informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/CUD/cud0326.txt

792 lines
40 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Computer Underground Digest--Thu Jul 18 17:22:30 CDT 1991 (Vol #3.26)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Contents of Issue 3.26, July 27, 1991:
File 1: Moderators' Corner
File 2: The Vajk-Spaf-Leichter dialogue continues......
File 3: The TERMINUS of Len Rose
File 4: "Computer Crime" paper by Brian Peretti available
File 5: Doc Savage Sentenced (NEWSBYTES Reprint)
File 6: CompuServe Responds to Policy and Operations Questions
Administratia:
ARCHIVISTS: ROB KRAUSE, BOB KUSUMOTO, AND BRENDAN KEHOE
CuD is available via electronic mail at no cost. Printed copies are
available by subscription. Single copies are available for the costs
of reproduction and mailing.
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, by FidoNet file request from 1:100/345,
on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp
from ftp.cs.widener.edu, chsun1.uchicago.edu, and
dagon.acc.stolaf.edu. To use the U. of Chicago email server, send
mail with the subject "help" (without the quotes) to
archive-server@chsun1.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: July 18, 1991
From: "The Moderataors" <tk0jut2@MVS.CSO.NIU.EDU>
Subject: File 1-- Moderators' Corner
NEW CuD FORMAT: The responses to the new format have been
overwhelmingly favorable, so it will replace the old format. Thanks
to Gene Spafford who provided us with a digest maker that we hope to
have working soon.
READING THE NEW FORMAT: Usenet readers should soon be able to read CuD
as individual messages, making replies easier (thanks to Chip
Rosenthal). Those who get it as "mail" on Unix system can break the
single file up into individual files (depending on the system and
what's set up on it) with "burst" or, the easiest, with "inc". Those
receiving CuD on an IBM-type machine appear limited to a large file,
but if anybody has suggests on how to burst on VMS, pass them along.
MA/PHD THESES AND DISSERTATIONS: We're compiling a list of anybody
currently working on a thesis or dissertation on computer culture,
computer crime, or other related topics. If you, or somebody you know,
is doing this, please pass along the names and snail-mail and email
address. This includes international researchers as well as those in
North America.
LEN ROSE: Len Rose began his prison term in North Carolina this month.
Barring surprises, he should be out next May. He could use some
"cheery" mail. His address is:
LEN ROSE
FEDERAL PRISON CAMP
SEYMOUR JOHNSON AFB
CALLER BOX 8004
GOLDSBORO, NC 27531-5000
------------------------------
Date: Mon, 15 Jul 91 02:21:46 CDT
From: "William Vajk (igloo)" <learn@GARGOYLE.UCHICAGO.EDU>
Subject: File 2-- The Vajk-Spaf-Leichter dialogue continues......
More Questions....
====================
I have read Jerry Leichter's response in CuD 3.24, and have received
mail from Thomas Klotzbach which has also been submitted by him for
publication in CuD.
As a direct result of the issues raised by these two gentlemen, I
spent the better part of a day in one of the law libraries provided by
Cook County, Illinois, for use by the public. Instead of having
answers, the review of copyright laws in 17 USC only created more new
questions, which I'll address another time in yet another article.
Briefly stated, copyright laws do the best job of protecting tangible
goods wherein the expression constitutes the primary value. In other
cases where a visual rendition is possible but does not represent the
real value of the object, as with musical scores, the public
production rights also glean protection, but the primary purpose is to
preclude unauthorized reproduction of tangible medium versions.
It would seem that copyright protections for source code, as in UNIX
source code, is rather minimal. Indeed, rereading the Rose indictment
from Maryland and the plea bargain, copyright is never mentioned. In
detail, the Rose case becomes further complicated in that he received
the code from a bailee.
Klotzbach is correct in one comment that there are criminal aspects to
copyright violations. They fall, however, in a particularly narrow
range, requiring willful action AND profit motive on part of the
miscreant. If you don't sell it, copyright law isn't applicable to
prosecution as a criminal.
I was unable to discover the exact requirements currently mandate for
deposit of software in order to support a copyright. The Rose
indictment calls the source code "confidential and proprietary." It is
confidential in an AT&T security employee's dream, and that's about
the extent. Leichter suggests that AT&T could claim to have never
published the source code. This would be true if sale or offer to sell
were a requirement. 17 USC addresses these issues with the term "vend"
instead of "sell." The source code we're talking about has been
published all right, and is in no way entitled to a "trade secret"
status.
Leichter defends the errors made by law enforcement, stipulating that
they have to learn how to deal with computer crime. Agreed, in
principle, but not in detail. The problems I am addressing have to do
with the general approach law enforcement seems to be taking to
solving all crime these days. The Constitution hasn't changed
recently. Essentially the same rules have applied to investigations.
What does an officer have to learn about computer criminality in order
to keep him from kicking in two doors because some law abiding
individual tried to get into a bbs that was no longer a bbs ? What
does he have to be taught in order to have the patience necessary to
simply wait for the guy to get home from work, and ask a few questions
? We are seeing some of the fallout from our permissiveness regarding
RICO.
These issues have nothing to do with computer criminality as opposed
to using sensible investigative techniques. Are we in an age where
we've been subjected to so many shoot-em-up cops versus the bad guys
TV shows that people here on usenet, among the best educated, most
sensible souls in the US, can accept kicking in doors and summary
confiscation of personal property as a valid and reasonable outcome
from calling the wrong phone number a few times ?
We have a nation which based its laws on personal freedoms and rights
before any other consideration. Let's please try to remember the
importance of this simple philosophy.
CuD 3.25 arrived as I was finishing this article. A couple of points
for Gene Spafford to contemplate come to mind. He asks why it is that
I criticize him personally. The answer is simple. The way the articles
by Spafford have been written, it is impossible to separate the
concepts from the man. His style is the same in Communications of the
ACM. Interestingly, I have been criticized by him exactly in the same
way as he complained regarding my statements about him. I expected it.
I suppose Spafford didn't. These opinions are pretty personal. They
can hardly be discussed at arm's length. It is not any more remote to
ask if readers find statements hypocritical, or the individual (see
Spafford's comments in referenced CuD.) I am not insulted by
Spafford's opinion. He holds it, he's entitled to it, I won't argue
the point. (Where do you cut notches, Spaf? :-)
Spafford asks a direct question of me to which I am happy to reply:
> If Joe Random were to shoot someone in front of witnesses, he would
> be innocent under the law until a jury returned a verdict in a trial,
> but he would NOT be innocent of the act. Would any witness to the
> crime, or anyone who spoke to the witness, then be equally condemned
> by Mr. Vajk for saying "Joe was not innocent of murder" before the
> conclusion of the trial?
Yes.
A witness can justly say "I saw him shoot the guy." A person who spoke
to a witness might reasonably say "He said he saw Joe Random shoot the
guy." Anyone can say "I believe Joe is guilty" and still be fair and
reasonable. But to state someone IS guilty is the duty of the jury
(or judge.) We, all of us, have reserved that right to the judicial
process. I cannot fathom why anyone would be inclined to change that
now. When one begins to assume these responsibilities on themselves,
it becomes easy to victimize even individuals who haven't been charged
with crimes by painting them with a wide black brush of presumed
guilt. We've seen it happen, right here on this network. It has also
been called the tyranny imposed by the self-righteous.
And finally:
> ...one cannot champion free speech without also embracing the responsibility
> to to respect others who choose to exercise that right -- disagreement with
> views should not become contempt for people who (appear to) espouse them.
Of course it is possible to respect another's right to freedom of
expression while holding them in contempt. I respect the rights of
Nazis to march in Skokie. If asked to testify regarding their rights,
I would most likely state that 'I believe this swill must be permitted
to march. Please issue the necessary permits.' I certainly will never
respect them in any way.
I don't, however, see anything hypocritical about respecting some
particular individual for some aspects regarding them, and detest
other aspects concurrently. Most of us aren't particularly narrow.
------------------------------
Date: Tue, 09 Jul 91 21:28:26 CDT
From: "Craig Neidorf" <C483307@UMCVMB.BITNET>
Subject: File 3-- The TERMINUS of Len Rose
The TERMINUS of LEN ROSE
by Craig Neidorf
(kl@stormking.com)
(Adapted from 2600 Magazine, Spring 1990)
As most readers of 2600 Magazine and Computer Underground Digest
should know, I am Knight Lightning, and I used to be the editor and
publisher of Phrack, a magazine similar to 2600, but not available in
a hardcopy format. In my capacity as editor and publisher I often
received text files and other articles submitted for publication.
Actually, this is how the majority of the material found in Phrack was
acquired. Outside of articles written by Taran King or myself, there
was no staff, merely a loose, unorganized group of free-lancers who
sent us material from time-to-time.
One such free-lance writer was Len Rose, known to some as
Terminus. To the best of my knowledge at the time, Len was a Unix
consultant who ran his own system on UUCP called Netsys. Netsys was a
major electronic mail station for messages passing through UUCP.
Terminus was no stranger to Phrack. Taran King had interviewed him
for Phrack Pro-Phile 10, found in Phrack's fourteenth issue.
Prior to the end of 1988, I had very little contact with Terminus
and we were reintroduced when he contacted me through the Internet.
He was very excited that Phrack still existed over the course of the
years and he wanted to send us an article. However, Len was a
professional Unix consultant, holding contracts with major
corporations and organizations across the country and quite reasonably
(given the corporate mentality) he assumed that these companies would
not understand his involvement with Phrack. Nevertheless, he did send
Phrack an article back in 1988. It was a computer program actually
that was called "Yet Another File on Hacking Unix" and the name on the
file was >Unknown User<, adopted from the anonymous posting feature of
the once famous Metal Shop Private bulletin board.
The file itself was a password cracking program. Such programs
were then and are still today publicly available intentionally so that
system managers can run them against their own password files in order
"An example is the password cracker in COPS, a package
that checks a Unix system for different types of
vulnerabilities. The complete package can be obtained
by anonymous FTP from ftp.uu.net. Like the password
cracker published in Phrack, the COPS cracker checks
whether any of the words in an on-line dictionary
correspond to a password in the password file."
(Dorothy Denning, Communications of the ACM,
March 1991, p. 28)
Perhaps if more people used them, we would not have incidents
like the Robert Morris Worm, Cliff Stoll's KGB agents, or the
recent crisis involving system intruders from the Netherlands.
Time passed and eventually we come to January 1990. At some
point during the first week or two of the new year, I briefly logged
on to my account on the VM mainframe on the University of
Missouri-Columbia and saw that I had received electronic mail from Len
Rose. There was a brief letter followed by some sort of program.
From the text I saw that the program was Unix-based, an operating
system I was virtually unfamiliar with at the time. I did not
understand the significance of the file or why Len had sent it to me,
however, since I was logged in remotely from St. Louis, I decided to
let it sit until I arrived back at school a few days later. In the
meantime I had noticed some copyright markings on the file and sent a
letter to a friend at Bellcore Security asking about the legalities in
having or publishing such material. As it turns out this file was
never published in Phrack.
Although Taran King and I had already decided not to publish this
file, other events made sure that our decision was mandatory. Upon
returning to University of Missouri-Columbia (for the new semester) on
January 12, 1990, we discovered that all access to our accounts on the
mainframe of the University of Missouri had been revoked without
explanation. On January 18, 1990 I was visited by the U.S. Secret
Service for reasons unrelated to the Unix program Len Rose had sent.
That same day under obligation from a subpoena issued by a Federal
District Court judge, the University turned over all files from my
mainframe account to the U.S. Secret Service including the Unix file.
Included below is the text portion of that file:
"Here is a specialized login for System V 3.2 sites.
I presume that any competent person can get it working
on other levels of System V. It took me about 10
minutes to make the changes and longer to write the
README file and this bit of mail."
"It comes from original AT&T SVR3.2 sources, so it's
definitely now something you wish to get caught with.
As people will probably tell you, it was originally
part of the port to an AT&T 3B2 system. Just so that
I can head off any complaints, tell them I also
compiled it with a minimal change on a 386 running AT&T
Unix System V 3.2 (they'll have to fiddle with some
defines, quite simple to do). Any changes I made are
bracketed with comments, so if they run into something
terrible tell them to blame AT&T and not me."
"I will get my hands on some Berkeley 4.3 code and do
the same thing if you like (it's easy of course)."
In the text of the program it also reads:
"WARNING: This is AT&T proprietary source code. Do
NOT get caught with it."
and;
" Copyright (c) 1984 AT&T
All Rights Reserved
* THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T *
* The copyright notice above does not evidence any *
* actual or intended publication of such source code. *"
As it turned out the program that Len Rose had sent was
modified to be a Trojan horse program that could capture accounts
and passwords, saving them into a file that could later be
retrieved. However, knowing how to write a Trojan horse login
program is no secret. For example;
"such programs have been published in The Cuckoo's Egg
by Clifford Stoll and an article by Grampp and Morris.
Also in his ACM turing lecture, Ken Thompson, one of
the Bell Labs coauthors of Unix, explained how to
create a powerful Trojan horse that would allow its
author to log onto any account with either the password
assigned to the account or a password chosen by the
author."(Dorothy Denning, Communications of the ACM,
March 1991, p. 29-30)
Between the Unix 3.2 source code, the Unix password cracking
file, and the added fact that Terminus was a subscriber to
Phrack, Len Rose was raided by the United States Secret Service
(including SSA Tim Foley who was the case agent in U.S. v.
Neidorf) at his Middletown, Maryland home on February 1, 1990.
The actual search on his home was another atrocity in and of
itself.
"For five hours, the agents -- along with two Bellcore
employees -- confined <Len> Rose to his bedroom for
questioning and the computer consultant's wide, Sun,
in another room while they searched the house.
The agents seized enough computers, documents, and
personal effects -- including Army medals, Sun Rose's
personal phone book, and sets of keys to their house
-- to fill a 14-page list in a pending court case."
(No Kid Gloves For The Accused, Unix Today!,
June 11, 1990, page 1)
It was also reported that the agents did serious damage to
the physical house itself. Len was left without the computers
that belonged to him and that he desperately needed to support
himself and his family financially. Essentially Len went into
bankruptcy and furthermore now he was blacklisted by AT&T.
This culminated in a May 15, 1990 indictment of Len Rose at
age 31. There were five counts charging Len with violations of
the 1986 Computer Fraud and Abuse Act and Wire Fraud. The total
maximum penalty he faced was 32 years in prison and fines of
$950,000. Furthermore, the U.S. Attorney's office in Baltimore
insisted that Len was a member of the Legion of Doom, a claim
that Len and known LOD members have consistently denied. It did
finally become clear that Terminus was not a member.
This was just the beginning of another long saga of bad luck
for Len Rose. He had no real lawyer, he had no money, and he had
no job. Furthermore, Len suffered a broken leg after rescuing
his son during a camping trip.
Eventually Len found work with a company in Naperville,
Illinois (DuPage County <Chicago suburbs>) with a Unix consulting
firm called InterActive and he had a new lawyer named Jane Macht.
The future began to look a little brighter temporarily. The
problem was that within a week InterActive was making claims that Len
had copied Unix source code from them. Illinois State Police and SSA
Tim Foley (what is HE doing here!?) came to Len's new home and took
him away. In addition to the five count indictment in Baltimore, now
Len was facing criminal charges from the State of Illinois. It was at
this point, attorney Sheldon T. Zenner, who had successfully defended
me took on the responsibility of defending Len against the state
charges.
Len's spin of bad luck was not over yet. Assistant U.S. Attorney
William Cook in Chicago wanted a piece of the action, in part perhaps
to redeem himself from his highly publicized defeat in U.S. v.
Neidorf. A third possible indictment for Len seemed inevitable. In
fact, there were statements made that I personally was to have been
subpoenaed to testify before the grand jury about Len, but this never
took place.
As time passed and court dates kept being delayed, Len was barely
surviving; running out of money and options. His wife wanted to leave
him and take away his children, he could not find work, he was looking
at two serious indictments for sure, and a possible third, and he just
could not take it any longer.
Len's legal arguments were strong in many respects and it is
widely believed that if he had fought the charges that he may very
well have been able to prove his innocence. Unfortunately, the pile
up of multiple indictments, in a legal system that defines justice in
terms of how much money you can afford to spend defending yourself,
took its toll. The U.S. Attorney in Baltimore did not want to try the
case and they offered Len a deal, part of which was that Assistant
U.S. Attorney Cook got something as well. Len would agree to plead
guilty to two wire fraud charges, one in Baltimore, one in Chicago.
The U.S. Attorney's office would offer a recommendation of a prison
sentence of 10 months, the State of Illinois would drop it's charges,
and Len would eventually get his computer equipment back.
In the weeks prior to accepting this decision I often spoke with
Len, pleading with him to fight based on the principles and importance
of the issues, no matter what the costs. However, I was blinded by
idealism while Len still had to face the reality.
Len Rose was sentenced in June and began serving his time on July
10, 1990. He got his computer equipment back, but only under the
agreement that he sell all of it.
United States v. Rose was not a case about illegal intrusion into
other people's computers. Despite this the Secret Service and AT&T
called his case a prime example of a hacker conspiracy. In reality it
was only an example of blind justice and corporate power. Like many
criminal cases of this type, it is all a question of how much justice
can a defendant afford -- How much of this type of *injustice* can the
American public afford?
-- -- -- -- --
A Few Words About Law Enforcement and the Len Rose case...
As a person who has been involved with the legal process
repeatedly over the last couple of years I have learned and
discovered some of the realities behind the rumors and the myths.
In the Spring 1991 issue 2600, I authored an article titled "The
Terminus of Len Rose" and unfortunately the meaning behind the
article was lost on some of the readers whom I admire greatly.
Through my unique experiences at meetings like the 13th
Annual National Computer Security Conference in Washington D.C. and
the first conference on Computers, Freedom, & Privacy in San
Francisco, I have come into contact and had discussions with both the
people who help create the laws as well as those who actively enforce
them. I have learned a lot about what actually takes place behind the
scenes and why. More than anything else, I discovered that my views
on several issues were not so very far from theirs and they taught me
why certain realities were so. What they said made sense and I
realized that I was indeed wrong about some issues and situations. I
was even more wrong in my expectations of the individuals themselves.
These people are decent folks just like you and me. Despite the
highly publicized incidents of the past couple of years, the vast
majority of these people are not out there trying to destroy someone's
life just to make a name for themselves or to put a notch on their
desk. They believe in their work like a sacred religious mission. At
the same time they have families, hobbies, like to go to the movies,
play video games, take vacations during the holidays, and everything
else.
In the article about Len Rose, I did not intend to imply that the
prosecution or the prosecutors were malicious (although the frantic
raid on Len's house may have been a bit out of order), but rather that
the legal process itself can be a difficult road for a non-wealthy
defendant to travel, especially when faced with many indictments at
once. Len Rose was never charged with actually breaking into a
computer, but he was called a hacker (under the negative definition)
just the same. That is not fair. I believe that the prosecutors
acted in the way they thought best and were not out to deny Rose of
his constitutional rights, but the issues of law and computers that
clashed here make things confusing for everyone including myself.
The fact of the matter is that the system does have flaws in it
which arise and are corrected over time. These flaws arose in my own
case and cost me dearly until the system caught its flaw and corrected
itself. I am not here to tell you that Len Rose was a saint or that
he did not do anything wrong. Indeed in the past month I have heard
complaints from several people about bad business deals with Len and
mishaps concerning stolen computer equipment. I don't know all of the
details behind those allegations and considering where Len is today,
those questions are moot. I must admit that Len's transportation of
Unix source code strikes me as a form of copyright infringement or
perhaps software piracy, but Rose did not even make an attempt to
profit financially from this venture. The value of what he actually
transported and his guilt or innocence of these statutes was never put
to the test because the prosecution did not seek to use these more
appropriate statutes concerning piracy or copyright infringement. I
still wonder why.
While I believe that the prosecutors involved with his case are
honest, hardworking, and highly motivated people, it strikes me as
being overly harsh to see a very bright, non-violent offender who did
not even commit a crime for money go to prison when his formidable
talents could have been put to good use elsewhere.
In conclusion I think there may be a rare bad apple mucking up
the legal process from time to time, but it is my firm belief that the
prosecutors and law enforcement officials in our system overall are
dedicated to doing the right thing and going after offenders that they
truly believe to be committing real crimes. Up to this point I've
only been able to watch and learn about their work from an outsider's
viewpoint, but one day I may be interested in participating from their
perspective. As a group in general, the law enforcement community has
earned my respect and appreciation.
------------------------------
Date: July 28, 1991
From: "The Moderataors" <tk0jut2@MVS.CSO.NIU.EDU>
Subject: File 4-- "Computer Crime" paper by Brian Peretti available
Brian J. Peretti has finished the latest draft of his paper:
"Computer Crime: Current Practices, Problems and Proposed Solutions".
Here is a brief excerpt from the introduction. The complete paper is
available in the CuD ftp sites.
++++++++++++++++++
Within recent years, computer crime has become a
preoccupation with law enforcement officials. In California, a
group of West German hackers using phone lines and satellite
hookups, gained unauthorized access into civilian and military
computers and stole sensitive documents that were sold to the
Soviet Union. A young New York programmer broke into a
Washington computer to run a program that he could not run from his
personal computer. After Southeastern Bell Stated that a document
published in an electronic publication was valued at more than
$75,000 the publisher was arrested and brought to trial before the
discovery that the document could be publicly bought from the
company for $12.6 The Chaos Computer Club, a Hamburg, Germany,
club, went into government computers and access information
and gave it to reporters. In May, 1988, the United States government
launched Operation Sun Devil, which lead to the seizure of 23,000
computer disks and 40 computers. In addition, poor police
performance has also been blamed on computers.
Since its creation, the computer has become increasing important
in society. The law, as in the past, has not been able to evolve
as quickly as the rapidly expanding technology. This lack
of movement on the part of governments shows a lack of understanding
with the area. The need to create a comprehensive regulation or
code of ethics has become increasing necessary.
Due to the nature of computer systems and their
transnational connections through telephone lines, an
individual state's action will only stop the problems associated with
computer crime if many states join together. The patchwork of
legislation that exists covers only a small part of the problem.
To adequately address computer crime, greater efforts must be
made within the computer community to discourage unauthorized
computer access, countries must strengthen and
co-ordinated their computer related laws, as well as proper
enforcement mechanism created, computer program copyright laws be
enhanced and computer systems should be created to allow those who
wish to explore computer systems which will not disrupt the users of
computer systems.
This paper will first set out a definition of computer crime and why
laws or regulation by the computer community must be created.
Section II will then discuss the United States law concerning
computer crime and why it needs to be strengthened. Section III
will discuss the proposed Israeli computer crime bill, Britain's
Computer Misuse Act and Ghana's proposed law. Section IV will
discuss what can be done by both the government and computer owners
and users to make computer crime less possible.
<The rest is available from the CuD ftp archives>
------------------------------
Date: July 28, 1991
From: "The Moderataors" <tk0jut2@MVS.CSO.NIU.EDU>
Subject: File 5-- Doc Savage Sentenced (NEWSBYTES Reprint)
(Moderators' Note: Readers should note well the final paragraphs of
this article. It is the first case that we're aware of in which the
prosecutor opposed the judges intention to imprison. Gail Thackeray's
arguments against incarceration are compelling and productive. Sadly,
such logic is the exception and not the rule, but perhaps her example
will spread).
SUNDEVIL DEFENDANT "DOC SAVAGE" SENTENCED 7/17/91
PHOENIX, ARIZONA, U.S.A., 1991 JUL 17(NB) -- The Maricopa County
Arizona County Attorney's Office has announced the sentencing Baron
Majette, 20 , also known as "Doc Savage", for computer-related crimes
uncovered in the joint federal / state investigation known as
"Sundevil".
Majette was arrested on March 27th of this year and charged with a
number of felony charges relating to unauthorized use of telephone
facilities of Toys 'R Us to make calls worth approximately $8,000,
illegal access of TRW's credit data base and use of information
obtained therein to obtain in excess of $50,000 in cash, goods, and
services, and stealing of credit cards from U.S. Mail boxes and use of
the cards to obtain approximately $10,000 in cash, goods and services.
If convicted of the charges, Majette faced a possible jail sentence of
15 years and the requirement to make restitution for the full amount
of the alleged losses endured by the firms and individuals.
In late May, Majette pleaded guilty to an amended charge of a single
count of computer fraud, felony third degree. The reduced charge was a
result of an agreement between Mark Berardoni, the public defender
assigned to Majette; Janet Black, Majette's probation officer and the
Maricopa County Arizona County Attorney's Office. Under the reduced
charges, Majette's maximum term of incarceration was reduced from the
aforementioned 15 years to 5.
On July 16th, when the actual sentence was to be imposed, a further
agreement between the prosecution, defense and parole service was
presented to the presiding judge, Justice Gottsfield, and, after
discussion, became the actual sentence. The court decision imposed the
following:
-- Majette will remain in jail for up to two months while he awaits
placement in a "Shock Incarceration" program (Majette has been in jail
since his March 27th arrest because of parole violation related to an
earlier crime). Assistant County Attorney Gail Thackeray told
Newsbytes that Shock Incarceration is a 120 day program which
"provides both intensive counseling and military-like discipline and
exercise."
-- Upon his release from Shock Incarceration, Majette will enter a 5
year period of "intensive probation". Under Arizona procedures, the
subject must provide the probation officer, on a weekly basis, a
schedule for the next week's activities. In the event that the
schedule has to be modified in any way, the probation office must be
called before the new schedule is acted on.
-- During the time of intensive probation, the probation officer may
visit or call the subject at any time of day or night to insure
compliance with the schedule.
-- If, at some point after a year of intensive probation, the
probation officer feels that the subject has followed the rules and
shown that intensive procedure is no longer warranted, the subject and
probation officer may recommend to the sentencing judge that the
subject be transferred to normal probation. In normal probation, the
subject advises the officer weekly of progress and problems. There is
not the hovering presence felt in intensive probation, according to
Thackeray. Additionally, the subject may be released from any form of
probation at the petition of the probation office and subject and
approval, after hearing, of the sentencing judge.
-- If, on the other hand, Majette violates the terms of his probation,
he is liable for incarceration in prison for the remainder of his
probationary period.
-- Majette was also ordered to make restitution to the parties
victimized by his activities by paying a sum of $19,774.03 to those
involved. The sum is to be paid on a monthly basis over the course of
his sentence. Additionally, he was ordered to make payments to help
defray the cost of his probationary supervision.
Under the terms of his probation, Majette is subject to the following
conditions said by Thackeray to be unique to his type of offense:
-- He may not use any computer connected to a modem or communications
network without the prior permission of his probation officer.
In the event that he takes a job that brings him into contact with
computer activities, he must notify someone in the employer's office
of the restrictions on his computer use and must discuss the planned
activities with his probation officer.
-- He is not to communicate or associate with "members of the computer
underground" (defined as persons such as those known to have or
reasonably believed to have been involved in theft of communications
services, computer fraud or related activities). In the event that any
such individuals contact him, he must report the contact to his
probation officer (According to Thackeray, this stipulation is
intended for Majette' s protection -- "In the event that the
contacting party is investigated or arrested and phone records show a
call to Majette, his notification to his probation officer of the call
will stand as proof that he was not involved in any conspiracy with the
other individual. His notification responsibility in no way requires
him to cooperate with authorities in the location or apprehension of
another individual and such cooperation is neither expected nor
desired.").
Transcripts of the sentencing hearing reportedly show that it was the
intention of Judge Gottsfield to sentence Majette to a straight five
years in prison but was dissuaded by the combined recommendations of
the prosecution, defense and probation office. Thackeray explained to
Newsbytes the rationale of the prosecution in recommending a lighter
sentence -- "Usually computer hackers who get into trouble for
activities of this nature are kids or young adults who are not the
type to be in trouble for any other criminal activities. The point of
sentencing in these cases should be rehabilitation. If we can break
the pattern of illegal behavior, society will benefit from Majette's
participation. If we simply locked him up for 5 years, neither he nor
society would benefit."
(Barbara E. McMullen & John F. McMullen/19910717)
------------------------------
Date: 02 Jul 91 19:15:10 EDT
From: "76012,300 Brad Hicks" <76012.300@COMPUSERVE.COM>
Subject: File 6-- CompuServe Responds to Policy and Operations Questions
Attn: Computer Underground Digest
In TELECOM Digest #11.507, John Higdon writes:
> If I really am responsible for every article and pass-through
> e-mail message that writes to my disk drive, then I lack the
> facilities (mostly manpower) to remain an intermediate UUCP site.
John, in every meeting of four or more sysops I have been at in the
last three years, I have heard this one argued. I have submitted this
exact question to maybe a half-dozen lawyers. The only thing that ALL
agreed upon was that until we have three or more cases prosecuted in
the federal courts, no one knows whether you are liable or not.
Mike Godwin, the EFF's attorney, told a bunch of us that he's been
researching this exact question for most of a year, and so far it
comes down to three broad categories:
(1) ENTIRELY PRIVATE, ONE-TO-ONE MAIL
Covered by the Electronic Communications Privacy Act. Sysop/sysadmin
is not liable for content; may read for technical reasons such as to
check service; may not disclose to anyone for any reason without a
court order. (Aside: Since the search warrant at Steve Jackson Games
said nothing about third-party mail, in the seizure of Illuminati BBS
the aptly-acronymed SS almost certainly violated ECPA over this very
issue.)
(2) ENTIRELY PUBLIC MAIL ON ONLY ONE SYSTEM (local BBS messages)
Only limited case law, but it does appear that the sysop is liable in
general. More cases or new laws will be necessary to determine WHEN
the sysop becomes liable ... e.g., if somebody posts a Sprint access
number on your BBS, you are definitely liable if it is still there a
month later. But what about the next day? An hour later? Five
seconds later? Nobody knows until the lawyers fight it out. Godwin
thinks it comes down to "if the sysop could reasonably have known
about it"--and then some poor ignorant bunch of jurors will get to
decide how often a "resonable sysop" checks his mail.
(3) WIDELY-DISTRIBUTED PUBLIC MAIL (newsgroups, echomail, mail lists,
etc.)
No readily applicable law. No CLEAR precedent ... but the few
half-precedents, taken from the world of ham packet-radio repeaters,
suggests that in fact, you are liable for any public message residing
on your system, even if it originated elsewhere. If you allow your
system to forward public messages before you clear them, you may find
yourself charged with moving illegal messages across state lines.
As an ex-sysop of seven years' experience, #3 horrifies and terrifies
me. I almost got caught in this trap myself, when a Dallas TV station
tried to persuade police that as the conference moderator on
MagickNet, I personally was responsible for a message on MagickNet
offering assistance to a man seeking to smuggle his daughter out of
the country so his inlaws couldn't take her away. (Note: message from
someone else, to a third party outside the country, and the hue and
cry arose two days before I even saw the message.)
Maybe common sense will prevail in the courtroom. (And maybe chickens
have teeth.) Maybe Congress will pass clear, reasonable, technically
feasible legislation to clarify the issue and President Bush will sign
it. (And maybe we =can= balance the budget in 1993.) Or maybe the
Rehnquist court will recognize this as an important freedom-of-speech,
freedom-of-association, freedom-of-press issue and grant appropriate
protection. (And maybe we'll find a universally popular solution to
the abortion issue tomorrow after lunch, and everybody will agree to
it.)
------------------------------
************************************
End of Computer Underground Digest #3.26

Reference in New Issue View Git Blame Copy Permalink