Computer Underground Digest Volume 1, Issue #1.28 (Aug 12, 1990)

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.28 (Aug 12, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. It is assumed that non-personal mail to the moderators may be reprinted, unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: A Conversation with Len Rose File 3: Len Rose's Indictment ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #1.28, File 1 of 4: Moderators' Comments *** ******************************************************************** Date: 9 August, 1990 From: Moderators Subject: Moderators' Corner ++++++++++ In this file: 1) CRAIG NEIDORF Update 2) PHRACK MAGAZINE CONTROVERSY +++++++++++++++++++++++++++++ CRAIG NEIDORF DEFENSE FUND +++++++++++++++++++++++++++++ Craig Neidorf has asked us to pass along a strong *THANK YOU* to everybody who supported him throughout his ordeal. He will be resuming college in the fall. Craig's diversion program does not restrict his freedom to associate with whom he wishes or to publish as he wishes. However, he has repeatedly and unequivocally emphasized that he has no plans to continue PHRACK. Craig must speak with a pre-trial officer once a month for the next year. The government cannot refile charges if craig is not arrested for a computer-related crime in the next 12 months. Many people have asked how they can help contribute to Craig's legal expenses. Checks should be made out to the law firm of KATTEN, MUCHIN AND ZAVIS, and sent directly to his defense attorney: Sheldon Zenner c/o Katten, Muchin and Zavis 525 W. Monroe, Suite 1600 Chicago, IL 60606 A note should be included indicating it is "for Craig Neidorf," and if the check has a line for memos, there should be an additional notation indicating "for Craig Neidorf." +++++++++++++++ PHRACK MAGAZINE CONTROVERSY +++++++++++++++ When PHRACK 31 appeared, some readers were highly critical because they felt the re-incarnation was a "rip-off" of the original. Others, with equal passion, defended retaining the name as a way respecting the tradition it has developed and of keeping it alive. Now that PHRACK 32 may be out soon, we invite readers to present, without flames, their position and their reasoning. We especially invite the new editors of PHRACK to present their side of the issue. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: 11 August, 1990 From: Jim Thomas Subject: Len Rose Interview ******************************************************************** *** CuD #1.28: File 2 of 4: Len Rose Interview *** ******************************************************************** The Len Rose case seems to present problems for many people. Some, who ordinarily support Constitutional rights, seem to have backed away from this case, perhaps because of the seriousness of the charges, or perhaps because his case does not seem as "pure" as those of some other defendants. Some people are also concerned that Len's brush with the law "taints" him. We feel that Len's case deserves attention comparable to other recent cases. The charges in the indictment, as explained to us, are no more serious than those in the indictment's of others, and the charges do not seem to be as serious as the media depicts them. More importantly, the duel model process of justice that ostensibly guides criminal proceedings must be applied to all equally, whether the defendant is squeaky clean or a homicidal maniac. We are troubled by those who think that, because Len has had a previous legal problem, he is less deserving of legal help. Often, it is precisely those whose image is the most tarnished who are most at risk in the judicial process. If the issues are worthy and potentially affect others, then it is in everybody's interests to assure that justice is served. CuD recently talked at length with Len about his current situation. We have not talked with Len's attorney nor have we seen copies of motions or of the evidence. Len's current attorney is a public defender who has been busy in the multiple calls we made daily for three days. He has not returned our calls. Those who have the time to try to obtain information from him may contact him at: Jim Kraft (the attorney) Kraft, Balcerzak and Bartlett 7050 Oakland Mills Road Columbia, MD 21046 (phone: 301-381-4646). Len informs us that the case number is CR-90-0202, Federal Court, Baltimore. ******************************************************************* WHO IS LEN ROSE? Len Rose is a 31 year old computer programmer who lives in Pennsylvania. He has been married for 10 years and has a son, five years old, and a two year old daughter. He served six years in the army and, he informed us, received the highest peacetime medal and "held a top secret clearance until this happened." Len broke his leg in three places in early August during a fishing outing with his son when he fell off a 35 foot cliff, "but at least I kept my son from falling," he said. Prior to his arrest, Len operated his own computer system and was a computer consultant. One specialty area was Unix systems. WHAT IS LEN CHARGED WITH? Len told us that there are five counts against him under Title 18. Two are for computer fraud and three are for transporting allegedly stolen goods in excess of $5,000 across state lines. (See File 3, this issue, for a copy of the indictment). According to Len, the two fraud counts were for allegedly altering "login.c," which is source code for unix login programs, which was modified to perform a trojan horse function to record login names and passwords and store them in a file system. Len said he wrote the program because somebody was attacking his own system, and he installed the program on his system to see what accounts were being attacked. He indicated that login.c is being valued in the indictment at $75,000, a value reminiscent of the inflated E911 file charges that federal prosecutors in Chicago charged was worth over $79,000. Under cross-examination, it was determined that the information in the E911 files could be obtained in a $13 manual. The other fraud count was for sending out a password scanner that he wrote himself that scans passwords and tries to decrypt them. "You can find more powerful programs n the net," he said, "such as Crypt Breakers Workbench and COPS, which are archived on uunet to name just two {sources}." According to Len, "The things I wrote were so trivial, a first year computer science student could have written them. What it did was take a word out of a dictionary file and encrypt it, and it compared the encrypted form to the encrypted password in the password file. It was a very mindless program. I had written it a long time ago, and used it many times myself and when I was doing it for security {consulting}. That's all I used it for, on any system concerned with security. In fact, it was obsolete, because when ATT released system V 3.2 backin 1988, they stopped using the file /etc/password and went to the /etc/shadow which was only readable by the root account or super user accounts. This program {in question} can't be installed without being able to control the system. I couldn't be used by a normal user." The three transportation counts apparently stemmed from multiple sendings of this file. He sent the program to an e-mail publication, but the program did not arrive intact, so he re-sent it, which, he said, was the basis of the second count. The final count, for the same program, occured because he deleted his own program and received a copy of the program he had previously sent. Len related a story that sounded similar to SS Agent Timothy Foley's account of the initial questioning of Craig Neidorf. Len said he was originally asked about the E911 files, and that the agents told him that he was not in any trouble. Len said, "I told them everything I knew. I cooperated with them to the fullest extent possible, because I trusted them. I didn't try to hide anything. I told them everything, and they were after this 911 stuff. They said I wouldn't be prosecuted if I told them everything, but they did. They told me to tell them now and it won't matter, but if it came out later.....I told him about the source code." Len emphasized that he did not steal the source code and that he used it only to learn Unix. Contrary to some reports both in the media and circulating on the nets, Len adamantly denies ever being a member of the Legion of Doom, a denial confirmed by LoD members and a recent LoD listing of participants. "I never said I was a member of LoD, that was nothing out of my mouth. I never had any association with them, and only knew some of the people. I considered it a kids group, immature, and I never had any involvement with any group anywhere. I was not a joiner," he said. WHAT WAS LEN'S PREVIOUS OFFENSE? Because of the rumors circulating about an earlier offense, we asked Len to tell us what he could. The case has not yet been resolved, although it will be concluded within the next few days. It occured in 1989, and was unrelated to the current situation. It was a state offense for felony theft, which resulted from an attempt to recover computer equipment that he believed at the time to be rightfully his, and was the consequence of a dispute between himself and a company he felt had "ripped him off." On the streets, we called this "midnight repossession." "It was very stupid. I had never been n trouble before that and I am very ashamed," he said. The details of the case can be more fully elaborated after it is fully resolved. WHAT'S LEN'S STATUS NOW? The trial was originally scheduled for August 20, but it appears now that it may be postponed until February. Until then, Len has no computer equipment, and he said that the judge would not consider a motion to return it because the judge perceived that he could use it to commit further crime. As a consequence, Len has no source of income, and said that he has lost his home, his credit rating and credit cards, his business, and some of his friends. "I've lost everything." He is currently immobilized because of his leg fracture, and will be in casts of various types for at least eight weeks and may require surgery. His situation has put severe strains on his finances, psyche, and domestic life. He indicated that he could no longer afford to retain his original attorney, Carlos Recio of Deso and Greenberg in Washington, D.C., and was currently represented by a public defender. His income was slashed by one-twentieth, and he estimated he has barely made $5,000 this year. He lost his office and currently works from a single room in a friend's company. He feels that his reputation has been unjustifiably destroyed, largely by distorted media representations and rumors and added, "The press has been as damaging as the Secret Service." If Len's account is accurate, then it would seem to raise many of the same questions addressed by the EFF, CuD, 2600 Magazine, and others interested in protecting the Constitutional rights of computerists. Len is not being charged with theft, but with violations that raise the definition of property, the legal rights of programmers, the status of source could that seems to be fairly accessible, and other evolving issues in the still-tenuous relationship between technology and law. It also raises the issue of "cruel and unusual punishment." If the summary of the indictment is correct, it would appear that the consequences resulting from Len's situation far exceed the crime, and any additional sanctions, especially if they involve incarceration, will be neither in the interests of Len, or, ultimately, of society. To deprive an individual who has been a contributing member to society of a means of livelihood would seem to serve little purpose in this or any other case. Some argue that the courts are the best forum to decide both the guilt/innocence and the fate of defendants. But, justice is not always served in the legal process, especially in the grey area of ambiguous laws enforced by technologically untrained investigators and prosecutors. Regardless of what one might think of Len's judgment in some of his behaviors, we must nonetheless ask: If Len's account is accurate, at what point does the punishment become too great? For Len Rose, the immediate goal is modest: "I just want to get my home back again." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: 12 August, 1990 From: Moderators Subject: Len Rose Indictment ******************************************************************** *** CuD #1.28: File 3 of 4: Len Rose Indictment *** ******************************************************************** Len Rose provided the following copy of his indictment, which we have edited only with a spell-checker. The five counts against Len seem quite general, and in many ways are similar both in style and substance to those filed against Craig Neidorf. The perhaps obligatory reference to the Legion of Doom is made in count one without establishing the defendant's connection to it, the value of the alleged "property" established as over $5,000 (Len informs us that the value is established at about $75,000) seems absurdly over-stated given the apparent nature of the "property" in question, he is being charged with sending a program that he wrote that is much less powerful than similar programs readily accessible to the public, and the charges themselves seem sufficiently vague and ambiguous that they could apply to many forms of knowledge or information. We do not publish the indictment as a "Len Rose Issue." Instead, we suggest that the document below reflects the continued misuse of law as a means to control information. What is the precise nature of the information in question? Was it used by the defendant to defraud? Is there any evidence that he, or anybody else, intended to use it to defraud? The following indictment, like the indictment in the Neidorf case, seems vague, and from the trickles of information coming in, it seems that none of the evidence strongly supports any of the counts. If true, it seems like deja vous all over again. ******************************************************************** Subject: Len Rose Indictment Date: Sun, 12 Aug 90 15:29:14 -0400 From: lsicom2!len@CDSCOM.CDS.COM IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND UNITED STATES OF AMERICA * * Criminal No. v. * - - * LEONARD ROSE, a/k/a/ "Terminus" * (Computer Fraud, 18 U.S.C. * S 1030(a) (6); Interstate * Transportation of Stolen * Property, 18 U.S.C. S 2314; * Aiding and Abetting, 18 * U.S.C. S 2) Defendant. * * * * * * * * * * INDICTMENT COUNT ONE The Grand Jury for the District of Maryland charges: FACTUAL BACKGROUND 1. At all times relevant to this Indictment, American Telephone & Telegraph Company ("AT&T"), through it's subsidiary, Bell Laboratories ("Bell Labs"), manufactured and sold UNIX (a trademark of AT&T Bell Laboratories) computer systems to customers throughout the United States of America. 2. At all times relevant to this Indictment, AT&T sold computer programs ("software") designed to run on the UNIX system to those customers. This software is designed and manufactured by AT&T;some software was available to the public for purchase, other software was internal AT&T software (such as accounting and password control programs) designed to operate with the AT&T UNIX system. 3. At all times relevant to this indictment, computer hackers were individuals involved with gaining unauthorized access to computer systems by various means . These means included password scanning (use of a program that employed a large dictionary of words, which the program used in an attempt to decode the passwords of authorized computer system users), masquerading as authorized users, and use of trojan horse programs. 4. At all times relevant to this Indictment, the Legion of Doom ("LOD") was a loosely-associated group of computer hackers. Among other activities, LOD members were involved in: a. Gaining unauthorized access to computer systems for purposes of stealing computer software programs from the companies that owned the programs; b. Gaining unauthorized access to computer systems for purpose of using computer time at no charge to themselves, thereby fraudulently obtaining money and property from the companies that owned the computer systems; c. Gaining unauthorized access to computer systems for the purpose of stealing proprietary source code and information from the companies that owned the source code and information; d. Disseminating information about their methods of gaining unauthorized access to computer systems to other hackers; e. Gaining unauthorized access to computer systems for the purpose of making telephone calls at no charge to themselves, obtaining and using credit history and data for individuals other than themselves, .and the like. 5. At all times relevant to this Indictment, LEONARD ROSE JR. a/k/a "Terminus", was associated with the LOD and operated his own computer system, identified as Netsys. His electronic mailing address was netsys!len COMPUTER TERMINOLOGY 6. For the purpose of this Indictment, an "assembler" is a computer program that translates computer program instructions written in assembly language (source code) into machine language executable by a computer. 7. For the purpose of this Indictment, a "compiler" is a computer program used to translate as computer program expressed in a problem oriented language (source code) into machine language executable by a computer. 8. For the purpose of this Indictment, a "computer" is an internally programmed, automatic device that performs data processing. 9. For the purpose of this Indictment, a "computer network" is a set of related, remotely connected terminals and communications facilities, including more than one computer system, with the capability of transmitting data among them through communications facilities, such as telephones. 10.For the purposes of this Indictment, a "computer program" is a set of data representing coded instructions that, when executed by a computer causes the computer to process data. 11.For the purposes of this Indictment, a "computer system" is a set of related, connected, or unconnected computer equipment, devices, or software. 12.For the purposes of this Indictment, electronic mail ("e-mail") is a computerized method for sending communications and files between computers on computer networks. Persons who send and receive e-mail are identified by a unique "mailing" address, similar to a postal address. 13.For the purposes of this Indictment a "file" is a collection of related data records treated as a unit by a computer. 14.For the purposes of this Indictment, "hardware" is the computer and all related or attached machinery, including terminals, keyboard, disk drives, tape drives, cartridges, and other mechanical, magnetic, electrical, and electronic devices used in data processing. 15.For the purposes of this Indictment, a "modem" is a device that modulates and demodulates signals transmitted over data telecommunications facilities. 16.For the purposes of this Indictment, "software" is a set of computer programs, procedures, and associated documentation. 17.For the purposes of this Indictment, "source code" is instructions written by a computer programmer in a computer language that are used as input for a compiler, interpreter, or assembler. Access to source code permits a computer user to change the way in which a given computer system executes a program, without the knowledge of the computer system administrator. 18.For the purposes of this Indictment, "superuser privileges" (sometimes referred to as "root") are privileges on a computer system that grant the "superuser" unlimited access to the system, including the ability to change the system's programs, insert new programs, and the like. 19.For the purposes of this Indictment, a "trojan horse" is a set of computer instructions secretly inserted into a computer program so that when the program is executed, acts occur that were not intended to be performed by the program before modification. 20.For the purposes of this Indictment, "UNIX" (a trademark of AT&T Bell Laboratories) is a computer operating system designed by AT&T Bell Laboratories for use with minicomputers and small business computers, which has been widely adopted by businesses and government agencies throughout the United States. COMPUTER OPERATIONS 21.For the purposes of this Indictment, typical computer operations are as described in the following paragraphs. A computer user initiates communications with a computer system through his terminal and modem.The modem dials the access number for the computer system the user wishes to access and, after the user is connected to the system, the modem transmits and receives data to and from the computer. 22.Once the connection is established, the computer requests the user's login identification and password. If the user fails to provide valid login and password information, he cannot access the computer. 23.Once the user has gained access to the computer, he is capable of instructing the computer to execute existing programs. These programs are composed of a collection of computer files stored in the computer's memory. The commands that make up each file and, in turn, each program, are source code. Users who have source code are able to see all of the commands that make up a particular program. They can change these commands, causing the computer to perform tasks that the author of the program did not intend. 24.The user may also copy certain files or programs from the computer he has accessed; if the user is unauthorized, this procedure allows the user to obtain information that is not otherwise available to him. 25.In addition, once a user has accessed a computer, he may use it's network connections to gain access to other computers. Gaining access from one computer to another permits a user to conceal his location because login information on the second computer will reflect only that the first computer accessed the second computer. 26.If a user has superuser privileges, he may add, replace, or modify existing programs in the computer system. The user performs these tasks by "going root"; that is, by entering a superuser password and instructing the computer to make systemic changes. 27. On or about January 13, 1989, in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a Terminus did knowingly, willfully, intentionally, and with intent to defraud, traffic in (that is, transfer, and otherwise dispose of to another, and obtain control of with intent to transfer and dispose of) information through which a computer may be accessed without authorization, to wit: a trojan horse program designed to collect superuser passwords, and by such conduct affected interstate commerce. 18 U.S.C. S 1030(a) (6) 18 U.S.C. S 2 COUNT TWO And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. On or about January 9, 1990, in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did knowingly, willfully, intentionally, and with intent to defraud, traffic in (that is, transfer, and otherwise dispose of to another, and obtain control of with intent to transfer and dispose of) information through which a computer may be accessed without authorization, to wit: a trojan horse login program, and by such conduct affected interstate commerce. 18 U.S.C. S 1030(a) (6) 18 U.S.C. S 2 COUNT THREE And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about May 13, 1988 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported, transmitted, and transformed in interstate commerce goods, wares, and merchandise of the value of $5000 or more, to wit: computer source code that was confidential, proprietary information of AT&T, knowing the same to have been stolen, converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 COUNT FOUR And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about January 15, 1989 in the State and District of Maryland , and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported, transmitted, and transformed in interstate commerce goods, wares, and merchandise of the value of $5000 or more, to wit: computer source code that was confidential, proprietary information of AT&T, knowing the same to have been stolen, converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 COUNT FIVE And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about January 8, 1990 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported, transmitted, and transformed in interstate commerce goods, wares, and merchandise of the value of $5000 or more, to wit: computer source code that was confidential, proprietary information of AT&T, knowing the same to have been stolen, converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 ____________________ Breckinridge L. Wilcox ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: 11 August, 1990 From: Contributors Subject: CU In the News ******************************************************************** *** CuD #1.28: File 4 of 4: The CU in the News *** ******************************************************************** Date: Sun, 29 Jul 90 17:36 CDT From: Anonymous Subject: Neidorf news coverage- Markoff article "U.S. Drops Computer Case Against Student" (By John Markoff, New York Times, June 28, 1990, p. 7) Federal prosecutors in Chicago yesterday dropped felony charges against a 20-year-old college student in a computer crime case that has drawn national attention because of the civil liberties issues involved. In a trial that began Monday, the Government had accused the student, Craig M. Neidorf of the University of Missouri, of publishing an internal telephone company document describing the emergency 911 system for nine states in the Southeast. The Government said he had obtained the document from another computer user who had stolen it electronically from the company, the BellSouth Corporation of Atlanta; Mr. Neidorf then published it in an underground computer newsletter that was distributed electronically on computer networks and electronic bulletin boards. But an assistant United States Attorney, William J. Cook, said the government decided to drop the charges after learning that much information in the document was already publicly available. "The value of the document was one of the factors in the prosecution," he said. "There were aspects of this document that we did not now were in the public domain. It was a question of the way the phone company portrayed the document. Succession of Arrests Mr. Neidorf did not plead guilty but acknowledged that he had received the BellSouth document and agreed to be placed in a program under which he could be prosecuted if he committed similar offenses in the future. In recent months Federal and state law-enforcement officials have conducted a succession of raids around the nation and made six arrests in a campaign against young computer users who break into government and business data systems. The crackdown drew angry opposition from civil liberties experts and some computer industry executives, who argued that the Government was overreacting and discouraging legitimate activities of law-abiding computer users. A civil liberties organization, the Electronic Frontier Foundation, created by a computer industry executive, Mitchell D. Kapor, has spoken out in support of Mr. Neidorf. Mr. Neidorf was accused of obtaining BellSouth's 911 document from Robert J. Riggs, 20, of Atlanta, one of three men who pleaded builty last month to gaining illegal entry to BellSouth computers. Mr. Riggs and Franklin Darden Jr., 23, face a maximum penalty of five years in prison and a $200,000 fine. The third man, Adam E. Grant, 22, faces a maximum penalty of 10 years in prison and a $250,000 fine. Mr Riggs, testifying in the Chicago case on Thursday, said he had not acted in concert with Mr. Neidorf as the Government had charged. ** END ** ******************************************************************** Date: Thu, 09 Aug 90 00:14:44 EDT From: Michael Rosen Subject: Craig Neidorf To: Computer Underground Digest SOURCE: Computerworld, 8/6/90, p. 8, by Michael Alexander (CW Staff): DIAL 1-800... FOR BELLSOUTH 'SECRETS' Chicago - The attorney for Craig Neidorf, a 20-year-old electronic newsletter editor, said last week that he plans to file a civil lawsuit against Bellsouth Corp. as a result of the firm's "irresponsible" handling of a case involving the theft of a computer text file from the firm. Federal prosecutors dismissed charges against Neidorf four days into the trial, after prosecution witnesses conceded in cross-examination that much of the information in the text file was widely available. Neidorf, the co-editor of "Phrack," a newsletter for computer hackers, was accused by federal authorities of conspiring to steal and publish a text file that detailed the inner workings of Bellsouth's enhanced 911 emergency telephone system across nine states in the Southeast [CW, July 30]. "What happened in this case is that the government accepted lock, stock and barrel everything that Bellsouth told them without an independent assessment," said Sheldon Zenner, Neidorf's attorney. One witness, a Bellsouth service manager, acknowledged that detailed information about the inner workings of the 911 system could be purchased from Bellsouth for a nominal fee using a toll-free telephone number. A Bellcore security expert who was hired by Bellsouth to investigate intrusions into its computer systems testified that the theft of the file went unreported for nearly a year. Last week, a Bellsouth spokesman said the firm's security experts delayed reporting the theft because they were more intent on monitoring and preventing intrusions into the company's computer systems. "There are only so much resources in the data security arena, and we felt that it was more urgent to investigate," he said. He also disputed assertions that the document was of little value. "It is extremely proprietary and contained routing information on 911 calls through our nine-state territory as well as entry points into the system," he said. A QUICK ENDING The case unraveled after Robert Riggs, a prosecution witness who had already pleaded guilty for his role in the theft of the document, testified that he had acted alone and that Neidorf had merely agreed to publish the text file in "Phrack." Neidorf and his attorney agreed to a pretrial diversion, a program under which the government voluntarily dismisses the indictment but could reinstate it if Neidorf commits a similar crime within a year. The case has stirred up national debate on the rights of computer users in the age of electronic information. The Electronic Frontier Foundation, a civil liberties group set up by Mitch Kapor, founder of Lotus Development Corp., may participate in the filing of a lawsuit against Bellsouth, said Terry Gross an attorney at the New York law firm of Rabinowitz Boudin Standard Krinsky & Lieberman. "The Electronic Frontier Foundation is concerned by the irresponsibility of Bellsouth of claiming from the outset that this was confidential material when it should have known that it was not," Gross said. **END OF ARTICLE** ******************************************************************** Date: 28 Jul 90 10:41:47 EDT From: Moderators Subject: British Law and Modem User's Association of America (MUAA) - London, England UK COMPUTER CRACKING BILL BECOMES LAW --------------- Having passed Parliament, the UK Computer Misuse Bill has now gained Royal Assent, becoming law. This Bill defines computer hacking (or to use a MUCH more appropriate term, computer Cracking) as the act of gaining unauthorized access into a computer system., and makes it punishable by fines and short prison terms. It also enables people to be prosecuted in England if either the offender OR the affected computer system was in England when the computer system was broken into. Interestingly enough, a Price Waterhouse report says that theft or fraud were responsible for only 20 percent of reported security incidents in the UK, and that over 76 percent were due to human error, system failure, or natural hazards. However, over 65 percent of UK companies in their survey said that they had suffered financially from security failures.... ******************************************************************* - Topeka, Kansas EFFORTS BEGIN TO LAUNCH LOBBYING GROUP FOR MODEM USERS Alan Bechtold (President of the BBS Press Service) has begun efforts start the Modem User's Association of America (MUAA). If successful, the MUAA will be a non-profit organization that will engage in legal and Congressional Lobbying activities for modem users and operators of online services. It will also serve as a source of information on modem-related legislation being considered around the US (like the FCC's attempts to charge special fees for people to use modems).... Most of the interest for the MUAA has come from places like Texas and Indiana, where telephone companies and state governments are trying to implement new rate structures that charge modem users higher rates for service. Bechtold is now trying to test the level of support for such an organization, via an effort to raise $10,000 in funds to begin the MUAA by the end of September. If that amount has not been raised by then, he has pledged to "tear up all the checks that I have received and continue on with other activities". Interestingly, a Group based in Washington DC has offered to contribute legal and lobbying support for the MUAA, but only IF it gains enough support. Bechtold is considering these annual membership fees for the MUAA: Individuals - $15 Commercial Bulletin Boards - $50 Hobby Bulletin Boards - $25 Commercial Online Services - $100 Makers of Telecommunications and/or Terminal Software - $200 Modem and Computer Makers - $500 If you wish to obtain more information about the proposed MUAA, Alan Bechtold can be reached at 1-913-478-3157.... source: ST REPORT ONLINE MAGAZINE STR Publishing Inc. July 27, 1990, No.6.30 ******************************************************************** ------------------------------ **END OF CuD #1.28** ********************************************************************

---

E-Mail Fredric L. Rice / The Skeptic Tank