==Phrack Inc.== Volume Four, Issue Forty-One, File 13 of 13 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Phrack World News PWN PWN PWN PWN Issue 41 / Part 3 of 3 PWN PWN PWN PWN Compiled by Datastream Cowboy PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Boy, 15, Arrested After 911 Paralyzed By Computer Hacker October 7, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Caroline Mallan (The Toronto Star)(Page A22) A 15-year-old boy has been arrested after a hacker pulling computer pranks paralyzed Metro's emergency 911 service. Police with Metro's major crime unit investigated the origin of countless calls placed to the 911 service from mid-July through last month. The calls were routed to emergency services in the Etobicoke area, said Detective Willie Johnston, who led the investigation. Phony medical emergency calls were reported and police, fire and ambulance crews were dispatched on false alarms. On one occasion, the computer hacker managed to tie up the entire 911 service in Metro -- making it unavailable for true emergencies. Police were not sure last night how long the system was shut down for but Johnston said the period was considerable. Staff Sergeant Mike Sale warned hackers that phony calls can be traced. "A criminal abuse of the 911 emergency system will result in a criminal investigation and will result in an arrest," Sale said, adding police had only been investigating this hacker for a few weeks before they came up with a suspect. Bell Canada investigators helped police to trace the origin of the calls and officers yesterday arrested a teen while he was in his Grade 11 class at a North York high school. Two computers were seized from the boy's home and will be sent to Ottawa to be analyzed. Johnston said police are concerned that other hackers may also be able to halt the 911 service, since the computer technology used was fairly basic, although the process of rerouting the calls from a home to the Etobicoke emergency lines was very complex. The calls went via computer modem through two separate phone systems in major U.S. cities before being sent back to Canada, Johnston explained. The suspect, who cannot be named under the Young Offenders Act, is charged with theft of telecommunications, 24 counts of mischief and 10 counts of conveying false messages. He was released from custody and will appear in North York youth court November 6, police said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Police Say They've Got Hackers' Number October 8, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Deverell (The Toronto Star)(Page A8) Hackers, take note. Metro police and Ma Bell are going to get you. A young North York computer freak accused of launching 10 false medical alerts to 911 this summer may have learned -- the hard way -- that his telephone tricks weren't beating the pros. Police arrived with a search warrant at the home of the 15-year-old, arrested him and carted away his computer. He's charged with 10 counts of conveying false messages, 24 counts of mischief, and theft of telecommunications. Inspector Bill Holdridge, of 911 emergency services, said the false alarms in July and August never posed any technical problem to his switchboard but resulted in wild goose chases for the police, fire and ambulance services. "Those resources weren't available for real alarms, which could have been a serious problem," Holdridge said. The 911 service, quartered at 590 Jarvis Street, gets about 7,000 calls a day, of which 30% warrant some kind of emergency response. Normally, a computerized tracing system takes only seconds to provide the address and number of the telephone from which a call originates -- unless the point of origin has been somehow disguised. Apparently the 911 prankster got into the telephone system illegally and routed his calls through several U.S. networks before bringing them back to Toronto. Detective Willie Johnston said the boy's parents were stunned when police arrived. "They really didn't have a clue what was going on," said Johnston. The false emergencies reported were nowhere near the accused boy's home. "Without condoning it, you could understand it if he were sitting around the corner watching the flashing lights," said Johnston. "But they were miles away. It defies logic." Neither Johnston nor Holdridge would explain how they and Bell security finally traced the false alarms. "That might just make other hackers try to figure out another way," Holdridge said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hackers Targeted 911 Systems, Police Say October 10, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from United Press International Authorities expect to make more arrests after penetrating a loose network of computer hackers called the "Legion of Doom" they say tapped into corporate phone lines to call 911 systems nationwide with the intent of disrupting emergency services. Prosecutors from Virginia, New Jersey and Maryland -- in conjunction with investigators from two telephone companies -- traced some of the hackers and closed in on three homes in two states. A 23-year-old Newark, New Jersey man was arrested early on October 9th. He faces several charges, including fraud. Other arrests are expected in two Maryland locations. The suspect, known by several aliases and identified by authorities only as Maverick, told investigators the group's intent was "to attempt to penetrate the 911 computer systems and infect them with viruses to cause havoc," said Captain James Bourque of the Chesterfield County police in Virginia. The probe is just beginning, according to Bourque. "Quite honestly, I think it's only the tip of the iceberg," he said. The hackers first penetrate the phone lines of large companies or pay phones, then use those connections to call 911 lines, Bourque said. The hackers usually make conference calls to other 911 services in other cities, tying up communications in several locations simultaneously. "One time we were linked up with Toronto and Los Angeles jurisdictions," Bourque said. "And none of us could disconnect." Sometimes as many five hackers would be on the line and would make false calls for help. Communications officers, unable to stop the calls, would have to listen, then try to persuade the officers in other locales "that the call wasn't real," Bourque said. "Obviously, there's a real potential for disastrous consequences," he said. One phone bill charged to a company in Minnesota indicated the scope of the problem. The company discovered in a 30-day period that it had been charged with more than $100,000 in phone calls generated by the hackers, according to Bourque. "I'm sure there are a multitude of other jurisdictions across the country having the same problems," Bourque said. People identifying themselves as members of the "Legion of Doom" -- which also is the name of a pro wresting team -- have called a Richmond, Virginia television station and ABC in New York in an attempt to get publicity, Bourque said. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - More On 911 "Legion Of Doom" Hacking Case October 20, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Barbara E. McMullen & John F. McMullen (Newsbytes) NEW YORK CITY -- In a discussion with Newsbytes, Sgt. Kurt Leonard of the Chesterfield County, Virginia Police Department has disclosed further information concerning the on-going investigation of alleged 911 disruption throughout the eastern seaboard of the United States by individuals purporting to be members of the hacker group "The Legion of Doom" (LOD). Leonard identified the individual arrested in Newark, New Jersey, previously referred to only as "Maverick," as Scott Maverick, 23. Maverick has been charged with terroristic threats, obstruction of a government function, and illegal access to a computer. He is presently out on bail. Leonard said that David Pluchino, 22, was charged to the same counts as Maverick and an additional count of the possession of burglary tools. Leonard said that Pluchino, the subject of a 1990 Secret Service "search and seizure" action under the still on-going "Operation SunDevil" investigation," possessed information linking him with members of the Legion of Doom. The Legion of Doom connection has become the subject of controversy within the online community. Although Maverick has been quoted as saying that he is a member of the group and that the group's intent was "to attempt to penetrate the 911 computer systems and inflect them with viruses to cause havoc," members of the group have disavowed any connection with those arrested. "Lex Luthor," one of the original members of the group, told Newsbytes when the initial report of the arrests became public: "As far as I am concerned the LOD has been dead for a couple of years, never to be revived. Maverick was never in LOD. There have been 2 lists of members (one in Phrack and another in the LOD tj) and those lists are the final word on membership." He added, "We obviously cannot prevent copy-cats from saying they are in LOD. When there was an LOD, our goals were to explore and leave systems as we found them. The goals were to expose security flaws so they could be fixed before REAL criminals and vandals such as this Maverick character could do damage. If this Maverick character did indeed disrupt E911 service he should be not only be charged with computer trespassing but also attempted murder. 911 is serious business." Lex Luthor's comments, made before the names of the arrested were released, were echoed by Chris Goggans, aka "Erik Bloodaxe," and Mark Abene, aka "Phiber Optik," both ex-LOD members, and by Craig Neidorf who chronicled the membership of LOD in his electronic publication "Phrack." When the names of the arrested became public, Newsbytes again contacted Lex Luthor to see if the names were familiar. Luthor replied: "Can't add anything, I never heard of them." Phiber Optik, a New York resident, told Newsbytes that he remembered Pluchino as a person that ran a computer "chat" system called "Interchat" based in New Jersey. "They never were LOD members and Pluchino was not known as a computer hacker. It sounds as though they were LOD wanabees who are now, by going to jail, going to get the attention they desire," he said. A law enforcement official, familiar with the SunDevil investigation of Pluchino, agreed with Phiber, saying, "There was no indication of any connection with the Legion of Doom." The official, speaking under the condition of anonymity, also told Newsbytes that the SunDevil investigation of Pluchino is still proceeding and, as such, no comment can be made. Leonard also told Newsbytes that the investigation has been a joint effort of New Jersey, Maryland, and Virginia police departments and said that, in conjunction with the October 9th 2:00 AM arrests of Pluchino and Maverick, a simultaneous "search and seizure" operation was carried out at the Hanover, Maryland home of Zohar Shif, aka "Zeke," a 23 year-old who had also been the subject of a SunDevil search and seizure. Leonard also said that, in addition to computers taken from Pluchino, material was found "establishing a link to the Legion of Doom." Told of the comments by LOD members that the group did not exist anymore, Leonard said "While the original members may have gone on to other things, these people say they are the LOD and some of them have direct connection to LOD members and have LOD materials." Asked by Newsbytes to comment on Leonard's comments, Phiber Optik said "The material he's referring to is probably text files that have been floating around BBS's for years, Just because someone has downloaded the files certainly doesn't mean that they are or ever were connected with LOD." _______________________________________________________________________________ Complaints On Toll Fraud Aired at FCC En Banc Hearing October 13, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Art Brodsky (Communications Daily)(Page 1) Customers of PBX manufacturers told the Federal Communications Commission (FCC) they shouldn't be liable for toll fraud losses incurred because vendors never told them of capabilities of their equipment that left companies open to electronic theft. Their case was buttressed by one of country's leading toll- fraud investigators, who told day-long en banc hearing that customers shouldn't have to pay if they're victimized. Donald Delaney of the New York State Police said toll fraud "is the only crime I know where the victims are held liable." Toll fraud losses have been estimated to run into billions of dollars. Commission's look at toll fraud came in context of what FCC can do to prevent or lessen problem. Comr. Marshall said Commission's job would be to apportion liability between vendors and customers. Comr. Duggan, who has been leader on issue at Commission, said toll fraud was "hidden degenerative disease on the body of business." He focused on insurance solution to problem, along with sharing of liability. There are cases pending at FCC filed by AT&T customers that deal with sharing of liability, and whether common carriers are protected by tariffs from paying customers for losses. Witnesses told Commission it was hard to find any law enforcement agency interested in problem, from local police to FBI, in addition to difficulties with vendors. U.S. Secret Service has statutory responsibility over toll fraud, said attorney William Cook, who testified in afternoon session. There was general agreement that more customer education was needed to prevent fraud, policy endorsed by Northern Telecom, which has active customer education program. AT&T came in for particular criticism in morning session as users said company was insensitive to toll fraud problems. Thomas Mara, executive vice-president Leucadia National Corp., whose company suffered $300,000 in toll fraud, said he "had a hell of a time getting anybody at AT&T to pay attention" to problems his company was encountering. Mara said his company saw level of 800 calls rise to 10,448 from 100. He said AT&T was supposed to notify users if there was any "dramatic increase in volume, yet we were not notified of a thousandfold increase in 800 number usage nor were we informed of an increase from a few hours a month in international calls to thousands of hours by AT&T, only after receiving our bills." Investigation found that 800 number connecting Rolm switch to company's voice mail was hackers' entry method, Mara said. Clearly angry with AT&T, Mara said he has "a feeling they use it as a profit center." Lawrence Gessini, telecommunications director for Agway Corp. of Syracuse, agreed, saying: "Toll fraud should not become a rationale for higher profits for carriers." He told FCC that new programs introduced by long distance carriers won't solve problem because of constraints, limitations and expense. Speaking for International Communications Association (ICA) user group, Gessini said problems occur because new technologies allow more types of fraud and because "old tariff concepts" that limit common carrier liability "distort market incentives." Vendors, he said, are "generally lackadaisical and are slow to correct even known problems in their hardware, firmware and software," and give low priority to complaints. ICA advocated 5 principles including FCC inquiry into fraud, creation of advisory committee and willingness of Commission to protect users. Geoffrey Williams, industry consultant and telecommunications manager for IOMEGA Corp., said AT&T has been "most notable" for asking for restitution, while Sprint and MCI are more lenient. MCI doesn't charge users for first hacking incident, he said, but after that users are on their own. AT&T defended itself in afternoon session, when International Collections Dist. Manager Peter Coulter rejected users' accusations, saying company had increased customer education program "dramatically" since last year. He insisted that AT&T is "very concerned" by toll fraud: "Contrary to what some people want to believe, no long distance carrier is making a profit off toll fraud." He said AT&T had 6,000 customers attend equipment security seminars in 1991, but that number had been exceeded in first 6 months of 1992. He said results of increased education program were "only preliminary" but his group was receiving "a lot more accommodations" than complaints from customers. Coulter, while never admitting that company should shoulder any financial liability, admitted that "things are different now" as to how AT&T approaches toll fraud problem. He said that within AT&T it used to be hardware division vs. service division. "The hardware guys said it was a service problem, the service guys said it was the hardware's fault," Coulter said. But now both divisions are "working together on the problem . . . we're talking to each other." Delaney of N.Y. state police gave the FCC a picture of the toll fraud situation dominated by as few as 15 practitioners, most of whom gain illegal entry to telephone systems simply by dialing numbers for hours on end. Those so-called "finger hackers," rather than computer hackers, are responsible for 90% of fraud, he said, telling Commission that equipment vendors should be held accountable for fraud. Most fraudulent calls go to Pakistan, Colombia and Dominican Republic, he said. Delaney pointed out practical objection to further vendor education problem, telling commissioners that for vendor to engage in education would also be to admit there could be problem with equipment security, something sales people don't want to do. He said some customers had been sold systems and didn't know they had capability for remote access -- means used by hackers to gain entry. _______________________________________________________________________________ Hanging Up On Hackers October 12, 1992 ~~~~~~~~~~~~~~~~~~~~~ by Miriam Leuchter (Crain's New York Business)(Page 21) "Thieves tap phone systems, but business cuts the line." Ron Hanley suspected a technical glitch when his company's telephone bill listed an unusually large number of calls lasting four seconds to its 800- number from New York City. But the executive at Dataproducts New England in Wallingford, Connecticut didn't lose sleep over the problem -- until he got a call two months later from the security department at American Telephone & Telegraph Co. Dataproducts had been hacked. Two days after that, Mr. Hanley got a bill confirming the bad news: In one 24-hour period, street-corner phone users in New York had made some 2,000 calls to the Caribbean on the company's line, ringing up about $50,000 in tolls. Dataproducts is not alone. Estimates of the cost of telecommunications fraud in the United States each year run from $1 billion to as much as $9 billion. According to John J. Haugh, editor of Toll Fraud and Telabuse and chairman of a Portland, Oregon consulting firm, losses reached $4 billion in 1991 and are expected to climb 30% in 1992. Some 35,000 businesses and other users -- such as foundations and government agencies -- will be hit this year. In the first six months, Mr. Haugh says, more than 900 New York City companies were victims of telephone-related fraud. "If you have a PBX system or calling cards or voice mail, you are vulnerable, exceedingly vulnerable," says Peggy Snyder, executive director of the Communications Fraud Control Association, a national information clearinghouse based in Washington. "As technology gets more user-friendly, the opportunity to commit a crime is much greater." Armed with computers, modems and sometimes automatic dialers or random-number generating software, high-technology thieves can use your telephone system as if it is their own -- without having to pay the tolls. The series of very short calls Mr. Hanley spotted on one phone bill should have tipped off his 800-number service provider -- which he had alerted when he spotted the pattern -- that hackers were trying to break into his system. Who are these hackers -- a term used to describe someone who uses a telephone or computer to obtain unauthorized access to other computers? Many are teenagers or young adults out to demonstrate their computer skills and make some mischief. Five young New Yorkers are awaiting trial in federal court on unauthorized access and interception of electronic communications charges in one widely publicized telephone fraud case. A much smaller proportion are more serious criminals: drug dealers, money launderers and the like, who don't want their calls traced. In one case, Ms. Snyder cites a prostitution ring that employed unused voice mail extensions at one company to leave and receive messages from clients. Many hackers have connections to call-sell operators who set up shop at phone booths, primarily in poorer immigrant neighborhoods in cities from New York to Los Angeles. For a flat fee -- the going rate is $10, according to one source -- callers can phone anywhere in the world and talk as long as they want. The hawker at the phone booth pockets the cash and someone else pays the bill. Perhaps 15 to 20 so-called finger hackers (who crack authorization codes by hand dialing) distribute information to call-sell operators at thousands of locations in New York. According to Don Delaney, a senior investigator for the New York State Police, the bulk of such calls from phone booths in the city go to the Dominican Republic, Pakistan and Colombia. Hackers may use more than technical skill to gain the access they want. Sometimes they practice "social engineering" -- talking a company's employees into divulging information about the telephone system. Or they manage a credible imitation of an employee, pretending to be an employee. In one of the latest schemes, a fraudulent caller gets into a company's system and asks the switchboard operator to connect him with an outside operator. The switchboard assumes the caller is an employee who wants to make a personal call on his own calling card. Instead, he uses a stolen or hacked calling card number. The fraud goes undetected until the card's owner reports the unauthorized use to his long- distance carrier. If the cardholder refuses to pay the charges, the phone company traces the calls to the business from which they were placed. Because it looks as if the call came from the company, it is often held liable for the charge. In another new twist, a hacker gains access to an unused voice mail extension at a company, or takes over someone's line at night or while the regular user is on vacation. He changes the recorded announcement to say, "Operator, this number will accept all collect and third-party calls." Then the hacker -- or anyone else -- can telephone anywhere in the world and bill the charges to that extension. Sometimes the fraud is much more organized and sophisticated, however. Robert Rasor, special agent in charge of the financial crime division of the U.S. Secret Service, gives an example of a three-way calling scheme in which hackers tap into a phone system in the United States and set up a separate network that allows people in other countries to call each other directly. "The Palestinians are one of the more prominent groups" running these sorts of fraud, he says. But no matter who the end user is, businesses like Dataproducts end up footing the bill. Personal users are generally not held liable for the unauthorized use of their calling card numbers. Under current regulation, a business is responsible for all calls that go through its equipment, whether or not those calls originated at the company. This hard fact rankles Mr. Hanley. "It's totally frustrating and almost unbelievable that you're responsible for this bill. It's really frightening for any company." Dataproducts's liability was relatively small compared with the $168,000 average Mr. Haugh calculated in a study he made last year. It could have been worse yet. "The largest case I've ever seen in the metropolitan region was a company that lost almost $1 million within 30 days," says Alan Brill, managing director of the New York corporate security firm Kroll Associates Inc. "It was a double whammy, because even though their long-distance carrier saw a suspicious pattern of calls and blocked access to those area codes, the company didn't know its PBX system would automatically switch to another carrier if calls couldn't go through," Mr. Brill says. "So the company got a bill for $300,000 from its primary carrier and a $600,000 bill from the secondary carrier." Both AT&T and Sprint Corp. offer service plans that limit liability to $25,000 per fraud episode for their business customers. Mr. Brill advises companies to evaluate the cost-effectiveness of these plans in great detail, because in order to be eligible for coverage companies must take certain steps to minimize their risk. "If you reduce your risk significantly, you may not need the coverage," he says. The plans require customers to respond to a problem in as little as two hours after notification of unauthorized calls. Doing so will stem your losses in any event. "You also have to think about how you're staffed," adds Mr. Brill. "Can you act that fast?" _______________________________________________________________________________ PWN Quicknotes ~~~~~~~~~~~~~~ 1. HACKER PARTY BUSTED (by Robert Burg, Gannett, 11/3/92) -- "PumpCon Popped!" -- WHITE PLAINS, New York -- Police say a Halloween party they broke up Sunday (11/1/92) was more than just a rowdy party - it also was a computer hacker party. Three men were charged with unauthorized use of a computer and attempting computer trespass. A fourth man was arrested on an outstanding warrant involving violating probation on a charge of computer fraud in Arizona, Greenburgh Detective Lt. Cornelius Sullivan said. Security officers at the Westchester Marriott contacted police after noticing an unusual number of people entering and leaving one room. Police said that when they arrived, there were 21 people inside and computers hooked up to telephone lines. Police said they also found telephone credit cards that did not belong to any of the people present. The three charged with unauthorized use of a computer and attempted computer trespass were Randy Sigman, 40, of Newington, Connecticut; Ronald G. Pinz, 21, of Wallingford, Connecticut and Byron Woodard, 18, of Woonsocket, Rhode Island. They were being held at the Westchester County Jail in Valhalla pending arraignment. The man charged on the warrant, Jason Brittain, 22, of Tucson, Arizona, was being held without bail pending arraignment. The Westchester County District Attorney frauds division seized the computer hardware, software, and other electrical equipment. Sullivan said the party-goers heard about the party through computer bulletin boards. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2. COMPUTER ACCESS ARRESTS IN NEW YORK (Barbara E. McMullen & John F. McMullen, Newsbytes, 11/3/92) -- GREENBURGH, NEW YORK -- The Greenburgh, New York Police Department has announced the arrest of three individuals, Randy P. Sigman, 40; Ronald G. Pinz, Jr, 21; and Byron J. Woodard, 18 for the alleged crimes of Unauthorized Use Of A Computer and Attempted Computer Trespass, both misdemeanors. Also arrested was Jason A. Brittain, 22 in satisfaction of a State of Arizona Fugitive From Justice warrant. The arrests took place in the midst of an "OctoberCon" or "PumpCon" party billed as a "hacker get-together" at the Marriott Courtyard Hotel in Greenburgh. The arrests were made at approximately 4:00 AM on Sunday morning, November 1st. The three defendants arrested for computer crimes were granted $1,000 bail and will be arraigned on Friday, November 6th. Newsbytes sources said that the get together, which had attracted up to sixty people, had dwindled to approximately twenty-five when, at 10:00 Saturday night, the police, in response to noise complaints arrived and allegedly found computers in use accessing systems over telephone lines. The police held the twenty-five for questioning and called in Westchester County Assistant District Attorney Kenneth Citarella, a prosecutor versed in computer crime, for assistance. During the questioning period, the information on Brittain as a fugitive from Arizona was obtained and at 4:00 the three alleged criminal trespassers and Brittain were charged. Both Lt. DeCarlo of the Greenburgh police and Citarella told Newsbytes that the investigation is continuing and that no further information is available at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3. U.S. PRISON SENTENCE FOR COMPUTER HACKER (New York Law Journal, 10/15/92, Page 7) -- A Brooklyn man was sentenced yesterday to eight months in prison for buying passwords from a computer hacker group known as the "masters of deception" [MOD] for resale to others seeking access to confidential credit reports. Morton Rosenfeld, 21, received the sentence in federal court in Manhattan after pleading guilty in June to obtaining the unauthorized access devices to computer data bases operated by TRW Information Services and other credit reporting companies. The sentence, imposed by Southern District Judge Shirley Wohl Kram, is believed to be among few prison terms levied for computer-related offenses. Meanwhile, charges are pending against Mr. Rosenfeld's alleged source: the five members of the masters of deception, young men in their teens and 20's. The five were accused in July of breaking into computer systems run by credit reporting services, telephone companies and educational institutions. For more information about the indictment and case against MOD, see ALL the articles in PWN 40-2. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4. 2ND ONLINE LEGAL GUIDE RELEASED (by Barbara E. McMullen & John F. McMullen, Newsbytes, 10/13/92) -- NEW YORK CITY -- PC Information Group has announced the release of SysLaw, Second Edition: The Legal Guide for Online Service Providers by attorneys Lance Rose and Jonathan Wallace. According to the company, "Syslaw provides BBS sysops, network moderators and other online service providers with basic information on their rights and responsibilities, in a form that non-lawyers can easily understand." Subjects covered by the book include the First Amendment, copyrights and trademarks, the user agreement, negligence, privacy, criminal law, searches and seizures, viruses and adult materials. The company claims that SysLaw not only explains the laws, but that it gives detailed advice enabling system operators to create the desired balance of user services, freedom, and protection from risk on their systems." Co-author Lance Rose told Newsbytes: "In the four years since the publication of the first edition, the electronic community has become alerted to the first amendment dimensions of the on-line community." "The first amendment has profound implications to the on-line community both to liberate providers and users of on-line systems and to protect them from undue legal harassment. There has, in the last few years, been a lot of law enforcement activity effecting bulletin board systems, including the Steve Jackson and Craig Neidorf/Phrack cases," he said. Rose continued, "The new edition incorporates these new developments as well as containing new information concerning on-line property rights, user agreements, sysop liabilities, viruses and adult material contained on online systems." SysLaw is available from PC Information Group, 1126 East Broadway, Winona, MN 55987 (800-321-8285 or 507-452-2824) at a price of $34.95 plus $3.00 shipping and (if applicable) sales tax. Press Contact: Brian Blackledge, PC Information Group, 800-321-8285 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5. YET ANOTHER BOOK ABOUT THE COMPUTER UNDERGROUND (The Daily Telegraph, 12/14/92, Page 25) -- Approaching Zero: Data Crime and the Computer Underworld by Bryan Clough and Paul Mungo (Faber & Faber, L14.99) -- A look at the world of Fry Guy, Control C, Captain Zap and other hackers to blame for the viruses, logic bombs and Trojan horses in the world's personal computer networks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6. HONOR STUDENT NABBED IN COMPUTER FRAUD (The Washington Times, 11/9/92, Page A6) -- BROOKSVILLE, FLA.-- Three high school honor students have been accused of stealing tens of thousands of dollars worth of long-distance calls as computer hackers. Brian McGrogan, 16, and Edmund Padgett, 17, who were charged as adults, and a 15-year-old allegedly tapped private telephone systems and dialed into an international hacking network. One company's loss was $36,000. "These are very sharp, intelligent kids," Hernando County sheriff's Captain Richard Nugent said after the arrests. "It's a game to them. It's a sport." Some calls were made to computer bulletin boards in the United Kingdom, Germany and Canada, where a loose network of hackers allegedly shared information about how to obtain computer data and access information. Arrests in the case also were made in New York and Virginia, Captain Nugent said. The two older boys were booked on charges of organized fraud and violation of intellectual property. The third boy was released to his parents. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7. A CORDLESS PHONE THAT CAN THWART EAVESDROPPERS (Business Week, 8/3/92) -- To industrial spies and other snoops, the millions of cordless phones in use are goldmines of information. Conversations can be plucked out of the air by means of a police type scanner, and with increasing ease. The latest no-cord technologies offers clearer sound and longer ranges -- up to half a mile. That's because the new phones broadcast signals at 900 MHz, or 20 times the frequency of current models. Cincinnati Microwave, Inc. (the radar detector people) figures executives and consumers will pay a small premium for cordless privacy. The company has developed a phone, to be marketed in October by its Escort division for about $300, that thwarts eavesdroppers with "spread spectrum" technology, which is similar to the encryption method that the military uses in secure radios. The signals between the handset and base unit are digitized, making them unintelligible to humans, and the transmission randomly hops among various frequencies within the 900 MHz spectrum. To keep the cost down to the range of other 900 MHz models, Cincinnati Microwave has developed special microchips that keep the handset and base in sync. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8. NEW AREA CODE -- As of November 1, 1992, a new 210 area code is serving 152 communities in the San Antonio and Rio Grande Valley areas. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9. FOR SALE: PHONE-PHREAKING TOOLS (Brigid McMenamin, Forbes, 8/3/92, Page 64) -- From his remote outpost in Alamogordo, New Mexico, John Williams makes a nice living telling hackers how to rip off phone and computer systems. Williams says he brings in about $200,000 a year publishing books on everything from credit card scams and cracking automated teller machines to electronic shoplifting, cellular phone phreaking and voice mailbox hacking, each costing $29 to $39, and each complete with precise instructions. He even sells Robofones, which save hackers from doing a lot of dialing while they steal access codes. Isn't what he does illegal? Perhaps it should be, but it isn't. Wrapping himself in the First Amendment, Williams is a member in good standing of the Alamogordo Chamber of Commerce and the New Mexico Better Business Bureau. He thumbs his nose at companies and authorities that would like to make him stop selling such secrets. "We don't promote fraud," he insists. "It's all sold for educational purposes only. If we didn't publish the information, it would still be out there." But last year Williams got a visit form the Secret Service, which was following up on a telephone fraud case in which one of his publications figured prominently. In Gainsville, Florida, in November 1990, two young men were locked up by police for hacking into voice-mail systems and then making calls to 900 numbers. One of the pair, known as the Shark, then 20, confessed to the crime, but said he was on assignment for Williams' Consumertronics publication. The culprits could have been given five years on the fraud charge alone. But the victim didn't want any publicity, so the state let them do 50 hours of community service instead. The Secret Service went to talk to Williams. Williams assured agent James Pollard that he'd never told the Shark to do anything illegal. Nevertheless, says Williams, the agent implied that Williams and members of his family who work for him might be prosecuted for publishing voice-mail access codes. In the end, no charges were filed against Williams, who admits he has a thing against big business, especially the phone companies. "For decades, they financed right-wing regimes in Latin America," he rants. It's a crazy world, that of the telephone toll fraudsters. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 10. NEW YORK STATE POLICE DECRIMINALIZE THE WORD "HACKER" (Barbara E. McMullen & John F. McMullen, Newsbytes, 10/21/92) -- ALBANY, NEW YORK -- Senior investigator Ron Stevens of the New York State Police Computer Unit has told Newsbytes that it will be the practice of his unit to avoid the use of the term "hacker" in describing those alleged to have committed computer crimes. Stevens told Newsbytes, "We use the term computer criminal to describe those who break the law using computers. While the lay person may have come to understand the meaning of hacker as a computer criminal, the term isn't accurate. The people in the early days of the computer industry considered themselves hackers and they made the computer what it is today. There are those today who consider themselves hackers and do not commit illegal acts." Stevens had made similar comments in a recent conversation with Albany BBS operator Marty Winter. Winter told Newsbytes, "'Hacker' is, unfortunately an example of the media taking what used to be an honorable term, and using it to describe an activity because they (the media) are too lazy or stupid to come up with something else. Who knows, maybe one day 'computer delinquent' WILL be used, but I sure ain't gonna hold my breath." Stevens, together with investigator Dick Lynch and senior investigator Donald Delaney, attended the March 1992 Computers, Freedom and Privacy Conference (CFP-2) in Washington, DC and met such industry figures as Glenn Tenney, congressional candidate and chairman of the WELL's annual "Hacker Conference"; Craig Neidorf, founding editor and publisher of Phrack; Steven Levy, author of "Hackers" and the recently published "Artificial Life"; Bruce Sterling, author of the recently published "The Hacker Crackdown"; Emmanuel Goldstein, editor and publisher of 2600: The Hacker Quarterly" and a number of well-known "hackers." Stevens said, "When I came home, I read as much of the literature about the subject that I could and came to the conclusion that a hacker is not necessarily a computer criminal." The use of the term "hacker" to describe those alleged to have committed computer crimes has long been an irritant to many in the online community. When the July 8th federal indictment of 5 New York City individuals contained the definition of computer hacker as "someone who uses a computer or a telephone to obtain unauthorized access to other computers," there was an outcry on such electronic conferencing system as the WELL (Whole Earth 'Lectronic Link). Many of the same people reacted quite favorably to the Stevens statement when it was posted on the WELL. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 11. STEVE JACKSON GAMES TRIAL DATE SET -- Mike Godwin, General Counsel for the Electronic Frontier Foundation, announced on December 23rd that the case of Steve Jackson Games, et.al. v. The United States Secret Service et. al. will go to trial in Austin, Texas on Tuesday, January 19, 1993. _______________________________________________________________________________