#### PHRACK PRESENTS ISSUE 15 #### ^*^*^*^Phrack World News, Part 1^*^*^*^ **** File 8 of 10 **** SEARCH WARRANT ON WRITTEN AFFIDAVIT DATE: 7/17/87 TO: Special Agent Lewis F. Jackson II, U.S. Secret Service or any agent d use of access devices, and Title 18 USC 1030 - Computer related fraud. WHEN: On or before (10 days) at any time day or night ------------ AFFIDAVIT "I, Lewis F. Jackson II, first being duly sworn, do depose and state:..." [Here he goes on and on about his position in the San Jose Secret Service, classes he has taken (none of them having to do with computers)] "Other individuals involved in the investigation: Detective J. McMullen - Stanford Public Safety/Specialist in computers Steve Daugherty - Pacific Bell Telephone (sic)/ Specialist in fraud Stephen Hansen - Stanford Electrical Eng./ Director Brian Bales - Sprint Telecom./ Security Investigator M. Locker - ITT Communications/ Security Investigator Jerry Slaughter - MCI Communications/Security Investigator 4. On 11/14/86, I met with Detective Sgt. John McMullen, who related the following: a. Beginning on or about 9/1/86, an unknown suspect or group of suspects using the code name Pink Floyd repeatedly accessed the Unix and Portia computer systems at Stanford University without authorization. b. The suspects initially managed to decode the password of a computer user called "Laurent" and used the account without the permission or knowledge of the account holder. The true account holder was given a new account and a program was set up to print out all activity on the "Laurent" account. c & d. Mentions the systems that were accessed illegally, the most 'dangerous' being Arpanet (geeeee). e. Damage was estimated at $10,000 by Director of Stanford Computers. g. On 1/13/87, the suspect(s) resumed regular break-ins to the "Laurent" account, however traps and traces were initially unsuccessful in identifying the suspect(s) because the suspect(s) dialed into the Stanford Computer System via Sprint or MCI lines, which did not have immediate trap and trace capabilities. 6. On 2/19/87 I forwarded the details of my investigation and a request for collateral investigation to the New York Field Office of The U.S. Secret Service. (The USSS [I could say something dumb about USSR here]). SA Walter Burns was assigned the investigation. 7. SA Burns reported telephonically that comparison of the times at which Stanford suffered break ins [aahhh, poor Stanford] with that of DNR's on suspects in New York, Pennsylvania, Massachusetts, Maryland and California showed a correlation. 8. [Some stuff about Oryan QUEST engineering Cosmos numbers]. 9. On 4/2/87, I was telephoned again by Mr. Daugherty who reported that on 4/1/87, while checking a trouble signal on the above DNR's [on Oryan's lines], he overheard a call between the central figure in the New York investigation and [Oryan Quest's real name.] Mr. Daughtery was able to identify and distinguish between the three suspects because they addressed each other by there first name. During the conversation, [Oryan Quest] acknowledged being a member of L.O.D. (Legion Of Doom), a very private and exclusive group of computer hackers. [Oryan QUEST never was a member.] 10. [Mr. Daughtery continued to listen while QUEST tried to engineer some stuff. Gee what a coincidence that a security investigator was investigating a technical problem at the same time a conversation with 2 of the suspects was happening, and perhaps he just COULDN'T disconnect and so had to listen in for 20 minutes or so. What luck.] 11. SA Burns reported that the suspects in New York regularly called the suspects in California. 14. From 4/30/87 to 6/15/87 DNR's were on both California suspects and were monitored by me. [The data from the DNR's was 'analyzed' and sent to Sprint, MCI, and ITT to check on codes. Damages claimed by the various LDX's were: SPRINT : Oryan QUEST : 3 codes for losses totaling $4,694.72 Mark Of CA : 2 codes for losses totaling $1,912.57 ITT : Mark Of CA : 4 codes for losses totaling $639 MCI : Mark Of CA : 1 code for losses totaling $1,813.62 And the winner is....Oryan QUEST at $4,694.72 against Mark with $4,365.19.] 20. Through my training and investigation I have learned that people who break into computers ("hackers") and people who fraudulently obtain telecommunications services ("freakers") are a highly sophisticated and close knit group. They routinely communicate with each other directly or through electronic bulletin boards. [Note: When a Phrack reporter called Lewis Jackson and asked why after his no doubt extensive training he didn't spell "freakers" correctly with a 'ph' he reacted rather rudely.] 21. 22. [Jackson's in depth analysis of what hackers have ("Blue Boxes are 23. normally made from pocket calculators...") and their behavior] 24. 26. Through my training and investigations, I have learned that evidence stored in computers, floppy disks, and speed dialers is very fragile and can be destroyed in a matter of seconds by several methods including but not limited to: striking one or more keys on the computer keyboard to trigger a preset computer program to delete information stored within, passing a strong magnetic source in close proximity to a computer, throwing a light switch designed to either trigger a preset program or cut power in order to delete information stored in a computer or speed dialer or computer; or simply delivering a sharp blow to the computer. [Blunt blows don't cut it.] 27. Because of the ease with which evidence stored in computers can be destroyed or transferred, it is essential that search warrants be executed at a time when the suspect is least likely to be physically operating the target computer system and least likely to have access to methods of destroying or transferring evidence stored within the system. Because of the rapidity of modern communications and the ability to destroy or transfer evidence remotely by one computer to another, it is also essential that in cases involving multiple suspects, all search warrants must be executed simultaneously.