💾 Archived View for aphrack.org › issues › phrack37 › 11.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
              PWN                                             PWN
              PWN              Phrack World News              PWN
              PWN                                             PWN
              PWN       Issue XXXVII / Part One of Four       PWN
              PWN                                             PWN
              PWN     Compiled by Dispater & Spirit Walker    PWN
              PWN                                             PWN
              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


 Federal Seizure Of "Hacker" Equipment                        December 16, 1991
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Barbara E. McMullen & John F. McMullen (Newsbytes)

                      "New York's MOD Hackers Get Raided!"

NEW YORK CITY -- Newsbytes has learned that a joint Unites States Secret
Service / Federal Bureau of Investigation (FBI) team has executed search
warrants at the homes of so-called "hackers" at various locations across the
country and seized computer equipment.

It is Newsbytes information that warrants were executed on Friday, December 6th
in various places including New York City, Pennsylvania, and the state of
Washington.  According to informed sources, the warrants were executed pursuant
to investigations of violations of Title 18 of the federal statutes, sections
1029 (Access Device Fraud), 1030 (Computer Fraud and Abuse Act), 1343 (Wire
Fraud), and 2511 (Wiretapping).

Law enforcement officials contacted by Newsbytes, while acknowledging the
warrant execution, refused to comment on what was called "an on-going
investigation." One source told Newsbytes that the affidavits underlying the
search warrants have been sealed due to the on-going nature of the
investigation."

He added "There was obviously enough in the affidavits to convince judges that
there was probable cause that evidence of a crime would be found if the search
warrants were issued."

The source also said that he would expect a statement to be issued by the
Secret Service/FBI team "somewhere after the first of the year."
_______________________________________________________________________________

 Two Cornell Students Arrested for Spreading Computer Virus   February 27, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Lee A Daniels (New York Times News Service)
 Special Thanks: Risks Digest

Two Cornell University undergraduates were arrested Monday night and charged
with developing and spreading a computer virus that disrupted computers as far
away as California and Japan, Cornell officials said.  M. Stewart Lynn, vice
president for information technologies at the university in Ithaca, N.Y.,
identified the students as David Blumenthal and Mark Pilgrim.  Lynn said that
both Blumenthal, who is in the engineering program, and Pilgrim, in the college
of arts and sciences, were 19-year-old sophomores.  They were arrested on the
evening of February 24 by Cornell and Ithaca police officers.  Lynn said the
students were arraigned in Ithaca City Court on charges of second-degree
computer tampering, a misdemeanor, and taken to the county jail.  Lynn said
authorities believed that the two were responsible for a computer virus planted
in three Macintosh games on February 14.

He identified the games as Obnoxious Tetris, Tetricycle and Ten Tile Puzzle.
The virus may have first appeared in a Stanford University public computer
archive and spread from there through computer users who loaded the games into
their own computers.

Lynn said officials at Cornell and elsewhere became aware of the virus last
week and quickly developed what he described as "disinfectant" software to
eradicate it.  He said officials traced the virus to Cornell last week, but he
would not specify how that was done or what led officials to the two students.
Lynn said he did not yet know how much damage the virus had caused.  "At
Cornell we absolutely deplore this kind of behavior," he said.

Note: References to the Robert Morris, Jr. virus incident at Cornell deleted.
      Associated Press reported that both defendants are being held in the
      Tompkins County Jail on $10,000 bail.
_______________________________________________________________________________

 Man Admits to NASA Hacking                                   November 26, 1991
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 By John C Ensslin (Rocky Mountain News)(Page 6)
 Also see Phrack 34, File 11
 Special Thanks: The Public

A self-taught computer hacker with a high school education admitted Monday to
breaking into a sensitive NASA computer system -- in less time than it takes
the Broncos to play a football game.

Richard G. Wittman Jr., 24, told  Denver U.S. District Judge Sherman Finesilver
that it took him about "1 1/2 to 2 hours" on a personal computer using
telephone lines in his apartment to tap into the space agency's restricted
files.

Wittman pleaded guilty Monday to one felony count of altering information
-- a password -- inside a federal computer.  In exchange for the plea, federal
prosecutors dropped six similar counts in indictments handed up in September.

The Northglenn High School graduate told the judge he hadn't had much schooling
in computers.  Most of what he knew about computers he learned from books.
And most of those books, he said, are in a federal warehouse, seized after FBI
agents searched his Westminster apartment last year.

"Do you think you could teach these two lawyers about computers?"  Finesilver
asked, referring to Wittman's public defender and the prosecutor.  "Probably,"
Wittman replied.

Wittman not only broke into 118 NASA systems,  he also reviewed files and
electronic mail of other users, said assistant U.S. attorney Gregory C. Graf.

It took NASA investigators nearly 300 hours to track Wittman an another 100
hours to rewrite the software, Graf said.

Wittman faces up to five years in prison and a $250,000 fine.  But Graf said
the government will seek a much lighter penalty when Wittman is sentenced in
Jan. 13.

Both sides have agreed on repayment of $1,100 in collect calls placed to the
other computer system.   But they differ on whether Wittman should be held
responsible for the cost of new software.
_______________________________________________________________________________

 Hacker Pleads Guilty                                          December 5, 1991
 ~~~~~~~~~~~~~~~~~~~~
 Special Thanks: Iron Eagle

"A 24-year-old Denver hacker who admitted breaking into a sensitive NASA
computer system pleaded guilty to a felony count of altering information.

In exchange for the plea Monday, federal prosecutors dropped six similar counts
against Richard G. Wittman Jr., who faced up to five years in prison and a
$250,000 fine.  Authorities said the government will seek a much lighter
penalty when Wittman is sentenced January 13.

Both sides have agreed on repayment of $1,100 in collect calls he placed to the
computer system, but they differ on whether Wittman should be held responsible
for the cost of new software.

Wittman told U.S. District Judge Sherman Finesilver that it took him about two
hours on a personal computer in his apartment to tap into the space agency's
restricted files.  It took NASA investigators nearly 300 hours to track Wittman
and an additional 100 hours to rewrite the software to prevent a recurrence,
prosecutors said."
_______________________________________________________________________________

 Recent Novell Software Contains A Hidden Virus               December 20, 1991
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By John Markoff (New York Times)

The nation's largest supplier of office-network software for personal computers
has sent a letter to approximately 3,800 customers warning that it
inadvertently allowed a software virus to invade copies of a disk shipped
earlier this month.

The letter, sent on Wednesday to customers of Novell Inc., a Provo, Utah,
software publisher, said the diskette, which was mailed on December 11, had
been accidentally infected with a virus known by computer experts as "Stoned
111."

A company official said yesterday that Novell had received a number of reports
>from customers that the virus had invaded their systems, although there had
been no reports of damage.

But a California-based computer virus expert said that the potential for damage
was significant and that the virus on the Novell diskette frequently disabled
computers that it infected.

MASSIVE POTENTIAL LIABILITIES

"If this was to get into an organization and spread to 1,500 to 2,000 machines,
you are looking at millions of dollars of cleanup costs," said John McAfee,
president of McAfee & Associates, a Santa Clara, Calif. antivirus consulting
firm.  "It doesn't matter that only a few are infected," he said.  "You can't
tell.  You have to take the network down and there are massive potential
liabilities."  Mr. McAfee said he had received several dozen calls from Novell
users, some of whom were outraged.

The Novell incident is the second such case this month.  On December 6, Konami
Inc., a software game manufacturer based in Buffalo Grove, 111.wrote customers
that disks of its Spacewrecked game had also become infected with an earlier
version of the Stoned virus.  The company said in the letter that it had
identified the virus before a large volume of disks had been shipped to
dealers.

SOURCE OF VIRUS UNKNOWN

Novell officials said that after the company began getting calls earlier this
week, they traced the source of the infection to a particular part of their
manufacturing process.  But the officials said they had not been able to
determine how the virus had infected their software initially.

Novell's customers include some of nation's largest corporations.  The
software, called Netware, controls office networks ranging from just two or
three machines to a thousand systems.

"Viruses are a challenge for the marketplace," said John Edwards, director of
marketing for Netware systems at Novell.  "But we'll keep up our vigilance.  He
said the virus had attacked a disk that contained a help encyclopedia that the
company had distributed to its customers.

SERVERS SAID TO BE UNAFFECTED

Computer viruses are small programs that are passed from computer to computer
by secretly attaching themselves to data files that are then copied either by
diskette or via a computer network.  The programs can be written to perform
malicious tasks after infecting a new computer, or do no more than copy
themselves from machine to machine.

In its letter to customers the company said that the Stoned 111 virus would not
spread over computer networks to infect the file servers that are the
foundation of networks.  File servers are special computers with large disks
that store and distribute data to a network of desktop computers.

The Stoned 111 virus works by attaching itself to a special area on a floppy
diskette and then copying itself into the computer's memory to infect other
diskettes.

But Mr. McAfee said the program also copied itself to the hard disk of a
computer where it could occasionally disable a system.  In this case it is
possible to lose data if the virus writes information over the area where a
special directory is stored.

Mr. McAfee said that the Stoned 111 virus had first been reported in Europe
just three months ago.  The new virus is representative of a class of programs
known as "stealth" viruses, because they mask their location and are difficult
to identify. Mr. McAfee speculated that this was why the program had escaped
detection by the company.

STEPS TOWARD DETECTION

Novell has been moving toward adding new technology to its software to make it
more difficult for viruses to invade it, Mr. Edwards said.  Recently, the
company licensed special digital-signature software that makes it difficult for
viruses to spread undetected. Novell plans to add this new technology to the
next major release of its software, due out at the end of 1992.

In the past, courts have generally not held companies liable for damages in
cases where a third party is responsible, said Susan Nycum, a Palo Alto,
California, lawyer who is an expert on computer issues.  "If they have been
prudent it wouldn't be fair to hold them liable," she said.  "But ultimately it
may be a question for a jury."
_______________________________________________________________________________

 Working Assets Long Distance!                                     January 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Taken from an advertisement in Mother Jones

(Not pictured is a photo of a college student giving "the finger" to someone
and a caption that reads 'Twenty years later, we've given people a better way
to put this finger to use.')

The advertisement reads as follows:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sit-ins.  Protest marches, Flower power.  Times have changed but the need for
grass roots involvement hasn't.

Introducing "Working Assets Long Distance."  The ONLY phone company that is
as committed to social and political change as you are.  Every time you use
your finger to make a long distance call, one percent of the bill goes to
non-profit action groups at no cost to you.  Hard-hitting advocacy groups like
AMNESTY INTERNATIONAL, GREENPEACE, PLANNED PARENTHOOD, FEDERATION OF AMERICA,
THE AMERICAN CIVIL LIBERTIES UNION, and many others.

We're more than a phone company that gives money to good causes.  Our intent
is to make your individual voice heard.  That's why we offer *FREE CALLS* to
corporate and political leaders.  And well-argued letters at a fraction of
the cost of a mail-gram.  So you can demand a halt to clear-cutting our
ancient forests or let Senators know how you feel about important issues like
reproductive rights.  It's that simple.  Your phone becomes a tool for
democracy and you don't give up a thing.  You see, Working Assets comes with
the exact same service as the major long distance carriers.  Convenient
dial 1 calling 24-hour operation and fiber optic sound quality.  All this at
rates lower that AT&T's basic rates.  And signing up couldn't be simpler.

Just give us a call at 1-800-788-8588 ext 114 or fill out the coupon today.
We'll hook you up right away without any intrusion or interruption.  So you
can help change the world without lifting a finger.  Ok, maybe one finger.
_______________________________________________________________________________

 Computer Virus Used in Gulf War                               January 12, 1991
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Taken from  The Boston Globe (Page 12)
 Special Thanks: Tone Surfer

Several weeks before the start of the Gulf War, US intelligence agents inserted
a computer virus into a network of Iraqi computers tied to that country's air
defense system, a news magazine reports.  US News and World Report said the
virus was designed by the supersecret National Security Agency at Fort Meade,
Maryland, and was intended to disable a mainframe computer.

The report, citing two unidentified senior US officials, said the virus
appeared to have worked, but it gave no details.  It said the operation may
have been irrelevant, though, since the allies' overwhelming air superiority
would have ensured the same results of rendering the air defense radars and
missiles ineffective.  The secret operation began when American intelligence
agents identified a French made computer printer that was to be smuggled from
Amman, Jordan, to a military facility in Baghdad.

The agents in Amman replaced a computer chip in the printer with another
micro-chip that contained the virus in its electronic circuits.  By attacking
the Iraqi computer through the printer, the virus was able to avoid detection
by normal electronic security procedures, the report said.  "Once the virus was
in the system, the US officials explained, each time an Iraqi technician opened
a "window" on his computer screen to access information, the contents of the
screen simply vanished," US News reported.

The report is part of a book, based on 12 months of research by US News
reporters, called "Triumph without Victory: The Unreported History of the
Persian Gulf War," to be published next month.
_______________________________________________________________________________

 Indictments of "Information Brokers"                              January 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Taken from The Privacy Journal

The unholy alliance between "information brokers" and government bureaucrats
who provide personal information has been uncovered in the grand jury
indictments of 18 persons in 14 states.

United States Attorney Michael Chertoff in Newark, New Jersey, and his
counterpart in Tampa, Florida, accused eight "information brokers" (or
"information gatekeepers" or "super bureaus") of bribing two Social Security
Administration employees to provide confidential earnings and employee
information stored in federal computer files.  The brokers, who fill in the
cracks not occupied by national credit bureaus and who also track the
whereabouts of persons, would sell the information to their clients --
retailers, lawyers, detectives, insurance companies, and others.

Ned Flemming, president of Super Bureau Inc. of Montery, California, was
indicted on 32 counts for coaxing a Social Security supervisor in New Jersey
named Joseph Lynch (who was not charged) to provide confidential personal
information for a fee.  Fleming's daughter, Susan, was charged also, as were
Victor Fought, operator of Locate Unlimited in Mesa, Arizona; George T.
Theodore, owner of Tracers Worldwide Services in Corpus Christi, Texas;
Richard Stone, owner of Interstate Information Services in Port Jefferson, New
York; and Michael Hawes, former owner of International Criminal Investigative
Agency (ICIA) in Port Angeles, Washington, for participating in the same
conspiracy.  Another broker, Joseph Norman Dillon Ross, who operates a firm
under his name in Pauma Valley, California also accepted the personal data,
according to Chertoff, but was not charged.  Richard Stone was further indicted
for corrupting a Social Security claims clerk in Melrose Park, Illinois.  Also
charged were Allen Schweitzer and his wife Petra, who operate Security Group
Group in Sumner, Washington.

The government employees also stole personal information from the FBI's
National Crime Information Center (NCIC), which stores data on arrests and
missing persons.

Fleming told Privacy Journal that he had never met Lynch.  Stone refused to
comment.  Tracers Worldwide, ICIA, and Locate Unlimited are not listed in
telephone information, although all three companies are required by the Fair
Credit Reporting Act to permit the subjects of their files to have disclosure
of such information to them.

The 18-month long investigation culminating in the December 18 indictments and
arrests is only the first phase, said Assistant U.S. Attorney Jose Sierra.  "We
don't think it stops there."

For the past three years, the Big Three credit bureaus have continued to sell
credit information regularly to information brokers, even after complaints that
some of them violated the Fair Credit Reporting Act in disclosing credit
information for impermissible purposes.  Trans Union's president, Albert
Flitcraft, told Congress in 1989 that is was not possible for a major credit
bureau to protect consumer information sold to brokers.  John Baker, Equifax
senior vice-president, said at the time that the Big Three would "put together
our best thinking" to see if safeguards could be developed.  By 1991, Oscar
Marquis, vice-president of Trans Union, was asking Congress for solutions, but
Baker presented Equifax's new guidelines and checklist for doing business with
the brokers.  None of the Big Three has been willing to cease doing business
with the cloudy merchants of recycled credit reports -- and of purloined Social
Security and FBI information.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Meanwhile, at the Internal Revenue Service...

Two weeks after he blew the cover off the information brokers, U.S. Attorney
Michael Chertoff in New Jersey indicted a retired chief of the Internal Revenue
Service Criminal Investigation Division for selling personal information to a
California private investigative firm in his last week on the job in 1988.

For a $300 payment, according to the indictment, the IRS executive, Robert G.
Roche, promised to procure non-public marital records from vital records
offices.  Using false pretenses, he ordered one of his subordinates to get the
information, on government time.  The aide got the records in one instance only
after writing out an IRS summons and in another instance after producing a
letter on IRS stationary saying the information was needed for "official
investigative matters."  Roche, according to the U.S. Attorney, accepted
payment from the California investigative firm of Saranow, Wells, & Emirhanian,
part of a larger network called Financial Investigative Services Group.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The Privacy Journal is an independent monthly on privacy in the computer age.
They can be reached at:

                                Privacy Journal
                                 P.O Box 28577
                        Providence, Rhode Island  02908
                                 (401)274-7861
_______________________________________________________________________________

 SSA, FBI Database Violations Prompt Security Evaluations      January 13, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Kevin M. Baerson (Federal Computer Week)(Pages 1, 41)

Indictments recently handed down against insiders who bought and sold
confidential information held in Federal Bureau of Investigation and Social
Security Administration computers have prompted agency officials to evaluate
how well the government secures its databases.

"I see this as positive more than negative," said David Nemecek, section chief
for the FBI's National Crime Information Center (NCIC), which contains data on
thousands of people suspected and convicted of crimes.  "Am I happy it
happened?  No.  But it led us to discovering that this was happening and it
sends a message that if people try it, they will get caught."

But Renny DiPentima, assistant commissioner of SSA's Office of System Design
and Development, said he did not view the indictments as a positive
development.

"It's not a victory," DiPentima said.  "Even if we catch them, it's a loss.  My
victory is when I never have a call that someone has abused their position."

The "information broker" bust was the culmination of an 18-month investigation
by the Department of Health and Human Services' inspector general's office in
Atlanta.  Officials said it was the largest case ever prosecuted involving the
theft of federal computer data.  More indictments could be forthcoming, they
said.

Special agents from the FBI joined the inquiry and in the end nabbed 18 people
>from 10 states, including one former and two current SSA employees.  Others
indicted were a Chicago police officer, an employee of the Fulton County
Sheriff's Office in Georgia, and several private investigators.

The indictments alleged that the investigators paid for confidential data,
including criminal records and earnings histories, that was lifted from the
databases by people who exploited their access to the records.

"The FBI cannot manage every person in the United States," Nemecek said.  "We
have all kinds of protection to prevent this from happening.  We keep logs of
who uses the systems and for what, security training programs and routine
audits of inquiries."

"But the people who committed the violations had access to the system, and
there's only one way to deal with that: aggressive prosecution of people who do
this.  And the FBI is actively pursuing these individuals."

DiPentima's problem is equally delicate.  His agency performs 15 million
electronic transactions per day -- 500 per second -- and monitoring the rights
and wrongs of those people is a daunting task.

Currently, every employee who uses the network is assigned a password and
personal identification number, which change frequently.  Depending on the
nature of the employee's job, the PIN grants him access to certain types of
information.

If the employee tries to access a menu in the system that he has not been
authorized to enter, or makes more than one error in entering his PIN number,
he is locked off the system.  Once that happens, only a security office from
one of SSA's 10 regional offices can reinstate the employee.

An SSA section chief and six analysts, working from the agency's data center
headquarters outside Baltimore, also search routinely for transactional
aberrations such as employees who have made an unusual number of transactions
on a certain account.

The FBI also has a number of security precautions in place.  FBI personnel
conduct random audits of searches, and Nemecek said sweeping state and local
audits of the system are performed biannually.  Furthermore, if the FBI
desires, it easily can track an access request back to the terminal and user it
came from.

DiPentima said that in the wake of the indictments, he is considering new
policies to clamp down on abusers.

Nemecek said that as the FBI continues upgrading the NCIC database, the center
might automate further its auditing of state and local agencies to detect
patterns and trends of use the way SSA does.

But despite efforts to tighten the screws on network security, both men realize
that in cases of federal and municipal employees who exploit authorized access,
technology and policies can only go so far in affecting human nature.
_______________________________________________________________________________

 Free University Suffers Damage.                              February 24, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By The Dude (of Holland)

An investigation by the Amsterdam police, in cooperation with an anti-fraud
team of the CRI (sort of like the FBI), and the geographical science department
of the Free University has led to the arrests of two hackers.  The two had
succeeded to break into the department's computer system and caused damage of
over 100,000 Dutch Guilders.

In a press conference, held by the research teams last Friday, it was stated
that the duo, a 25-year old computer-science engineer R.J.N. from Nuenen
[aka Fidelio] and a 21-year old student computer-science H.H.H.W. from Roermond
[aka Wave], were the first "hackers" to be arrested in the Netherlands.  In
several other countries this has already happened before.

The arrested hackers made a complete confession.  Since November 1991, they
have entered the University's computer between 30 and 40 times.  The system
was known as "bronto."  From this system the hackers were able to gain access
to other systems, thus travelling to systems in the US, Scandinavia, Spain and
Italy.

According to the leader of the computer-crime team of the Amsterdam police,
D. Komen, the two cracked codes of the VU-system to get in.  They got their
hands on so-called "passwords" of officially registered users, which allowed
them to use the system at no cost.  They were also able to get the "highest of
rights" within the computer system "bronto."

A total of four houses were searched, and several PC's, printouts and a large
quantity of diskettes was seized.  The duo was taken to the DA and imprisoned.
Because "hacking" is not a criminal offense in the Netherlands, the suspects
are officially accused of falsification of records, destruction of property,
and fraud.

This year the government expects to enact legislation that will make hacking a
criminal offense, according to P.Slort of the CRI.

The hacker-duo stated that they undertook their illegal activities because of
fanatic "hobbyism."  "It's a kick to see how far you can go", says Mr. Slort of
the CRI.  The two said they did not know that their data journeys had caused
enormous damages.  The police do not see them as real criminals, either since
the pair did not earn money from their activities.
_______________________________________________________________________________

 Computer Engineer Gets Death Sentence                         February 9, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Special Thanks: Ninja Master

Richard Farley was cool to the end, taking a sip of water and smoothing his
jacket before leaving the courtroom where he was sentenced to die for killing
seven people in a rage over unrequited love.

"I'm not somebody who is demonstrative or prone to shedding tears", Farley said
Friday before apologizing for the slayings.  "I do feel sorry for the
victims....I'm not a perfect human being.  I'm good.  I'm evil."

Farley was convicted in October of the 1988 slayings at ESL Inc., a Sunnyvale
defense contractor.  Jurrors on November 1st recommended the death penalty for
the computer engineer, who prosecutors said planned the rampage to get the
attention of a former co-worker who rejected him.

Superior Court Judge Joseph Biafore Jr. called Farley a vicious killer who had
"complete disregard for human life."

"The defendant...killed with the attention to prove to the object of his
unrequited love that he wasn't a wimp anymore," Biafore said.

During the trial, prosecutors detailed Farley's 3 1/2-year obsessive pursuit of
Laura Black.  He sent her more than 100 letters, followed her day and night,
left gifts on her desk, and rifled through confidential personnel files to
glean tidbits about her life.

Despite her repeated rejections, Farley persisted and was fired in 1987 for
harassing her.  A year later, he returned to ESL.

Black, 30, was shot in the shoulder during the rampage, but survived to testify
against Farley.  She said that about a week before the slayings, she had
received a court order to keep him away.

Farley, 43, admitted the killings but pleaded not guilty, saying he never
planned to kill but only wished to get Black's attention or commit suicide in
front of her for rejecting him.

Farley's attorney, Gregory Paraskou, argued that Farley's judgement was clouded
by his obsession with Black and that he was not violent before the slayings and
likely would not kill again.

But Asst. Dist. Atty. Charles Constantinides said Farley spent years preparing
for the murder by taking target practice and buying weapons, including the
firearms and 98 pounds of ammunition he used at ESL.

The judge rejected the defense's request for a modified sentence of life in
prison and a request for a new trial.  Under California law, Farley's death
sentence will be automatically sent to the state Supreme Court for review.

Among those in the courtroom were family members of some of the victims,
including four who addressed the judge.