Bay Bridge

A Conversation with Len Rose

August 12, 1990 | Computer Underground Digest

****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 1, Issue #1.28 (Aug 12, 1990)   **
****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
ARCHIVISTS:   Bob Krause / Alex Smith
USENET readers can currently receive CuD as alt.society.cu-digest.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  It is assumed that non-personal mail to the moderators may be
reprinted, unless otherwise specified. Readers are encouraged to submit
reasoned articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: 	The views represented herein do not necessarily represent the
		views of the moderators. Contributors assume all responsibility
		for assuring that articles submitted do not violate copyright
 		protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

CONTENTS:
File 1:   Moderators' Corner
File 2:   A Conversation with Len Rose
File 3:   Len Rose's Indictment
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

----------------------------------------------------------------------
********************************************************************
***  CuD #1.28, File 1 of 4: Moderators' Comments                ***
********************************************************************

Date:      9 August, 1990
From:      Moderators
Subject:   Moderators' Corner

++++++++++
In this file:
 1) CRAIG NEIDORF Update
 2) PHRACK MAGAZINE CONTROVERSY

+++++++++++++++++++++++++++++
CRAIG NEIDORF DEFENSE FUND
+++++++++++++++++++++++++++++

Craig Neidorf has asked us to pass along a strong *THANK YOU* to everybody
who supported him throughout his ordeal.  He will be resuming college in
the fall.  Craig's diversion program does not restrict his freedom to
associate with whom he wishes or to publish as he wishes. However, he has
repeatedly and unequivocally emphasized that he has no plans to continue
PHRACK. Craig must speak with a pre-trial officer once a month for the next
year. The government cannot refile charges if craig is not arrested for a
computer-related crime in the next 12 months.

Many people have asked how they can help contribute to Craig's legal
expenses.  Checks should be made out to the law firm of KATTEN, MUCHIN AND
ZAVIS, and sent directly to his defense attorney:

	Sheldon Zenner
	c/o Katten, Muchin and Zavis
	525 W. Monroe, Suite 1600
	Chicago, IL  60606

A note should be included indicating it is "for Craig Neidorf," and if the
check has a line for memos, there should be an additional notation
indicating "for Craig Neidorf."
 
+++++++++++++++
PHRACK MAGAZINE CONTROVERSY
+++++++++++++++

When PHRACK 31 appeared, some readers were highly critical because they
felt the re-incarnation was a "rip-off" of the original.  Others, with
equal passion, defended retaining the name as a way respecting the
tradition it has developed and of keeping it alive.  Now that PHRACK 32 may
be out soon, we invite readers to present, without flames, their position
and their reasoning.  We especially invite the new editors of PHRACK to
present their side of the issue.

********************************************************************
 >> END OF THIS FILE <<
********************************************************************

------------------------------

Date:      11 August, 1990
From:      Jim Thomas
Subject:   Len Rose Interview

********************************************************************
***  CuD #1.28: File 2 of 4: Len Rose Interview                  ***
********************************************************************

The Len Rose case seems to present problems for many people.  Some, who
ordinarily support Constitutional rights, seem to have backed away from
this case, perhaps because of the seriousness of the charges, or perhaps
because his case does not seem as "pure" as those of some other defendants.
Some people are also concerned that Len's brush with the law "taints" him.

We feel that Len's case deserves attention comparable to other recent
cases. The charges in the indictment, as explained to us, are no more
serious than those in the indictment's of others, and the charges do not
seem to be as serious as the media depicts them. More importantly, the duel
model process of justice that ostensibly guides criminal proceedings must
be applied to all equally, whether the defendant is squeaky clean or a
homicidal maniac. We are troubled by those who think that, because Len has
had a previous legal problem, he is less deserving of legal help. Often, it
is precisely those whose image is the most tarnished who are most at risk
in the judicial process. If the issues are worthy and potentially affect
others, then it is in everybody's interests to assure that justice is
served.

CuD recently talked at length with Len about his current situation.  We
have not talked with Len's attorney nor have we seen copies of motions or
of the evidence.  Len's current attorney is a public defender who has been
busy in the multiple calls we made daily for three days. He has not
returned our calls. Those who have the time to try to obtain information
from him may contact him at:

Jim Kraft (the attorney)
Kraft, Balcerzak and Bartlett
7050 Oakland Mills Road
Columbia, MD  21046  (phone: 301-381-4646).

Len informs us that the case number is CR-90-0202, Federal Court, Baltimore.

********************************************************************

WHO IS LEN ROSE?

Len Rose is a 31 year old computer programmer who lives in Pennsylvania.
He has been married for 10 years and has a son, five years old, and a two
year old daughter.  He served six years in the army and, he informed us,
received the highest peacetime medal and "held a top secret clearance until
this happened." Len broke his leg in three places in early August during a
fishing outing with his son when he fell off a 35 foot cliff, "but at least
I kept my son from falling," he said.  Prior to his arrest, Len operated
his own computer system and was a computer consultant. One specialty area
was Unix systems.

WHAT IS LEN CHARGED WITH?

Len told us that there are five counts against him under Title 18.  Two are
for computer fraud and three are for transporting allegedly stolen goods in
excess of $5,000 across state lines.  (See File 3, this issue, for a copy
of the indictment).

According to Len, the two fraud counts were for allegedly altering
"login.c," which is source code for unix login programs, which was modified
to perform a trojan horse function to record login names and passwords and
store them in a file system.  Len said he wrote the program because
somebody was attacking his own system, and he installed the program on his
system to see what accounts were being attacked.  He indicated that login.c
is being valued in the indictment at $75,000, a value reminiscent of the
inflated E911 file charges that federal prosecutors in Chicago charged was
worth over $79,000.  Under cross-examination, it was determined that the
information in the E911 files could be obtained in a $13 manual.  The other
fraud count was for sending out a password scanner that he wrote himself
that scans passwords and tries to decrypt them. "You can find more powerful
programs n the net," he said, "such as Crypt Breakers Workbench and COPS,
which are archived on uunet to name just two %sources%."

According to Len, "The things I wrote were so trivial, a first year
computer science student could have written them. What it did was take a
word out of a dictionary file and encrypt it, and it compared the encrypted
form to the encrypted password in the password file. It was a very mindless
program. I had written it a long time ago, and used it many times myself
and when I was doing it for security %consulting%. That's all I used it
for, on any system concerned with security. In fact, it was obsolete,
because when ATT released system V 3.2 backin 1988, they stopped using the
file /etc/password and went to the /etc/shadow which was only readable by
the root account or super user accounts. This program %in question% can't
be installed without being able to control the system. I couldn't be used
by a normal user."

The three transportation counts apparently stemmed from multiple sendings
of this file.  He sent the program to an e-mail publication, but the
program did not arrive intact, so he re-sent it, which, he said, was the
basis of the second count. The final count, for the same program,
occured because he deleted his own program and received a copy of the
program he had previously sent.

Len related a story that sounded similar to SS Agent Timothy Foley's
account of the initial questioning of Craig Neidorf.  Len said he was
originally asked about the E911 files, and that the agents told him that he
was not in any trouble. Len said, "I told them everything I knew. I
cooperated with them to the fullest extent possible, because I trusted
them.  I didn't try to hide anything. I told them everything, and they were
after this 911 stuff. They said I wouldn't be prosecuted if I told them
everything, but they did. They told me to tell them now and it won't
matter, but if it came out later.....I told him about the source code."

Len emphasized that he did not steal the source code and that he used it
only to learn Unix.

Contrary to some reports both in the media and circulating on the nets, Len
adamantly denies ever being a member of the Legion of Doom, a denial
confirmed by LoD members and a recent LoD listing of participants. "I never
said I was a member of LoD, that was nothing out of my mouth. I never had
any association with them, and only knew some of the people. I considered
it a kids group, immature, and I never had any involvement with any group
anywhere. I was not a joiner," he said.

WHAT WAS LEN'S PREVIOUS OFFENSE?

Because of the rumors circulating about an earlier offense, we asked Len to
tell us what he could. The case has not yet been resolved, although it will
be concluded within the next few days.  It occured in 1989, and was
unrelated to the current situation.  It was a state offense for felony
theft, which resulted from an attempt to recover computer equipment that he
believed at the time to be rightfully his, and was the consequence of a
dispute between himself and a company he felt had "ripped him off." On the
streets, we called this "midnight repossession." "It was very stupid. I had
never been n trouble before that and I am very ashamed," he said.  The
details of the case can be more fully elaborated after it is fully
resolved.

WHAT'S LEN'S STATUS NOW?

The trial was originally scheduled for August 20, but it appears now that
it may be postponed until February. Until then, Len has no computer
equipment, and he said that the judge would not consider a motion to return
it because the judge perceived that he could use it to commit further
crime. As a consequence, Len has no source of income, and said that he has
lost his home, his credit rating and credit cards, his business, and some
of his friends. "I've lost everything." He is currently immobilized because
of his leg fracture, and will be in casts of various types for at least
eight weeks and may require surgery. His situation has put severe strains
on his finances, psyche, and domestic life.  He indicated that he could no
longer afford to retain his original attorney, Carlos Recio of Deso and
Greenberg in Washington, D.C., and was currently represented by a public
defender.  His income was slashed by one-twentieth, and he estimated he has
barely made $5,000 this year. He lost his office and currently works from a
single room in a friend's company. He feels that his reputation has been
unjustifiably destroyed, largely by distorted media representations and
rumors and added, "The press has been as damaging as the Secret Service."

If Len's account is accurate, then it would seem to raise many of the same
questions addressed by the EFF, CuD, 2600 Magazine, and others interested
in protecting the Constitutional rights of computerists. Len is not being
charged with theft, but with violations that raise the definition of
property, the legal rights of programmers, the status of source could that
seems to be fairly accessible, and other evolving issues in the
still-tenuous relationship between technology and law. It also raises the
issue of "cruel and unusual punishment." If the summary of the indictment
is correct, it would appear that the consequences resulting from Len's
situation far exceed the crime, and any additional sanctions, especially if
they involve incarceration, will be neither in the interests of Len, or,
ultimately, of society. To deprive an individual who has been a
contributing member to society of a means of livelihood would seem to serve
little purpose in this or any other case.  Some argue that the courts are
the best forum to decide both the guilt/innocence and the fate of
defendants. But, justice is not always served in the legal process,
especially in the grey area of ambiguous laws enforced by technologically
untrained investigators and prosecutors.  Regardless of what one might
think of Len's judgment in some of his behaviors, we must nonetheless ask:
If Len's account is accurate, at what point does the punishment become too
great?  For Len Rose, the immediate goal is modest: "I just want to get my
home back again."

********************************************************************
 >> END OF THIS FILE <<
********************************************************************

------------------------------

Date:      12 August, 1990
From:      Moderators
Subject:   Len Rose Indictment

********************************************************************
***  CuD #1.28: File 3 of 4: Len Rose Indictment                 ***
********************************************************************

Len Rose provided the following copy of his indictment, which we have
edited only with a spell-checker. The five counts against Len seem quite
general, and in many ways are similar both in style and substance to those
filed against Craig Neidorf.  The perhaps obligatory reference to the
Legion of Doom is made in count one without establishing the defendant's
connection to it, the value of the alleged "property" established as
over $5,000 (Len informs us that the value is established at about $75,000)
seems absurdly over-stated given the apparent nature of the "property" in
question, he is being charged with sending a program that he wrote that is
much less powerful than similar programs readily accessible to the public,
and the charges themselves seem sufficiently vague and ambiguous that they
could apply to many forms of knowledge or information.

We do not publish the indictment as a "Len Rose Issue." Instead, we suggest
that the document below reflects the continued misuse of law as a means to
control information. What is the precise nature of the information in
question? Was it used by the defendant to defraud? Is there any evidence
that he, or anybody else, intended to use it to defraud? The following
indictment, like the indictment in the Neidorf case, seems vague, and from
the trickles of information coming in, it seems that none of the evidence
strongly supports any of the counts. If true, it seems like deja vous all
over again.
********************************************************************

Subject: Len Rose Indictment
Date: Sun, 12 Aug 90 15:29:14 -0400
From: lsicom2!len@CDSCOM.CDS.COM

                       IN THE UNITED STATES DISTRICT COURT
                         FOR THE DISTRICT OF MARYLAND

 UNITED STATES OF AMERICA          *
                                   *           Criminal No.
 v.                                *             -  -
                                   *
 LEONARD ROSE, a/k/a/ "Terminus"   *  (Computer Fraud, 18 U.S.C.
                                   *  S 1030(a) (6); Interstate
                                   *  Transportation of Stolen
                                   *  Property, 18 U.S.C. S 2314;
                                   *  Aiding and Abetting, 18
                                   *  U.S.C. S 2)
            Defendant.             *
                            * * * * * * * * *

 INDICTMENT

 COUNT ONE

 The Grand Jury for the District of Maryland charges:

 FACTUAL BACKGROUND

 1. At all times relevant to this Indictment, American Telephone & Telegraph
 Company ("AT&T"), through it's subsidiary, Bell Laboratories ("Bell Labs"),
 manufactured and sold UNIX (a trademark of AT&T Bell Laboratories)
 computer systems to customers throughout the United States of America.
 2. At all times relevant to this Indictment, AT&T sold computer programs
 ("software") designed to run on the UNIX system to those customers. This
 software is designed and manufactured by AT&T;some software was available
 to the public for purchase, other software was internal AT&T software
 (such as accounting and password control programs) designed to operate
 with the AT&T UNIX system.
 3. At all times relevant to this indictment, computer hackers were individuals
 involved with gaining unauthorized access to computer systems by various
 means . These means included password scanning (use of a program that
 employed a large dictionary of words, which the program used in an attempt
 to decode the passwords of authorized computer system users), masquerading
 as authorized users, and use of trojan horse programs.
 4. At all times relevant to this Indictment, the Legion of Doom ("LOD") was
 a loosely-associated group of computer hackers. Among other activities,
 LOD members were involved in:

 a. Gaining unauthorized access to computer systems for purposes of
 stealing computer software programs from the companies that owned the
 programs;
 b. Gaining unauthorized access to computer systems for purpose of using
 computer time at no charge to themselves, thereby fraudulently obtaining
 money and property from the companies that owned the computer systems;
 c. Gaining unauthorized access to computer systems for the purpose of
 stealing proprietary source code and information from the companies
 that owned the source code and information;
 d. Disseminating information about their methods of gaining unauthorized
 access to computer systems to other hackers;
 e. Gaining unauthorized access to computer systems for the purpose of
 making telephone calls at no charge to themselves, obtaining and using
 credit history and data for individuals other than themselves, .and
 the like.

 5. At all times relevant to this Indictment, LEONARD ROSE JR. a/k/a
 "Terminus", was associated with the LOD and operated his own computer
 system, identified as Netsys. His electronic mailing address was
 netsys!len

 COMPUTER TERMINOLOGY

 6. For the purpose of this Indictment, an "assembler" is a computer program
 that translates computer program instructions written in assembly language
 (source code) into machine language executable by a computer.

 7. For the purpose of this Indictment, a "compiler" is a computer program
 used to translate as computer program expressed in a problem oriented
 language (source code) into machine language executable by a computer.
 8. For the purpose of this Indictment, a "computer" is an internally
 programmed, automatic device that performs data processing.

 9. For the purpose of this Indictment, a "computer network" is a set of
 related, remotely connected terminals and communications facilities,
 including more than one computer system, with the capability of
 transmitting data among them through communications facilities, such as
 telephones.

 10.For the purposes of this Indictment, a "computer program" is a set of
 data representing coded instructions that, when executed by a computer
 causes the computer to process data.

 11.For the purposes of this Indictment, a "computer system" is a set of
 related, connected, or unconnected computer equipment, devices, or software.

 12.For the purposes of this Indictment, electronic mail ("e-mail") is a
 computerized method for sending communications and files between
 computers on computer networks. Persons who send and receive e-mail are
 identified by a unique "mailing" address, similar to a postal address.

 13.For the purposes of this Indictment a "file" is a collection of related
 data records treated as a unit by a computer.

 14.For the purposes of this Indictment, "hardware" is the computer and all
 related or attached machinery, including terminals, keyboard, disk drives,
 tape drives, cartridges, and other mechanical, magnetic, electrical, and
 electronic devices used in data processing.

 15.For the purposes of this Indictment, a "modem" is a device that modulates
 and demodulates signals transmitted over data telecommunications
 facilities.

 16.For the purposes of this Indictment, "software" is a set of computer
 programs, procedures, and associated documentation.

 17.For the purposes of this Indictment, "source code" is instructions
 written by a computer programmer in a computer language that are used as
 input for a compiler, interpreter, or assembler. Access to source code
 permits a computer user to change the way in which a given computer
 system executes a program, without the knowledge of the computer system
 administrator.

 18.For the purposes of this Indictment, "superuser privileges" (sometimes
 referred to as "root") are privileges on a computer system that grant
 the "superuser" unlimited access to the system, including the ability
 to change the system's programs, insert new programs, and the like.

 19.For the purposes of this Indictment, a "trojan horse" is a set of
 computer instructions secretly inserted into a computer program so that
 when the program is executed, acts occur that were not intended to be
 performed by the program before modification.

 20.For the purposes of this Indictment, "UNIX" (a trademark of AT&T Bell
 Laboratories) is a computer operating system designed by AT&T Bell
 Laboratories for use with minicomputers and small business computers,
 which has been widely adopted by businesses and government agencies
 throughout the United States.

 COMPUTER OPERATIONS

 21.For the purposes of this Indictment, typical computer operations are as
 described in the following paragraphs. A computer user initiates
 communications with a computer system through his terminal and modem.The
 modem dials the access number for the computer system the user wishes to
 access and, after the user is connected to the system, the modem
 transmits and receives data to and from the computer.

 22.Once the connection is established, the computer requests the user's login
 identification and password. If the user fails to provide valid login and
 password information, he cannot access the computer.

 23.Once the user has gained access to the computer, he is capable of
 instructing the computer to execute existing programs. These programs are
 composed of a collection of computer files stored in the computer's
 memory. The commands that make up each file and, in turn, each program, are
 source code. Users who have source code are able to see all of the
 commands that make up a particular program. They can change these commands,
 causing the computer to perform tasks that the author of the program did
 not intend.

 24.The user may also copy certain files or programs from the computer he has
 accessed; if the user is unauthorized, this procedure allows the user to
 obtain information that is not otherwise available to him.

 25.In addition, once a user has accessed a computer, he may use it's network
 connections to gain access to other computers. Gaining access from one
 computer to another permits a user to conceal his location because login
 information on the second computer will reflect only that the first
 computer accessed the second computer.

 26.If a user has superuser privileges, he may add, replace, or modify existing
 programs in the computer system. The user performs these tasks by
 "going root"; that is, by entering a superuser password and instructing
 the computer to make systemic changes.

 27. On or about January 13, 1989, in the State and District of Maryland, and
 elsewhere,

 LEONARD ROSE JR. a/k/a Terminus

 did knowingly, willfully, intentionally, and with intent to defraud,
 traffic in (that is, transfer, and otherwise dispose of to another, and
 obtain control of with intent to transfer and dispose of) information
 through which a computer may be accessed without authorization, to wit:
 a trojan horse program designed to collect superuser passwords, and by
 such conduct affected interstate commerce.

18 U.S.C. S  1030(a) (6)
18 U.S.C. S  2

 COUNT TWO

 And the Grand Jury for the District of Maryland further charges:

 1. Paragraphs 1 through 26 of Count One are incorporated by reference,
 as if fully set forth.
 2. On or about January 9, 1990, in the State and District of Maryland,
 and elsewhere,

 LEONARD ROSE JR. a/k/a/ Terminus

 did knowingly, willfully, intentionally, and with intent to defraud,
 traffic in (that is, transfer, and otherwise dispose of to another, and
 obtain control of with intent to transfer and dispose of) information
 through which a computer may be accessed without authorization, to wit:
 a trojan horse login program, and by such conduct affected interstate
 commerce.

18 U.S.C. S 1030(a) (6)
18 U.S.C. S 2

 COUNT THREE

 And the Grand Jury for the District of Maryland further charges:

 1. Paragraphs 1 through 26 of Count One are incorporated by reference,
 as if fully set forth.
 2. That on or about May 13, 1988 in the State and District of Maryland,
 and elsewhere,

 LEONARD ROSE JR. a/k/a/ Terminus

 did cause to be transported, transmitted, and transformed in interstate
 commerce goods, wares, and merchandise of the value of $5000 or more, to
 wit: computer source code that was confidential, proprietary information
 of AT&T, knowing the same to have been stolen, converted, and taken by
 fraud.

18 U.S.C.  S 2314
18 U.S.C.  S 2

 COUNT FOUR

 And the Grand Jury for the District of Maryland further charges:

 1. Paragraphs 1 through 26 of Count One are incorporated by reference,
 as if fully set forth.
 2. That on or about January 15, 1989  in the State and District of Maryland,
 and elsewhere,

 LEONARD ROSE JR. a/k/a/ Terminus

 did cause to be transported, transmitted, and transformed in interstate
 commerce goods, wares, and merchandise of the value of $5000 or more, to
 wit: computer source code that was confidential, proprietary information
 of AT&T, knowing the same to have been stolen, converted, and taken by
 fraud.

18 U.S.C. S 2314
18 U.S.C. S 2

 COUNT FIVE

 And the Grand Jury for the District of Maryland further charges:

 1. Paragraphs 1 through 26 of Count One are incorporated by reference,
 as if fully set forth.
 2. That on or about January 8, 1990  in the State and District of Maryland,
 and elsewhere,

 LEONARD ROSE JR. a/k/a/ Terminus

 did cause to be transported, transmitted, and transformed in interstate
 commerce goods, wares, and merchandise of the value of $5000 or more, to
 wit: computer source code that was confidential, proprietary information
 of AT&T, knowing the same to have been stolen, converted, and taken by
 fraud.

18 U.S.C. S 2314
18 U.S.C. S 2

 ____________________

 Breckinridge L. Wilcox

********************************************************************
 >> END OF THIS FILE <<
********************************************************************

------------------------------

Date:      11 August, 1990
From:      Contributors
Subject:   CU In the News

********************************************************************
***  CuD #1.28: File 4 of 4: The CU in the News                  ***
********************************************************************

Date:    Sun, 29 Jul 90 17:36 CDT
From:    Anonymous
Subject: Neidorf news coverage- Markoff article

 "U.S. Drops Computer Case Against Student"
 (By John Markoff, New York Times, June 28, 1990, p. 7)

Federal prosecutors in Chicago yesterday dropped felony charges against a
20-year-old college student in a computer crime case that has drawn national
attention because of the civil liberties issues involved.

In a trial that began Monday, the Government had accused the student, Craig M.
Neidorf of the University of Missouri, of publishing an internal telephone
company document describing the emergency 911 system for nine states in the
Southeast. The Government said he had obtained the document from another
computer user who had stolen it electronically from the company, the BellSouth
Corporation of Atlanta; Mr. Neidorf then published it in an underground
computer newsletter that was distributed electronically on computer networks
and electronic bulletin boards.

But an assistant United States Attorney, William J. Cook, said the government
decided to drop the charges after learning that much information in the
document was already publicly available.

"The value of the document was one of the factors in the prosecution," he
said. "There were aspects of this document that we did not now were in the
public domain.  It was a question of the way the phone company portrayed the
document.

 Succession of Arrests

Mr. Neidorf did not plead guilty but acknowledged that he had received the
BellSouth document and agreed to be placed in a program under which he could
be prosecuted if he committed similar offenses in the future.

In recent months Federal and state law-enforcement officials have conducted a
succession of raids around the nation and made six arrests in a campaign
against young computer users who break into government and business data
systems.

The crackdown drew angry opposition from civil liberties experts and some
computer industry executives, who argued that the Government was overreacting
and discouraging legitimate activities of law-abiding computer users.

A civil liberties organization, the Electronic Frontier Foundation, created by
a computer industry executive, Mitchell D. Kapor, has spoken out in support of
Mr. Neidorf.

Mr. Neidorf was accused of obtaining BellSouth's 911 document from Robert J.
Riggs, 20, of Atlanta, one of three men who pleaded builty last month to
gaining illegal entry to BellSouth computers.  Mr. Riggs and Franklin Darden
Jr., 23, face a maximum penalty of five years in prison and a $200,000 fine.
The third man, Adam E. Grant, 22, faces a maximum penalty of 10 years in
prison and a $250,000 fine.

Mr Riggs, testifying in the Chicago case on Thursday, said he had not acted in
concert with Mr. Neidorf as the Government had charged.

 ** END **
********************************************************************
Date:         Thu, 09 Aug 90 00:14:44 EDT
From:         Michael Rosen <CM193C@GWUVM>
Subject:      Craig Neidorf
To:           Computer Underground Digest <tk0jut2>

SOURCE:  Computerworld, 8/6/90, p. 8, by Michael Alexander (CW Staff):
 DIAL 1-800... FOR BELLSOUTH 'SECRETS'

Chicago - The attorney for Craig Neidorf, a 20-year-old electronic
newsletter editor, said last week that he plans to file a civil lawsuit
against Bellsouth Corp. as a result of the firm's "irresponsible" handling
of a case involving the theft of a computer text file from the firm.

Federal prosecutors dismissed charges against Neidorf four days into the
trial, after prosecution witnesses conceded in cross-examination that much
of the information in the text file was widely available.

Neidorf, the co-editor of "Phrack," a newsletter for computer hackers, was
accused by federal authorities of conspiring to steal and publish a text
file that detailed the inner workings of Bellsouth's enhanced 911 emergency
telephone system across nine states in the Southeast [CW, July 30].

"What happened in this case is that the government accepted lock, stock and
barrel everything that Bellsouth told them without an independent
assessment," said Sheldon Zenner, Neidorf's attorney.

One witness, a Bellsouth service manager, acknowledged that detailed
information about the inner workings of the 911 system could be purchased
from Bellsouth for a nominal fee using a toll-free telephone number.

A Bellcore security expert who was hired by Bellsouth to investigate
intrusions into its computer systems testified that the theft of the file
went unreported for nearly a year.

Last week, a Bellsouth spokesman said the firm's security experts delayed
reporting the theft because they were more intent on monitoring and
preventing intrusions into the company's computer systems.  "There are only
so much resources in the data security arena, and we felt that it was more
urgent to investigate," he said.

He also disputed assertions that the document was of little value.  "It is
extremely proprietary and contained routing information on 911 calls
through our nine-state territory as well as entry points into the system,"
he said.

A QUICK ENDING

The case unraveled after Robert Riggs, a prosecution witness who had
already pleaded guilty for his role in the theft of the document, testified
that he had acted alone and that Neidorf had merely agreed to publish the
text file in "Phrack."

Neidorf and his attorney agreed to a pretrial diversion, a program under
which the government voluntarily dismisses the indictment but could
reinstate it if Neidorf commits a similar crime within a year.

The case has stirred up national debate on the rights of computer users in
the age of electronic information.  The Electronic Frontier Foundation, a
civil liberties group set up by Mitch Kapor, founder of Lotus Development
Corp., may participate in the filing of a lawsuit against Bellsouth, said
Terry Gross an attorney at the New York law firm of Rabinowitz Boudin
Standard Krinsky & Lieberman.

"The Electronic Frontier Foundation is concerned by the irresponsibility of
Bellsouth of claiming from the outset that this was confidential material
when it should have known that it was not," Gross said.

 **END OF ARTICLE**
********************************************************************

Date: 28 Jul 90 10:41:47 EDT
From: Moderators
Subject: British Law and Modem User's Association of America (MUAA)

 - London, England                    UK COMPUTER CRACKING BILL BECOMES LAW
 ---------------

 Having passed Parliament, the UK Computer Misuse Bill has now gained
 Royal Assent, becoming law.  This Bill defines computer hacking (or to use
 a MUCH more appropriate term, computer Cracking) as the act of gaining
 unauthorized access into a computer system., and makes it punishable by
 fines and short prison terms.  It also enables people to be prosecuted in
 England if either the offender OR the affected computer system was in
 England when the computer system was broken into.

 Interestingly enough, a Price Waterhouse report says that theft or
 fraud were responsible for only 20 percent of reported security incidents
 in the UK, and that over 76 percent were due to human error, system
 failure, or natural hazards.  However, over 65 percent of UK companies in
 their survey said that they had suffered financially from security
 failures....

********************************************************************
 - Topeka, Kansas    EFFORTS BEGIN TO LAUNCH LOBBYING GROUP FOR MODEM USERS

 Alan Bechtold (President of the BBS Press Service) has begun efforts
 start the Modem User's Association of America (MUAA).  If successful, the
 MUAA will be a non-profit organization that will engage in legal and
 Congressional Lobbying activities for modem users and operators of online
 services.  It will also serve as a source of information on modem-related
 legislation being considered around the US (like the FCC's attempts to
 charge special fees for people to use modems)....

 Most of the interest for the MUAA has come from places like Texas
 and Indiana, where telephone companies and state governments are trying to
 implement new rate structures that charge modem users higher rates for
 service.  Bechtold is now trying to test the level of support for such an
 organization, via an effort to raise $10,000 in funds to begin the MUAA by
 the end of September.  If that amount has not been raised by then, he has
 pledged to "tear up all the checks that I have received and continue on
 with other activities".

 Interestingly, a Group based in Washington DC has offered to
 contribute legal and lobbying support for the MUAA, but only IF it gains
 enough support.  Bechtold is considering these annual membership fees for
 the MUAA:

 Individuals - $15                  Commercial Bulletin Boards - $50
 Hobby Bulletin Boards - $25        Commercial Online Services - $100
 Makers of Telecommunications and/or Terminal Software - $200
 Modem and Computer Makers - $500

 If you wish to obtain more information about the proposed MUAA, Alan
 Bechtold can be reached at 1-913-478-3157....

source:
ST REPORT ONLINE MAGAZINE
STR Publishing Inc.
July 27, 1990, No.6.30

 
********************************************************************


------------------------------

 **END OF CuD #1.28**
********************************************************************