The Hacker Crackdown
Page 30
"But isn't this what you said was basically what appeared in *Phrack?*"
Ms. Williams denied this.
Zenner now pointed out that the E911 Document as published in Phrack was only half the size of the original E911 Document (as Prophet had purloined it). Half of it had been deleted -- edited by Neidorf.
Ms. Williams countered that "Most of the information that is in the text file is redundant."
Zenner continued to probe. Exactly what bits of knowledge in the Document were, in fact, unknown to the public? Locations of E911 computers? Phone numbers for telco personnel? Ongoing maintenance subcommittees? Hadn't Neidorf removed much of this?
Then he pounced. "Are you familiar with Bellcore Technical Reference Document TR-TSY-000350?" It was, Zenner explained, officially titled "E911 Public Safety Answering Point Interface Between 1-1AESS Switch and Customer Premises Equipment." It contained highly detailed and specific technical information about the E911 System. It was published by Bellcore and publicly available for about $20.
He showed the witness a Bellcore catalog which listed thousands of documents from Bellcore and from all the Baby Bells, BellSouth included. The catalog, Zenner pointed out, was free. Anyone with a credit card could call the Bellcore toll-free 800 number and simply order any of these documents, which would be shipped to any customer without question. Including, for instance, "BellSouth E911 Service Interfaces to Customer Premises Equipment at a Public Safety Answering Point."
Zenner gave the witness a copy of "BellSouth E911 Service Interfaces," which cost, as he pointed out, $13, straight from the catalog. "Look at it carefully," he urged Ms. Williams, "and tell me if it doesn't contain about twice as much detailed information about the E911 system of BellSouth than appeared anywhere in *Phrack.*"
"You want me to...." Ms. Williams trailed off. "I don't understand."
"Take a careful look," Zenner persisted. "Take a look at that document, and tell me when you're done looking at it if, indeed, it doesn't contain much more detailed information about the E911 system than appeared in *Phrack.*"
"*Phrack* wasn't taken from this," Ms. Williams said.
"Excuse me?" said Zenner.
"*Phrack* wasn't taken from this."
"I can't hear you," Zenner said.
"*Phrack* was not taken from this document. I don't understand your question to me."
"I guess you don't," Zenner said.
At this point, the prosecution's case had been gutshot. Ms. Williams was distressed. Her confusion was quite genuine. *Phrack* had not been taken from any publicly available Bellcore document. *Phrack*'s E911 Document had been stolen from her own company's computers, from her own company's text files, that her own colleagues had written, and revised, with much labor.
But the "value" of the Document had been blown to smithereens. It wasn't worth eighty grand. According to Bellcore it was worth thirteen bucks. And the looming menace that it supposedly posed had been reduced in instants to a scarecrow. Bellcore itself was selling material far more detailed and "dangerous," to anybody with a credit card and a phone.
Actually, Bellcore was not giving this information to just anybody. They gave it to *anybody who asked,* but not many did ask. Not many people knew that Bellcore had a free catalog and an 800 number. John Nagle knew, but certainly the average teenage phreak didn't know. "Tuc," a friend of Neidorf's and sometime *Phrack* contributor, knew, and Tuc had been very helpful to the defense, behind the scenes. But the Legion of Doom didn't know -- otherwise, they would never have wasted so much time raiding dumpsters. Cook didn't know. Foley didn't know. Kluepfel didn't know. The right hand of Bellcore knew not what the left hand was doing. The right hand was battering hackers without mercy, while the left hand was distributing Bellcore's intellectual property to anybody who was interested in telephone technical trivia -- apparently, a pathetic few.
The digital underground was so amateurish and poorly organized that they had never discovered this heap of unguarded riches. The ivory tower of the telcos was so wrapped-up in the fog of its own technical obscurity that it had left all the windows open and flung open the doors. No one had even noticed.
Zenner sank another nail in the coffin. He produced a printed issue of *Telephone Engineer & Management,* a prominent industry journal that comes out twice a month and costs $27 a year. This particular issue of *TE&M,* called "Update on 911," featured a galaxy of technical details on 911 service and a glossary far more extensive than *Phrack*'s.
The trial rumbled on, somehow, through its own momentum. Tim Foley testified about his interrogations of Neidorf. Neidorf's written admission that he had known the E911 Document was pilfered was officially read into the court record.
An interesting side issue came up: "Terminus" had once passed Neidorf a piece of UNIX AT&T software, a log-in sequence, that had been cunningly altered so that it could trap passwords. The UNIX software itself was illegally copied AT&T property, and the alterations "Terminus" had made to it, had transformed it into a device for facilitating computer break-ins. Terminus himself would eventually plead guilty to theft of this piece of software, and the Chicago group would send Terminus to prison for it. But it was of dubious relevance in the Neidorf case. Neidorf hadn't written the program. He wasn't accused of ever having used it. And Neidorf wasn't being charged with software theft or owning a password trapper.
On the next day, Zenner took the offensive. The civil libertarians now had their own arcane, untried legal weaponry to launch into action -- the Electronic Communications Privacy Act of 1986, 18 US Code, Section 2701 et seq. Section 2701 makes it a crime to intentionally access without authorization a facility in which an electronic communication service is provided -- it is, at heart, an anti-bugging and anti-tapping law, intended to carry the traditional protections of telephones into other electronic channels of communication. While providing penalties for amateur snoops, however, Section 2703 of the ECPA also lays some formal difficulties on the bugging and tapping activities of police.
The Secret Service, in the person of Tim Foley, had served Richard Andrews with a federal grand jury subpoena, in their pursuit of Prophet, the E911 Document, and the Terminus software ring. But according to the Electronic Communications Privacy Act, a "provider of remote computing service" was legally entitled to "prior notice" from the government if a subpoena was used. Richard Andrews and his basement UNIX node, Jolnet, had not received any "prior notice." Tim Foley had purportedly violated the ECPA and committed an electronic crime! Zenner now sought the judge's permission to cross-examine Foley on the topic of Foley's own electronic misdeeds.
Cook argued that Richard Andrews' Jolnet was a privately owned bulletin board, and not within the purview of ECPA. Judge Bua granted the motion of the government to prevent cross-examination on that point, and Zenner's offensive fizzled. This, however, was the first direct assault on the legality of the actions of the Computer Fraud and Abuse Task Force itself -- the first suggestion that they themselves had broken the law, and might, perhaps, be called to account.
Zenner, in any case, did not really need the ECPA. Instead, he grilled Foley on the glaring contradictions in the supposed value of the E911 Document. He also brought up the embarrassing fact that the supposedly red- hot E911 Document had been sitting around for months, in Jolnet, with Kluepfel's knowledge, while Kluepfel had done nothing about it.
In the afternoon, the Prophet was brought in to testify for the prosecution. (The Prophet, it will be recalled, had also been indicted in the case as partner in a fraud scheme with Neidorf.) In Atlanta, the Prophet had already pled guilty to one charge of conspiracy, one charge of wire fraud and one charge of interstate transportation of stolen property. The wire fraud charge, and the stolen property charge, were both directly based on the E911 Document.
The twenty-year-old Prophet proved a sorry customer, answering questions politely but in a barely audible mumble, his voice trailing off at the ends of sentences. He was constantly urged to speak up.
Co
ok, examining Prophet, forced him to admit that he had once had a "drug problem," abusing amphetamines, marijuana, cocaine, and LSD. This may have established to the jury that "hackers" are, or can be, seedy lowlife characters, but it may have damaged Prophet's credibility somewhat. Zenner later suggested that drugs might have damaged Prophet's memory. The interesting fact also surfaced that Prophet had never physically met Craig Neidorf. He didn't even know Neidorf's last name -- at least, not until the trial.
Prophet confirmed the basic facts of his hacker career. He was a member of the Legion of Doom. He had abused codes, he had broken into switching stations and re-routed calls, he had hung out on pirate bulletin boards. He had raided the BellSouth AIMSX computer, copied the E911 Document, stored it on Jolnet, mailed it to Neidorf. He and Neidorf had edited it, and Neidorf had known where it came from.
Zenner, however, had Prophet confirm that Neidorf was not a member of the Legion of Doom, and had not urged Prophet to break into BellSouth computers. Neidorf had never urged Prophet to defraud anyone, or to steal anything. Prophet also admitted that he had never known Neidorf to break in to any computer. Prophet said that no one in the Legion of Doom considered Craig Neidorf a "hacker" at all. Neidorf was not a UNIX maven, and simply lacked the necessary skill and ability to break into computers. Neidorf just published a magazine.
On Friday, July 27, 1990, the case against Neidorf collapsed. Cook moved to dismiss the indictment, citing "information currently available to us that was not available to us at the inception of the trial." Judge Bua praised the prosecution for this action, which he described as "very responsible," then dismissed a juror and declared a mistrial.
Neidorf was a free man. His defense, however, had cost himself and his family dearly. Months of his life had been consumed in anguish; he had seen his closest friends shun him as a federal criminal. He owed his lawyers over a hundred thousand dollars, despite a generous payment to the defense by Mitch Kapor.
Neidorf was not found innocent. The trial was simply dropped. Nevertheless, on September 9, 1991, Judge Bua granted Neidorf's motion for the "expungement and sealing" of his indictment record. The United States Secret Service was ordered to delete and destroy all fingerprints, photographs, and other records of arrest or processing relating to Neidorf's indictment, including their paper documents and their computer records.
Neidorf went back to school, blazingly determined to become a lawyer. Having seen the justice system at work, Neidorf lost much of his enthusiasm for merely technical power. At this writing, Craig Neidorf is working in Washington as a salaried researcher for the American Civil Liberties Union.
#
The outcome of the Neidorf trial changed the EFF from voices-in-the-wilderness to the media darlings of the new frontier.
Legally speaking, the Neidorf case was not a sweeping triumph for anyone concerned. No constitutional principles had been established. The issues of "freedom of the press" for electronic publishers remained in legal limbo. There were public misconceptions about the case. Many people thought Neidorf had been found innocent and relieved of all his legal debts by Kapor. The truth was that the government had simply dropped the case, and Neidorf's family had gone deeply into hock to support him.
But the Neidorf case did provide a single, devastating, public sound-bite: *The feds said it was worth eighty grand, and it was only worth thirteen bucks.*
This is the Neidorf case's single most memorable element. No serious report of the case missed this particular element. Even cops could not read this without a wince and a shake of the head. It left the public credibility of the crackdown agents in tatters.
The crackdown, in fact, continued, however. Those two charges against Prophet, which had been based on the E911 Document, were quietly forgotten at his sentencing -- even though Prophet had already pled guilty to them. Georgia federal prosecutors strongly argued for jail time for the Atlanta Three, insisting on "the need to send a message to the community," "the message that hackers around the country need to hear."
There was a great deal in their sentencing memorandum about the awful things that various other hackers had done (though the Atlanta Three themselves had not, in fact, actually committed these crimes). There was also much speculation about the awful things that the Atlanta Three *might* have done and *were capable* of doing (even though they had not, in fact, actually done them). The prosecution's argument carried the day. The Atlanta Three were sent to prison: Urvile and Leftist both got 14 months each, while Prophet (a second offender) got 21 months.
The Atlanta Three were also assessed staggering fines as "restitution": $233,000 each. BellSouth claimed that the defendants had "stolen" "approximately $233,880 worth" of "proprietary computer access information" -- specifically, $233,880 worth of computer passwords and connect addresses. BellSouth's astonishing claim of the extreme value of its own computer passwords and addresses was accepted at face value by the Georgia court. Furthermore (as if to emphasize its theoretical nature) this enormous sum was not divvied up among the Atlanta Three, but each of them had to pay all of it.
A striking aspect of the sentence was that the Atlanta Three were specifically forbidden to use computers, except for work or under supervision. Depriving hackers of home computers and modems makes some sense if one considers hackers as "computer addicts," but EFF, filing an amicus brief in the case, protested that this punishment was unconstitutional -- it deprived the Atlanta Three of their rights of free association and free expression through electronic media.
Terminus, the "ultimate hacker," was finally sent to prison for a year through the dogged efforts of the Chicago Task Force. His crime, to which he pled guilty, was the transfer of the UNIX password trapper, which was officially valued by AT&T at $77,000, a figure which aroused intense skepticism among those familiar with UNIX "login.c" programs.
The jailing of Terminus and the Atlanta Legionnaires of Doom, however, did not cause the EFF any sense of embarrassment or defeat. On the contrary, the civil libertarians were rapidly gathering strength.
An early and potent supporter was Senator Patrick Leahy, Democrat from Vermont, who had been a Senate sponsor of the Electronic Communications Privacy Act. Even before the Neidorf trial, Leahy had spoken out in defense of hacker-power and freedom of the keyboard: "We cannot unduly inhibit the inquisitive 13-year-old who, if left to experiment today, may tomorrow develop the telecommunications or computer technology to lead the United States into the 21st century. He represents our future and our best hope to remain a technologically competitive nation."
It was a handsome statement, rendered perhaps rather more effective by the fact that the crackdown raiders *did not have* any Senators speaking out for *them.* On the contrary, their highly secretive actions and tactics, all "sealed search warrants" here and "confidential ongoing investigations" there, might have won them a burst of glamorous publicity at first, but were crippling them in the on-going propaganda war. Gail Thackeray was reduced to unsupported bluster: "Some of these people who are loudest on the bandwagon may just slink into the background," she predicted in *Newsweek* - - when all the facts came out, and the cops were vindicated.
But all the facts did not come out. Those facts that did, were not very flattering. And the cops were not vindicated. And Gail Thackeray lost her job. By the end of 1991, William Cook had also left public employment.
1990 had belonged to the crackdown, but by '91 its agents were in severe disarray, and the libertarians were on a roll. People were flocking to the cause.
A particularly interesting ally had been Mike Godwin of Austin, Texas. Godwin was an individual almost as difficult to describe as Barlow; he had been editor of the student newspaper of the University of Texas, and a computer salesman, and a programmer, and in 1990 was back in law school, looking for a law degree.
Godwin was also a bulletin board maven. He was very well-known in the Austin board community under his handle "Johnny Mnemonic," which he adopted from a cyberpunk science fiction story by William
Gibson. Godwin was an ardent cyberpunk science fiction fan. As a fellow Austinite of similar age and similar interests, I myself had known Godwin socially for many years. When William Gibson and myself had been writing our collaborative SF novel, *The Difference Engine,* Godwin had been our technical advisor in our effort to link our Apple word-processors from Austin to Vancouver. Gibson and I were so pleased by his generous expert help that we named a character in the novel "Michael Godwin" in his honor.
The handle "Mnemonic" suited Godwin very well. His erudition and his mastery of trivia were impressive to the point of stupor; his ardent curiosity seemed insatiable, and his desire to debate and argue seemed the central drive of his life. Godwin had even started his own Austin debating society, wryly known as the "Dull Men's Club." In person, Godwin could be overwhelming; a flypaper- brained polymath who could not seem to let any idea go. On bulletin boards, however, Godwin's closely reasoned, highly grammatical, erudite posts suited the medium well, and he became a local board celebrity.
Mike Godwin was the man most responsible for the public national exposure of the Steve Jackson case. The Izenberg seizure in Austin had received no press coverage at all. The March 1 raids on Mentor, Bloodaxe, and Steve Jackson Games had received a brief front-page splash in the front page of the *Austin American-Statesman,* but it was confused and ill-informed: the warrants were sealed, and the Secret Service wasn't talking. Steve Jackson seemed doomed to obscurity. Jackson had not been arrested; he was not charged with any crime; he was not on trial. He had lost some computers in an ongoing investigation -- so what? Jackson tried hard to attract attention to the true extent of his plight, but he was drawing a blank; no one in a position to help him seemed able to get a mental grip on the issues.
Godwin, however, was uniquely, almost magically, qualified to carry Jackson's case to the outside world. Godwin was a board enthusiast, a science fiction fan, a former journalist, a computer salesman, a lawyer-to-be, and an Austinite. Through a coincidence yet more amazing, in his last year of law school Godwin had specialized in federal prosecutions and criminal procedure. Acting entirely on his own, Godwin made up a press packet which summarized the issues and provided useful contacts for reporters. Godwin's behind-the-scenes effort (which he carried out mostly to prove a point in a local board debate) broke the story again in the *Austin American-Statesman* and then in *Newsweek.*