TELECOM Digest Wed, 30 May 90 20:02:36 CDT Volume 10 : Issue 397 Inside This Issue: Moderator: Patrick A. Townson "Legion of Doom" Indictment [Eduardo Krell] Online Access to Library Card Catalog [Jon Zeeff] Modem Connections While Camping [J. Philip Miller] Defeating 800 ANI & Caller*ID Using the "O" Operator [Steve L. Rhoades] MCI PrimeTime, Call Pacific, Call Europe, Call Canada [Jeremy Grodberg] Municipal Taxation of Interstate Long Distance Phone Charges [S. Forrette] AT&TMail, MCI, or IBM IN Global Mail? [Joe Jesson] PacBell Dropping Charge for Touch-Tone Service [Christopher J. Pikus] Another Clue to Possible E. German Prefixes [J. Stephen Reed] Ship to Shore Ripoff? [Carl Moore] Panasonic VA-616 Cards/Phones [Owen Scott Medd] New Double-jack Wall Plates, Crosstalk? [Peter da Silva] ---------------------------------------------------------------------- From: ekrell@ulysses.att.com Date: Wed, 30 May 90 12:42:21 EDT Subject: "Legion of Doom" Indictment Computer Consultant Could get 32 Years If Convicted of Source-Code Theft Baltimore - A Middletown, Md., man faces as many as 32 years in prison and nearly $1 million in fines if convicted of being involved in the "Legion of Doom" nationwide group of Unix computer buffs now facing the wrath of federal investigators. The U.S. Attorney's Office here on May 15 announced the indictment of Leonard Rose, 31, a computer consultant also known as "Terminus," on charges that he stole Unix source code from AT&T and distributed two "Trojan Horse" programs designed to allow for unauthorized access to computer systems. Incidents occurred between May, 1988 and January, 1990, according to the indictment. The five-count indictment, handed down by a federal grand jury, charges Rose with violations of interstate transportation laws and the federal Computer Fraud and Abuse Act. Rose faces as many as 32 years in prison, plus a maximum fine of $950,000. He is the third person to be indicted who was accused of being connected with the so-called Legion of Doom. Robert J. Riggs, a 21-year-old DeVry Institute student from Decantur, Ga., and Craig M. Neidorf, 19, a University of Missouri student from Columbia, Mo., also have been indicted. Rose's indictment stemmed from a federal investigation that began in Chicago and led investigators to Missouri and Maryland, assistant U.S. Attorney David King said. While executing a search warrant in Missouri, investigators uncovered evidence Rose was transporting stolen Unix 3.2 source code, King said. Investigators then obtained a warrant to search Rose's computer system and found the stolen source code, King added. He said the Trojan Horse programs were substitutes for a legitimate sign-in or log-in program, with a separate shell for collecting user log-ins or passwords. "Whoever substituted [the Trojan Horse program] could get passwords to use the system any way he or she wanted to," King said. The indictment was a result of a long-term investigation by the U.S. Secret Service, and was issued one week after federal authorities raided computer systems at 27 sites across the United States. Investigators seized 23,000 computer disks from suspects accused of being responsible for more than $50 million in thefts and damages. The Secret Service at that time announced that five people have been arrested in February in connection with the investigation. King said he was unaware if Rose indictment was related to the raids made earlier this month. "We don't just go out and investigate people because we want to throw them in jail. We investigate them because they commit an offense. The grand jury was satisfied," King said. The U.S. Attorney's Office said the investigation revealed individuals had accessed computers belonging to federal research centers, schools and private businesses. King would not name any of the victims involved. Rose was associated with the Legion of Doom and operated his own computer system known as Netsys, according to the indictment. His electronic mailing address was Netsys!len, the document said. The Legion, according to the indictment, gained fraudulent, unauthorized access to computer systems for the purpose of stealing software; stole proprietary source code and other information; disseminated information about gaining illegal access, and made telephone calls at the expense of other people. Eduardo Krell AT&T Bell Laboratories, Murray Hill, NJ UUCP: {att,decvax,ucbvax}!ulysses!ekrell Internet: ekrell@ulysses.att.com TELECOM Digest Sat, 11 Aug 90 19:05:00 CDT Special: Len Rose Indictment Inside This Issue: Moderator: Patrick A. Townson Len Rose Indictment [Len Rose] ---------------------------------------------------------------------- From: Len Rose Subject: Federal Indictment Date: 10 Aug 90 00:00:42 GMT Organization: Netsys Inc., Philadelphia IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND UNITED STATES OF AMERICA * * Criminal No. v. * - - * LEONARD ROSE, a/k/a/ "Terminus" * (Computer Fraud, 18 U.S.C. * S 1030(a) (6); Interstate * Transportation of Stolen * Property, 18 U.S.C. S 2314; * Aiding and Abetting, 18 * U.S.C. S 2) Defendant. * * * * * * * * * * INDICTMENT COUNT ONE The Grand Jury for the District of Maryland charges: FACTUAL BACKGROUND 1. At all times relevant to this Indictment,American Telephone & Telegraph Company ("AT&T"), through it's subsidiary, Bell Laboratories ("Bell Labs"), manufactured and sold UNIX (a trademark of AT&T Bell Laboratories) computer systems to customers throughout the United States of America. 2. At all times relevant to this Indictment, AT&T sold computer programs ("software") designed to run on the UNIX system to those customers. This software is designed and manufactured by AT&T;some software was available to the public for purchase, other software was internal AT&T software (such as accounting and password control programs) designed to operate with the AT&T UNIX system. 3. At all times relevant to this indictment,computer hackers were individuals involved with gaining unauthorized access to computer systems by various means . These means included password scanning (use of a program that employed a large dictionary of words,which the program used in an attempt to decode the passwords of authorized computer system users),masquerading as authorized users, and use of trojan horse programs. 4. At all times relevant to this Indictment, the Legion of Doom ("LOD") was a loosely-associated group of computer hackers. Among other activities, LOD members were involved in: a. Gaining unauthorized access to computer systems for purposes of stealing computer software programs from the companies that owned the programs; b. Gaining unauthorized access to computer systems for purpose of using computer time at no charge to themselves,thereby fradulently obtaining money and property from the companies that owned the computer systems; c. Gaining unauthorized access to computer systems for the purpose of stealing proprietary source code and information from the companies that owned the source code and information; d. Disseminating information about their methods of gaining unauthorized access to computer systems to other hackers; e. Gaining unauthorized access to computer systems for the prupose of making telephone calls at no charge to themselves,obtaining and using credit history and data for individuals other than themselves,.and the like. 5. At all times relevant to this Indictment, LEONARD ROSE JR. a/k/a "Terminus", was associated with the LOD and operated his own computer system, identified as Netsys. His electronic mailing address was netsys!len COMPUTER TERMINOLOGY 6. For the purpose of this Indictment, an "assembler" is a computer program that translates computer program instructions written in assembly language (source code) into machine language executable by a computer. 7. For the purpose of this Indictment, a "compiler" is a computer program used to translate as computer program expressed in a problem oriented language (source code) into machine language executable by a computer. 8. For the purpose of this Indictment, a "computer" is an internally programmed,automatic device that performs data processing. 9. For the purpose of this Indictment, a "computer network" is a set of related,remotely connected terminals and communications facilities, including more than one computer system,with the capability of transmitting data among them through communicatiions facilities,such as telephones. 10.For the purposes of this Indictment, a "computer program" is a set of data representing coded instructions that, when executed by a computer causes the computer to process data. 11.For the purposes of this Indictment, a "computer system" is a set of related,connected, or unconnected computer equipment,devices, or software. 12.For the purposes of this Indictment,electronic mail ("e-mail") is a computerized method for sending communications and files between computers on computer networks. Persons who send and recieve e-mail are identified by a unique "mailing" address,similar to a postal address. 13.For the purposes of this Indictment a "file" is a collection of related data records treated as a unit by a computer. 14.For the purposes of thie Indictment, "hardware" is the computer and all related or attached machinery,including terminals, keyboard,disk drives, tape drives,cartridges, and other mechanical,magnetic,electrical,and electronic devices used in data processing. 15.For the purposes of this Indictment,a "modem" is a device that modulates and demodulates signals transmitted over data telecommunications facilities. 16.For the purposes of this Indictment,"software" is a set of computer programs,procedures,and associated documentation. 17.For the purposes of this Indictment,"source code" is instructions written by a computer programmer in a computer language that are used as input for a compiler, interpreter, or assembler. Access to source code permits a computer user to change the way in which a given computer system executes a program,without the knowledge of the computer system administrator. 18.For the purposes of this Indictment, "superuser privileges" (sometimes referred to as "root") are privileges on a computer system that grant the "superuser" unlimited access to the system, including the ability to change the system's programs,insert new programs, and the like. 19.For the purposes of this Indictment, a "trojan horse" is a set of computer instructions secretly inserted into a computer program so that when the program is executed,acts occur that were not intended to be performed by the program before modification. 20.For the purposes of this Indictment,"UNIX" (a trademark of AT&T Bell Laboratories) is a computer operating system designed by AT&T Bell Laboratories for use with minicomputers and small business computers, which has been widely adopted by businesses and government agencies throughout the United States. COMPUTER OPERATIONS 21.For the purposes of this Indictment,typical computer operations are as described in the followiing paragraphs. A computer user initiates communications with a computer system through his terminal and modem.The modem dials the access number for the computer system the user wishes to access and, after the user is connected to the system, the modem transmits and receives data to and from the computer. 22.Once the connection is established,the computer requests the user's login identification and password. If the user fails to provide valid login and password information,he cannot access the computer. 23.Once the user has gained access to the computer,he is capable of instructing the computer to execute existing programs. These programs are composed of a collection of computer files stored in the computer's memory. The commands that make up each file and, in turn,each program,are source code. Users who have source code are able to see all of the commands that make up a particular program. They can change these commands, causing the computer to perform tasks that the author of the program did not intend. 24.The user may also copy certain files or programs from the computer he has accessed; if the user is unauthorized, this procedure allows the user to obtain information that is not otherwise available to him. 25.In addition,once a user has accessed a computer, he may use it's network connections to gain access to other computers. Gaining access from one computer to another permits a user to conceal his location because login information on the second computer will reflect only that the first computer accessed the second computer. 26.If a user has superuser privileges, he may add,replace, or modify existing programs in the computer system. The user performs these tasks by "going root"; that is, by entering a superuser password and instructing the computer to make systemic changes. 27. On or about January 13,1989, in the State and District of Maryland,and elsewhere, LEONARD ROSE JR. a/k/a Terminus did knowingly,willfully,intentionally, and with intent to defraud, traffic in (that is, transfer, and otherwise dispose of to another,and obtain control of with intent to transfer and dispose of) information through which a computer may be accessed without authorization,to wit: a trojan horse program designed to collect superuser passwords,and by such conduct affected interstate commerce. 18 U.S.C. S 1030(a) (6) 18 U.S.C. S 2 COUNT TWO And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. On or about January 9,1990, in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did knowingly,willfully,intentionally, and with intent to defraud, traffic in (that is, transfer, and otherwise dispose of to another,and obtain control of with intent to transfer and dispose of) information through which a computer may be accessed without authorization,to wit: a trojan horse login program,and by such conduct affected interstate commerce. 18 U.S.C. S 1030(a) (6) 18 U.S.C. S 2 COUNT THREE And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about May 13,1988 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported,transmitted, and transformed in interstate commerce goods,wares,and merchandise of the value of $5000 or more,to wit: computer source code that was confidential,proprietary information of AT&T, knowing the same to have been stolen,converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 COUNT FOUR And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about January 15,1989 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported,transmitted, and transformed in interstate commerce goods,wares,and merchandise of the value of $5000 or more,to wit: computer source code that was confidential,proprietary information of AT&T, knowing the same to have been stolen,converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 COUNT FIVE And the Grand Jury for the District of Maryland further charges: 1. Paragraphs 1 through 26 of Count One are incorporated by reference, as if fully set forth. 2. That on or about January 8,1990 in the State and District of Maryland, and elsewhere, LEONARD ROSE JR. a/k/a/ Terminus did cause to be transported,transmitted, and transformed in interstate commerce goods,wares,and merchandise of the value of $5000 or more,to wit: computer source code that was confidential,proprietary information of AT&T, knowing the same to have been stolen,converted, and taken by fraud. 18 U.S.C. S 2314 18 U.S.C. S 2 ____________________ Breckinridge L. Wilcox [Moderator's Note: Mr. Wilcox is probably the foreperson of the Grand Jury. The five counts above, according to Mr. Rose, represent the various occassions on which he is alleged to have transferred a 'password-trapping' program to other individuals, including Craig Neidorf. If my understanding of the allegations is correct, modifications to the source code causing passwords entered by users using the 'su' command to be retained in a separate file for review by unauthorized persons was transmitted. I believe Mr. Neidorf then printed this information in his publication {Phrack}. It is not known to what extent this modification was installed or implemented. Mr. Rose said to me he does not know of anyone 'who actually used or installed' this modification. He said he wrote it legitimatly for testing and diagnostic purposes for his own use at his site and for legitimate clients. He said he can't help it if it fell into the hands of persons who would abuse or misuse his work. Mr. Rose said to me he is destitute at this time due to the financial burden of obtaining legal counsel and being without the tools (his computing machinery and related stuff) he needs to be employed. His trial has been adjourned until sometime early in 1991 at the court's motion, and this additional delay will cause him more financial hardship. He believes this delay was given by the court in retaliation for motions entered by his attorney asking the judge to recuse himself. He said he had been offered 'deals' by the government, including pleading guilty to one count, receiving as punishment several months in the custody of the Attorney General, followed by perhaps a year of federal probation. His equipment would be returned as part of the deal. If this were his choice -- that the matter be adjudicated in conference between the government, his attorney and the court -- resolution could come in a short time. If he prefers, the matter can go to trial, and he can take his chances on complete acquittal, or being found guilty on one or more of the charges against him, followed by imposition of punishment as detirmined by the court at that time. Mr. Rose has received advice from several quarters on this important issue, both for and against cutting deals. He said 'people at the Electronic Frontier Foundation refuse to return his phone calls', but that others, including a prominent person at the Free Software Foundation have encouraged him to hold out for trial and acquittal. In either scenario, Mr. Rose's prior state conviction several months ago involving computer equipment stolen from the warehouse found in his possession does not enhance his ability to cut deals to his liking. It should be remembered that under the Constitution of the United States, Len Rose must be considered innocent of the latest charges against him until his guilt is proven in court, or based on his plea of guilty the court finds him guilty. PAT] ------------------------------ End of TELECOM Digest Special: Len Rose Indictment ******************************