==Phrack Magazine== Volume Four, Issue Forty-Two, File 14 of 14 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN STEVE JACKSON GAMES v. UNITED STATES SECRET SERVICE Rights To Be Tested In Computer Trial January 20, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Joe Abernathy (The Houston Chronicle)(Page A13) *Reprinted With Permission* Summary Judgment Denied In Case AUSTIN -- A judge Tuesday denied plaintiff lawyers' request for summary judgment in a case brought against the U.S. Secret Service to set the bounds of constitutional protections for electronic publishing and electronic mail. U.S. District Judge Sam Sparks acted after hearing complicated arguments regarding application of 1st and 4th Amendment principles in computer-based communications and publishing. The case will go to trial at 9 a.m. today. "Uncontested facts show the government violated the Privacy Protection Act and the Electronic Communications Privacy Act," said Pete Kennedy, attorney for Steve Jackson Games, an Austin game company that brought the lawsuit. Mark W. Batten, attorney for the Department of Justice, which is defending the Secret Service, declined to comment on the proceedings. Steve Jackson's company, which publishes fantasy role-playing games -- not computer games -- was raided by the Secret Service on March 1, 1990, during a nationwide sweep of suspected criminal computer hackers. Agents seized several computers and related hardware from the company and from the Austin home of Steve Jackson employee Loyd Blankenship. Taken from the game publisher was an electronic bulletin board used to play-test games before they were printed and exchange electronic mail with customers and free-lance writers. Another seized computer contained the text of the company's work in progress, GURPS Cyberpunk, which was being prepared for the printers. Blankenship's purported membership in the Legion of Doom -- a group of computer hackers from Austin, Houston and New York -- led the Secret Service to Steve Jackson's door. Neither Jackson nor his company was suspected of wrongdoing. The game publisher is named in two paragraphs of the 42-paragraph affidavit requesting the 1990 search warrant, which targeted Blankenship -- a fact Kennedy cited in seeking summary judgment. Kennedy presented evidence that the original Secret Service affidavit for the warrant used to raid Steve Jackson Games contained false statements. Supporting documentation showed that Bellcore expert Henry Kluepfel disputes statements attributed to him that accounted for the only link between Steve Jackson Games and the suspicion Blankenship was engaged in illegal activity. Batten came away visibly shaken from questioning by Sparks, and later had a tense exchange with Kennedy outside the courtroom. The lawsuit contends the government violated 1st Amendment principles by denying the free speech and public assembly of callers to Jackson's bulletin board system, Illuminati. This portion of the complaint was brought under the Privacy Protection Act, which also covers the seized Cyberpunk manuscripts -- if the judge rules that such a book, stored electronically prior to publication, is entitled to the same protections as a printed work. The government lawyers argued the Privacy Protection Act applies only to journalistic organizations -- an argument Sparks didn't seem to buy. The lawsuit also contends 4th Amendment principles providing against unreasonable search and seizure were violated, on grounds the Electronic Communications Privacy Act specifies protection for publishers. The Justice Department contends electronic mail does not enjoy constitutional protections. "They (users of Illuminati) had no expectation of privacy in their electronic mail messages," Batten said. The basis of the argument is that Illuminati's callers were not sending communications to others, but rather "revealing" them to a third party, Steve Jackson, thus negating their expectation of privacy. _______________________________________________________________________________ Computer Case Opens; Agent Admits Errors January 27, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Joe Abernathy (The Houston Chronicle)(Page A11) *Reprinted With Permission* AUSTIN -- Plaintiff's attorneys wrested two embarrassing admissions from the U.S. Secret Service on the opening day of a federal civil lawsuit designed to establish constitutional protections for electronic publishing and electronic mail. Special Agent Timothy Folly of Chicago admitted that crucial statements were erroneous in an affidavit he used to obtain warrants in a 1990 crackdown on computer crime. Foley also conceded that the Secret Service's special training for computer crime investigators overlooks any mention of a law that limits search-and- seizure at publishing operations. The case before U.S. District Judge Sam Sparks was brought by Steve Jackson Games, an Austin game publisher, with the support of electronic civil rights activists who contend that federal agents have overstepped constitutional bounds in their investigations of computer crime. Jackson supporters already have committed more than $200,000 to the litigation, which seeks $2 million in damages from the Secret Service and other defendants in connection with a March 1990 raid on Jackson Games. Plaintiffs hope to establish that First Amendment protections of the printed word extend to electronic information and to guarantee privacy protections for users of computer bulletin board systems, such as one called Illuminati that was taken in the raid. Steve Jackson's attorney, Jim George of Austin, focused on those issues in questioning Foley about the seizure of the personal computer on which Illuminati ran and another PC which contained the manuscript of a pending Jackson Games book release, "GURPS Cyberpunk." "At the Secret Service computer crime school, were you, as the agent in charge of this investigation, made aware of special rules for searching a publishing company?" George asked Foley. He was referring to the Privacy Protection Act, which states that police may not seize a work in progress from a publisher. It does not specify what physical form such a work must take. Foley responded that the Secret Service does not teach its agents about those rules. Earlier, Foley admitted that his affidavit seeking court approval to raid Jackson Games contained an error. During the raid -- one of several dozen staged that day around the country in an investigation called Operation Sun Devil -- agents were seeking copies of a document hackers had taken from the computer system of BellSouth. No criminal charges have been filed against Jackson, his company, or others targeted in several Austin raids. The alleged membership of Jackson employee Loyd Blankenship in the Legion of Doom hacker's group -- which was believed responsible for the BellSouth break-in -- lead agents to raid Jackson Games at the same time that Blankenship's Austin home was raided. Foley's affidavit stated that Bell investigator Henry Kluepfel had logged on to the Illuminati bulletin board and found possible evidence of a link between Jackson Games and the Legion of Doom. But George produced a statement from Kluepfel, who works for Bellcore, formerly AT&T Bell Labs, disputing statements attributed to him in the affidavit. Foley acknowledged that part of the affidavit was erroneous. The U.S. Department of Justice, which is defending the Secret Service, contends that only traditional journalistic organizations enjoy the protections of the Privacy Protection Act and that users of electronic mail have no reasonable expectation of privacy. _______________________________________________________________________________ Judge Rebukes Secret Service For Austin Raid January 29, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Joe Abernathy (The Houston Chronicle)(Page A21) *Reprinted With Permission* AUSTIN -- A federal judge lambasted the U.S. Secret Service Thursday for failing to investigate properly before it seized equipment from three Austin locations in a 1990 crackdown on computer crime. U.S. District Judge Sam Sparks' comments came on the final day of trial in a lawsuit brought by Steve Jackson Games, an Austin publisher, with the support of national computer rights activists. The judge did not say when he will issue a formal ruling in the case. In addition to seeking $ 2 million in damages from the Secret Service and other defendants, Jackson hopes to establish privacy and freedom of the press protections for electronic information. In a packed courtroom Thursday morning, Sparks dressed down Secret Service Special Agent Timothy Foley of Chicago, who was in charge of the March 1, 1990, raid on Jackson, one of his employees and a third Austin man. No criminal charges have been filed in connection with the raids. "The Secret Service didn't do a good job in this case," Sparks said. "We know no investigation took place. Nobody ever gave any concern as to whether (legal) statutes were involved. We know there was damage (to Jackson)." The Secret Service has seized dozens of computers since the nationwide crackdown began in 1990, but Jackson, a science fiction magazine and game book publisher, is the first to challenge the practice. A computer seized at Jackson Games contained the manuscript for a pending book, and Jackson alleges, among other things, that the seizure violated the Privacy Protection Act, which prohibits seizure of publishers' works in progress. Agents testified that they were not trained in that law at the special Secret Service school on computer crime. Sparks grew visibly angry when testimony showed that Jackson never was suspected of a crime, that agents did no research to establish a criminal connection between the firm and the suspected illegal activities of an employee, and that they did not determine that the company was a publisher. "How long would it have taken you, Mr. Foley, to find out what Steve Jackson Games did, what it was? " asked Sparks. "An hour? "Was there any reason why, on March 2, you could not return to Steve Jackson Games a copy, in floppy disk form, of everything taken? "Did you read the article in Business Week magazine where it had a picture of Steve Jackson -- a law-abiding, tax-paying citizen -- saying he was a computer crime suspect? "Did it ever occur to you, Mr. Foley, that seizing this material could harm Steve Jackson economically? " Foley replied, "No, sir," but the judge offered his own answer: "You actually did; you just had no idea anybody would actually go out and hire a lawyer and sue you." The judge's rebuke apparently convinced the government to close its defense after the testimony from Foley, only one of several government witnesses on hand. Justice Department attorney Mark Battan entered subdued testimony seeking to limit the award of monetary damages. The judge's comments came after cross-examination of Foley by Pete Kennedy, Jackson's attorney. Sparks questioned Foley about the raid, focusing on holes in the search warrant, why Jackson was not allowed to copy his work in progress after it was seized, and why his computers were not returned after the Secret Service analyzed them. "The examination took seven days, but you didn't give Steve Jackson's computers back for three months. Why?" asked Sparks. "So here you are, with three computers, 300 floppy disks, an owner who was asking for it back, his attorney calling you, and what I want to know is why copies of everything couldn't be given back in days. Not months. Days. "That's what makes you mad about this case." Besides alleging that the seizure violated the Privacy Protection Act, Jackson alleged that since one of the computers was being used to run a bulletin board system containing private electronic mail, the seizure violated the Electronic Communications Privacy Act. Justice Department attorneys have refused comment on the case, but contended in court papers that Jackson Games is a manufacturer, and that only journalistic organizations can call upon the Privacy Protection Act. The government said that seizure of an electronic bulletin board system does not constitute interception of electronic mail. The Electronic Frontier Foundation committed more than $200,000 to the Jackson suit. The EFF was founded by Mitchell Kapor of Lotus Technology amid a computer civil liberties movement sparked in large part by the Secret Service computer crime crackdown that included the Austin raids. "The dressing down of the Secret Service for their behavior is a major vindication of what we've been saying all along, which is that there were outrageous actions taken against Steve Jackson that hurt his business and sent a chilling effect to everyone using bulletin boards, and that there were larger principles at stake," said Kapor, contacted at his Cambridge, Massachusetts office. Shari Steele, who attended the trial as counsel for the EFF, said, "We're very happy with the way the case came out. That session with the judge and Tim Foley is what a lawyer dreams about." _______________________________________________________________________________ Going Undercover In The Computer Underworld January 26, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Ralph Blumenthal (The New York Times)(Page B1) [A 36-year old law enforcement officer from the East Coast masquerades as "Phrakr Trakr" throughout the nation's computer bulletin boards. As the organizer of the High-Tech Crime Network, he has educated other officers in over 28 states in the use of computer communications. Their goal is to penetrate some 3000 underground bbses where computer criminals trade in stolen information, child pornography and bomb making instructions. "I want to make more cops aware of high-tech crime," he said. "The victims are everybody. We all end up paying for it."] _______________________________________________________________________________ Hackers Breaking Into UC Computers January 23, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by T. Christian Miller (The San Francisco Chronicle)(Page A20) [According to the University of California, hackers have been breaking into the DOD and NASA through UC computer systems. The investigation links over 100 computer hackers who have reportedly penetrated computers at UC Davis, UC Berkeley, NYU, FSU, and CSU. The FBI stated that the investigation reached as far as Finland and Czechoslovakia but did not comment on any arrests. University officials have asked all users to change to more complex passwords by April 1.] _______________________________________________________________________________ Feds Sued Over Hacker Raid At Mall February 5, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Joe Abernathy (The Houston Chronicle)(Page A5) [A lawsuit was filed 2-4-93 in the Washington, D.C. federal court to force the secret service to disclose its involvement in the disruption of a meeting of computer hackers last year. The meeting, a monthly gathering of readers of "2600 Magazine" at the Pentagon City Mall was disrupted on November 6, 1992, when mall security and Arlington County Police questioned and searched the attendees. The suit was filed by the Computer Professionals for Social Responsibility. "If this was a Secret Service operation, it raises serious constitutional questions," said Marc Rotenberg, director of CPSR. The Secret Service declined to comment on the matter.] ---------- [New Info in 2600 Case - from email sent by CPSR] One month after being sued under the Freedom of Information Act (FOIA), the Secret Service has officially acknowledged that it possesses "information relating to the breakup of a meeting of individuals at the Pentagon City Mall in Arlington, Virginia." The admission, contained in a letter to Computer Professionals for Social Responsibility (CPSR), confirms widespread suspicions that the agency played a role in the detention and search of individuals affiliated with "2600" Magazine at the suburban Washington mall on November 6, 1992. CPSR filed suit against the Secret Service on February 4 after the agency failed to respond to the organization's FOIA request within the statutory time limit. In its recent response, the Secret Service released copies of three news clippings concerning the Pentagon City incident but withheld other information "because the documents in the requested file contain information compiled for law enforcement purposes." While the agency asserts that it possesses no "documentation created by the Secret Service chronicling, reporting, or describing the breakup of the meeting," it does admit to possessing "information provided to the Secret Service by a confidential source which is information relating to the breakup of [the] meeting." Federal agencies classify other law enforcement agencies and corporate entities, as well as individuals, as "confidential sources." The propriety of the Secret Service's decision to withhold the material will be determined in CPSR's pending federal lawsuit. A copy of the agency's letter is reprinted below. David L. Sobel dsobel@washofc.cpsr.org Legal Counsel (202) 544-9240 (voice) CPSR Washington Office (202) 547-5481 (fax) ************************************************ DEPARTMENT OF THE TREASURY UNITED STATES SECRET SERVICE MAR 5 1993 920508 David L. Sobel Legal Counsel Computer Professionals for Social Responsibility 666 Pennsylvania Avenue, S.E. Suite 303 Washington, D.C. 20003 Dear Mr. Sobel: This is in response to your Freedom of Information Act (FOIA) request for access to "copies of all records related to the breakup of a meeting of individuals affiliated with "2600 Magazine" at the Pentagon City Mall in Arlington, Virginia on November 6, 1992." Enclosed, please find copies of materials which are responsive to your request and are being released to you in their entirety. Other information has been withheld because the documents in the requested file contain information compiled for law enforcement purposes. Pursuant to Title 5, United States Code, Section 552(b)(7)(A); (C); and (D), the information has been exempted since disclosure could reasonably be expected to interfere with enforcement proceedings; could reasonably be expected to constitute an unwarranted invasion of personal privacy to other persons; and could reasonably be expected to disclose the identity of a confidential source and/or information furnished by a confidential source. The citations of the above exemptions are not to be construed as the only exemptions that are available under the Freedom of Information Act. In regard to this matter it is, however, noted that your FOIA request is somewhat vague and very broadly written. Please be advised, that the information being withheld consists of information provided to the Secret Service by a confidential source which is information relating to the breakup of a meeting of individuals at the Pentagon City Mall in Arlington, Virginia, and, therefore, appears to be responsive to your request as it was written. If, however, the information you are seeking is information concerning the Secret Service's involvement in the breakup of this meeting, such as any type of documentation created by the Secret service chronicling, reporting, or describing the breakup of the meeting, please be advised that no such information exists. If you disagree with our determination, you have the right of administrative appeal within 35 days by writing to Freedom of Information Appeal, Deputy Director, U. S. Secret Service, 1800 G Street, N.W., Washington, D.C. 20223. If you choose to file an administrative appeal, please explain the basis of your appeal. Sincerely, /Sig/ Melvin E. Laska ATSAIC Freedom of Information & Privacy Acts Officer Enclosure ******************************************* For more information, refer to Phrack World News, Issue 41/1: Reports of "Raid" on 2600 Washington Meeting November 9, 1992 Confusion About Secret Service Role In 2600 Washington Raid November 7, 1992 Conflicting Stories In 2600 Raid; CRSR Files FOIA November 11, 1992 _______________________________________________________________________________ Surfing Off The Edge February 8, 1993 ~~~~~~~~~~~~~~~~~~~~ by Richard Behar (Time Magazine)(Page 62) [This article is so full of crap that I cannot even bring myself to include a synopsis of it. Go to the library and read it and laugh.] _______________________________________________________________________________ Bulgarian Virus Writer, Scourge in the West, Hero at Home January 29, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by David Briscoe (Associated Press) [The Dark Avenger, believed to be a computer programmer in Sophia, has drawn the attention of computer crime squads in the US and Europe. To many programmers the Dark Avenger is a computer master to many young Bulgarians. "His work is elegant. ... He helps younger programmers. He's a superhero to them," said David Stang director for the International Virus Research Center. Neither Bulgaria nor the US has laws against the writing of computer viruses] _______________________________________________________________________________ Computer Security Tips Teach Tots To Take Byte Out Of Crime February 3, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Michelle Locke (Associated Press) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Young Students Learn Why Computer Hacking Is Illegal February 4, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Bill Wallace (San Francisco Chronicle)(Page A22) [In an attempt to teach computer crime prevention, children in kindergarten through third grade in a Berkeley elementary school are being shown a 30 minute presentation on ethics and security. The program consists of several skits using puppets to show the children various scenarios from eating food near computer systems to proper password management. In one episode, Gooseberry, a naive computer user, has her files erased by Dirty Dan, the malicious hacker, when she neglects to log off. Philip Chapnick, director of the Computer Security Institute in San Francisco, praised the idea. "One of the major issues in information security in companies now is awareness. Starting the kids early ... I think it will pay off," said Chapnick.] _______________________________________________________________________________ Tracking Hackers - Experts Find Source In Adolescence February 25, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Mike Langberg (Knight-Ridder News Service) [At the National Computer Security Association convention in San Francisco, four experts analyzed the psyche of today's hacker. The panel decided that hacker bonding came from a missing or defective family. The panel also decided that hackers weren't necessarily geniuses, and that a few weeks of study would be enough to begin. Panel member Winn Schwartau stated that there should be an end to slap-on-the-wrist penalties. Sending hackers to jail would send a clear message to other hackers, according to Schwartau. "What strikes me about hackers is their arrogance," said Michael Kabay, computer security consultant from Montreal. "These people seem to feel that their own pleasures or resentments are of supreme importance and that normal rules of behavior simply don't apply to them."] _______________________________________________________________________________ Bomb Recipes Just A Keystroke Away January 10, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Tracy Gordon Fox (The Hartford Courant)(Page B1) [Teenagers gathering information via computer have contributed greatly to the fifty percent increase in the number of homemade explosives found last year. The computer age has brought the recipes for the explosives to the fingertips of anyone with a little computer knowledge and a modem. One of the first police officers to discover that computers played a part in a recent West Hartford, Connecticut, bombing said that hackers were loners, who are socially dysfunctional, excel in mathematics and science, and are "over motivated in one area." The trend has been seen around the country. The 958 bombing incidents reported nationally to the Bureau of Alcohol, Tobacco and Firearms was the highest in 15 years.] _______________________________________________________________________________ Hackers Hurt Cellular Industry January 25, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Eckhouse (The San Francisco Chronicle)(Page C1) [With only a little equipment and technical knowledge, telephone pirates can make free calls and eavesdrop on cellular conversations. "Technically, eavesdroping is possible, but realistically I don't think it can be done," said Justin Jasche chief executive of Cellular One. The Cellular Telecommunications Industry Association estimates that hackers make about $300 million worth of unauthorized calls a year, though others put the figure much higher.] ------------------------------------------------------------------------------- Cellular Phreaks and Code Dudes February 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Markoff (Wired) (page 60) [Two hackers, V.T. and N.M. have discovered that celluar phones are really just little computers linked by a gigantic cellular network. And like most computers, they are programmable. The hackers have discovered that the OKI 900 has a special mode that will turn it into a scanner, enabling them to listen in on other cellular conversations. The two also discovered that the software stored in the phones ROM takes up roughly 40K, leaving over 20K free to add in other features, They speculate on the use of the cellular phone and a computer to track users through cell sites, and to monitor and decode touchtones of voice mail box codes and credit card numbers. Said V.T. of the OKI's programmers, "This phone was clearly built by hackers."] ------------------------------------------------------------------------------- Callers Invited To Talk Sex, Thanks To Hacker's Prank February 5, 1993 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (The Vancouver Sun) (Page A-9) [For the past two weeks, surprised callers to CTC Payroll Services' voice-mail system have been invited to talk sex. Instead of a pleasant, professional salutation, callers hear a man's voice suggesting that they engage a variety of intimate activities. The prankster is a computer hacker who can re-program the greeting message on company telephones. Company owner Cheryl MacLeod doesn't think the joke is very funny and says the hacker is ruining her business.] _______________________________________________________________________________