informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/CUD/cud0322.txt

818 lines
44 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 3, Issue #3.22 (June 21, 1991) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / / Bob Kusumoto
ARCHMASTER: Brendan Kehoe
+++++ +++++ +++++ +++++ +++++
CONTENTS THIS ISSUE:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: Punishment and Control: Reply to Gene Spafford
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CuD is available via electronic mail at no cost. Hard copies are available
through subscription or single issue requests for the costs of reproduction
and mailing.
USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues of Computer Underground Digest on CompuServe can be found
in these forums:
IBMBBS, DL0 (new uploads) and DL4 (BBS Management)
LAWSIG, DL1 (Computer Law)
TELECOM, DL0 (New Uploads) and DL12 (Electronic Frontier)
Back issues are also available from:
GEnie, PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
(2) cudarch@chsun1.uchicago.edu;
(3) dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission. It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground. Articles are preferred
to short responses. Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Contributors assume all
responsibility for assuring that articles submitted do not
violate copyright protections.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Moderators
Subject: Moderators' Corner
Date: 21 June, 1991
********************************************************************
*** CuD #3.22: File 1 of 3: Moderators Corner ***
********************************************************************
+++++++++++++++++
Three LoD members form Comsec Data Security
+++++++++++++++++
Craig Neidorf sent over the following article announcing the formation
of a security company by three former members of the Legion of Doom.
The new company was not a sudden inspiration, but the result of
considerable research and groundwork prior to the announcement.
According to the partners, the Texas-based companies has already
landed several significant contracts. When asked why anybody should
hire ex-hackers, one commentator responded that security, like
hacking, is just another form of puzzle-solving, and those who can
find the holes are likely to those most-able to close them.
*****
From: TIME Magazine, June 24, 1991, page 13.
AFTER YOU'VE BEAT 'EM -- JOIN 'EM
After infiltrating some of America's most sensitive computer banks,
is there any challenge left for a digital desperado? Only to go legit,
say three former members of the notorious hacker group, the LEGION OF
DOOM, who have quit the outlaw game to start Comsec Data Security. The
Legionnaries claimed an 80% success rate in penetrating computer
networks, and now they want to teach private industry to protect itself
from the next generation of intruders. "You can't put a price tag on the
information we know," says Scott Chasin, a Comsec partner. But they'll
try.
(This article features a color photo of the three founding members:
Erik Bloodaxe, Doc Holiday, and Malefactor.)
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Various
Subject: From the Mailbag
Date: 21 June, 1991
********************************************************************
*** CuD #3.22: File 2 of 3: From the Mailbag ***
********************************************************************
From: an288@CLEVELAND.FREENET.EDU(Mark Hittinger)
Subject: Elaboration and Response to Computer Computing
Date: Sun, 16 Jun 91 14:42:01 -0400
> These are D.W. James main points from his CuD 3.21 message:
1. College computing is still managed by centralized MIS, and in an
unfavorable manner. They aren't dead yet.
2. Centralized MIS has monopolistic control of the use of network
bandwidth.
3. College CC administrations dance to NSF's tune. (he who has the
gold ect)
4. Centralized MIS can arbitrarily stop something if it appears
questionable.
Mark's comment:
(A seasoned MIS type would put extra effort into quietly stopping
anything that a journalist or politician could construe as
questionable! People should not be surprised by this, it is a
standard reflex for a bureaucrat. I mentioned in my article that if
they could not cover up a hacking event that they would exaggerate it
instead. I know it is upsetting when something neat gets quietly
axed, however, think of the damage that is done when the
administrator is forced to exaggerate. They are forced because they
feel a need to protect their job and reputation. We shouldn't really
blame them too much, after all, it will be their red face on the TV
if something in their domain makes the news!)
Here is my response (related to my CuD 3.20 article - renaissance ect)
I could write another article on the network thing by itself. It is
true that computing administrations have moved towards selling
networking as opposed to computing. It is kind of like "Custer's last
stand" or should I say "job".
You know that the demand for bandwidth is growing at a rapid rate. It
is growing far faster than the budget money to fund it. What is the
result of these two factors? First, there are going to be more
network disappointments such as the one mentioned by D.W. James, that
is, the shutdown of various grey area network "services". Second, the
available bandwidth will soon be so clogged as to render the service
unusable. It is kind of like the old timesharing machines. No - I'm
not broadcasting a death-of-usenet or death-of-internet message. I'm
just saying that a squeeze is coming and it might be a good idea to
get out of the way. It is just a natural process that we've seen
before in the timesharing racket. People are transmitting images and
sound now! Its not just ASCII for breakfast any more! Were the
current production networks and hosts designed for this kind of thing?
Our desktop machines (and what we want to do with them) have already
outgrown yesterday's networks.
(So not only do we need a new multi-tasking DOS from Bill, and an
elegant new BOX from Ken, we need a new NET. I was quite pleased
with Apple's recent filing with the FCC for a personal radio net. Be
ready, they are heading in the right direction. Wouldn't it just
kill ya to see Apple make a bunch of money again?)
Technology can come to the rescue in networking too. It is just a
cost issue more than anything else. Centralized computing was created
when individuals could not afford computers. Centralized network
management exists because yesterday's networks are too expensive for
individuals to fund. Today there are alternatives to the network
supplied by your college. You can totally bypass these guys today!
It is just a matter of money and the costs are dropping like a rock.
D.W. James says that MIS isn't dead, however, I argue the clock is
sure ticking fast, and that was one of the points of my initial
article. The case for MIS survival is hopeless. The case for hackers
is that we'd better get busy thinking about what kind of 20 megabit
UHF cellular network software we'll need on our used 50 mip laptop.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: dalton.spence@CANREM.UUCP(Dalton Spence)
Subject: can it happen in canada?
Date: Wed, 5 Jun 1991 20:00:00 -0400
I am new to the electronic frontier, a greenhorn if you will. As a
programmer of midrange IBM systems (S/36 and AS/400) for many years, I
thought, sitting here in Canada, I was more objective about the events
of the last year than most Americans could be. After all, it wasn't
MY constitutional rights that had been threatened (YET). And since
most of my career has been spent working for small software companies,
the idea of unauthorized intruders in the systems I was working with
frightened and repelled me. Fortunately, so far the systems I have
worked on have been isolated from the outside world (much like I have
been), so hackers have not been a problem (YET).
However, I will not become TOO complacent, since the government of
Canada has a history of following the lead of the United States, even
when it would serve us better NOT to. I am worried that the recent
virus infestations of government computers, as described in the
attached article from "Toronto Computes!" magazine (June 3, Vol. 7,
#5, p. 3), may act as a catalyst for a crackdown on Canadian bulletin
boards. Which would be a shame, since I am just getting the hang of
using them.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
VIRUSES INFEST FEDERAL GOVERNMENT
By LAWRENCE BRUNER
Virus infection in computers is growing out of control. They're
doubling once every three months in the federal government, said a
source who asked not to be identified.
She said there have been about 30 cases of virus infection in the last
several months and there will probably be about 60 before the end of
summer.
"We have to do something about it and if we don't we'll be swamped,"
she said.
Viruses have occurred at the department of external affairs, the RCMP,
the Supreme Court and Atomic Energy of Canada Ltd. But the viruses
aren't concentrated in any departments or agencies, occurring randomly
throughout the government, she said.
The viruses range from merely annoying to very damaging. In the
annoying category is a virus that creates an on-screen ping pong ball
about the size of a cursor. The ball bounces up and down the screen,
but doesn't destroy any data. More damaging is the Stoned virus which
freezes the system and displays the message, "Your disk has been
stoned. Legalize marijuana."
In some cases the Stoned virus makes it impossible to reboot the
system without purging all the software and loading back-up programs.
Another virus called Dark Avenger destroys data. Most of the viruses
infiltrate the federal government when a civil servant gets software
from bulletin board systems.
"A civil servant might see some statistic or an article he needs on a
BBS and then downloads it," said the source. One of the viruses was
created by a 14-year-old boy living in Hull, Quebec, Ottawa's twin
city, but most originate in the United States. Viruses are doubling in
the U.S. government every two months, said the source.
"Things are bigger and better there, so more's happening. They have a
bigger population and access to more things."
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: "William Vajk (igloo)" <learn@GARGOYLE.UCHICAGO.EDU>
Date: Sun, 2 Jun 91 18:00:40 CDT
Subject: Punishment and Control: Reply to Gene Spafford
********************************************************************
*** CuD #3.22: File 3 of 3: Punishment and Control ***
********************************************************************
In CUD 3.14, Gene Spafford wrote:
> There is little doubt that law enforcement has sometimes been overzealous
> or based on ignorance. That is especially true as concerns computer-related
> crimes, although it is not unique to that arena.
I am concerned that while computer related interests isn't the only area in
which law enforcement has fallen so far short of the mark as to be noticeable,
it is the basis for one of the first relatively large scale interactions
between law enforcement and middle class. This is the reason for so many of us
noting cases which have acquired a notoriety exceeding past norms where the
investigation involved a lower class. Such treatments have been the usual fare
for the economically disadvantaged, sometimes those culturally distinct (see
the movie _Chinatown_ for an excellent example.) Complaints on their behalf
haven't been nearly as widespread in spite of the similarities of the behavior
by law enforcement. It isn't new. It is simply new to "us."
I have some serious reservations about the Chicago Police Department which
has declared war on "gangs." Possibly other such declarations have been
undertaken elsewhere as well. Just so we understand up front, I do not
condone criminal behavior. But my understandings of these events is confounded
by the difficulties I have in determining in advance of some criminal behavior
or another just what actually constitutes a gang. How does one determine what
is an Italian-American Sports Club, and which one is a sinister mob
organization. How does one differentiate a group of young men, wearing
identical attire while walking across town to play basketball in a park from
another group, walking about their turf, and the Boy Scouts.
A discussion I just had with the Public Relations officer at the Chicago
Police Department did little to help. The distinguishing characteristics
are looser and far more evasive than those mentioned by Pastor Niemoeller.
The PR officer told me they have something "better than an educated guess"
on which to base whether or not an individual or small group is gang related;
whether or not to question (should we call it harass) citizens within a
community. In the end, we are permitting the police to use personal judgment
in many ways. The personal judgment they have been using has now been brought
into play in middle class communities. Guess what. We're complaining about it.
I am concerned that Spafford's comments can be read to be forgiving and
conciliatory in nature where it regards errors made by professional law
enforcement. Officer Nemeth in California (see CUD 3.15) has said that he's
learning as he goes along. That's a hell of an answer to give some poor fellow
who was attempting to access a published bbs number after you've broken two of
his doors, confiscated his equipment, and subjected him to interrogation which
assumed guilt instead of trying to develop information in a reasonable manner
before using one of the most intrusive tactics permitted by law. There's an
entire mentality which we see exercised in the modern prototypical police
investigation. Officer Nemeth draws some conclusions of dubious worth even
after knowing the facts and that there will be no prosecution, "Hopson and the
other suspects should have given up after the first failed attempt" of trying
to gain access to a computer. "The laws are funny. You don't have to prove
malicious intent when you're talking about computer tampering. The first
attempt you might say was an honest mistake. More than that, you have to
wonder." ^^^^^^^^^ ^^^^^^^^^^^^^^
I suggest we put a rotary combination padlock on Nemeth's locker at work. Any
time he misses getting it on the first try, he takes the day off....at his
expense. But let's add a bit more realism. Someone should gently but
erratically shake his arm to emulate a bit of line noise.
The prosecutor in the case, Stephen Brown, didn't believe the police
overreacted in their investigation. "They had a legitimate concern." Is having
a legitimate concern reason to secure search warrants and damage property?
Aren't there any less intrusive investigatory techniques available? Of course
there are. The police didn't know where to begin their investigation of this
suspected criminal activity. I wasn't surprised at all to learn that PacBell
security knew. Given the involvement of yet another telephone company, is
the outcome, the overreaction, any surprise?????
We understand and feel compassion for one whose home has been violated by
burglars. Often we hear that they no longer feel comfortable in their own
home. Their inner feelings of security, something most of us take for granted,
have been damaged, sometimes irreparably. It is obvious in hindsight that
Nemeth's actions were unnecessary and counterproductive. I would not want him
on the local police force in my town. I am most concerned regarding his
ability to exercise judgment appropriate to the circumstances. But what is
worse by far is that some consider his investigative techniques acceptable.
N.B. Police brutality doesn't begin at the end of a
nightstick or hose. It begins with an attitude.
If you hire someone to write a bit of computer code for you which is to
perform some specific function, do you accept their learning to do that
task on the job and at your expense acceptable professionalism? I dare
say you wouldn't. Had you hired them with the understanding that they are
beginners and in training, then it would be considered acceptable.
Neither I nor any citizen in this nation has accepted the proviso that our
law enforcement agents are beginners learning the trade as they go along.
We demand the height of professionalism from them, each and every one. We
have granted them the extremes of the use of deadly force. I, for one, don't
take that lightly. I demand they be professionals and culpable for their
actions, whether working on my behalf or not. Spafford talks about
responsibility, let it begin with those who are PAID to be responsible and
have been evading that duty, manufacturers of software and law enforcement.
Who pays them to be responsible? We all do.
> Reporting of some of these incidents has also been incorrect.
Yes, Gene. In article 5462@accuvax.nwu.edu you misspoke and assisted
in proliferation of such incorrect reports :
"The information I have available from various sources
indicates that the investigation is continuing, others
are likely to be charged, and there MAY be some national
security aspects to parts of the discussion that have
yet to be disclosed."
Need I voice the obvious and ask how any "responsible" individual should
handle errors they have made? Need I voice the obvious and ask a simple
question. What has Gene Spafford done to correct errors he has made? Has
his behavior in these matters met the criteria for responsibility he demands
from others?
> Obviously, we all wish to act to prevent future such abuses,
> especially as they apply to computers.
'To thine own self be true' seems so appropriate right about here. Did you
wish to issue any corrections or retractions regarding some of your past
articles ?
> However, that being the case does not mean that everyone accused under
> the law is really innocent and the target of "political" persecution.
One of the elements common to propagandizing is to create a set of false issues
which sound like something your opposition might have said. In this instance,
I would appreciate most sincerely either having you repeat the source of such
a statement (by someone other than an obvious lunatic) in these newsgroups, or
to have you revise your statement into something more resembling the actual
circumstances.
> That is certainly not reality; in some cases the individuals charged
> are clearly at fault.
There are any number eventually found responsible and "at fault." I
haven't seen much mention made of them on the networks. See below for
one such case followed up. Is part of your problem, Gene, the fact that
we haven't been flogging dead horses on the net; the fact we haven't been
publishing news about those caught, prosecuted, and sentenced fairly? Given
another [name deleted] mentality I am certain we could find a volunteer.
> By representing all of them as innocents and victims, you further
> alienate the moderates who would otherwise be sympathetic to the
> underlying problems. By trying to represent every individual charged
> with computer abuse as an innocent victim, you are guilty of the same
> thing you condemn law enforcement of when they paint all "hackers" as
> criminals.
Really, this is a bit much. We presume innocence for all until they are
actually adjudged guilty. They are thus, at most, represented as suspects
until a verdict is handed down. But of course there are some folks who prejudge
the outcomes and place articles on the network explaining the involvements
of national security in the cases.........
Gaining momentum here, Gene? You laid the groundwork for a lie earlier,
in true propagandist style, and rush in for the kill in this paragraph.
Nowhere has anyone claimed every individual charged with computer abuse an
innocent victim. The other case of computer abuse in Naperville, Illinois
late last year had to do with an employee of Spiegel.
Michael H. Ferrell was charged with creating bogus invoices illegally
collecting sizable sums of money. He was also charged with authorizing
refunds to his credit cards using their cash registers. Although his scheme
resulted in a computer tampering charge (because it is a relatively new and
sexy action at the moment) he is more guilty in the ordinary sense of fraud
laws designed to protect against abuse of trust. Abbreviated charges (press
release) are available in CUD 3.00. He was found guilty (two of the charges
were nolle pros) and sentenced as follows :
24 months probation
240 hours of public service work
restitution of $30,861.85
periodic imprisonment (weekends) for 6 weekends. Two to be served immediately,
and four subject to future motion to vacate to be filed 2/26/1993.
Here's a guy who really stole something. Money, lots in fact.
> In particular, you portray Len Rose as an innocent whose life has been
> ruined through no fault of his own, and who did nothing to warrant
> Federal prosecution. That is clearly not the case. Len has acknowledged
> that he was in possession of, and trafficking in, source code he knew was
> proprietary.
I believe you would do well to look up the definition of the term (and
charge) of trafficking. There were no monetary considerations or agreements.
In fact, similar charges were brought against Neidorf. The fact that the case
was dropped precluded a proper addressing of such issues as exchange of
information (proprietary or not) without financial consideration. One of the
original charges brought against Len involved the retransmittal by Neidorf of
the same login.c program back to Len. Raises the same issue we are going to be
examining regarding Express Mail where the U.S. Postal Inspectors are arresting
recipients of packages known by the US Postal Service to contain contraband
and delivered in spite of that knowledge.
Such a distancing by investigative and prosecutorial powers from rationality
is quite troubling. If someone from LA were to express mail a reefer to
Spaf, we might all be reading about a faculty member at Purdue arrested for
possession of a controlled substance. Need we ask about the culpability of
the sender?
Many other questions also have not been answered because of Len's plea
bargain. It seems that AT&T source code (according to one of the Foley
affidavits) bears legends which claim both proprietary rights and a
copyright. You stipulate proprietary. The dual labeling of the original
software should do a lot to remove it from consideration as truly proprietary
information. The laws regarding copyrights require that all copyright material
is subject to deposit at the Library of Congress, where any citizen has a
right to read and review.
If this is the case, then possession is not illegal, because the text is
protected from commercial exploitation by the copyright laws and Len should
not have been charged with criminal. Copyright violation is a matter for civil
suit. If someone makes 1000 copies of your newly released book and sends it to
friends and associates, is it reasonable to expect a criminal prosecution by
the U. S. Government, or will your publisher be required to undertake a civil
suit for damages? Does it matter whether the copies are electronic or paper?
Furthermore, if he sends all 1000 copies across state lines in a single
package, has he violated federal laws regarding stolen goods valued
at over $ 5000? Each unit is valued at $29.95 by the publisher. Does the
fact that he sent 1000 copies individually packaged across state lines negate
that federal interest? And when one bears in mind that the laws were
originally aimed at automobiles, the connotation assumes tangible goods
of substantial value, not tidbits of some larger intellectual property
which may or might not withstand as yet unresolved testing for proprietary
status, notwithstanding questions regarding the cost/value haphazardly
assigned for the sake of federal prosecution. Login.c, a program of some
approximately 2000 lines of code, has a value in excess of $ 5000? Official
representatives of AT&T have made such representations. The individual making
such an assessment has obviously crossed to the other side of the looking
glass and is presently enjoying tea with Alice and the Mad Hatter. In the end,
of course, all the original charges were supplanted.
What would have happened had Len chosen to modify the login.c version which
was written by David Ihnat and placed in the public domain? Which laws would
then have been broken? The entire rationale supported by your article, Gene,
falls apart into itty bitty pieces. Poor judgment alone is not a violation of
any laws.
What would have happened if Len sent the modified AT&T login.c file across
state lines in 10 line increments, to be recombined at the receiving end?
The challenges many of us feel are appropriate to such understandings haven't
been possible to date.
And finally, although by no means of least importance, the entire business
of ownership of any single piece of AT&T software, whether source code
or binaries needs to be examined. The ONLY owner is AT&T. Everyone who pays
fees is licensed to use the software. Thus enters yet another dilemma.
Possession is not licensed. Can possession be criminalized? Given this view,
new questions arise. Use licensing concepts are not new nor are they unique.
> The login changes were the source of the fraud charge.
Perhaps you should reread the original 5 count indictment and examine the
genesis of the adjustments the government made to the charges in the year plus
from beginning to settlement. The government's actions aren't at all pretty.
To say the real source of all charges is itself suspect would be an
understatement. The government kept digging around and throwing stuff at the
ceiling till something kinda stuck. And here's Gene Spafford pointing his
finger saying "Aha!" Sure reminds me of Salem. In science, how one acquires
data is just as important as the data itself. This doesn't change when it
comes to human interactions and the law.
> It is certainly security-related, and the application of the law
> appears to be appropriate.
There was a recent post made to the network regarding a serious security
flaw in the Interactive port of Unix to the 80386 machine. The article
and all the pertinent information was posted from abroad. If one reads
the law to which you refer carefully, every system administrator whose system
forwarded or displayed that article is chargeable and could be found guilty
under the same law. Indeed, the author of the article probably could have
been arrested had it originated here in the United States.
The law is erroneous in intent and stupid. It represents a feeble attempt to
gloss over technological problems and solve them by social restrictions which
are known not to work. The only workable solutions lie within the technology
which contains the faults.
Admissions were made recently by AT&T regarding internal security. Several
appear in the May 13, 1991 issue of BellLabs News. The document is copyright
with all rights reserved so I won't quote from it. Bell Labs reports on a
study run of their own internal terminals. They discovered inadequate
protections exercised by employees affecting (infecting) about 15% of their
sample. This comes from a company which lays claims to closely guarded
proprietary software? I rather think that a false claim. I had a discussion
with a former AT&T employee. Given these circumstances, it wouldn't be at all
difficult for an ex employee (and there are plenty of them about now-a-days...
some apparently still angry at their former employer) to enter a facility, log
in to the internal networks, and purloin proprietary secrets.
Interestingly in the same issue is a discussion regarding the newer speed
at which software is now being developed. One of the features is the
reuse of software in segments. Perhaps something akin to production line
tactics, with interchangeable parts. Comes right back around once more to
there being but a single severely flawed Unix port for the 80386 CPU. If you
have a security problem for one product, you'll have the same flaw in all of
them. There are advantages and disadvantages to everything.
At the end of the included (CUD 3.14) article, Spafford discuss
responsibility. It isn't as though manufacturers of software have exercised
sufficient of the legally mandate "prudent man" behaviors when it comes to
generating or safeguarding data and code. Almost adult children regularly
access sensitive information in computers all over this country at will.
Care to draw a conclusion regarding efforts by the industry to protect their
information? There is a well known and established "attractive nuisance"
consideration in liability actions. Culpability is thus shared by the
careless. Historically courts have forgiven criminal trespass of juveniles
and sustained lawsuits and judgments against those who are careless with
things known to attract the juvenile mind. In all states it is a violation
of the law to leave ones keys in the ignition of an automobile. In some
states this provision is actually enforced with fines levied against
offenders.
> By the comments Len made in the code, he certainly knew what he was
> doing, and he knew how the code was likely to be used: certainly not
> as a security aid. As somebody with claimed expertise in Unix as a
> consultant, he surely knew the consequences of distributing this
> patched code.
I don't give a nit. You and I and anyone familiar with system administration
knows that it only takes moments to install a trap door if a reasonably
knowledgeable individual has access to root privileges. This permits
subsequent iterations of improvement, usually equally undetected. It doesn't
take a Len_Rose_Modified_Code to achieve such goals. The self-evident
question which arises out of reviewing the court documents relating
to Len Rose is simply "why did they prosecute him?" Reading it all and
understanding most of it, I still raise the question.
Other than an insult to AT&T's sensitivities, I don't understand all the
hoopla associated with a relatively uninspired piece of what might best be
called 'theftware.' It actually has about as much value in real terms as any
other trophy. It has to do with the memory of acquisition. The swordfish on
the wall it is hardly tradable, being of no worth to anyone other than the
individual who worked to acquire it.
I'm not responding to the balance of your "Len Rose is an idiot and a
criminal" tirade. You obviously do lack sufficient information to make the
caliber of judgments you've attempted. It would be interesting to know what
your reactions might be were to suddenly be privy to, at the very least, *all*
those documents which constitute the complete court record to date. They are
court records, and available. Would you undertake writing a computer related
article, perhaps about an operating system, with as little to back up your
opinions as you have regarding computer crimes?
Please note that my position in writing this article is not to support Len's
cause to the exclusion of harsh realities. My interest in undertaking this
discussion is directed towards promoting understanding of the irrationality of
governmental behavior in this period of relative conservatism. I believe the
pendulum is newly swung too far.
Gene, none of the issues you've been so freely spouting off about are as
simple and straightforward as you imply. There are basically two levels of
publicly available information. The first is press releases by law enforcement
personnel, the second is the somewhat more complete court record. I really
shouldn't have to point out that press releases by law enforcement have
historically been highly skewed. Anyone can go back to some case or another
which had a press release by the prosecutor, and then read what eventually
transpired in court. Even if the individual discussed was guilty, there is
invariably a wide gap between the realities of the case and the publicity
statements made by prosecutors. And if one has the chance to interview those
who were directly involved in the case (on both sides,) the conclusions tend
to deviate even further from the understandings promulgated by the press
releases originally issued by the prosecution.
I have many reservations about the way the prosecutions have been run,
evidence handled, and the incestuous relationships between plaintiff,
prosecutor, and expert witness. What, for example, isn't readily apparent
in the published and court records in the Naperville case is the simple fact
that that Interactive office might just as well be a department of the labs
across the street. This is the old Lachman Associates, captive contractor to
the labs. The very building occupied by Interactive is owned by Bell Labs,
Murray Hill. I didn't know that till I visited the Du Page County Tax
Collector's office (on a hunch.) The lab's grounds crews cross the street to
mow the lawns. Therefore the plaintiff is AT&T. Every witness, including
those expected to provide expert testimony on behalf of the government, are
AT&T dependents for their livelihood. Sort of like getting into a dispute
with a merchant in a town where you are the only outsider, and everyone else
involved has a familial relationship.
But let's look even a bit deeper. Len was hired at Interactive to be on
assignment across the street at the labs. Not only that, but he was
interviewed at the labs by lab personnel. He was hired and started work on a
Monday morning. Len was terminated on Friday morning. Friday afternoon, a man
we all have heard about and a seemingly wannabe Telco employee, Tim Foley of
the US Secret Service, arrived at at Len's apartment to question him and read
him a Miranda warning. On Monday, local authorities (the Naperville Police
Department with Foley's assistance) had secured a search warrant and an
arrest warrant. One of these days I'm going to ask the question why the motion
requesting AT&T assistance on the raid to search Len's Naperville apartment
was approved by a judge but was undated. It COULD be pure oversight, but
given the context of the rest of the story, everything has become highly
suspect. At best, it was a very very bad procedural error.
Len was incarcerated on $ 50,000 bond. Interesting fact in itself, as the
bond level for most local violent crimes is only about $ 10,000, to which bond
was reduced on request by Len's attorney a week later. Vengeance by a
prosecutor effectively under AT&T control, perhaps????
> I share a concern of many computer professionals about the application
> of law to computing, and the possible erosion of our freedoms.
> However, I also have a concern about the people who are attempting to
> abuse the electronic frontier and who are contributing to the decline
> in our freedoms.
Thus far, it seems most computer laws have been written at the behest of
special interests instead of the public interest. The laws already inflict
restrictions contrary to generally understood and accepted constitutional
provisions. It seems that at every turn where a serious conflict has taken
place and law enforcement became involved, the government has taken every
possible action to prevent the constitutional challenges which are important
to reforming and refining societal understandings of these issues.
> Trying to defend the abusers is likely to result in a loss of
> sympathy for the calls to protect the innocent, too.
I cannot understand how anyone can make such a statement with a straight
face. It is essential to our system of justice that even (especially)
the obviously guilty get a good defense. If I were witness to my father's
murder, I would demand the killer have a good defense team in spite of the
fact I would do all in my power to see the person convicted.
Our system of justice is far from perfect, but it sure beats the dickens
out of whatever might be considered second best. We're not going to be
able to maintain our relative fairness is we go about spiffing down the
defense to suit someone's set of prejudices. I am glad the American Nazi
Party has the right to march in Skokie, in spite of the fact I detest their
platform. So long as the worse of my enemies is treated fairly, there's a
chance I too will receive fair treatment.
> However, I certainly do not want to ask people to rally around
> the cases of Robert Morris or Len Rose as examples of government
> excess, because I don't think they were, and neither would a
> significant number of reasonable people who examine the cases.
I wonder if, upon reading the court documents in the Maryland case for Len
Rose, you would consider the motions filed by Carlos M. Recio on May 21, 1990
to be a reasonable understanding of the excesses exercised by the government.
Recio studied the case at that time and prepared, as Len's attorney, a
voicing of serious concerns regarding the validity of the search warrant
obtained by Foley et troupe. In fact, they exercised what we know as a
'general warrant.'
"They seized Len Rose's Army medals from the master bedroom which were
contained in a chest of drawers." It is clear they knew this seizure, as page
3 of the inventory spells out "Bag w/ Misc Papers + Army Commendation Medals."
Thus, it was no oversight or accident.
Recio continues:
"The SS searched through the Rose family photo albums, removing a picture of
Len Rose and several photographs of computer equipment that he had taken for
insurance purposes."
More evidence????? More excess?
"The SS seized the Rose family's files (mortgage, loans, credit card bills,
army records, marriage paperwork, diplomas, resumes', etc.)."
I can see it now. Len's marriage paperwork was potentially additional evidence
of criminality. Mortgage papers, more criminality....and so on with diplomas
and army records.
Please bear in mind that the basis for requesting a search warrant was to
determine whether or not Len Rose was indeed the individual known as
"terminus" and that he was indeed the individual who had transmitted the
login.c program to Neidorf. That was the crime for which the government
was seeking evidence. What is very clear in the record is that the government
did in fact embark on a witch hunt, overtly seizing all sorts of things totally
unrelated to their case, as in the colonial examples of general warrants,
attempting to build prosecutable offenses out of thin air.
It then became not "in the ordinary course" of an investigation that other
issues surfaced, but as a direct result of the violation by the government
of the very laws they are sworn to uphold.
The usual course for charges originating on such a basis is dismissal, because
it is not in the best interest of the citizens or the state to reward law
enforcement officers for violating the rights of the citizens in order to
build a case for prosecution. In scientific rationale, evolutionary aspects
eventually will soon resolve the issues. Law enforcement will learn to keep
within guidelines while improving their conviction statistics, and if the
criminal escape this time, and he repeats, it is likely he will be caught
and better prosecuted in the next instance (by that recently improved law
enforcement.) And if the criminal reforms as a result of the close call, of
what benefit is incarceration or punishment?
Excessive? Actually yes, Gene, it was quite excessive. Now, to substantiate
your claim, go find yourself a "significant" sized group of individuals
prepared to take the time to seriously examine the Rose case, and when they're
done, let's then compare results. In the meantime, if you really believe the
case is important enough to elicit your commentary, read the documents proper
and stop with reliance on second or third hand information.
Twice now, regarding the resultants of the E-911 case you've been long on
assumptions, short on proof. Twice now, regarding the resultants of the E-911
case you've been long on promises, short on results. Given this history, I
ask, would a "responsible" man now seek truth and publish it, or retire
from this discussion.
This article isn't so much a defense of Len Rose as it is an indictment of the
prosecutions. I also feel it is necessary to point out in no uncertain terms
that those who support law enforcement blindly do themselves and their
community a disservice. There is little doubt that many well intentioned
individuals serve us well in careers supporting the justice system. There
has been movement by all branches at the federal level of law enforcement to
assume guilt before investigation and to trample rights freely utilizing the
immunity originally granted in order to protect officers making honest mistakes
as a standard operating procedure instead of an exceptional circumstance.
The complaints on the net have, for the most part, been related to our own
back yard. Computers are the baby here. Yet overall we see the same sorts
of problems creeping into the justice system everywhere. Historically we have
written our laws in such ways as to empower law enforcement personnel to
capture criminals and bring them to trial while limiting offense to the
sensibilities of the general population. The diverse thresholds of offense we
have regarding police actions are based on our niche in society. Because I
have become more concerned regarding police officers questioning long haired
men at roadside, spread eagled against a rattletrap of a car, doesn't imply
that my niche has changed. It does show that along with many others the level
at which I take offense has changed with the incursion of similar tactics by
police into the middle class middle aged community, the community to which I
belong. The activities of this community haven't changed. The actions taken by
the police have. We note, sadly, that finding or creating of "probable cause"
is used to bring my neighbors personal and financial grief.
So beware, Gene Spafford. The past immunities offered by class and perhaps
occupation are doing nothing for us these days. Nor is it enough to be
squeaky clean. Nor is it enough to have the general appearance of being
squeaky clean. You are now required to preemptively make every law
enforcement officer whose path you cross believe you are squeaky clean. If you
fail, you won't go to jail (probably) nor will you be fined (probably.) But it
can cost a lot of money in legal defense to keep oneself out of jail and
to maintain a void criminal record.
Bill Vajk
********************************************************************
------------------------------
**END OF CuD #3.22**
********************************************************************

Reference in New Issue View Git Blame Copy Permalink