The following information was compiled by Brendan Kehoe, CuD archivist, on the LEN ROSE events for those who seek more background information. The Following is the original press release from Len Rose's indictment in May.of the Len Rose sage. +++++++++++++++++++++ U.S. Department of Justice United States Attorney District of Maryland -------------------------------------------------------------- United States Courthouse, Eighth Floor 101 West Lombard Street Baltimore, Maryland 20201 301/339-2940 301/922-4822 May 15, 1990 PRESS RELEASE FROM THE UNITED STATES ATTORNEY FOR THE DISTRICT OF MARYLAND FOR IMMEDIATE RELEASE Breckinridge L. Willcox, United States Attorney for the District of Maryland, and Joseph Coppola, Special Agent in Charge of the United States Secret Service in Baltimore, today announced the indictment of a Middletown, Maryland man on computer fraud and related charges. Indicted by a federal grand jury was Leonard Rose, 31, a computer consultant, of Willow Tree Drive, on charges that between May, 1988 and January, 1990, he entered into a scheme to steal and publish highly proprietary computer source codes for AT&T UNIX computer systems to other computer hackers, and that he distributed to other computer hackers various programs designed to gain them unauthorized access to computer systems. The five count Indictment charges Rose with Interstate Transportation of Stolen Property, and violations of the Computer Fraud and Abuse Act of 1986. Specifically, the Indictment charges that Rose, also known as "Terminus", received a copy of AT&T highly proprietary - 1 - and closely held UNIX 3.2 source code. The Indictment alleges that on or about January 8, 1990, Rose, knowing the source code to have been stolen converted, and taken by fraud, transfered the source code to another computer hacker. The source code was thereafter transmitted to other hackers. The Indictment charges that Rose was associated with a closely knit group of computer hackers known as the "Legion of Doom" whose members are involved in numerous activities including gaining unauthorized access to computer systems for a variety of illegal purposes. The Indictment charges Rose with distributing two "trojan horse" programs that allowed computer hackers to gain unauthorized access to computer systems, and with the interstate transportation of AT&S's stolen proprietary source code. If convicted on all counts of the Indictment, Rose faces a maximum possible prison sentence of (unreadable). In announcing the return of the Indictment, Mr. Willcox noted that the allegations of the Indictment have far reaching implications for the security of computer systems throughout the United States. Mr. Willcox stated, "People who invade the computer systems of others for profit or personal amusement create immediate and serious consequences for the public at large. Unless checked by aggressive law enforcement, computer hackers will interfere with the security and privacy of financial records and data, telecommunications systems, and countless other aspects of our daily life. The Indictment indicates that those who choose to use their intelligence and talent to disrupt these networks will be vigorously prosecuted." Coppola added: "The Secret Service has been charged with enforcement of the computer fraud statutes. The Baltimore Office will aggressively pursue computer fraud in Maryland and wherever else hackers may operate." Willcox stated that the Indictment is the result of a lengthy investigation by agents of the United States Secret Service in Baltimore, Chicago, and elsewhere. This investigation of the Legion of Doom members started in Chicago, let to Missouri, and then to Maryland. Related federal indictments are currently pending in Chicago and Atlanta. Willcox further noted that technical and expert assistance was provided to the United States Secret Service by the telecommunication companies including AT&T. Willcox particularly praised the actions of AT&T for bringing its intrusion problems to the attention of law enforcement officials and for its assistance to the Secret Service. Willcox added "This investigation has revealed that these hackers accessed a number of computer systems belonging to federal research centers, educational institutions, and private businesses. Our investigation is continuing in an effort to identify all the participants and to establish the extent and consequences of the unauthorized access." Assistant United States Attorney David P. King presented the case to the federal grand jury. - 3 - ** END PRESS RELEASE ** ++++++++++++++++++++++++++++++++++ >From CuD 1.12: Date: Thu, 7 Jun 90 0:21:34 CDT From: TELECOM Moderator Subject: Crackers, Kapor and Len Rose [...] Late Tuesday night, David Tamkin and I had a chance to speak at length with someone close to the scene involving Len Rose. Some things were off the record, at the request of Mr. Rose's attorney, and I agreed to honor that request. Apparently the Secret Service seized *every single electronic item* in his household -- not just his computers. I am told they even took away a box containing his Army medals, some family pictures, and similar. It is my understanding his attorney has filed a motion in court to force the Secret Service to return at least *some* of his computer equipment, since without any of it, he is unable to work for any of his clients at all without at least one modem and computer. I am told the Secret Service broke down some doors to a storage area in the basement rather than simply have him unlock the area with a key. I am told further that he was advised he could pick up his fax machine (which had been seized, along with boxes and boxes of technical books, etc), but that when he did so, he was instead arrested and held for several hours in the County Jail there. Mr. Rose believes he will be found innocent of charges (rephrased) that he was the 'leader of the Legion of Doom', and that he had broken into 'numerous computers over the years'. I invited Mr. Rose and/or his attorney to issue a detailed statement to the Digest, and promised that upon receipt it would be run promptly. I don't think such a statement will be coming any time soon since his attorney has pretty much ordered him to be silent on the matter until the trial. If the things he says about the Secret Service raid on his home are determined to be factual, then combined with complaints of the same nature where Steve Jackson Games is concerned I would have to say it seems to me the Secret Service might have been a bit less zealous. The revelations in the weeks and months ahead should be very interesting. One of the items I will include in the special issues on Thursday night is the report which appeared in the {Baltimore Sun} last weekend. This case seems to get more complicated every day. PT -- >From CuD 1.13: Computer Consultant Could get 32 Years If Convicted of Source-Code Theft Baltimore - A Middletown, Md., man faces as many as 32 years in prison and nearly $1 million in fines if convicted of being involved in the "Legion of Doom" nationwide group of Unix computer buffs now facing the wrath of federal investigators. The U.S. Attorney's Office here on May 15 announced the indictment of Leonard Rose, 31, a computer consultant also known as "Terminus," on charges that he stole Unix source code from AT&T and distributed two "Trojan Horse" programs designed to allow for unauthorized access to computer systems. Incidents occurred between May, 1988 and January, 1990, according to the indictment. The five-count indictment, handed down by a federal grand jury, charges Rose with violations of interstate transportation laws and the federal Computer Fraud and Abuse Act. Rose faces as many as 32 years in prison, plus a maximum fine of $950,000. He is the third person to be indicted who was accused of being connected with the so-called Legion of Doom. Robert J. Riggs, a 21-year-old DeVry Institute student from Decatur, Ga., and Craig M. Neidorf, 19, a University of Missouri student from Columbia, Mo., also have been indicted. Rose's indictment stemmed from a federal investigation that began in Chicago and led investigators to Missouri and Maryland, assistant U.S. Attorney David King said. While executing a search warrant in Missouri, investigators uncovered evidence Rose was transporting stolen Unix 3.2 source code, King said. Investigators then obtained a warrant to search Rose's computer system and found the stolen source code, King added. He said the Trojan Horse programs were substitutes for a legitimate sign-in or log-in program, with a separate shell for collecting user log-ins or passwords. "Whoever substituted [the Trojan Horse program] could get passwords to use the system any way he or she wanted to," King said. The indictment was a result of a long-term investigation by the U.S. Secret Service, and was issued one week after federal authorities raided computer systems at 27 sites across the United States. Investigators seized 23,000 computer disks from suspects accused of being responsible for more than $50 million in thefts and damages. The Secret Service at that time announced that five people have been arrested in February in connection with the investigation. King said he was unaware if Rose indictment was related to the raids made earlier this month. "We don't just go out and investigate people because we want to throw them in jail. We investigate them because they commit an offense. The grand jury was satisfied," King said. The U.S. Attorney's Office said the investigation revealed individuals had accessed computers belonging to federal research centers, schools and private businesses. King would not name any of the victims involved. Rose was associated with the Legion of Doom and operated his own computer system known as Netsys, according to the indictment. His electronic mailing address was Netsys!len, the document said. The Legion, according to the indictment, gained fraudulent, unauthorized access to computer systems for the purpose of stealing software; stole proprietary source code and other information; disseminated information about gaining illegal access, and made telephone calls at the expense of other people. Well that is the latest in the Summer '90 busts. I just hope that everyone arrested by the government receives as fair a deal that Robert Morris received for his little prank. Because I doubt Mr. Morris was given special treatment because his dad works for the NSA... -- >From CuD 1.14: ------------- Forwarded from Telecom Digest ------------- In article <8820@accuvax.nwu.edu> henry@garp.mit.edu writes: > >In reply to Frank Earl's note ... I would reckon one of the problems >is that most people don't know where the FBI's jurisdiction begins or >where the Secret Service's jurisdiction ends. I had a visit on Friday >afternoon from an FBI agent and it seemed to be mostly reasonable, >except he identified himself as being from a unit that I wouldn't >associate with this sort of investigation. Secret Service jurisdiction over computer crimes is set out in 18 USC 1030(d): The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate offenses under this section. [18 USC 1030 is titled "Fraud and related activity in connection with computers.] Such authority of the United States Secret Service shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General. There is a similar provision in 18 USC 1029, which concerns "Fraud and related activity in connection with access devices." Mike Godwin, UT Law School -- >From CuD 1.26: Date: 28 July, 1990 From: Moderators Subject: Moderators' Corner +++++++++++++++++++ LEN ROSE UPDATE +++++++++++++++++++ As of Friday, Aug. 3, Len Rose's case awaits trial in federal court in Baltimore. According to one source, Len was offered an arrangement in which he could plead guilty to one count of computer fraud and receive at least some prison time, but would have his computer equipment returned, or take the case to trial and take his chances. Len is currently represented by a public defender because of lack of resources to retain a specialist in computer crime cases. He remains unemployed, and has moved into a motel with his family. He told us that, because his equipment and crucial files were seized, his business was essentially shut down and he was deprived of his livelihood. This means that he not only cannot support his family, but cannot retain legal counsel of his choice. He said he was feeling isolated and "abandoned" and wasn't sure what his legal options were. We will present a detailed update of Len's situation in CuD 1.27. Len's public defender can be contacted at (301)-381-4646. -- >From CuD 1.27: Date: 9 August, 1990 From: Moderators Subject: Moderators' Corner +++++++++++++++++ Len Rose Update +++++++++++++++++ We talked with Len Rose last night, and he indicates that his trial, scheduled for this month, will most likely be delayed until February, 1991. The counts against him resemble those of Craig Neidorf and the "Atlanta 3." We will provide a detailed summary of our conversation as well as a copy of the indictment in CuD 1.28 on Monday. -- >From CuD 1.28: Date: 11 August, 1990 From: Jim Thomas Subject: Len Rose Interview ******************************************************************** *** CuD #1.28: File 2 of 4: Len Rose Interview *** ******************************************************************** The Len Rose case seems to present problems for many people. Some, who ordinarily support Constitutional rights, seem to have backed away from this case, perhaps because of the seriousness of the charges, or perhaps because his case does not seem as "pure" as those of some other defendants. Some people are also concerned that Len's brush with the law "taints" him. We feel that Len's case deserves attention comparable to other recent cases. The charges in the indictment, as explained to us, are no more serious than those in the indictment's of others, and the charges do not seem to be as serious as the media depicts them. More importantly, the duel model process of justice that ostensibly guides criminal proceedings must be applied to all equally, whether the defendant is squeaky clean or a homicidal maniac. We are troubled by those who think that, because Len has had a previous legal problem, he is less deserving of legal help. Often, it is precisely those whose image is the most tarnished who are most at risk in the judicial process. If the issues are worthy and potentially affect others, then it is in everybody's interests to assure that justice is served. CuD recently talked at length with Len about his current situation. We have not talked with Len's attorney nor have we seen copies of motions or of the evidence. Len's current attorney is a public defender who has been busy in the multiple calls we made daily for three days. He has not returned our calls. Those who have the time to try to obtain information >from him may contact him at: Jim Kraft (the attorney) Kraft, Balcerzak and Bartlett 7050 Oakland Mills Road Columbia, MD 21046 (phone: 301-381-4646). Len informs us that the case number is CR-90-0202, Federal Court, Baltimore. ******************************************************************* WHO IS LEN ROSE? Len Rose is a 31 year old computer programmer who lives in Pennsylvania. He has been married for 10 years and has a son, five years old, and a two year old daughter. He served six years in the army and, he informed us, received the highest peacetime medal and "held a top secret clearance until this happened." Len broke his leg in three places in early August during a fishing outing with his son when he fell off a 35 foot cliff, "but at least I kept my son from falling," he said. Prior to his arrest, Len operated his own computer system and was a computer consultant. One specialty area was Unix systems. WHAT IS LEN CHARGED WITH? Len told us that there are five counts against him under Title 18. Two are for computer fraud and three are for transporting allegedly stolen goods in excess of $5,000 across state lines. (See File 3, this issue, for a copy of the indictment). According to Len, the two fraud counts were for allegedly altering "login.c," which is source code for unix login programs, which was modified to perform a trojan horse function to record login names and passwords and store them in a file system. Len said he wrote the program because somebody was attacking his own system, and he installed the program on his system to see what accounts were being attacked. He indicated that login.c is being valued in the indictment at $75,000, a value reminiscent of the inflated E911 file charges that federal prosecutors in Chicago charged was worth over $79,000. Under cross-examination, it was determined that the information in the E911 files could be obtained in a $13 manual. The other fraud count was for sending out a password scanner that he wrote himself that scans passwords and tries to decrypt them. "You can find more powerful programs n the net," he said, "such as Crypt Breakers Workbench and COPS, which are archived on uunet to name just two {sources}." According to Len, "The things I wrote were so trivial, a first year computer science student could have written them. What it did was take a word out of a dictionary file and encrypt it, and it compared the encrypted form to the encrypted password in the password file. It was a very mindless program. I had written it a long time ago, and used it many times myself and when I was doing it for security {consulting}. That's all I used it for, on any system concerned with security. In fact, it was obsolete, because when ATT released system V 3.2 backin 1988, they stopped using the file /etc/password and went to the /etc/shadow which was only readable by the root account or super user accounts. This program {in question} can't be installed without being able to control the system. I couldn't be used by a normal user." The three transportation counts apparently stemmed from multiple sendings of this file. He sent the program to an e-mail publication, but the program did not arrive intact, so he re-sent it, which, he said, was the basis of the second count. The final count, for the same program, occured because he deleted his own program and received a copy of the program he had previously sent. Len related a story that sounded similar to SS Agent Timothy Foley's account of the initial questioning of Craig Neidorf. Len said he was originally asked about the E911 files, and that the agents told him that he was not in any trouble. Len said, "I told them everything I knew. I cooperated with them to the fullest extent possible, because I trusted them. I didn't try to hide anything. I told them everything, and they were after this 911 stuff. They said I wouldn't be prosecuted if I told them everything, but they did. They told me to tell them now and it won't matter, but if it came out later.....I told him about the source code." Len emphasized that he did not steal the source code and that he used it only to learn Unix. Contrary to some reports both in the media and circulating on the nets, Len adamantly denies ever being a member of the Legion of Doom, a denial confirmed by LoD members and a recent LoD listing of participants. "I never said I was a member of LoD, that was nothing out of my mouth. I never had any association with them, and only knew some of the people. I considered it a kids group, immature, and I never had any involvement with any group anywhere. I was not a joiner," he said. WHAT WAS LEN'S PREVIOUS OFFENSE? Because of the rumors circulating about an earlier offense, we asked Len to tell us what he could. The case has not yet been resolved, although it will be concluded within the next few days. It occured in 1989, and was unrelated to the current situation. It was a state offense for felony theft, which resulted from an attempt to recover computer equipment that he believed at the time to be rightfully his, and was the consequence of a dispute between himself and a company he felt had "ripped him off." On the streets, we called this "midnight repossession." "It was very stupid. I had never been n trouble before that and I am very ashamed," he said. The details of the case can be more fully elaborated after it is fully resolved. WHAT'S LEN'S STATUS NOW? The trial was originally scheduled for August 20, but it appears now that it may be postponed until February. Until then, Len has no computer equipment, and he said that the judge would not consider a motion to return it because the judge perceived that he could use it to commit further crime. As a consequence, Len has no source of income, and said that he has lost his home, his credit rating and credit cards, his business, and some of his friends. "I've lost everything." He is currently immobilized because of his leg fracture, and will be in casts of various types for at least eight weeks and may require surgery. His situation has put severe strains on his finances, psyche, and domestic life. He indicated that he could no longer afford to retain his original attorney, Carlos Recio of Deso and Greenberg in Washington, D.C., and was currently represented by a public defender. His income was slashed by one-twentieth, and he estimated he has barely made $5,000 this year. He lost his office and currently works from a single room in a friend's company. He feels that his reputation has been unjustifiably destroyed, largely by distorted media representations and rumors and added, "The press has been as damaging as the Secret Service." If Len's account is accurate, then it would seem to raise many of the same questions addressed by the EFF, CuD, 2600 Magazine, and others interested in protecting the Constitutional rights of computerists. Len is not being charged with theft, but with violations that raise the definition of property, the legal rights of programmers, the status of source could that seems to be fairly accessible, and other evolving issues in the still-tenuous relationship between technology and law. It also raises the issue of "cruel and unusual punishment." If the summary of the indictment is correct, it would appear that the consequences resulting from Len's situation far exceed the crime, and any additional sanctions, especially if they involve incarceration, will be neither in the interests of Len, or, ultimately, of society. To deprive an individual who has been a contributing member to society of a means of livelihood would seem to serve little purpose in this or any other case. Some argue that the courts are the best forum to decide both the guilt/innocence and the fate of defendants. But, justice is not always served in the legal process, especially in the grey area of ambiguous laws enforced by technologically untrained investigators and prosecutors. Regardless of what one might think of Len's judgment in some of his behaviors, we must nonetheless ask: If Len's account is accurate, at what point does the punishment become too great? For Len Rose, the immediate goal is modest: "I just want to get my home back again." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: 12 August, 1990 From: Moderators Subject: Len Rose Indictment ******************************************************************** *** CuD #1.28: File 3 of 4: Len Rose Indictment *** ******************************************************************** Len Rose provided the following copy of his indictment, which we have edited only with a spell-checker. The five counts against Len seem quite general, and in many ways are similar both in style and substance to those filed against Craig Neidorf. The perhaps obligatory reference to the Legion of Doom is made in count one without establishing the defendant's connection to it, the value of the alleged "property" established as over $5,000 (Len informs us that the value is established at about $75,000) seems absurdly over-stated given the apparent nature of the "property" in question, he is being charged with sending a program that he wrote that is much less powerful than similar programs readily accessible to the public, and the charges themselves seem sufficiently vague and ambiguous that they could apply to many forms of knowledge or information. We do not publish the indictment as a "Len Rose Issue." Instead, we suggest that the document below reflects the continued misuse of law as a means to control information. What is the precise nature of the information in question? Was it used by the defendant to defraud? Is there any evidence that he, or anybody else, intended to use it to defraud? The following indictment, like the indictment in the Neidorf case, seems vague, and from the trickles of information coming in, it seems that none of the evidence strongly supports any of the counts. If true, it seems like deja vous all over again. ******************************************************************** Subject: Len Rose Indictment Date: Sun, 12 Aug 90 15:29:14 -0400 From: lsicom2!len@CDSCOM.CDS.COM IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND UNITED STATES OF AMERICA * * Criminal No. v. * - - * LEONARD ROSE, a/k/a/ "Terminus" * (Computer Fraud, 18 U.S.C. * S 1030(a) (6); Interstate * Transportation of Stolen * Property, 18 U.S.C. S 2314; * Aiding and Abetting, 18 * U.S.C. S 2) Defendant. * * * * * * * * * * INDICTMENT COUNT ONE The Grand Jury for the District of Maryland charges: FACTUAL BACKGROUND 1. At all times relevant to this Indictment, American Telephone & Telegraph Company ("AT&T"), through it's subsidiary, Bell Laboratories ("Bell Labs"), manufactured and sold UNIX (a trademark of AT&T Bell Laboratories) computer systems to customers throughout the United States of America. 2. At all times relevant to this Indictment, AT&T sold computer programs ("software") designed to run on the UNIX system to those customers. This software is designed and manufactured by AT&T;some software was available to the public for purchase, other software was internal AT&T software (such as accounting and password control programs) designed to operate with the AT&T UNIX system. 3. At all times relevant to this indictment, computer hackers were individuals involved with gaining unauthorized access to computer systems by various means . These means included password scanning (use of a program that employed a large dictionary of words, which the program used in an attempt to decode the passwords of authorized computer system users), masquerading as authorized users, and use of trojan horse programs. 4. At all times relevant to this Indictment, the Legion of Doom ("LOD") was a loosely-associated group of computer hackers. Among other activities, LOD members were involved in: a. Gaining unauthorized access to computer systems for purposes of stealing computer software programs from the companies that owned the programs; b. Gaining unauthorized access to computer systems for purpose of using computer time at no charge to themselves, thereby fraudulently obtaining money and property from the companies that owned the computer systems; c. Gaining unauthorized access to computer systems for the purpose of stealing proprietary source code and information from the companies that owned the source code and information; d. Disseminating information about their methods of gaining unauthorized access to computer systems to other hackers; e. Gaining unauthorized access to computer systems for the purpose of making telephone calls at no charge to themselves, obtaining and using credit history and data for individuals other than themselves, .and the like. 5. At all times relevant to this Indictment, LEONARD ROSE JR. a/k/a "Terminus", was associated with the LOD and operated his own computer system, identified as Netsys. His electronic mailing address was netsys!len COMPUTER TERMINOLOGY 6. For the purpose of this Indictment, an "assembler" is a computer program that translates computer program instructions written in assembly language (source code) into machine language executable by a computer. 7. For the purpose of this Indictment, a "compiler" is a computer program used to translate as computer program expressed in a problem oriented language (source code) into machine language executable by a computer. 8. For the purpose of this Indictment, a "computer" is an internally programmed, automatic device that performs data processing. 9. For the purpose of this Indictment, a "computer network" is a set of related, remotely connected terminals and communications facilities, including more than one computer system, with the capability of transmitting data among them through communications facilities, such as telephones. 10.For the purposes of this Indictment, a "computer program" is a set of data representing coded instructions that, when executed by a computer causes the computer to process data. 11.For the purposes of this Indictment, a "computer system" is a set of related, connected, or unconnected computer equipment, devices, or software. 12.For the purposes of this Indictment, electronic mail ("e-mail") is a computerized method for sending communications and files between computers on computer networks. Persons who send and receive e-mail are identified by a unique "mailing" address, similar to a postal address. 13.For the purposes of this Indictment a "file" is a collection of related data records treated as a unit by a computer. 14.For the purposes of this Indictment, "hardware" is the computer and all related or attached machinery, including terminals, keyboard, disk drives, tape drives, cartridges, and other mechanical, magnetic, electrical, and electronic devices used in data processing. 15.For the purposes of this Indictment, a "modem" is a device that modulates and demodulates signals transmitted over data telecommunications facilities. 16.For the purposes of this Indictment, "software" is a set of computer programs, procedures, and associated documentation. 17.For the purposes of this Indictment, "source code" is instructions written by a computer programmer in a computer language that are used as input for a compiler, interpreter, or assembler. Access to source code permits a computer user to change the way in which a given computer system executes a program, without the knowledge of the computer system administrator. 18.For the purposes of this Indictment, "superuser privileges" (sometimes referred to as "root") are privileges on a computer system that grant the "superuser" unlimited access to the system, including the ability to change the system's programs, insert new programs, and the like. 19.For the purposes of this Indictment, a "trojan horse" is a set of computer instructions secretly inserted into a computer program so that when the program is executed, acts occur that were not intended to be performed by the program before modification. 20.For the purposes of this Indictment, "UNIX" (a trademark of AT&T Bell Laboratories) is a computer operating system designed by AT&T Bell Laboratories for use with minicomputers and small business computers, which has been widely adopted by businesses and government agencies throughout the United States. COMPUTER OPERATIONS 21.For the purposes of this Indictment, typical computer operations are as described in the following paragraphs. A computer user initiates communications with a computer system through his terminal and modem.The modem dials the access number for the computer system the user wishes to access and, after the user is connected to the system, the modem transmits and receives data to and from the computer. 22.Once the connection is established, the computer requests the user's login identification and password. If the user fails to provide valid login and password information, he cannot access the computer. 23.Once the user has gained access to the computer, he is capable of instructing the computer to execute existing programs. These programs are composed of a collection of computer files stored in the computer's memory. The commands that make up each file and, in turn, each program, are source code. Users who have source code are able to see all of the commands that make up a particular program. They can change these commands, causing the computer to perform tasks that the author of the program did not intend. 24.The user may also copy certain files or programs from the computer he has accessed; if the user is unauthorized, this procedure allows the user to obtain information that is not otherwise available to him. 25.In addition, once a user has accessed a computer, he may use it's network connections to gain access to other computers. Gaining access from one computer to another permits a user to conceal his location because login information on the second computer will reflect only that the first computer accessed the second computer. 26.If a user has superuser privileges, he may add, replace, or modify existing programs in the computer system. The user performs these tasks by "going root"; that is, by entering a superuser password and instructing the computer to make systemic changes. 27. On or about January 13, 1989, in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a Terminus did knowingly, willfully, intentionally, and with intent to defraud, traffic in (that is, transfer, and otherwise dispose of to another, and obtain control of with intent to transfer and dispose of) information through which a computer may be accessed without authorization, to wit: a trojan horse program designed to collect superuser passwords, and by such conduct affected interstate commerce. 18 U.S.C. S 1030(a) (6) 18 U.S.C. S 2 COUNT TWO And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. On or about January 9, 1990, in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did knowingly, willfully, intentionally, and with intent to defraud, traffic in (that is, transfer, and otherwise dispose of to another, and obtain control of with intent to transfer and dispose of) information through which a computer may be accessed without authorization, to wit: a trojan horse login program, and by such conduct affected interstate commerce. 18 U.S.C. S 1030(a) (6) 18 U.S.C. S 2 COUNT THREE And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about May 13, 1988 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported, transmitted, and transformed in interstate commerce goods, wares, and merchandise of the value of $5000 or more, to wit: computer source code that was confidential, proprietary information of AT&T, knowing the same to have been stolen, converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 COUNT FOUR And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about January 15, 1989 in the State and District of Maryland , and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported, transmitted, and transformed in interstate commerce goods, wares, and merchandise of the value of $5000 or more, to wit: computer source code that was confidential, proprietary information of AT&T, knowing the same to have been stolen, converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 COUNT FIVE And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about January 8, 1990 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported, transmitted, and transformed in interstate commerce goods, wares, and merchandise of the value of $5000 or more, to wit: computer source code that was confidential, proprietary information of AT&T, knowing the same to have been stolen, converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 ____________________ Breckinridge L. Wilcox -- >From CuD 2.00: Date: Undated From: Anonymous Subject: Len Rose's Search Warrant ******************************************************************** *** CuD #2.00: File 3 of 5: Len Rose's Search Warrant *** ******************************************************************** UNITED STATES DISTRICT COURT District of Maryland APPLICATION AND AFFIDAVIT FOR SEARCH WARRANT In the matter of the Search of: Residence of 7018 Willow Tree Drive CASE NUMBER: 90-0002G Middletown, Maryland I Timothy Foley being duly sworn depose and say: I am a Special Agent and have reason to believe that on the property or premises known as: the residence at 7018 Willow Tree Drive, Middletown, Maryland (see attachment B) in the District of Maryland there is now concealed a certain person or property ,namely (see attachment A) which is concerning a violation of Title 18 United States code,Sections 2314 and 1030. The facts to support a finding of Probable Cause are as follows: (see attachment C) Sworn to before me and subscribed in my presence February 1,1990 at Baltimore Maryland Clarence F. Goetz,U.S. Magistrate ATTACHMENT A computer hardware (including central processing unit(s),monitors,memory devices, modem(s), programming equipment,communications equipment,disks, prints,and computer software (including but not limited to memory disks, floppy disks, storage media) and written material and documents relating to the use of the computer system (including networking access files, documentation relating to the attacking of computer and advertising the results of the computer attack (including telephone numbers and location information), which constitute evidence,instrumentalities and fruits of federal crimes, including interstate transportation of stolen property (18 USC 2314) and interstate transportation of computer access information (18 USC 1030(a)(6)). This warrant is for the seizure of the above described computer and computer data and for the authorization to read information stored and contained on the above described computer and computer data. ATTACHMENT B Two level split-foyer style house with a upper story overhang on either side of a central indentation for the front door. House is white upper with red brick lower portion under the overhanging upper story. Front door is white. There is a driveway on the lefthand side of the house as you face the front. Mail box is situated on a post adjacent to the driveway and mailbox displays the number 7018. ATTACHMENT C State of Maryland ) ) SS County of Frederick ) AFFIDAVIT 1. I, Timothy Foley, am a Special Agent of the United States Secret Service and have been so employed for the past two years. I am presently assigned to the Computer Fraud Section of the United States Secret Service in Chicago. Prior to that I was employed as an attorney of law practicing in the City of Chicago and admitted to practice in the State of Illinois. I am submitting this affidavit in support of the search warrant for the premises known as the residence of Leonard Rose at 7018 Willow Tree Drive in Middletown, Maryland. 2. This affidavit is based upon my investigation and information provided to me by Special Agent Barbara Golden of the Computer Fraud Section of the United States Secret Service in Chicago. S.A. Golden has been employed by the Secret Service for 13 years, and has been a Special Agent with the Secret Service for 3 years and by other agents of the United States Secret Service. 3. I have also received technical information and investigative assistance from the experts in the fields of telecommunications, computer technology, software development and computer security technology, including: a. Reed Newlin, a Security Officer of Southwestern Bell, who has numerous years of experience in operations,maintenance and administration of telecommunication systems as an employee of the Southwestern Bell Telephone Company. b. Henry M. Kluepfel, who has been employed by the Bell System or its divested companies for the last twenty-four years. Kleupfel is presently employed by Bell Communications Research, (Bellcore) as a district manager responsible for coordinating security technology and consultation at Bellcore in support of its owners, the seven (7) regional telephone companies, including BellSouth Telephone Company and Southwestern Bell Telephone Company. Mr. Kleupfel has participated in the execution of numerous Federal and State search warrants relative to telecommunications and computer fraud investigations. In addition, Mr. Kleupfel has testified on at least twelve (12) occasions as an expert witness in telecommunications and computer fraud related crimes. c. David S. Bauer, who has been employed by Bell Communications Research, (Bellcore) since April 1987. Bauer is a member of the technical staff responsible for research and development in computer security technology and for consultation in support for its owners, the seven (7) regional telephone companies, including BellSouth. Mr. Bauer is an expert in software development,communications operating systems, telephone and related security technologies. Mr. Bauer has conducted the review and analysis of approximately eleven (11) computer hacking investigations for Bellcore. He has over nine (9) years of professional experience in the computer related field. d. At all times relevant to this affidavit, "computer hackers" were individuals involved with the unauthorized access of computer systems by various means. The assumed names used by the hackers when contacting each other were referred to as "hacker handles." Violations Involved ------------------- 5. 18 USC 2314 provides federal criminal sanctions against individuals who knowingly and intentionally transport stolen property or property obtained by fraud, valued at $5,000.00 or more, in interstate commerce. My investigation has revealed that on or about January 8, 1990 Leonard Rose, using the hacker handle Terminus, transported a stolen or fraudulently obtained computer program worth $77,000.00 from Middletown, Maryland to Columbia, Missouri. 6. 18 USC 1030(a) (6) provides federal criminal sanctions against individuals who knowingly and with intent to defraud traffic in interstate commerce any information through which a computer may be accessed without authorization in interstate commerce. My investigation has revealed that on or about January 8,1990 Leonard Rose trafficked a specially modified copy of AT&T Unix source code SVR 3.2 in interstate commerce from Middletown, Maryland to Columbia,Missouri. (Source code is a high level computer language which frequently uses English letters and symbols for constructing computer programs. Programs written in source code can be converted or translated by a "compiler" program into object code for use by the computer.) This Unix source code SVR 3.2 had been specially modified so that it could be inserted by a computer hacker into any computer using a Unix operating system and thereafter enable the hacker to illegally capture logins and passwords used by legitimate users of the computer. Discovery of the Altered Unix Source Code ----------------------------------------- 7. For the past seven (7) months I have been one of the United States Secret Service agents involved in a national investigation into attacks on telephone computer switches by various computer "hackers" including an organization referred to as the Legion of Doom (LOD). 8. My investigation to date has disclosed that hackers have stolen sensitive proprietary information from various telecommunications organizations and published this information in "hacker" publications such as "Phrack" newsletter. On Janurary 18,1990 Craig Neidorf (hacker handle Knight Lightning) the editor and co-publisher of "PHRACK" was caught in possession of various stolen computer files including the source code for UNIX SVR3.2 and the text file for the Bell South's enhanced 911 (E911) system. 9. On January 18,1990 Reed Newlin, Southwestern Bell, and I conducted an examination of the computer files of Craig Neidorf, a hacker known to us as Knight Lightning,at the University of Missouri at Columbia in Columbia, Missouri (referred to hereafter simply as Neidorf computer files). Newlin's examination of the Neidorf computer files extended from the night of January 18 into the early morning hours of January 19. Later on January 19 Newlin advised me that his examination of the Neidorf computer files had disclosed the existence of what he believed to be proprietary AT&T UNIX SVR3.2 source code in among Neidorf's computer files. He further advised me that the AT&T source code appeared to have been modified into a hacker tutorial which would enable a computer hacker to illegally obtain password and login information from computers running on a UNIX operating system. 10. On January 29, 1990 I interviewed Craig Neidorf and he advised me that Leonard Rose (hacker handle "Terminus") had provided him with the AT&T UNIX SVR3.2 source code which had been taken by me from his computer files on the computers at the University of Missouri. (Neidorf is soon to be indicted in Chicago for violations of 18 USC 1030,1343, and 2314. Neidorf's interview took place while he was aware of the potential charges which might be brought against him.) 11. Neidorf's identification of Leonard Rose (Terminus) as his source for the stolen UNIX source code is corroborated by the physical evidence. That evidence also shows that Terminus knew the code was stolen. On January 20, 21, and 31, 1990 I personally examined the 19 pages of AT&T UNIX SVR3.2 found in the Neidorf computer files by Newlin. On pages one and two of the AT&T document the author of the file identifies himself by the hacker handle "Terminus". On the first page of the document Terminus advised Neidorf that the source code came originally from AT&T "so it's definitely not something you wish to get caught with". Terminus also inserts the following warning into the text of the program on the first page: "Warning: this is AT&T proprietary source code. Do NOT get caught with it.." On page 26 of the program Terminus also states: "Hacked by Terminus to enable stealing passwords.. This is obviously not a tool for initial system penetration, but instead will allow you to collect passwords and accounts once it's been installed. Ideal for situations where you have a one-shot opportunity for super user privileges.. This source code is not public domain..(so don't get caught with it). In addition to these warnings from Terminus the AT&T source code also carries what appears to be the original warnings installed in the program by AT&T on pages 2,5,6,7,26 and 28: Copyright (c) 1984 AT&T All rights reserved THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T The copyright notice above does not evidence and actual or intended publication of the source code. 12. On January 26 and 30, 1990 copies of the UNIX SVR 3.2 source code found in the Neidorf computer files and discussed above were sent to UNIX experts with AT&T (Mr. Al Thompson) and Bellcore (Mr. David Bauer and Mr. Hank Kleupfel) for their evaluation. 13. On January 30, 1990 Al Thompson of AT&T advised me that his initial review of the document and the initial review of the document by AT&T's software licensing group had disclosed the following: a. The document was in fact a copy of the AT&T UNIX SVR3.2 source code login program. b. The program's value was approximately $75,000.00 c. Neither Leonard Rose nor Craig Neidorf were licensed to own or possess the source code in question. d. The source code provided to him had been made into a tutorial for hackers which could be used to install "trap doors" into a computer and it's operating system. These trap doors would enable a hacker to illegally obtain the passwords and logins of the legitimate users of a computer running on a UNIX operating system. Identification of Leonard Rose as Terminus ------------------------------------------ 14. The AT&T Unix SVR3.2 source code described in paragraphs 9 through 13 above reflected that a hacker named Terminus was the author of the modifications. 15. On January 15 and 30, 1990 David Bauer of Bellcore advised me that Terminus is the hacker handle for an individual named Leonard Rose who resides in Maryland. Bauer advised me that in e-mail between Terminus and a hacker known as the Prophet (Robert Riggs), on October 9, 1988 Terminus had identified himself as: Len Rose Len@Netsys.COM,postmaster@Netsys.COM 301-371-4497 Netsys,Inc. 7018 Willowtree Drive Middletown MD 21769 16. In addition, Bauer's examination disclosed that Terminus received e-mail at the following addresses: "len@ames.arc.nasa.gov" or "len@netsys.com". The address "len@ames.arc.nasa.gov" indicates that the author has the account "len" on the system named "Ames" in the domain "arc" that is owned and operated by the National Air and Space Agency of the United States government. 17. My continuing review on January 25,1990 of the Neidorf computer files disclosed that Rose was continuing to send e-mail to Neidorf and to receive e-mail from Neidorf. On December 28,1989,Leonard Rose (Terminus) sent an e-mail message to Neidorf in which Rose gives his address as 7018 Willowtree Drive in Middletown, Maryland 21769 and gives his e-mail address as follows: "len@netsys.netsys.com" 18. On January 30, 1990 I was advised by individuals with the Computer Emergency Reaction team (CERT) that the e-mail address "len@netsys.netsys.com" is located at 7018 Willowtree Drive,Middletown, Maryland 21769. CERT is an organization located at the Carnegie-Mellon Institute and funded by the Defense Advanced Research Projects Agency. It records contain information about the location of many computers in the United States. 19. There is additional evidence identifying Terminus as Leonard Rose. On January 30, 1990 I received a May 24,1987 copy of "Phrack" magazine from Hank Kluepfel of Bellcore wherein hacker Taran King (Randy Tischler) interviewed and "profiled" Terminus (a/k/a Leonard Rose). The personal background information in the article included the following: Handle: Terminus Call him: Len Past Handles: Terminal Technician Handle Origin: Terminal Technician originated because of Len's view of himself as a hacker. Terminus was an offshoot of that and, although it is an egotistical view, it means he has reached the final point of being a proficient hacker. Date of birth: 1/10/59 Age at current date: 29 Height: 5'9" Weight: About 190 lbs. Eye Color: Hazel Hair Color: Brown Computers: 6800 home brew system, Apple II,Altair S100, 2 Apple II+s,IBM PC,IBM XT,IBM 3270, IBM AT, and 2 Altos 986's Sysop/Co-Sysop: MetroNet,MegaNet, and NetSys Unix Terminus is further described as an electronic engineer and he designs boards for different minicomputers like PDP-11s,Data Generals,Vaxes, and Perkin-Elmer who also writes software and writes computer code in machine language. 20. My January 25 review of the Neidorf computer files also disclosed a January 9,1990 e-mail message from Rose to Neidorf at 12:20 am which corroborated the fact that Rose had sent Neidorf the UNIX SVR3.2 source code on or around January 7,1990. In this message Rose tells Neidorf that he (Rose) lost his copy of what he sent to Neidorf the other night because his (Rose's) hard drive had crashed. 21. My January 25 review also disclosed a second e-mail message from Rose to Neidorf on January 9,1990, at 3:05 pm . This message indicates that Neidorf had sent a copy of the requested source code back to Rose as +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ******************************************************************** *** CuD #2.15: File 2 of 7: Len Rose Indictment and News Article*** ******************************************************************** "Innocent Plea in Computer Case: Naperville Man Denies Taking Key Program from Firm" From: Chicago Tribune, December 4, 1990: Sect. 2, p. 7) By Joseph Sjostrom One of the first persons ever charged with computer tampering in Du Page County pleaded not guilty Monday. Leonard Rose, 31, of Naperville, entered the plea before Associate Du Page County Judge Thomas Callum, who set the next hearing for January 14. Rose is charged with gaining access to a computer at Interactive Systems, Inc., a Naperville software company where he worked for only a week last month, and with "removing" a program called AT&T Unix Source Code, which is the basic operating instructions that tell a computer how to receive and use all the other programs. If the case goes to trial, the prosecutor, Assistant State's Atty. David Bayer, will have to convince a jury that Rose removed the source code and that such action was illegal, even though the code remained in the computer >from which he allegedly took it. Rose's attorney, Sheldon Zenner of Chicago, expects the case will never get beyond the first of those questions. "Quite simply, he didn't do it," Zenner said. Rose is under federal indictment in Baltimore for copying a similar program >from a computer there and putting it on a computer bulletin board, where computer users could copy and use it without paying fees to AT&T. Rose was indicted on November 21 in Du Page County. Naperville police and state's attorney's investigators searched his apartment and confiscated two computers and a number of computer discs. "There were certain commands made on %the Interactive Systems% computer which suggest the source code was copied, or down-loaded %onto another computer%," Zenner said. "So they looked for the source code on Rose's computer, but it wasn't there. So they'll have to try to analyze the commands made on his computer and I expect they'll have an expert testify that, based on his analysis, the code was downloaded %onto Rose's computer%. "But the source code isn't there because Rose didn't do it," Zenner said. "I expect to show the court that a serious mistake has been made." Despite the large number of sophisticated research and business computers in Du Page County, the only other recent prosecution for computer tampering was the case of a woman who used a computer about two years ago to take revenge on an employer for firing her. She was put on probation after admiting that, in a fit of anger, she purged several programs from the company computer before departing the office for the last time. Otherwise, the extent of computer tampering and fraud is impossible to know, though experts say the opportunities for such activities are extensive. (end article) ******************************* %Moderator's note: The story is a fair overview, but there is one major inaccuracy. Len Rose's Baltimore five count indictment *DOES NOT* charge him with "copying a similar program from a computer there and putting it on a computer bulletin board, where computer users could copy and use it without paying fees to AT&T." The federal indictment in Baltimore charges him with two counts of sending a trojan horse login file (which is not, in itself, illegal), and with three counts of transporting a very small portion of a Unix file across state lines. He is *NOT* charged with theft of that program in the indictment. Nor is he charged with downloading it or with placing it on a BBS where it could be downloaded. This portion of the story sounds like information provided by a prosecutor, because the reporter indicated he had not read the Baltimore indictment. ******************************* The following is a voice-transcribed version of Len Rose's indictment of December 3, 1990 (Illinois, Du Page County; Case # 90-CF-2635). The form may not correspond exactly with the original, but it approximates the wording as closely as possible. The status hearing is set for January 14, 1991. ****************** The grand jurors chosen, selected, and sworn, in and for the County of Du Page in the State of Illinois, IN THE NAME AND BY THE AUTHORITY OF THE PEOPLE OF THE STATE OF ILLINOIS, upon their oaths present that on or about the 17th day of October, 1990, at and within Du Page County, Illinois, Leonard Rose committed the offense of Computer Tampering in that said defendant accessed a computer belonging to Interactive Services, a corporation doing business at 1901 S. Naper Boulevard, Naperville, Du Page County, Illinois, and removed a program known as AT&T Unix System without the authority of the computer's owner, in violation of Illinois revised statutes, 1989, Chapter 38, Section 16D-3(a)(3) AGAINST THE PEACE AND DIGNITY OF THE SAME PEOPLE OF THE STATE OF ILLINOIS. (end indictment) ************************ Following is the relevant language of the Illinois Criminal Code (Chapter 38): ************************ 16D-3. COMPUTER tampering s 16D-3. COMPUTER Tampering. (a) A person commits the offense of COMPUTER tampering when he knowingly and without the authorization of a COMPUTER'S owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him: (1) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data; (2) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and obtains data or services; (3) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and damages or destroys the COMPUTER or alters, deletes or removes a COMPUTER program or data; (4) Inserts or attempts to insert a "program" into a COMPUTER or COMPUTER program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that COMPUTER, or any other COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or may alter, delete or remove a COMPUTER program or data from that COMPUTER, or any other COMPUTER program or data in a COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or ma cause loss to the users of that COMPUTER or the users of a COMPUTER which accesses or which is accessed by such "program". (b) Sentence. (1) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(1) of this Section shall be guilty of a Class B misdemeanor. (2) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(2) of this Section shall be guilty of a Class A misdemeanor an a Class 4 felony for the second or subsequent offense. (3) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(3) or subsection (a)(4) of this Section shall be guilty of a Class 4 felony and a Class 3 felony for the second or subsequent offense. (c) Whoever suffers loss by reason of a violation of subsection (a)(4) of thi Section may, in a civil action against the violator, obtain appropriate relief. In a civil action under this Section, the court may award to the prevailing party reasonable attorney's fees and other litigation expenses. requested (see paragraph 20 above). Rose's message began: "RE: UNIX file" and stated that the copy of the stolen source code received back from Neidorf had some type of "glitch". 22. These messages reflect that Rose still has at least one copy of the UNIX SVR3.2 source code in his possession. 23. On January 29,1990 Craig Neidorf advised me that on or around January 9, 1990 he received a copy of the Unix SVR3.2 source code which was telecommunicated to him via Bitnet from Leonard Rose in Maryland. 24. On January 30,1990, Hank Kluepfel of Bellcore advised me that based upon his background experience and investigation in this case and investigating approximately 50 other incidents this year involving the unauthorized use of other computer systems,hackers that run computer bulletin boards typically keep and use the following types of hardware,software and documents to execute their fraud schemes and operate their bulletin boards: a. Hardware - a central processing unit,a monitor, a modem,a keyboard, a printer, and storage devices (either floppy disks or auxiliary disk units),telephone equipment (including automatic dialing equipment,cables and connectors), tape drives and recording equipment. b. Software - hard disks, and floppy disks containing computer programs, including, but not limited to software data files, e-mail files, UNIX software and other AT&T proprietary software. c. Documents - computer related manuals, computer related textbooks, looseleaf binders, telephone books,computer printouts,videotapes and other documents used to access computers and record information taken from the computers during the above referred to breakins. 25. Based upon the above information and my own observation, I believe that at the residence known as 7018 Willow Tree Drive, Middletown, Maryland there is computer hardware (including central processing unit(s),monitors,memory devices,modem(s),programming equipment, communication equipment,disks,prints and computer software (including but not limited to memory disks,floppy disks,storage media) and written material and documents relating to the use of the computer system (including networking access files,documentation relating to the attacking of computer and advertising the results of the computer attack (including telephone numbers and location information.) This affidavit is for the seizure of the above described computer and computer data and for the authorization to read information stored and contained on the above described computer and computer data which are evidence of violations of 18 USC 2314 and 1030, as well as evidence,instrumentalities or fruits of the fraud scheme being conducted by the operator of the computer at that location. Location to be Searched 26. On January 31, 1990 I was advised by S.A. John Lewis, USSS in Baltimore that 7018 Willow Tree Drive in Middletown, Maryland is a two-level split-foyer style house with an upper story overhang on either side of a central indentation for the front door. The front door is white. There is a driveway on the left side of the house as you face the front. A mail box is situated on a post next to the driveway and displays the number 7018. 27. Request is made herein to search and seize the above described computer and computer data and to read the information contained in and on the computer and computer data. Special Agent TIMOTHY FOLEY United States Secret Service Sworn and Subscribed to before me this 1st day of February, 1990 Clarence E. Goetz United States Magistrate -- >From CuD 2.03: Date: Tue, 11 Sep 90 01:34:49 -0400 From: len@NETSYS.NETSYS.COM Subject: Len Rose's experience with the Secret Service ******************************************************************** *** CuD #2.03: File 2 of 4: Len Rose's Experience with the S.S. *** ******************************************************************** [Jim Thomas suggested I write something for the digest and I have been casting around for ideas.. All I really can think about nowadays is my own situation. I have become quite a bore to my friends I am sure.] Please excuse any vestiges of self-pity you may detect. The Day It Happened: I left my home around eleven am to drive down to Washington DC to meet with a potential client. After several hours with them , I started the drive back through the rush hour traffic. It was just a few minutes after five pm that I pulled into my driveway in Middletown Md. I remember getting out of the car and noticing that someone was in the back yard. He was wearing a blue wind breaker and was neatly dressed. We had been trying to sell a Jeep , and I assumed he was interested in buying the car. "What can I do for you" I asked.. I remember being slightly pissed that this person had just been hanging around the back of my home. He flipped his jacket aside and I saw a badge on his belt and a gun in a shoulder holster. "Please go into the house" he replied. I was pretty shaken and asked "What have I done wrong?" .. without answering the question, he took my arm and sort of marched me into the front door of my home. Upon entering, two agents pulled me up from the foyer, and put me against the wall while searching me. Then I remember being shown the front of a search warrant and then taken into my master bedroom. The door was shut and I didn't leave the room for more than five hours. They introduced themselves, and I asked them what this was about. Foley replied "We will ask the questions" .. "Do you know any of these hackers?" I was asked about 10 or 15 names, and out of them I said I recognized one or two from seeing articles here and there but hadn't had any contact with them. I remember Foley getting angry. "You had better cooperate, let's try again". I reiterated that I knew none of them. He said "You are not telling us the truth" ... I told him I had little contact with hackers and had been away from that scene for quite some time. He then scoffed and said "You have a hacker handle don't you... What is It?" I paused, and then replied "Terminus, but I haven't used it or gone by that in a very long time" He said "Right, like last month..." I thought about that and then I started to feel sick inside.. I knew that I had sent Craig Neidorf a copy of login.c which had been modified to perform certain functions that basically made it a trojan horse. I used that handle since I didn't want the world to know that Len Rose was sending someone proprietary source code through mail.. He shoved a photocopy of a printout under my nose and asked me if I recognized it.. I looked at it and said, "Yes.. " .. He asked me If I had made the modifications and placed certain comments within the source. "Yes" again. "But I never used it" I blurted out. "We are only interested in the 911 software and Rich Andrews" they said. [I never had anything to do with 911 software and after an extensive search of my systems that night by a certain AT&T employee they seemed to agree.] "Did Rich Andrews send you a copy of the 911 software?" Foley asked me. I told them no, no one had sent me anything of the sort. I told them that Rich had found some portion of 911 software on his system and sent it to Charley Boykin at killer to see if it was serious. Rich had told me before, and I sort of approved of the idea. I remember Rich saying that he'd had no response whatsoever.. [I wish he had told me the truth, but that is for him to explain why] "We want dirt on Rich Andrews.." Special Agent Timothy Foley said. "We feel he has been less then cooperative.." and "Do you know he is a convicted felon" I replied "Yes" but he is a good friend and I know he hasn't done anything wrong. He is not involved with hackers. Foley asked me about any dealings I had with Rich. I realized then that lying wouldn't do me any good, so I told them everything I could remember. What I had to say must not have been good enough, as Foley kept saying I wasn't going to get anywhere unless I told them all the truth. It took me a long time to convince them that was all I knew. During the interrogation, my legal problems in Virginia were brought up, and I mentioned that I might be acquitted. Jack Lewis said "If you get off in Virginia, I'll make sure we burn you for this" .. I felt then that I was completely shut off from reality. Foley then asked me to tell them anything illegal I had done. Jack Lewis said "It would be better if you tell us now, because if we discover anything else later it will be very serious". By this time, I was scared and I remember telling them that I had copies of AT&T System V v3.1, System V v3.2 and various other pieces of software which had been given to me by certain employees of AT&T (without the benefit of a license agreement). "Where is it" they asked.. I told them that I had a couple 9 track tapes with prominent labels on a tape rack. I remember asking several times to see my wife, and to go to the bathroom. Each time I was told I couldn't. If I hadn't been so scared I would have asked for an attorney, but my mind had shutdown completely. About 6 hours later I was finally led out of my bedroom and told to sit at the kitchen table and not to move. Foley and Lewis sat with me and put a sheet of paper in front of me and told me to write a statement. "What do you want me to write about" I asked. Foley said "Everything you told us about Rich Andrews and also everything about the Trojan horse login program." "Make sure you mention the System V source code".. So, as they were finishing loading up the moving truck, I sat there and wrote about two pages of information. It was about midnight, when they left, but not before handing me a subpoena to appear before the Grand Jury. They told me to tell Rich Andrews my main Unix system had crashed, and not to let him know that the SS had been there. I felt pretty bad about this because I kept thinking they were going to get him. He must have called siz or seven times the day after the "raid". I couldn't tell him anything, since I assumed my line was tapped. I remember going outside as they were starting to leave and looking into the back of the moving truck. The way some of the equipment was packed, I knew it wouldn't survive the trip into Baltimore. I asked for permission to re-pack several items (CPUs,Hard Disks, and a 9 track drive) and received it. As I watched my belongings pull away , I remember feeling so helpless, and confused. It was only then did it sink in that every material possession that really mattered to me (other than my home), was gone. All I had to show for it was a sketchy 20 page inventory.. Later, my wife told me what had gone on until I came home. The SS arrived around 3 pm, and had knocked on the door. She opened the door, and 5 or 6 agents pushed her back into the foyer. They took her by the arms and moved her over to a sofa in the living room. They had a female agent with them, and this person was detailed to stay with her. She was not allowed to make phone calls, or answer them (until much later in the evening.) My children were also placed there. My son, who was 4 at the time refused to submit to their authority (guns didn't scare him) would get up often and follow agents around. From what my wife recalls, they were amused at first , then later became less enthusiastic about that. She wasn't allowed to feed the kids until after I had been released from the interrogation session. She remembers getting up several times, to go to the bathroom or to retrieve diapers,etc. and being told to get back onto the sofa. The female agent even followed her into the bathroom. The massive search of every nook and cranny of our home encompassed much more than computer equipment. To this day, I feel there is a direct link between my previous legal problem in Virginia, and the extent of the search that day. In fact, the SS had obtained items seized from me by Virginia and had them in their posession before the raid ever took place. I remember going down to the SS office a couple days later to voluntarily answer the subpoena. I set up my equipment for them. Although they had labled most cables and connectors, there was some confusion. I remember showing them how to use my systems, and in particular how to do a recursive directory listing of every file contained within. After a while, once they made sure they had backups , I was allowed to type a few commands at a terminal in order to retrieve an ascii text file (a resume). Later, while being escorted back out to the front of their offices, I saw a large room filled with stacks of boxes and equipment cases which had constituted the entire sum of my office and all equipment,software,and documentation. I was feeling pretty numb, and remember asking the agents there to please take care of everything, since I hoped to get it back. In reflection, it seems pretty pitiful. It was this day that they told me I would be prosecuted, and I remember driving back from Baltimore feeling betrayed. Even though I had completely cooperated with them, and had been told I would not be prosecuted. When I got home, I was crying .. I couldn't handle this anymore. My sister was there and I remember she gave me three vallium.. I calmed down and in fact got pretty high from it. [The following is something the SS allege I did] Allegedly from a phone booth that night I called Rich Andrews and warned him to get rid of any source code or software he shouldn't have.. At this time I was also alleged to have told Rich that I was leaving the country, and would go to Korea with my wife and kids. [If I did do this, I never said anything about leaving] .. They apparently had either tapped his line, or he told them about my call. [I would have been stupid to say this, since Korea has extradition treaties with the US] My Arrest: Several days later, I received a sudden call from Special Agent John Lewis and he told me to come down and pick up my fax machine. (I had been pestering them about it so I could fax my resume out to headhunters so I could find a job).. [ Ironically, I had been hired a week before by Global Computer Systems, in New Jersey to work as a contractor at AT&T's 3B2 Hotline in South Plainfield New Jersey .. I knew that after this AT&T wouldn't have anything to do with me and in fact was informed so the night of the raid ] Upon entering the SS office (Feb. 6) around 5 pm, I waited outside in the waiting room.. I had been doing some house painting and wasn't dressed very well. Jack Lewis came out and brought me back to one of their offices He held out his hand (as if to shake it) and instead put hand cuffs on my hand. He then locked the other to an eyebolt on the desk. He sat down across from me and told me to empty my pockets.. I complied, and then he started writing an inventory of my posessions. Jack Lewis looked up from his writing and said "You fucked us,Len!" "What do you mean?" I said. "You called Rich Andrews, and warned him to get rid of anything he shouldn't have,you fucked us!" .. I didn't reply. He then told me to pull my shoestrings out of my sneakers, and I did.. He called another agent in to witness the contents of his inventory,sealed the envelope and then told me I was going to jail.. About 15 minutes later he released the handcuffs from the desk, and put my arms behind my back and handcuffed them. I was led into the hallway, while he finished some last minute details.. He was nice enough to let me make a phone call, when I asked him..I promptly called a friend in Philadelphia. I knew he would know what to do.. Because my wife didn't speak English well, and would also have been hysterical I couldn't count on her to be much help. They drove me over to the Baltimore City Jail,told the bored looking turnkey at the desk to hold me for the night. I was pretty hungry but I had missed the evening meal , and despite repeated pleas to make my "phone call" the jailers ignored me. The people in the cells next to mine were an interesting lot. One was in for killing someone, and the other was in for a crack bust.. Someone in the cell block was drugged out, and kept screaming most of the night.. I didn't sleep much that night, and the with the cold steel slab they call a bed it wouldn't have been possible anyway. Sometime around 9 am a jailer appeared and let me out. I was then turned back over to the SS and they drove me back to the Federal Building... They put me in another holding cell and I was there for about 2 hours. A Federal Marshal came and took me to a court room, where I was charged with a criminal complaint of transporting stolen property over interstate lines with a value of $5000 or more. The conditions for my release were fairly simple.. Sign a signature bond placing my home as collateral, and surrender my passport. Fortunately my wife had come down earlier and Agent Lewis had told her to get my passport or I wouldn't be released .. She drove the 120 mile round trip and found it.. She returned, I was brought down to the courtroom and the magistrate released me. We retained an attorney that day, and several weeks later they agreed to drop all charges. I am told this was to give both sides some time to work out a deal. Against the better judgement of my (then) attorney I offered to meet with the Assistant U.S. attorney if they would bring someone down from Bell Labs. My thinking was that surely a Unix hacker would understand the ramifications of my changes to the login.c source and corroborate my explanations for the public domain password scanner. They also wanted me to explain other "sinister" activities , such as why I had an alias for the Phrack editors, and I knew a Unix person from the labs would know what I meant when I said it made it easier for people to get to .BITNET sites. I was a complete fool,and the person from Bell Labs got me in even worse trouble when he told them I had other "trojan" software on the systems. He was referring to a public domain implementation of su.c which David Ihnat (chinet) had written to allow people to share su access without actually knowing the root password. "But it is public domain software," I cried. The Bell Labs person turned and told David King (Asst. US Attorney) that I was lying. He went on to say that there was a considerable amount of R&D source code on my machines. Things that no one should possess outside of AT&T, like Korn shell and AwkCC. My attorney (Mr. Carlos Recio of Deso, and Greenberg - Washington DC) was furious with me. All he could say was that "I told you so.." and I realized I had been stupid. I had hoped if I could explain the situation to the govt. and have someone from AT&T verify what I said was true, then they would realize I was just a typical Unix freak, who hadn't been involved in anything more sinister than possibly having things I shouldn't have. After a few months the best deal Mr. King offered was for me to plead guilty to 2 felony counts (Computer Fraud) and I would receive a sentence of 17 months in prison. I refused to take the deal, [ Perhaps I may live to regret that decision when my trial begins in 91.. ] In May I was formally charged with 5 felony counts.. The rest is history.. Present Day: In better times I never lacked for work, and lived in a world where I spent more on phone bills per month (uucp traffic), than I have earned in the last four months. I am sitting here (rather lying, since I cannot get up) by the laptop computer (on loan to me from a friend) . Lately, I have grown to feel that without this little laptop and it's modem linking me to the network I would have been driven mad a long time ago.Reading Usenet news has been my only solace lately. During the day I spend hours calling around to all the head hunters asking for work.Since I still have a fax machine, I am able to fax my resume around. So far, I haven't had much luck in finding anything at all. Since all this happened , it seems that I have been blacklisted. A few companies expressed interest, but later called back and asked me if I was the "LoD hacker" and I told them yes.. They weren't interested anymore (I cannot blame them). I guess the Unix Today articles have cost me more than any of the others.. I lost a great contract ($500 a day) with a major bank in Manhattan when they saw the first article.. In various articles from various newspapers, I have been called the "Mastermind of the Legion of Doom" and other bizarre things. The lies told by the US Attorney in Baltimore in their press release were printed verbatim by many papers.. The usual propaganda about the Legion's activities in credit card fraud, breakins and the threat to the 911 system were all discussed in that press release and cast a bad light on me. I have had the good fortune to have a friend in Philadelphia who has loaned me office space in his firm's building. Such an arrangement lends an air of credibility to Netsys Inc. Too bad I have no clients or contracts. Since I broke my leg pretty badly (The doctor says I will be in a cast for six months and maybe some surgery) ,I haven't been able to visit the "office" but I have an answering machine there and I check my calls daily. We (my wife and two children) moved to the Philadelphia suburbs in order to put as much distance as possible from the SS Agent John "Jack" Lewis who is based in Baltimore. I realize that the SS have offices in every city, and agents to spare but it made me feel better knowing that he is in Baltimore and I am here. Anyway, at this point I am trying to find a few system admin jobs, and would take any salary they offered me. I am scared about the next few months since I cannot even get a job as a laborer or a 7-11 clerk since my leg is screwed.. My wife (who has a liberal arts degree) is looking for a job in this area.. We hope she can get a job working minimum wage in some department store or as a waitress. We have enough money to last another month I guess. Then I am not sure what we will do, since we haven't any relatives who will take us in. I have never been un-employed since leaving high school, and It's a pretty bad feeling. One day , If I survive this, I will never forget what has happened. I can't help feeling that there is a thin veneer of freedom and democracy in this country, and agencies like the Secret Service are really far more powerful than anyone had realized. I know that my friends within AT&T (E. Krell for one) feel I have "stolen" from their company. I can only laugh at this attitude since I have probably done more for AT&T than he has. Those of you who knew me before can attest to this. While it was "wrong" to possess source code without a license,I never tried to make money from it. I wrote a Trojan Horse program, which in all honesty was done to help defend my own systems from attack (it is currently installed as /bin/login on my equipment). Any allegations that I installed it on other systems are completely false. [ in fact, most of the source code was given to me by AT&T employees ] As far as the public domain password scanner program, well.. I realize that most of you know this, but items far more powerful can be obtained from any site that archives comp.sources.unix,and comp.sources.misc .. I used it as a legitimate security tool when doing security audits on my own systems and clients. It wasn't very good really, and considering it was obsolete (System V 3.2 /etc/shadow) anyway, it's usefulness was limited. Since the SS will be reading this article with interest, I want to point out that I will fight you to the end. Someday I hope you will realize you made an honest mistake and will rectify it. Perhaps there was some justification I am not aware of, but I doubt it. If I have to go to prison for this, perhaps it will benefit society. Who knows what what Len Rose would have done if left to continue his criminal pursuits. I hope to get my equipment, and software back and then re-start my life. There have been repeated motions to get my equipment back , but the judge has summarily denied them saying I will commit crimes If I get it back. I have offered to assist the SS in saving evidence,and to sign any agreement they choose regarding validity of that evidence. I may take up begging soon , and ask for help from someone who is rich. It's going to be winter soon and I don't look forward to being on the street. Len -- >From CuD 2.09: From: Moderators Subject: Len Rose Arrest Date: October 26, 1990 ******************************************************************** *** CuD #2.09: File 2 of 8: Len Rose Arrest *** ******************************************************************** Len Rose was arrested on state charges of "computer tampering" in Naperville, Ill., Naperville police confirmed Monday night. Len obtained a job at Interactive Systems Corporation, a software consulting firm, in Naperville and began Monday, October 15. Friday, he was fired. Bail was initially set at $50,000, and as of late Friday afternoon, he remained in jail. Len's wife speaks little English and is stuck in Naperville, lacking both friends and resources. Len currently has no money to post bond, and this leaves he and his family in a dreadful situation. We caution readers to remember that, under our Constitution, Len is *innocent* unless proven otherwise, but there is something quite troublesome about this affair. Hopefully, we'll soon learn what specific charges and what evidence led to those charges. Even if a "worst case" scenario evolves, there are surely better ways to handle such cases in less intrusive and devastating ways. Devastated lives and full invocation of the CJ process are simply not cost effective for handling these types of situations. -- >From CuD 2.14: From: Moderators Subject: Len Rose Indicted Date: 29 November, 1990 ******************************************************************** *** CuD #2.14: File 2 of 8: Len Rose Indicted *** ******************************************************************** "Man is Charged in Computer Crime" By Joseph Sjostrom From: Chicago Tribune, 28 November, 1990: Section 2, p. 2 Du Page County prosecutors have indicted a Naperville resident in connection with an investigation into computer tampering. Leonard Rose, 31, of 799 Royal St. George St., Naperville, was charged by the Du Page County grand jury last week with violating the 1988 "computer tampering" law that prohibits unauthorized entry into a computer to copy, delete or damage programs or data contained in it. Rose, who lived in Baltimore until last September or October, is under federal indictment there for allegedly copying and disseminating a valuable computer program owned by AT&T. The Du Page indictment charges him with copying the same program from the computer of a Naperville software firm that employed him for a week in October. His alleged tampering with computers there was noticed by other employees, according to Naperville police. A search warrant was obtained for Rose's apartment last month, and two computers and a quantity of computer data storage discs were confiscated, police said. The Du Page County and federal indictments charge that Rose made unauthorized copies of the AT&T Unix Source Code, a so-called operating system that gives a computer its basic instructions on how to function. The federal indictment says Rose's illegal actions there were commited between May 1988 and January 1990. The Du Page County indictment alleges he tampered with the Naperville firm's computers on Oct. 17. (end article) ************************************* Although we have not yet seen the indictment, we have been told that charges were made under the following provisions of the Illinois Criminal Code: ************************************* From: SMITH-HURD ILLINOIS ANNOTATED STATUTES COPR. (c) WEST 1990 No Claim to Orig. Govt. Works CHAPTER 38. CRIMINAL LAW AND PROCEDURE DIVISION I. CRIMINAL CODE OF 1961 TITLE III. SPECIFIC OFFENSES PART C. OFFENSES DIRECTED AGAINST PROPERTY ARTICLE 16D. COMPUTER CRIME 1990 Pocket Part Library References 16D-3. COMPUTER tampering s 16D-3. COMPUTER Tampering. (a) A person commits the offense of COMPUTER tampering when he knowingly and without the authorization of a COMPUTER'S owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him: (1) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data; (2) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and obtains data or services; (3) Accesses or causes to be accessed a COMPUTER or any part thereof, or a program or data, and damages or destroys the COMPUTER or alters, deletes or removes a COMPUTER program or data; (4) Inserts or attempts to insert a "program" into a COMPUTER or COMPUTER program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that COMPUTER, or any other COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or may alter, delete or remove a COMPUTER program or data from that COMPUTER, or any other COMPUTER program or data in a COMPUTER subsequently accessing or being accessed by that COMPUTER, or that will or may cause loss to the users of that COMPUTER or the users of a COMPUTER which accesses or which is accessed by such "program". (b) Sentence. (1) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(1) of this Section shall be guilty of a Class B misdemeanor. (2) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(2) of this Section shall be guilty of a Class A misdemeanor and a Class 4 felony for the second or subsequent offense. (3) A person who commits the offense of COMPUTER tampering as set forth in subsection (a)(3) or subsection (a)(4) of this Section shall be guilty of a Class 4 felony and a Class 3 felony for the second or subsequent offense. (c) Whoever suffers loss by reason of a violation of subsection (a)(4) of this Section may, in a civil action against the violator, obtain appropriate relief. In a civil action under this Section, the court may award to the prevailing party reasonable attorney's fees and other litigation expenses. (end Ill. Law) +++++++++++++++++++++++++++++++++++++++++ Illinois employs determinate sentencing, which means that the judge is bound by sentencing guidelines established by law for particular kinds of offenses (See Illinois' Univied Code of Corrections, Chapter 38, Sections 1005-8-1, 1006-8-2, 1005-5-3.1, and 1005-3.2). Computer tampering carries either a Class 4 felony sentence, which can include prison time of from one to three years, or a Class A misdemeanor sentence. With determinate sentencing, the judge selects a number between this range (for example, two years), and this is the time to be served. With mandatory good time, a sentence can be reduced by half, and an additional 90 days may be taken off for "meritorious good time." Typical Class 4 felonies include reckless homicide, possession of a controlled substance, or unlawful carrying of a weapon. A Class A misdemeanor, the most serious, carries imprisonment of up to one year. Misdemeanants typically serve their time in jail, rather than prison. Ironically, under Illinois law, it is conceivable that if an offender were sentenced to prison for a year or two as a felon, he could be released sooner than if he were sentenced as a misdemeanant because of differences in calculation of good time. From: bill Subject: Len Rose Outcome (from AP wire) Date: Sat, 23 Mar 91 14:29:14 EST ******************************************************************** *** CuD #3.10--File 3 of 5: AP Story on Len Rose *** ******************************************************************** BALTIMORE (AP) -- A computer hacker pleaded guilty Friday to stealing information from American Telephone & Telegraph and its subsidiary Bell Laboratories. Under an agreement with prosecutors, Leonard Rose pleaded guilty in U.S. District Court to one count of sending AT&T source codes via computer to Richard Andrews, an Illinois hacker, and a similar wire fraud charge involving a Chicago hacker. Prosecutors said they will ask that Rose be sentenced to two concurrent one-year terms. Rose is expected to be sentenced in May. Neither Rose nor his attorney could be immediately reached for comment late Friday. "Other computer hackers who choose to use their talents to interfere with the security and privacy of computer systems can expect to be prosecuted and to face similar penalties," said U.S. Attorney Breckinridge L. Willcox. "The sentence contemplated in the plea agreement reflects the serious nature of this new form of theft," Willcox said. Rose, 32, was charged in May 1990 in a five-count indictment following an investigation by the Secret Service and the U.S. Attorney's offices in Baltimore and Chicago. He also had been charged with distributing "trojan horse" programs, designed to gain unauthorized access to computer systems, to other hackers. Prosecutors said Rose and other hackers entered into a scheme to steal computer source codes from AT&T's UNIX computer system. The plea agreement stipulates that after he serves his sentence, Rose must disclose his past conduct to potential employers that have computers with similar source codes. +++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Anonymous Subject: Len Rose Pleads Guilty (Washington Post) Date: Mon, 25 Mar 91 11:22:13 PST ******************************************************************** *** CuD #3.10--File 4 of 5: Washington Post Story on Len Rose *** ******************************************************************** Source: Washington Post, March 23, 1991, pp A1, A10 "'Hacker' Pleads Guilty in AT&T CASE: Sentence Urged for Md. Man Among Stiffest Yet for Computer Crime" By Mark Potts/Washington Post Staff Writer BALTIMORE, March 22--A computer "hacker" who was trying to help others steal electronic passwords guarding large corporate computer systems around the country today pleaded guilty to wire fraud in a continuing government crackdown on computer crime. Federal prosecutors recommended that Leonard Rose Jr., 32, of Middletown, Md., be sent to prison for one year and one day, which would be one of the stiffest sentences imposed to date for computer crime. Sentencing is scheduled for May before U.S. District Judge J. Frederick Motz. Cases such as those of Rose and a Cornell University graduate student who was convicted last year of crippling a nationwide computer network have shown that the formerly innocent pastime of hacking has potentially extreme economic ramifications. Prosecutors, industry officials and even some veteran hackers now question the once popular and widely accepted practice of breaking into computer systems and networks in search of information that can be shared with others. "It's just like any other form of theft, except that it's more subtle and it's more sophisticated," said Geoffrey R. Garinther, the assistant U.S. attorney who prosecuted the Rose case. Rose--once part of a group of maverick hackers who called themselves the Legion of Doom--and his attorneys were not available for comment after the guilty plea today. The single fraud count replaced a five-count indictment of the computer programmer that was issued last May after a raid on his home by Secret Service agents. According to prosecutors, Rose illegally obtained information that would permit him to secretly modify a widely used American Telephone & (See HACKER, A10, Col 1) Telegraph Co. Unix software program--the complex instructions that tell computers what to do. The two former AT&T software employees who provided these information "codes" have not yet been prosecuted. Rose altered the AT&T software by inserting a "Trojan horse" program that would allow a hacker to secretly gain access to the computer systems using the AT&T Unix software and gather passwords used on the system. The passwords could then be distributed to other hackers, permitting them to use the system without the knowledge of its rightful operators, prosecutors said. Rose's modifications made corporate purchasers of the $77,000 AT&T Unix program vulnerable to electronic break-ins and the theft of such services as toll-free 800 numbers and other computer-based telecommunications services. After changing the software, Rose sent it to three other computer hackers, including one in Chicago, where authorities learned of the scheme through a Secret Service computer crime investigation called Operation Sun Devil. Officials say they do not believe the hackers ever broke into computer systems. At the same time he pleaded guilty here, Rose pleaded guilty to a similar charge in Chicago; the sentences are to be served concurrently, and he will be eligible for parole after 10 months. Rose and his associates in the Legion of Doom, whose nickname was taken from a gang of comic-book villains, used names like Acid Phreak Terminus--Rose's nickname--as their computer IDs. They connected their computers by telephone to corporate and government computer networks, outwitted security screens and passwords to sign onto the systems and rummaged through the information files they found, prosecutors said. Members of the group were constantly testing the boundaries of the "hacker ethic," a code of conduct dating back to the early 1960s that operates on the belief that computers and the information on them should be free for everyone to share, and that such freedom would accelerate the spread of computer technology, to society's benefit. Corporate and government computer information managers and many law enforcement officials have a different view of the hackers. To them, the hackers are committing theft and computer fraud. After the first federal law aimed at computer fraud was enacted in 1986, the Secret Service began the Operation Sun Devil investigation, which has since swept up many members of the Legion of Doom, including Rose. The investigation has resulted in the arrest and prosecution of several hackers and led to the confiscation of dozens of computers, thousands of computer disks and related items. "We're authorized to enforce the computer fraud act, and we're doing it to the best of our ability," Garry Jenkins, assistant director of investigations for the Secret Service, said last summer. "We're not interested in cases that are at the lowest threshold of violating the law...They have to be major criminal violations before we get involved." The Secret Service crackdown closely followed the prosecution of the most celebrated hacker case to date, that of Robert Tappan Morris Cornell University computer science graduate student and son of a computer sicentist at the National Security Agency. Morris was convicted early last year of infecting a vast nationwide computer network in 1988 with a hugely disruptive computer "virus," or rogue instructions. Although he could have gone to jail for five years, Mo $10,000, given three years probation and ordered to do 400 hours of community service work. Through Operation Sun Devil and the Morris case, law enforcement authorities have begun to define the boundaries of computer law. Officials are grappling with how best to punish hackers and how to differentiate between mere computer pranks and serious computer espionage. "We're all trying to get a handle for what is appropriate behavior in this new age, where we have computers and computer networks linked together," said Lance Hoffman, a computer science professor at George Washington University. "There clearly are a bunch of people feeling their way in various respects," said David R. Johnson, an attorney at Wilmer, Cutler & Pickering and an expert on computer law. However, he said, "Things are getting a lot clearer. It used to be a reasonably respectable argument that people gaining unauthorized access to computer systems and causing problems were just rambunctious youth." Now, however, the feeling is that "operating in unauthorized computing spaces can be an antisocial act," he said. Although this view is increasingly shared by industry leaders, some see the risk of the crackdown on hackers going to far. Among those concerned is Mitch Kapor, the inventor of Lotus 1-2-3, the best-selling computer "spreadsheet" program for carrying out mathematical and accounting analysis. Kapor and several other computer pioneers last year contributed several hundred thousands dollars to set up the Electron Freedom Foundation, a defense fund for computer hackers. EFF has funded much of Rose's defense and filed a friend-of-the-court brief protesting Rose's indictment. --end of article-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: brendan@CS.WIDENER.EDU(Brendan Kehoe) Subject: Washington Post Retraction to Original Story Date: Wed, 27 Mar 91 08:49:00 EST From: The Washington Post, Tuesday March 26, 1991, Page A3. CORRECTION [to Saturday March 23, 1991 article] "Leonard Rose, Jr., the Maryland computer hacker who pleaded guilty last week to two counts of wire fraud involving his illegal possession of an American Telephone & Telegraph Co. computer program, was not a member of the "Legion of Doom" computer hacker group, as was reported Saturday, and did not participate in the group's alleged activities of breaking into and rummaging through corporate and government computer systems." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Len Rose's "Guilt" and the Washington Post Date: March 28, 1991 ******************************************************************** *** CuD #3.10--File 5 of 5: Len Rose and the Washington Post *** ******************************************************************** Although Len Rose accepted a Federal plea bargain which resolved Federal charges against him in Illinois and Maryland, and state charges in Illinois, he will not be sentenced until May. Therefore, many of the details of the plea or of his situation cannot yet be made public. Len pleaded guilty to two counts of violating Title 18 s. 1343: 18 USC 1343: Sec. 1343. Fraud by wire, radio, or television Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined not more than $1000 or imprisoned not more than five years, or both. In our view, Len's case was, is, and continues to be, a political case, one in which prosecutors have done their best to create an irresponsible, inaccurate, and self-serving imagery to justify their actions in last year's abuses in their various investigations. Len's guilty plea was the result of pressures of family, future, and the burden of trying to get from under what seemed to be the unbearable pressure of prosecutors' use of law to back him into corners in which his options seemed limited. The emotional strain and disruption of family life became too much to bear. Len's plea was his attempt to make the best of a situation that seemed to have no satisfactory end. He saw it as a way to obtain the return of much of his equipment and to close this phase of his life and move on. Many of us feel that Len's prosecution and the attempt to make him out to be a dangerous hacker who posed a threat to the country's computer security was (and remains) reprehensible. The government wanted Len's case to be about something it wasn't. To the end, they kept fomenting the notion that the case involved computer security--despite the fact that the indictment, the statute under which he was charged, or the evidence DID NOT RELATE TO security. The case was about possession of proprietary software, pure and simple. The 23 March article in the Washington Post typifies how creative manipulation of meanings by law enforcement agents becomes translated into media accounts that perpetuate the the type of witch hunting for which some prosecutors have become known. The front page story published on March 23 is so outrageously distorted that it cannot pass without comment. It illustrates how prosecutors' images are translated into media narratives that portray an image of hackers in general and Len in particular as a public threat. The story is so ludicrously inaccurate that it cannot pass without comment. Mark Potts, the author of the story, seems to convict Len of charges of which even the prosecutors did not accuse him in the new indictment. According to the opening paragraph of the story, Len pleaded guilty to conspiring to steal computer account passwords. This is false. Len's case was about possessing and possessing transporting unlicensed software, *NOT* hacking! Yet, Potts claims that Rose inserted a Trojan horse in AT&S software that would allow other "hackers" to break into systems. Potts defers to prosecutors for the source of his information, but it is curious that he did not bother either to read the indictments or to verify the nature of the plea. For a major story on the front page, this seems a callous disregard of journalistic responsibility. In the original indictment, Len was accused of possessing login.c, a program that allows capturing passwords of persons who log onto a computer. The program is described as exceptionally primitive by computer experts, and it requires the user to possess root access, and if one has root privileges, there is little point in hacking into the system to begin with. Login.c, according to some computer programmers, can be used by systems administrators as a security device to help identify passwords used in attempts to hack into a system, and at least one programmer indicated he used it to test security on various systems. But, there was no claim Len used this improperly, it was not an issue in the plea, and we wonder where Mark Potts obtained his prosecutorial power that allows him to find Len guilty of an offense for which he was not charged nor was at issue. Mark Potts also links Len directly to the Legion of Doom and a variety of hacking activity. Although a disclaimer appeared in a subsequent issue of WP (a few lines on page A3), the damage was done. As have prosecutors, Potts emphasizes the LoD connection without facts, and the story borders on fiction. Potts also claims that Len was "swept up" in Operation Sun Devil, which he describes as resulting "in the arrest and prosecution of several hackers and led to the confiscation of dozens of computers, thousands of computer disks and related items." This is simply false. At least one prosecutor involved with Sun Devil has maintained that pre-Sun Devil busts were not related. Whether that claim is accurate or not, Len was not a part of Sun Devil. Agents raided his house when investigating the infamous E911 files connected to the Phrack/Craig Neidorf case last January (1990). Although Len had no connection with those files, the possession of unlicensed AT&T source code did not please investigators, so they pursued this new line of attack. Further, whatever happens in the future, to our knowledge *no* indictments have occured as the result of Sun Devil, and in at least one raid (Ripco BBS), files and equipment were seized as the result of an informant's involvement that we have questioned in a previous issue of CuD ( #3.02). Yet, Potts credits Sun Devil as a major success. Potts also equates Rose's activities with those of Robert Morris, and in so-doing, grossly distorts the nature of the accusations against Len. Equating the actions to which Len pleaded guilty to Morris grossly distorts both the nature and magnitude of the offense. By first claiming that Len modified a program, and then linking it to Morris's infectious worm, it appears that Len was a threat to computer security. This kind of hyperbole, based on inaccurate and irresponsible reporting, inflames the public, contributes to the continued inability to distinguish between serious computer crime and far less serious acts, and would appear to erroneously justify AT&T's position as the protector of the nets when, in fact, their actions are far more abusive to the public trust. After focusing for the entire article on computer security, Potts seems to appear "responsible" by citing the views of computer experts on computer security and law. But, because these seem irrelevant to the reality of Len's case, it is a classic example of the pointed non sequitor. Finally, despite continuous press releases, media announcements, and other notices by EFF, Potts concludes by claiming that EFF was established as "a defense fund for computer hackers." Where has Potts been? EFF, as even a rookie reporter covering computer issues should know, was established to address the challenges to existing law by rapidly changing computer technology. Although EFF provided some indirect support to Len's attorneys in the form of legal research, the EFF DID NOT FUND ANY OF LEN'S defense. Len's defense was funded privately by a concerned citizen intensely interested in the issues involved. The EFF does not support computer intrusion, and has made this clear from its inception. And a final point, trivial in context, Potts credits Mitch Kapor as the sole author of Lotus 1-2-3, failing to mention that Jon Sachs was the co-author. The Washington Post issued a retraction of the LoD connection a few days later. But, it failed to retract the false claims of Len's plea. In our view, even the partial LoD retraction destroys the basis, and the credibility, of the story. In our judgement, the Post should publicly apologize and retract the story. It should also send Potts back to school for remedial courses in journalism and ethics. Some observers feel that Len should have continued to fight the charges. To other observers, Len's plea is "proof" of his guilt. We caution both sides: Len did what he felt he had to do for his family and himself. In our view, the plea reflects a sad ending to a sad situation. Neither Len nor the prosecution "won." Len's potential punishment of a year and a day (which should conclude with ten months of actual time served) in prison and a subsequent two or three year period of supervised release (to be determined by the judge) do not reflect the the toll the case took on him in the past year. He lost everything he had previously worked for, and he is now, thanks to publications like the Washington Post, labelled as a dangerous computer security threat, which may hamper is ability to reconstruct his life on release from prison. We respect Len's decision to accept a plea bargain and urge all those who might disagree with that decision to ask themselves what they would do that would best serve the interests both of justice and of a wife and two small children. Sadly, the prosecutors and AT&T should have also asked this question >from the beginning. Sometimes, it seems, the wrong people are on trial. ******************************************************************** *** CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose *** ******************************************************************** From: Gene Spafford Subject: Northern District (Ill.) Press Release on Len Rose Date: Fri, 29 Mar 91 19:10:13 EST Information Release US Department of Justice United States Attorney Northern District of Illinois March 22, 1991 FRED FOREMAN, United States Attorney for the Northern District of Illinois, together with TIMOTHY J. McCARTHY, Special Agent In Charge of the United States Secret Service in Chicago, today announced the guilty plea of LEONARD ROSE, 32, 7018 Willowtree Drive, Middletown, Maryland to felony charges brought against him in Chicago and in Baltimore involving Rose trafficing with others in misappropriated AT&T computer programs and computer access programs between May 1988 and February 1, 1990. Under the terms of plea agreements submitted to the United States District Court in Maryland, Rose will serve an agreed, concurrent one year prison term for his role in each of the fraud schemes charged. In pleading guilty to the Baltimore charges, Rose admitted that on October 5, 1989, he knowingly received misappropriated source code(1) for the AT&T UNIX computer operating system from a former AT&T technical contractor. The UNIX operating system is a series of computer programs used on a computer which act as an interface or intermediary between a user and the computer system itself. The UNIX operating system, which is licensed by AT&T at $77,000 per license, provides certain services to the computer user, such as the login program which is designed to restrict access to a computer system to authorized users. The login program is licensed by AT&T at $27,000 per license. In pleading guilty to the Chicago charges, Rose admitted that, after receiving the AT&T source code, he modified the source code governing the computer's login program by inserting a secret set of instructions commonly known as a "trojan horse." This inserted program would cause the computer on which the source code was installed to perform functions the program's author did not intend, while still executing the original program so that the new instructions would not be detected. The "trojan horse" program that Rose inserted into the computer program enabled a person with "system administrator" privileges to secretly capture the passwords and login information of authorized computer users on AT&T computers and store them in a hidden file. These captured logins and passwords could later be recovered from this hidden file and used to access and use authorized users' accounts without their knowledge. The program did not record unsuccessful login attempts. In connection with the Chicago charge, Rose admitted that on January 7, 1990, he transmitted his modified AT&T UNIX login program containing the trojan horse from Middletown, Maryland to a computer operator in Lockport, Illinois, and a student account at the University of Missouri, Columbia Campus. In pleading guilty to the Chicago charges, Rose acknowledged that when he distributed his trojan horse program to others he inserted several warnings so that the potential users would be alerted to the fact that they were in posession of proprietary AT&T information. In the text of the program Rose advised that the source code originally came from AT&T "so it's definitely not something you wish to get caught with." and "Warning: This is AT&T proprietary source code. DO NOT get caught with it." The text of the trojan horse program also stated: Hacked by Terminus to enable stealing passwords. This is obviously not a tool to be used for initial system penetration, but instead will allow you to collect passwords and accounts once it's been installed. (I)deal for situations where you have a one-shot opportunity for super user privileges.. This source code is not public domain..(so don't get caught with it). Rose admitted that "Terminus" was a name used by him in communications with other computer users. In addition to these warnings, the text of Rose's trojan horse program also retained the original warnings installed in the program by AT&T: Copyright (c) 1984 AT&T All rights reserved THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T This copyright notice above does not evidence any actual or intended publication of the source code. Inspection of this modified AT&T UNlX login source code by AT&T's UNIX licensing group revealed that the modified source code was in fact a "derivative work" based upon the standard UNIX login source code, which was regarded by AT&T as proprietary information and a trade secret of AT&T, which was not available in public domain software. In pleading guilty to the federal charges in Chicago and Baltimore, Rose also acknowledged that, after being charged with computer fraud and theft in federal court in Baltimore, he became employed at Interactive Systems Inc. in Lisle, Illinois. He acknowledged that his former employers at Interactive would testify that he was not authorized by them to obtain copies of their AT&T source code which was licensed to them by AT&T. Rose further admitted that John Hickey, a Member of Technical Staff with AT&T Bell Laboratories in Lisle, Illinois, correctly determined that Rose had downloaded copies of AT&T source code programs from the computer of Interactive to Rose's home computers in Naperville. The computers were examined after they were seized by the Naperville Police Department, executing a State search warrant, As part of the plea agreement charges filed by the DuPage County State's Attorney's Office will be dismissed without prejudice to refiling. The forfeited UNIX computer seized will be retained by the Naperville Police Department. Commenting on the importance of the Chicago and Baltimore cases, Mr. Foreman noted that the UNIX computer operating system, which is involved in this investigation, is used to support international, national, and local telephone systems. Mr. Foreman stated, "The traffic which flows through these systems is vital to the national health and welfare. People who invade our telecommunications and related computer systems for profit or personal amusement create immediate and serious consequences for the public at large. The law enforcement community and telecommunications industry are attentive to these crimes, and those who choose to use their intelligence and talent in an attempt to disrupt these vital networks will find themselves vigorously prosecuted." Mr. Foreman also stated that the criminal information filed in Chicago and a companion information in Baltimore are the initial results of a year long investigation by agents of the United States Secret Service in Chicago, Maryland, and Texas. Mr. Foreman praised the cooperation of the DuPage County State's Attorney's Office and the Naperville Police Department in the investigation. He also acknowledged AT&T's technical assistance to the United States Secret Service in analyzing the computer data seized pursuant to search warrants in Chicago, Baltimore and Austin, Texas. TIMOTHY J. McCARTHY, Special Agent ln Charge of the United States Secret Service in Chicago, noted that Rose's conviction is the latest result of the continuing investigation of the computer hacker organization, the "Legion of Doom." This investigation being conducted by the United States Secret Service in Chicago, Atlanta, New York and Texas, and has resulted in convictions of six other defendants for computer related crimes. Assistant United States Attorney William J. Cook, who heads the Computer Fraud and Abuse Task Force, and Assistant United States Attorneys Colleen D. Coughlin and David Glockner supervised the Secret Service investigation in Chicago. ---------- (1) The UNIX operating system utility programs are written initially in a format referred to as "source code," a high-level computer language which frequently uses English letters and symbols for constructing computer programs. The source code was translated, using another program known as a compiler, into another form of program which a computer can rapidly read and execute, referred to as the "object code." ******************************************************************** *** CuD #3.13: File 2 of 4: Response to Len Rose Article (1) *** ******************************************************************** From: mnemonic (Mike Godwin) Subject: Response to RISKS DIGEST (#11.43-- Len Rose Case) Date: Wed, 10 Apr 91 22:18:43 EDT {Moderators' Note: The following article was written by Mike Godwin in response to a post by Jerry Leichter in RISKS #11.43.} ++++ Jerry Leichter writes the following: >With all the verbiage about whether Len Rose was a "hacker" and why he did >what he in fact did, everyone has had to work on ASSUMPTIONS. This is false. I have worked closely on Len's case, and have access to all the facts about it. >Well, it turns >out there's now some data: A press release from the US Attorney in Chicago, >posted to the Computer Underground Digest by Gene Spafford. In general, a press release is not data. A press release is a document designed to ensure favorable press coverage for the entity releasing it. There are a few facts in the press release, however, and I'll deal with them below. [Jerry quotes from the press release:] > In pleading guilty to the Chicago charges, Rose acknowledged that when > he distributed his trojan horse program to others he inserted several > warnings so that the potential users would be alerted to the fact that > they were in posession of proprietary AT&T information. In the text of > the program Rose advised that the source code originally came from > AT&T "so it's definitely not something you wish to get caught with." > and "Warning: This is AT&T proprietary source code. DO NOT get caught > with it." Although I am a lawyer, it does not take a law degree to see that this paragraph does not support Jerry's thesis--that Len Rose is interested in unauthorized entry into other people's computers. What it does show is that Len knew that he had no license for the source code in his possession. And, in fact, as a careful reader of the press release would have noted, Len pled guilty only to possession and transmission of unlicensed source, not to *any* unauthorized entry or any scheme for unauthorized entry, in spite of what is implied in the press release. [Jerry quotes "Terminus's" comments in the modified code:] >Hacked by Terminus to enable stealing passwords. >This is obviously not a tool to be used for initial >system penetration, but instead will allow you to >collect passwords and accounts once it's been >installed. (I)deal for situations where you have a >one-shot opportunity for super user privileges.. >This source code is not public domain..(so don't get >caught with it). > >I can't imagine a clearer statement of an active interest in breaking into >systems, along with a reasonable explanation of how and when such code could >be effective. Indeed, it *can* be interpreted as a clear statement of an active interest in breaking into systems. What undercuts that interpretation, however, is that there is no evidence that Len Rose ever broke into any systems. Based on all the information available, it seems clear that Rose had authorized access in every system for which he sought it. What's more, there is no evidence that anyone ever took Rose's code and used it for hacking. There is no evidence that anyone ever took any *other* code of Rose's and used it for hacking. What Rose did is demonstrate that he could write a password-hacking program. Jerry apparently is unaware that some computer programmers like to brag about the things they *could* do--he seems to interpret such bragging as evidence of intent to do illegal acts. But in the absence of *any* evidence that Rose ever took part in unauthorized entry into anyone's computers, Jerry's interpretation is unfounded, and his posted speculations here are both irresponsible and cruel, in my opinion. Rose may have done some foolish things, but he didn't break into people's systems. >The only thing that will convince me, after reading this, that Rose was NOT an >active system breaker is a believable claim that either (a) this text was not >quoted correctly from the modified login.c source; or (b) Rose didn't write >the text, but was essentially forced by the admitted duress of his situation >to acknowledge it as his own. In other words, Jerry says, the fact that Rose never actually tried to break into people's systems doesn't count as evidence "that Rose was NOT an active system breaker." This is a shame. One would hope that even Jerry might regard this as a relevant fact. Let me close here by warning Jerry and other readers not to accept press releases--even from the government--uncritically. The government has a political stake in this case: it feels compelled to show that Len Rose was an active threat to other people's systems, so it has selectively presented material in its press release to support that interpretation. But press releases are rhetorical devices. They are designed to shape opinion. Even when technically accurate, as in this case, they can present the facts in a way that implies that a defendant was far more of a threat than he actually was. This is what happened in Len Rose's case. It bears repeating: there was no evidence, and the government did not claim, that Len Rose had ever tried to break into other people's systems, or that he took part in anyone else's efforts to do so. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: louisg Subject: Response to recent comments concerning Len Rose Date: Wed, 17 Apr 91 23:53:44 CDT ******************************************************************** *** CuD #3.13: File 3 of 4: Response to Len Rose Article (2) *** ******************************************************************** In CuD 312 Mr. James Davies wrote a letter expressing his feelings on the Len Rose case. I feel that he and many others are missing the larger point of the issue, as I will try to describe. >Subject: Len Rose >From: jrbd@CRAYCOS.COM(James Davies) >Keith Hansen and Arel Lucas in CuD #3.11 shared with us their letter >to AT&T expressing their anger at the arrest and conviction of Len >Rose (among other things). Well, I have to disagree with their >conclusions in this case -- Len Rose is not an innocent martyr, >crucified by an evil corporation for benevolently giving unpaid >support to AT&T software users, as Hansen and Lucas attempted to >portray him. Mr. Davies is quite correct when he states that Len was not innocent of certain criminal acts as defined by current law. The trial has come and gone, and Len pleaded guilty. Mr. Davies even provides evidence of Mr. Rose's intent. Whether it is 'court-quality' evidence or not, it should convince the reader that Len was guilty of something or other. By checking the references that Mr. Davies provides, his case of Rose's guilt is made even stronger. I am stating this since I want to make it *clear* that I am NOT questioning the guilt of Mr. Rose. What I must question, however, is what happened to Mr. Rose. Mr. Rose commited white-collar crimes. He did not physically injure or maim or kill anyone. His crime was money-related. He did not steal from a 75 year-old on social security, giving her a kick in the ribs for good luck on his way out. The way he was treated, however, suggests that he committed a crime of the most heinous nature. For a felony violent crime, I could understand and even in some cases promote strict treatment of the accused before the trial. For a white collar crime that does not threaten the solvency of a company or persons I cannot. Len Rose posed a risk to no person or company after his warrant was served. Before he was even put on trial, he had almost all of his belongings taken away, was harassed (in my opinion) by the authorities, and left without a means for supporting himself and his family. Why? Because he had Unix source code. Does this seem just to you? It would be very different if he had 55 warrants for rape and murder in 48 states listing him as the accused, but he didn't. He lost everything *before* the trial, and, as a result, was almost forced into pleading guilty. All this for copyright violations, as I see it, or felony theft as others may see it. The problem here is the *same* as in the Steve Jackson case. The person who was served the warrant (he wasn't even charged yet!!!!) lost everything. They were punished not only before a conviction, before a trial, but before they were even charged with a crime!!! This, for a non-violent, white-collar crime that did not directly threaten a person or company with bankruptcy. In Jackson's case, he was even innocent! >Personally, I think that Rose is guilty of the exact same sort of >behaviour that gives hackers a bad name in the press, and I think that >you're crazy to be supporting him in this. Save your indignation for >true misjustices, ok? If this isn't an injustice, then I don't know what is. If this sort of treatment of the accused seems just to you, Mr. Davies, then may I suggest a position in the secret police of some Fascist country as a fitting career move on your part. The fact that Len was guilty does not nullify the maltreatment of him, his family, and his equipment before his trial. It in no wise makes it right. This sort of action gives law enforcement a bad name. I'm sure that I would share your views if the accused was a habitual criminal and he presented a threat to the public. He wasn't, and presented little or no threat at the time of the warrant. Law enforcement is there to protect the public, and not to convict the guilty. That is a job for the courts and a jury of one's peers as stipulated in the U.S. Constitution. I suggest you glance at it before you restate that there was no "misjustice" (sic) here. ******************************************************************** *** CuD #3.14: File 2 of 6: Comments on Len Rose Articles *** ******************************************************************** From: Gene Spafford Subject: Comments on your comments on Len Rose Date: Sat, 30 Mar 91 14:41:02 EST {Moderators' comment: Spaf just sent his latest book, PRACTICAL UNIX SECURITY, co-authored with Simson Garfinkel to the publishers (O'Reilly and Associates ((the Nutshell Handbook people). It's approximately 475 pages and will available in mid-May. From our reading of the table of contents, and from preview comments ("definitive," destined to be the "standard reference"), it looks like something well-worth the $29.95 investment.} There is little doubt that law enforcement has sometimes been overzealous or based on ignorance. That is especially true as concerns computer-related crimes, although it is not unique to that arena. Reporting of some of these incidents has also been incorrect. Obviously, we all wish to act to prevent future such abuses, especially as they apply to computers. However, that being the case does not mean that everyone accused under the law is really innocent and the target of "political" persecution. That is certainly not reality; in some cases the individuals charged are clearly at fault. By representing all of them as innocents and victims, you further alienate the moderates who would otherwise be sympathetic to the underlying problems. By trying to represent every individual charged with computer abuse as an innocent victim, you are guilty of the same thing you condemn law enforcement of when they paint all "hackers" as criminals. In particular, you portray Len Rose as an innocent whose life has been ruined through no fault of his own, and who did nothing to warrant Federal prosecution. That is clearly not the case. Len has acknowledged that he was in possession of, and trafficing in, source code he knew was proprietary. He even put multiple comments in the code he modified stating that, and warning others not to get caught with it. The patch he made would surreptitiously collect passwords and store them in a hidden file in a public directory for later use. The argument that this patch could be used for system security is obviously bogus; a system admin would log these passwords to a protected, private file, not a hidden file in a public directory. Further, your comments about having root access are not appropriate, either, for a number of reasons -- sometimes, root access can be gained temporarily without the password, so a quick backdoor is all that can be planted. Usually, crackers like to find other ways on that aren't as likely to be monitored as "root", so getting many user passwords is a good idea. Finally, if passwords got changed, this change would still allow them to find new ways in, as long as the trojan wasn't found. The login changes were the source of the fraud charge. It is certainly security-related, and the application of the law appears to be appropriate. By the comments Len made in the code, he certainly knew what he was doing, and he knew how the code was likely to be used: certainly not as a security aid. As somebody with claimed expertise in Unix as a consultant, he surely knew the consequences of distributing this patched code. An obvious claim when trying to portray accused individuals as victims is that their guilty pleas are made under duress to avoid further difficulties for their family or some other third party. You made that claim about Len in your posting. However, a different explanation is just as valid -- Len and his lawyers realized that he was guilty and the evidence was too substantial, and it would be more beneficial to Len to plead guilty to one charge than take a chance against five in court. I am inclined to believe that both views are true in this case. Your comments about Len's family and career are true enough, but they don't mean anything about his guilt or innocence, do they? Are bank robbers or arsonists innocent because they are the sole means of support for their family? Should we conclude they are "political" victims because of their targets? Just because the arena of the offenses involves computers does not automatically mean the accused is innocent of the charges. Just because the accused has a family which is inconvenienced by the accused serving a possible jail term does not mean the sentence should be suspended. Consider that Len was under Federal indictment for the login.c stuff, then got the job in Illinois and knowingly downloaded more source code he was not authorized to access (so he has confessed). Does this sound like someone who is using good judgement to look out for his family and himself? It is a pity that Len's family is likely to suffer because of Len's actions. However, I think it inappropriate to try and paint Len as a victim of the system. He is a victim of his own poor judgement. Unfortunately, his family has been victimized by Len, too. I share a concern of many computer professionals about the application of law to computing, and the possible erosion of our freedoms. However, I also have a concern about the people who are attempting to abuse the electronic frontier and who are contributing to the decline in our freedoms. Trying to defend the abusers is likely to result in a loss of sympathy for the calls to protect the innocent, too. I believe that one reason the EFF is still viewed by some people as a "hacker defense fund" is because little publicity has been given to the statements about appropriate laws punishing computer abusers; instead, all the publicity has been given to their statements about defending the accused "hackers." In the long term, the only way we will get the overall support we need to protect innocent pursuits is to also be sure that we don't condone or encourage clearly illegal activities. Groups and causes are judged by their icons, and attempts to lionize everyone accused of computer abuse is not a good way to build credibility -- especially if those people are clearly guilty of those abuses. The Neidorf case is probably going to be a rallying point in the future. The Steve Jackson Games case might be, once the case is completed (if it ever is). However, I certainly do not want to ask people to rally around the cases of Robert Morris or Len Rose as examples of government excess, because I don't think they were, and neither would a significant number of reasonable people who examine the cases. I agree that free speech should not be criminalized. However, I also think we should not hide criminal and unethical behavior behind the cry of "free speech." Promoting freedoms without equal promotion of the responsibility behind those freedoms does not lead to a greater good. If you cry "wolf" too often, people ignore you when the wolf is really there. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators (Jim Thomas) Subject: Moving toward Common Ground? Reply to Gene Spafford Date: April 26, 1991 ******************************************************************** *** CuD #3.14: File 3 of 6: Moving toward Common Ground? *** ******************************************************************** Gene Spafford's comments raise a number of issues, and my guess is that he and other "moderates" are not that far apart from those of us considered "extremists." His post was sent in March, but we received it on April 24, so some of his comments about Len Rose have already received sufficient response (see Mike Godwin in CuD 3.13). We are more concerned with the potential points of converenge on which "moderates" and "radicals" might agree. Gene raises several issues: 1) The tone of some critics of recent "hacker" cases tends to be divisive and inhibits coming together on common ground; 2) There exists a danger in "crying wolf" in that cases in which legitimate abuses may have occured or that directly raise important issues about civil liberties will be ignored because of excessive concern with cases that are perceived as less meritorious or in which the defendants may not seem sympathetic; c) An aggressive social response is required to reverse the apparent trend in computer abuse. We disagree with none of these issues. There is, however, room for legitimate disagreement on how these issues should be addressed, and there is room for conciliation and compromise. Although many cases of law enforcement response to alleged computer abuse have been reported, only a few have generated any significant attention. These cases have not generally centered around issues of guilt or innocence, but on broader concerns. Other than general reporting of cases, CuDs own attention has been limited to: STEVE JACKSON GAMES: Few, if any, think the search of Steve Jackson's company and seizure of his equipment was acceptable. The seizure affidavit indicated that the justification for the raid was grossly exaggerated and its implementation extreme. There have been no arrests resulting from that raid, but the questions it raised have not yet been resolved. LEN ROSE: Whatever one thinks of Len Rose's behavior, the actions of AT&T and law enforcement raise too many issues to be ignored whatever Len's own culpability (or lack of it). The initial indictments, press releases, and prosecutor media comments connected Len to E911, the Legion of Doom, and computer security when the case was actually about possesion of unlicensed proprietary software. We have never denied the importance of either issue. Our concern continues to be the misconceptions about the nature of the case, what we see as an extreme response to a relatively minor incident, and the way the laws were used to inflate charges. These are all debatable issues, but the nets were buzzing with claims of Len's guilt, the need to "send a message to hackers," and other claims that reinforced the legitimacy of charges and sanctions that still seem inappropriate. The fact that some still see it as a security case, others as a piracy case, others as justice-run-amok, and still others as a signal to examine the limits of criminalization illustrates the significance of the events: If we can't agree on the issues involved without yelling at each other, then how can we even begin to address the issues? 3. CRAIG NEIDORF/PHRACK: When the prosecution dropped the case against Craig Neidorf for publishing alleged proprietary information valued at nearly $80,000 when it was found that the information was available to the public for under $14, most people thought it was a victory. However, the logic that impelled prosecution did not stop with Craig, and our concern continues to be over the apparent unwillingness of some law enforcement agents to recognize that this was not just a prosecutorial "mistake," but part of a pattern in which excessive claims are made to justify raids, indictments, or prosecution. THE HOLLYWOOD HACKER: Again, this is not a case of guilt or innocence, but one in which existing laws are sufficiently vague to over-criminalize relatively minor alleged acts. The apparent philosophy of prosecutors to "send a message" to "hackers" in a case that is not a hacker case but the sting of an investigative journalist seems another use of over-prosecution. There is also the possibility of a vindictive set-up by Fox of a freelance reporter who is alleged to have done what may be a common practice at Fox (see the post, this issue, citing Murray Povich). RIPCO: Dr. Ripco's equipment was seized and his BBS shut down, but no charges have been filed against him. He remains in limbo, his equipment has not been returned, and he still does not know why. Here, the issue of sysop liability, the reliability of informants, and the legal status of private e-mail are raised. THE "ATLANTA THREE:" The Riggs, Darden, and Grant case became an issue after the guilty verdict. We can think of no instance of anybody ever defending their actions for which they were indicted or in proclaiming them innocent after (or even before) their plea. At state in the debates was not that of guilt or a defense of intrusions, but of sentencing and the manner in which it was done. OPERATION SUN DEVIL: Operation Sun Devil, according to those participating in it, began in response to complaints of fraudulent credit card use and other forms of theft. The "hacking community" especially has been adamant in its opposition to "carding" and rip-off. Here, the issue was the intrusive nature of searches and seizures and the initial hyperbole of law enforcement in highly visible press releases in their initial euphoria following the raids. In an investigation that began "nearly two years" prior to the May 8, 1990 raids, and in the subsequent 12 months of "analysis of evidence," only two indictments have been issued. Both of those were relegated to state court, and the charges are, in the scheme of white collar crime, are relatively minor. There have also been questions raised about whether the evidence for prosecution might not have either already existed prior to Sun Devil or that it could have readily been obtained without Sun Devil. The key to the indictment seems to be a ubiquitous informant who was paid to dig out dirt on folks. For some, Sun Devil raises the issue of use of informants, over-zealousness of prosecutors, and lack of accountability in seizures. We fully agree that if there is evidence of felonious activity, there should be a response. The question, however, is how such evidence is obtained and at what social and other costs. Many may disagree with our perspective on these cases, but several points remain: 1) Each of them raises significant issues about the methods of the criminal justice system in a new area of law; 2) Each of them serves as an icon for specific problems (privacy, evidence, ethics, language of law, media images, sysop liability to name just a few); and 3) In each of them, whatever the culpable status of the suspects, there exists an avenue to debate the broader issue of the distinction between criminal and simply unethical behavior. Among the issues that, if discussed and debated, would move the level of discussion from personalities to common concerns are: 1. Overzealous law enforcement action: Prosecutors are faced with the difficult task of enforcing laws that are outstripped by technological change. Barriers to this enforcement include lack of resources and technical expertise, ambiguity of definitions, and vague laws that allow some groups (such as AT&T) who seem to have a history of themselves attempting to use their formidable economic and corporate power to jockey for legal privilege. Legal definitions of and responses to perceived inappropriate behavior today will shape how cyberspace is controlled in the coming decades. Questionable actions set bad precedents. That is why we refer to specific cases as ICONS that symbolize the dangers of over-control and the problems accompanying it. 2. Media distortions: This will be addressed in more detail in a future CuD, because it is a critically important factor in the perpetuation of public and law enforcements' misconceptions about the CU. However, concern for distortion should be expanded to include how we all (CuD included) portray images of events, groups, and individuals. Some law enforcers have complained about irresponsible media accuracy when the alleged inaccuracies have in fact come from law enforcement sources. But, media (and other) distortions of CU news is not simply a matter of "getting the facts straight." It also requires that we all reflect on how we ourselves create images that reinforce erroneous stereotypes and myths that in turn perpetuate the "facts" by recursive rounds of citing the errors rather than the reality. CuD AS PRO HACKER: The CuD moderators are seen by some as defending cybercrime of all kinds, and as opposing *any* prosecution of "computer criminals. Why must we constantly repeat that a) we have *never* said that computer intrusion is acceptable, and b) we fully believe that laws protecting the public against computer abuse are necessary. This, so I am told, "turns many people off." We have been clear about our position. There are occasions when discussion can reflect a variety of rhetorical strategies, ranging from reason to hyperbole. As long as the issues remain forefront, there seems nothing wrong with expressing outrage as a legitimate response to outrageous acts. 4. Crime and ethics in the cyber-frontier: These issues, although separate, raise the same question. Which behaviors should be sanctioned by criminal or civil penalties, and which sanctioned by collective norms and peer pressure? Unwise acts are not necessarily criminal acts, and adducing one's lack of wisdom as "proof" of criminality, and therefore sanctionable, is equally unwise. There are degrees of abuse, some of which require criminal penalties, others of which do not. The CU has changed largely because the number of computer users has dramatically increased make the "bozo factor" (the point at which critical mass of abusing bozos has been reached making them a group unto themselves) has a significant impact on others. There are also more opportunities not only to abuse, but to identify and apprehend abusers, which increases the visibility of the bozos. We can, as we did with the problems of crime, poverty, drugs, and other ills, declare a "war" on it (which most certainly means that we've lost before we've begun). Or, we can peruse a more proactive course and push for equitable laws and just responses to computer abuse while simultaneously emphasizing ethics. We fully agree that netethics should occur in schools, on the nets, in articles, and every other place where cybernauts obtain models and images of their new world. But, just as we should identify and work toward ethical behavior within the CU, we must also demand that others, such as AT&T, some law enforcement agents, BellSouth, et. al., do the same. It is hardly ethical to claim that a commodity valued at under $14 is worth over $79,000, and it is hardly ethical to compare possession of proprietary software with index crimes such as theft, arson, or embezzlement. Whether our own perspective is correct or not, the point is that what does or does not count as ethical behavior can no longer be assumed, but requires a level of debate the extends beyond netlynchings of individual suspects. Gene Spafford, like many others who share his view, is a productive and competent computer specialist who sees the dark side of computer abuse because he defends against it. I, like many others who share my view, see the dark side of law enforcement because, as a criminologist, I have been immersed in the abuses and fight against them. Our different experiences give us different demons to fight, an occasional windmill or two with which to joust, and a dissimilar arsenal that we use in our battles. Nonetheless, even though there is not total agreement on precisely which is a windmill and which a monster, Gene suggests that there is shared agreement on a minimal common reality and some common goals for making it more manageable. I fully, absolutely, and unequivocally agree with Gene: I agree that free speech should not be criminalized. However, I also think we should not hide criminal and unethical behavior behind the cry of "free speech. Promoting freedoms without equal promotion of the responsibility behind those freedoms does not lead to a greater good. If you cry "wolf" too often, people ignore you when the wolf is really there. I would only respond that his observation be taken to heart by all sides. ******************************************************************** *** CuD #3.21: File 7 of 7: Len Rose Sentenced *** ******************************************************************** From: Barbara E. McMullen and John F. McMullen Subject: Len Rose Sentenced (Reprint from Newsbytes) Date: 12 June, 1991 LEN ROSE SENTENCED TO 1 YEAR 06/12/91 BALTIMORE, MARYLAND, U.S.A., 1991 JUNE 12 (NB) -- Leonard Rose, Jr., a computer consultant also known as "Terminus", was sentenced to a year and a day in prison for charges relating to unauthorized sending of AT&T UNIX source code via telephone to another party. Rose is scheduled to begin serving his sentence on July 10th. The original indictment against Rose was for interstate transportation of stolen property and violations of the Computer Fraud and Abuse Act but those charges were dropped and replaced by a single charge of wire fraud under a plea agreement entered into in March. The charges involving the violation of the Computer Fraud and Abuse Act had been challenged in a friend of the court brief filed in January by the Electronic Frontier Foundation (EFF) who challenged the statute as "unconstitutionally vague and overbroad and in violation of the First Amendment guarantees of freedom of speech and association." The issues raised by EFF were not resolved as the charges to which they objected were dropped as part of the plea agreement. In his plea, Rose admitted to receiving misappropriated UNIX source code and modifying it to introduce a trojan horse into the login procedures; the trojan horse would allow its developer to collect passwords from unsuspecting persons logging on to a system containing this code. Rose admitted that he transmitted the modified code via telephone lines to a computer operator in Lockport, IL and a student account at the University of Missouri. He also admitted putting warnings in the transmitted code saying "Warning: This is AT&T proprietary source code. DO NOT get caught with it." U.S. District Judge J. Frederick Motz, in sentencing Rose, ordered him to sell his computer equipment and to inform potential employers of his conviction. Assistant United States Attorney Geoffrey Garinther, who prosecuted Rose, explained these portions of the sentence to Newsbytes, saying "The equipment was seized as evidence during the investigation and was only returned to him as part of the agreement when it became evident that he had no means of supporting his wife and two children. It was returned to him for the sole purpose of selling the equipment for this purpose and, although he has not yet sold it, he has shown evidence of efforts to do so. The judge just formalized the earlier agreement in his sentence. The duty to inform potential employers puts the burden of proof on him to insure that he is not granted "Root" privileges on a system without the employer's knowledge." Garinther added "I don't have knowledge of the outcome of all the cases of this type in the country but I'm told that this is one of the stiffest sentences a computer hacker has received. I'm satisfied about the outcome." Jane Macht, attorney for Rose, commenting to Newsbytes on the sentence, said "The notification of potential employers was a negotiated settlement to allow Len to work during the three years of his supervised release while satisfying the government's concern that employers be protected." Macht also pointed out that many reports of the case had glossed over an important point,"This is not a computer intrusion or security case; it was rather a case involving corporate computer software property rights. There were no allegations that Len broke into anyone's system. Further, there are no reported cases of anyone installing his modified code on any system. It should be understood that it would require a system manager or someone else with 'superuser' status to install this routine into the UNIX login procedure. The publishing of the routine did not, as has been reported, open the door to a marked increase in unauthorized computer access." Macht said that she believed that Rose had reached an agreement to sell the computer equipment. He had been offering it through the Internet for $6,000, the amount required to prepay his rent for the length of his prison sentence. Because of his financial circumstances, which Macht referred to as a "negative net worth", the judge did not order any restitution payments from Rose to AT&T. (Barbara E. McMullen & John F. McMullen/19910612) Date: Fri, 14 Jun 91 20:41:43 CDT From: TELECOM Moderator Subject: Well Len, Was it Worth a Prison Term? The Len Rose saga came to an end this past week when a federal judge considered the circumstances involved and chose to impose punishment by placing Len in the custody of the Attorney General of the United States, or his authorized representative for a period of one year. As in all such cases where the court finds the defendant poses no immediate danger to the community, Len was given a one month period >from the imposition of punishment to get his personal affairs in order before beginning his sentence. At some point in time between now and July 10 mutually convenient to Len, his attorney and the government, Len will surrender to the United States Marshall, and be escorted to the penitentiary. As the first order of business at the penitentiary receiving room, he'll be required to submit to a complete strip-search accompanied by a rather indelicate probing to insure that he does not have in his possession any drugs; weapons with which he might harm himself, the staff or other inmates; or other contraband. He'll surrender his identity completely: driver's license, credit cards, social security card -- anything which identifies Len Rose as Len Rose will be taken from him and returned when he is released. For the time he is incarcerated, he will be a number stamped on the uniform he is given to wear. Or, he may be in a minimum security institution and be permitted to wear his 'street clothes', but without a shred of ID in his wallet. His ID will be his prison serial number. But there will still be the initial and occassional thereafter strip search and urine test on demand. Len's wife, who barely speaks English will be left alone to fend for herself for several months. She'll raise the two children the best she can, on whatever money she has available to her. It won't be easy, but then, it wasn't easy when Len was locked up before for a week in the Dupage Jail in Wheaton, IL while the state charges were pending here. Speaking of the kids, I wonder if Len has explained all this to them yet. I wonder if they know, or are old enough to understand their dad is going to prison, and why ... When Len is released, he'll be 'allowed to' carry the tag "ex-con" with him when he applies for work and tries to make new friends. One part of his punishment is that in the future he must reveal his status to prospective employers. Needless to say, the Internal Revenue Service and the Justice Department trade files all the time ... so Len will want to be super-honest on his federal taxes in the future, since he can probably expect to be audited once or twice in the first five years or so following his release. I wonder if it was all worth it ... if Len had it to do over again if he would do the same things he did before, or if he might consider the consequences more carefully. Despite the intensive crackdown we have seen by the federal government in the past few years against 'white collar' and computer crime, there are still those folks around who either (a) don't think it applies to them, or (b) don't think they will get caught, or (c) don't understand what the big fuss is all about in the first place. If you don't think (c) is still possible, consider the recent thread in comp.org.eff.talk -- yes, I know, *where else* !! -- on the student who got suspended from school for two quarters after downloading and distributing the system password file on the machine he had been entrusted to use. The fact that the debate could go on endlessly for message after message actually questioning what, if anything the chap did wrong tells us plenty about the mentality and 'social respsonsi- bility' of EFF devotees, but that is a whole new topic in itself. The point is, some of us are simply getting very tired of the break-ins, the fraudulent messages, the fact that in order to telnet to a different site we can no longer do so direct from dialup servers without a lot of rig-a-ma-role because computer (ab)users have stolen all the trust which used to exist between sites, and the increasing scarcity of 'guest' accounts on various sites because the sysadmins are tired of being eaten alive with fraudulent and destructive usage. Users had better wise up to one fact: the federal government is going to continue to crack down on abusers of the net and this media. And please, none of your hysterical freedom of speech arguments in my mail, thank you. No one gives an iota what you write about, but when you get your hands in the password file, rip off root or wheel accounts, run programs deceptive to other users designed to rip off their accounts also and generally behave like a two-bit burglar or con-artist, expect to get treated like one when you get caught. And you *will* get caught. Then you can go sit and commiserate with Len Rose. If Len Rose has half the brain I think he has, he will come out of the penitentiary a better person than when he went in. The penitentiary can be, and frequently is a therapeutic experience, at least for the people who think about what it was that caused them to get there in the first place. I feel very sorry about what has happened to Len Rose. I feel worse about the circumstances his wife and children are in. But the socially irresponsible behavior (which some people who call themselves 'socially responsible' seem to condone or wink at) has to stop. Now. A US Attorney involved in prosecuting computer crime once said, "users need an example when they log in of what to expect when they screw up while on line ..." Indeed we do ... and Len Rose will serve as such. And a knowledgeable sysadmin who is quietly cooperating with the government tells me a federal grand jury is to returning another cycle of indictments. Need I say more? So Len, *was* it all worth it? Patrick Townson Date: Sat, 15 Jun 91 20:29:56 CDT From: TELECOM Moderator Subject: TELECOM Digest V11 #459 TELECOM Digest Sat, 15 Jun 91 20:29:33 CDT Volume 11 : Issue 459 Inside This Issue: Moderator: Patrick A. Townson Re: Well Len, Was it Worth a Prison Term? [Mike Godwin] Re: Well Len, Was it Worth a Prison Term? [Jim Thomas] Re: Well Len, Was it Worth a Prison Term? [Mark Brown] Re: Well Len, Was it Worth a Prison Term? [Jim Youll] Re: Well Len, Was it Worth a Prison Term? [Clint Fleckenstein] ---------------------------------------------------------------------- Date: Sat, 15 Jun 91 11:54:24 -0400 From: Mike Godwin Subject: Re: Well Len, Was it Worth a Prison Term? Organization: The Electronic Frontier Foundation I have to say that in all the postings I have ever seen Pat Townson write, his posting about Len Rose is the most shameful and morally indefensible. I find it incredibly ironic that Townson, after all this time, seems to have so little sense of what Len Rose actually *did* and of what he didn't do. Let's detail some of Pat's many, many factual and moral errors: In article telecom@eecs.nwu.edu (TELECOM Moderator) writes: > The Len Rose saga came to an end this past week when a federal judge > considered the circumstances involved and chose to impose punishment > by placing Len in the custody of the Attorney General of the United > States, or his authorized representative for a period of one year. The judge didn't decide to give Rose a year in prison. That was a product of the plea agreement between the government and Rose's attorney. > Speaking of the kids, I wonder if Len has explained all this to them > yet. I wonder if they know, or are old enough to understand their dad > is going to prison, and why ... "Dear children, "Your father is going to prison because he possessed and transmitted unlicensed source code. Hundreds of other Unix consultants have done the same thing, but I was targeted because I wrote an article for {Phrack Magazine} about how to modify login.c for hacking purposes, and that article, while never published, was found in a search of Craig Neidorf's room. The prosecutor and the phone company tried to put Neidorf into prison, but when their distortions came to light they dropped the case. They searched my system for the same E911 document, but when they didn't find it, they decided to find something else to prosecute me for -- namely, the unlicensed Unix source code. "Children, lots of people, including Patrick Townson, will call me a hacker and say I got convicted because of breakins into other people's computers. Patrick Townson lies if he says this. I never broke in to anyone's computer. I was always given access to systems by sysadmins who were authorized to give me that access. "My children, as I spend that time in prison, be aware that some people will, without shame, distort the facts of my case in order to use me as a cheap moral lesson. If you must hate them, don't hate them because of what they say, but because they have chosen to be hypocritical. Hate them because they have friends who possess unlicensed source code, but they've never reported those friends to the U.S. Attorney. Hate them because they make blanket condemnations without bothering to learn the facts." > I wonder if it was all worth it ... if Len had it to do over again if > he would do the same things he did before, or if he might consider the > consequences more carefully. Have you asked this question of all Unix consultants who possess unlicensed source code, Pat? No, I didn't think so. > If you don't think (c) is still possible, consider the recent thread > in comp.org.eff.talk -- yes, I know, *where else* !! -- on the student > who got suspended from school for two quarters after downloading and > distributing the system password file on the machine he had been > entrusted to use. The fact that the debate could go on endlessly for > message after message actually questioning what, if anything the chap > did wrong tells us plenty about the mentality and 'social respsonsi- > bility' of EFF devotees, but that is a whole new topic in itself. This is a particularly contemptible slam at EFF, which is as concerned with your rights as it is of those who are self-proclaimed hackers. EFF has never approved of unauthorized computer intrusion, and we have never doubted that the Georgia student who distributed the password file was wrong to do so. Pat, up until this point, I regarded you as something of a friend. I've spoken to you on the phone, asked for your help, and been willing to offer mine. But this whole paragraph about "EFF devotees" convinces me that you really have no moral center, and no ability to distinguish between what some people write and what other people believe. I would never dream of attributing every opinion posted in your newsgroup to "comp.dcom.telecom devotees." Of course, that's because I actually consider the moral consequences of labelling people. > The point is, some of us are simply getting very tired of the > break-ins, the fraudulent messages, the fact that in order to telnet > to a different site we can no longer do so direct from dialup servers > without a lot of rig-a-ma-role because computer (ab)users have stolen > all the trust which used to exist between sites, and the increasing > scarcity of 'guest' accounts on various sites because the sysadmins > are tired of being eaten alive with fraudulent and destructive usage. Len Rose never did a breakin, and never took any action that limited the use of telnet or guest accounts. Neither has EFF. > Users had better wise up to one fact: the federal government is going > to continue to crack down on abusers of the net and this media. And > please, none of your hysterical freedom of speech arguments in my > mail, thank you. No one gives an iota what you write about, but when > you get your hands in the password file, rip off root or wheel > accounts, run programs deceptive to other users designed to rip off > their accounts also and generally behave like a two-bit burglar or > con-artist, expect to get treated like one when you get caught. Who is the "you" in this paragraph, Pat? EFF? You were just talking about EFF. Has anyone at EFF *ever* said that "freedom of speech" encompasses breakins? No. It is your contemptible distortion to attribute that view to us. > And you *will* get caught. Then you can go sit and commiserate with > Len Rose. If Len Rose has half the brain I think he has, he will > come out of the penitentiary a better person than when he went in. > The penitentiary can be, and frequently is a therapeutic experience, > at least for the people who think about what it was that caused them > to get there in the first place. What do you think caused Len Rose to get there, Pat? > I feel very sorry about what has happened to Len Rose. This seems two-faced after you've spent a whole posting gloating about it. > I feel worse about the circumstances his wife and children are in. > But the socially irresponsible behavior (which some people who call > themselves 'socially responsible' seem to condone or wink at) has to > stop. Now. First of all, there is no statute outlawing "social irresponsibility." If there were, you would have committed a felony with your distortions in this posting. > A US Attorney involved in prosecuting computer crime once said, "users > need an example when they log in of what to expect when they screw up > while on line ..." Indeed we do ... and Len Rose will serve as such. Is the U.S. Attorney Bill Cook, Pat? The AUSA who cost Craig Neidorf $100,000 because he didn't know that the E911 document was not a program, and that the information in it was publicly available and not a trade secret? Bill Cook has never been held accountable for what he did to Craig Neidorf. > And a knowledgeable sysadmin who is quietly cooperating with the > government tells me a federal grand jury is to returning > another cycle of indictments. Need I say more? Yes, you need to say more. This time around there are forces in the community that, unlike you, will act to keep both the government and the phone companies honest. > So Len, *was* it all worth it? Len no doubt thanks you for the charity you have shown him in kicking him when he is down. Was it worth it, Pat, to take still another slam at Len, and to alienate people who are working to preserve *your* rights in the process? Mike Godwin, mnemonic@eff.org (617) 864-1550 EFF, Cambridge, MA ------------------------------ Date: Sat, 15 Jun 91 01:15 CDT From: TK0JUT1@mvs.cso.niu.edu Subject: Well Len, Was it Worth a Prison Term? The Moderator's comments in TELECOM Digest #453 giving his view of the Len Rose sentencing are disingenuous. After some moralizing about Len, the Moderator leaps to examples of hackers and other intruders, then adduces these examples as justification for Len's sentencing. Len *WAS NOT* busted for hacking, but for possession of AT&T source code and for sending it across state lines. Check the evidence and charges. He did not send this stuff to a "hacker" in Illinois. Rich Andrews, the Illinois recipient, was not accused of hacking. Two programs, including login.c were sent to {Phrack}, but the {Phrack} editor was never accused of being, nor is there any evidence that he ever was, a hacker. And, contrary to another post in the same issue of TCD, there is no evidence that the programs Len possessed or sent were ever used in criminal activity. Both public and non-public court records and documents indicate that the issue was explicitly one of unauthorized possession of proprietary software. Counter-assertions by Len's critics will not change this. There is little disagreement that Len may have acted unwisely. The question is whether his actions justify a prison sentence, and to my mind the answer is an emphatic *NO!*. It is absurd to imply that somehow Len failed to learn from a "crackdown." The case was the beginning of the so-called "crackdowns," and his actions are no more a message to "hackers" and "phreaks" than double-parking tickets are to auto thieves. There are six levels of prisons in the federal system, with level-1 being the most minimum of the bunch. Len will most likely be sentenced to one of these as a first-time, minor, non-violent offender. But, despite the term "country club prison," there is no such thing as an easy-time prison. Contrary to the Moderator's comment, prisons are rarely "therapeutic" places. I've been in and around them since 1980, and the number of offenders coming out the better because of their prison experience are few. Len's ten month stay and subsequent probation period will cost the tax-payers upwards of $30,000. There are alternatives to incarceration that are less costly while simultaneously serving the ends of the need for sanctions. Even if we assume that Len is guilty of all the charges invented by his critics, his incarceration is simply not worth it for society. To answer the Moderator's question about whether "it was worth it:" No, an unjust sentence never is. Nor is anything served by exaggeration and hyperbole that, in this case, attempts to claim otherwise. Jim Thomas Sociology / Criminal Justice Northern Illinois University [Moderator's Note: Jim Thomas is one of the Moderators of Computer Underground Digest, a mailing list on the internet with roots going back to 'hacker' discussions in TELECOM Digest in the past. PAT] ------------------------------ From: Mark Brown Subject: Well Len, Was it Worth a Prison Term? Date: Sat, 15 Jun 91 11:27:06 CST Patrick: Yes, Len Rose deserves jail, based upon what I know. > The fact that the debate could go on endlessly for > message after message actually questioning what, if anything the chap > did wrong tells us plenty about the mentality and 'social respsonsi- > bility' of EFF devotees, but that is a whole new topic in itself. There is no cause so right that one cannot find a fool who believes in it. I respectfully submit that you are way off base here. Cheers, DISCLAIMER: My views may be, and often are, independent of IBM official policy. Mark Brown IBM PSP Austin, TX. (512) 823-3741 VNET: MBROWN@AUSVMQ MAIL: mbrown@testsys.austin.ibm.com ------------------------------ From: Jim Youll Subject: Re: Well Len, Was it Worth a Prison Term? Date: 15 Jun 91 16:32:21 GMT Reply-To: Jim Youll Organization: Bowling Green State University B.G., Oh. In article telecom@eecs.nwu.edu (TELECOM Moderator) writes: > The Len Rose saga came to an end this past week when a federal judge [etc...]> [... discussion of impoverished wife, kids] > Users had better wise up to one fact: the federal government is going Oh, thank God. I feel much better knowing that the feds are going to continue their wholly uninformed pursuit of people committing crimes the feds don't even understand. Maybe you have forgotten Steve Jackson Games. I haven't. > to continue to crack down on abusers of the net and this media. And > please, none of your hysterical freedom of speech arguments in my > mail, thank you. None here. > And you *will* get caught. Then you can go sit and commiserate with > Len Rose. If Len Rose has half the brain I think he has, he will come > out of the penitentiary a better person than when he went in. The > penitentiary can be, and frequently is a therapeutic experience, at ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Bull!!!!!!!!!! Male-male gang rape can *LEAD* to therapy, is maybe what you mean here... > least for the people who think about what it was that caused them to > get there in the first place. > I feel very sorry about what has happened to Len Rose. I feel worse > about the circumstances his wife and children are in. But the > socially irresponsible behavior (which some people who call themselves > 'socially responsible' seem to condone or wink at) has to stop. Now. > And a knowledgeable sysadmin who is quietly cooperating with the > government tells me a federal grand jury is to returning > another cycle of indictments. Need I say more? Yeah, you might mention that the grand juries generally haven't the slightest idea what a computer is, let alone a computer-oriented crime. I'm not invoking any of the free-speech or other arguments and don't intend to, but when law enforcement makes a mockery of justice as it has in many, many computer-crime cases, and when we see corporations inflate their alleged losses by factors of a hundred or a thousand, then something is terribly wrong, and simply focusing on the vicious pursuit of real or alleged criminals just serves to draw attention away from the very real problems caused by runaway egos of prosecutors. If I had to analyze the nerds who come up with the loss figures, I'd say they're trying for a big number to please their superiors and to gain fame . A two million dollar crime that you stopped looks a hell of a lot better than a $200 crime. People who are not computer- literate will generally believe what they're told by "experts". (Well, true of any field). > So Len, *was* it all worth it? Your compassion for your fellow man overwhelms me. Sure, Higdon goes after an outfit that makes its *entire profit* entrapping and prosecuting people who may not have committed a crime at all (anyone who has access to a telephone and incorrect information can dial a 950- number, for cryin' out loud). Shows that they are rude, incompetent. I see a direct parallel in the prosecution and entrapment of people in the current "crackdown" on computer crime. It's a government fad and in its wake are going to be a lot of innocent victims, and I'm not just talking about wives and children. Disclaimer: Messages originating from this address are mechanically generated. Management assumes no responsibility for the contents thereof. Jim Youll, aka jyoull@andy.bgsu.edu, 419/354-2110 ------------------------------ Date: Sat, 15 Jun 91 18:30:03 -0500 From: Clint Fleckenstein Subject: Re: Well Len, Was it Worth a Prison Term? Organization: North Dakota Higher Ed Computing Network Sorry to ask a stupid question, but what did he do? :) It's been a while. I got in a lot of trouble on the net myself back in 1987, and got bounced out of school. Clint Fleckenstein DoD #5150 fleckens@plains.nodak.edu [Moderator's Note: What Len Rose was *convicted* of doing was being in possession of AT&T computer source code illegally, and transporting the code across state lines. And Al Capone was sent to prison for failure to pay his income tax. Would you care to discuss your case with us here? Thanks to all who wrote me on this issue; I've got more articles in the queue to continue this thread tomorrow, and will summarize a rebuttal of my own, also probably tomorrow space permitting. PAT] ------------------------------ End of TELECOM Digest V11 #459 ****************************** Received: (from NIU for via BSMT P) Received: (from NIU for MAILER@NIU via NJE) (UCLA/Mail V1.410 M-SMTP-3517-393); Sun, 16 Jun 91 00:20:20 CDT Received: from eecs.nwu.edu by mvs.cso.niu.edu (IBM MVS SMTP R1.0.2) with TCP; Sun, 16 Jun 91 00:20:06 LCL Received: from mailinglists.eecs.nwu.edu by delta.eecs.nwu.edu id ab09806; 15 Jun 91 23:38 CDT Received: from mailinglists.eecs.nwu.edu by delta.eecs.nwu.edu id ab24310; 15 Jun 91 22:30 CDT Date: Sat, 15 Jun 91 21:44:35 CDT From: TELECOM Moderator [To]: telecom@eecs.nwu.edu Subject: TELECOM Digest V11 #460 Message-ID: <9106152144.ac18147@delta.eecs.nwu.edu> TELECOM Digest Sat, 15 Jun 91 21:44:11 CDT Volume 11 : Issue 460 Inside This Issue: Moderator: Patrick A. Townson Re: Len Rose Sent to Prison [Craig Neidorf] Re: Well Len, Was it Worth a Prison Term? [John Richard Bruni] Re: Well Len, Was it Worth a Prison Term? [Owen M. Hartnett] Re: Fighting Phone Hackers in SoCal [Jeff Sicherman] Re: Fighting Phone Hackers in SoCal [John Higdon] Re: Fighting Phone Hackers in SoCal [Nick Sayer] Re: Does a National Phonebook Exist? [Don Froula] ---------------------------------------------------------------------- Date: Sat, 15 Jun 91 10:54:22 CDT From: Craig Neidorf Subject: Re: Len Rose Sent to Prison In TELECOM Digest, Volume 11 : Issue 453, Scott Dorsey writes: > In article bill@eedsp.gatech.edu > writes: >> BALTIMORE (AP) -- A computer hacker has been sentenced to a year >> and a day in prison for stealing information from American Telephone & >> Telegraph and its subsidiary Bell Laboratories. >> Leonard Rose Jr., 32, an unemployed computer consultant, pleaded >> guilty in March to one count of sending AT&T source codes via computer >> to a hacker in Illinois, and a similar wire fraud charge involving a >> Chicago hacker. > He did indeed send a copy of the System V login source code to > someone who may have used it in the commission of a crime. Who is this person that you believe he sent the System V login source code to that may have used it in the commission of a crime? >> The judge did not order restitution to AT&T because Rose has what >> one of his attornies called "a negative net worth." > This is indeed true. He did not have such a condition until > spending huge amounts of money for defense. Speaking as someone who knows what really happened to Len and how the system really treats a criminal defendant, I will inform you of a couple of things. Len Rose did not spend huge amounts on his defense. When Rose was first raided by the Secret Service in March 1990, the agents seized all of his computers and everything related (and a lot of things unrelated). They effectively deprived him of his livelihood as a private Unix consultant. They had their reasons and I'm not going to argue about those. However, Len had little money to begin with and was already deep into debt before these incidents happened. He lost his house and his truck. Len Rose had a court appointed attorney for a while and there are some things you should know about how that works. You can only get court appointed counsel if you cannot afford an attorney and you must prove this to the court by bringing in all of your financial files. Later attornies like Sheldon Zenner and Jane Macht were paid for by friends of Len Rose and there was a donation fund for his family's living expenses to which many people contributed. Craig Neidorf (C483307 @ UMCVMB.MISSOURI.EDU) [Moderator's Note: Mr. Neidorf was a defendant in one of the criminal prosecutions associated with the Legion of Doom. He is (was?) the publisher and editor of {Phrack}, an electronic journal whose name is a contraction of the two words 'phreak' and 'hack'. He was found not guilty of the charges lodged against him, and the government dropped its prosecution of him when it was discovered that the information he published (relating to the complaint) was available to the public from other sources. PAT] ------------------------------ From: John_Richard_Bruni@cup.portal.com Subject: Re: Well Len, Was it Worth A Prison Term? Date: Fri, 14 Jun 91 22:40:24 PDT Pat, I grant you all of what you said in your preface to the Len Rose topics, yet I still wonder. As a journalist I keep coming across references to computer fraud totalling somewhere between $2 BILLION to $20 billion a year. There must be some fire to all this smoke. Yes, the hackers make life more problematical for those who like (as I do) open exchange of information on the computer nets. The security requirements are a hassle. But in the course of researching a novel that has hackers in it, it slowly came to me that the real troublemakers are much more deeply buried in the system. I know of 'Phone Phreaks' who have written themselves into the system since ESS-4 came out. These guys are not just hacking the phone company, they are so far into to it that for all intents and purposes they *ARE* the phone company. Darksiders like these make hackers look like small fry ... which for the most part they are. I still think Cal Tech and MIT oughta get the good hackers and make them into useful members of society. Universities do a much better job of that on smart people than jails do. Put the moles in jail, if you can find 'em. Most of them probably have Swiss bank accounts by now and have retired to the Riviera. That's my two cents worth, and I know it's controversial. But I was forced to decide what I thought of all this when, in the course of researching my book, I made friends with both hackers and 'trackers.' That's all, folks! ------------------------------ From: "Owen M. Hartnett" Subject: Re: Well Len, Was it Worth a Prison Term? Date: 16 Jun 91 00:26:13 GMT Reply-To: "Owen M. Hartnett" Organization: Brown University Department of Computer Science In article telecom@eecs.nwu.edu (TELECOM Moderator) writes: (in a very fine article) > When Len is released, he'll be 'allowed to' carry the tag "ex-con" > with him when he applies for work and tries to make new friends. One > part of his punishment is that in the future he must reveal his status > to prospective employers. Something about the above bothers me, from a legal standpoint. Wasn't there a movement quite a few years ago that said, in effect, that since ex-cons have little chance of employment once they've told their prospective bosses that they're ex-cons, that requirements to do so were being mitigated, so that they would stand a better chance of rehabilitating once they got out? This seems probably the most harsh of the requirements. Does a bank robber have to inform a prospective employer of his past history, even if said employer doesn't ask? This sounds almost unconstitutional, if not cruel and unusual punishment. Owen Hartnett omh@cs.brown.edu [Moderator's Note: In your example, it probably would be unreasonable to force a garage mechanic to tell a prospective employer he had robbed a bank. It would not be as unreasonable to force the same person to reveal this if he applied for employment as a bank teller. In the case at hand, I quoted the court's decision without really agreeing with it. If Len goes into non-computer employment, it should not have to be discussed. If he goes into computer-related employment, well ... I'd be reluctant to make him wear that ball and chain his whole life. PAT]