hackers
|
||
who happened to access the computer bulletin board service they
|
||
were using. A case in point is John Doe of Indiana who stole the
|
||
approximately $10,000 by using information provided by the
|
||
defendants.
|
||
|
||
In essence, stolen information equalled power, and by that
|
||
definition, all three defendants were becoming frighteningly
|
||
powerful.
|
||
|
||
VI. _THE GOVERNMENT'S RECOMMENDATION AND THE NEED TO SEND A MESSAGE_
|
||
_TO THE COMMUNITY_
|
||
|
||
Computer hackers around the country are closely following the
|
||
outcome of this case in light of the probated sentence of the last
|
||
federally prosecuted adult criminal hacker, Rober Morris, Jr.
|
||
Any sentence that does not include incarceration would send the
|
||
wrong message to the hacking community; that is, that breaking into
|
||
computer systems and stealing information is not really a crime.
|
||
|
||
As the Court may recall, Mr. Morris created a computer virus
|
||
which began multiplying out of control and infected hundreds of
|
||
computers around the country. The case garnered national attention
|
||
because it was one of the first computer fraud prosecutions to
|
||
focus the public's eye on the very real dangers of computer
|
||
hacking.
|
||
|
||
Computer bulletin board services (BBS's) around the country
|
||
were buzzing about the _Morris_ case. For instance, two printout
|
||
pages of one BBS, filed separately as _Government Exhibit E_, will
|
||
|
||
- 19 -
|
||
|
||
give the Court an idea of how closely hackers follow these matters.
|
||
A hacker named The Mentor noted that if Morris was sentenced to do
|
||
time, "it'll be a *very* bad precedent." Another hacker, Eric
|
||
Bloodaxe, responded "Hell, maybe it IS time to start doing all the
|
||
terrible things I always had the capabilities to do..." A hacker
|
||
named Ravage commented that he heard the prosecution had had a hard
|
||
time showing Morris' malicious intent and noted that if that was
|
||
true, "I doubt he will get any time. Probably a fine, community
|
||
service, or probated time." The Urvile (the hacker name used by
|
||
defendant Grant) aid, "The virus will hurt us (the hacking
|
||
community) a tremendous among in the future." He went on to say
|
||
that "even if the courts are lax on him (orris), which is the only
|
||
silver lining i can think of, then security on all systems is going
|
||
to increase. we don't need that. not one bit."
|
||
|
||
The government does not have ready access to any printouts
|
||
from BBS's following the Morris sentencing, thought hackers and
|
||
computer experts recall general hacker jubilation when the judge
|
||
imposed a probated sentence. Clearly, the sentence had little
|
||
effect on defendants Grant, Riggs, and Darden.
|
||
|
||
The undersigned counsel met with each of the three defendants,
|
||
and all three have been very cooperative and remorseful. The
|
||
defendants, however, have literally caused BellSouth millions of
|
||
dollars in expenses by their actions. Moreover, they knew
|
||
throughout their hacking activities that they were engaging in
|
||
illegal conduct as they broke into untold numbers of telephone and
|
||
non-telephone computer systems. Because of that conduct and the
|
||
|
||
- 20 -
|
||
|
||
message that the hackers around the country need to hear, the
|
||
government strongly urges this Court to include incarceration as
|
||
part of the sentence. The government will make a more specific
|
||
recommendation at the time of sentencing.
|
||
|
||
|
||
Respectfully submitted,
|
||
|
||
JOE D. WHITLEY
|
||
UNITED STATES ATTORNEY
|
||
|
||
|
||
KENT B. ALEXANDER
|
||
ASSISTANT UNITED STATES ATTORNEY
|
||
1800 United States Courthouse
|
||
75 Spring Street, S.W.
|
||
Atlanta, Georgia 30335
|
||
|
||
Georgia Bar No. 008893
|
||
|
||
|
||
- 21 -
|
||
|
||
********************************************************************
|
||
|
||
------------------------------
|
||
|
||
**END OF CuD #2.16**
|
||
********************************************************************
|
||
|
||
|
||
|