Approaching Zero, Paul Mungo [good summer reads TXT] 📗

frontier of the computer village.

 

So, a week later, when news of the Secret Service crackdown broke, Barlow

decided to investigate, to ensure that officialdom wasn’t looking at the hacker

threat through a haze of ignorance. Barlow had been inundated by messages, up

to a hundred a day, after his posting to the WELL. Most had expressed

indignation at the FBI’s ignorance, and worries about the treatment of hackers

who had been picked up in the dragnet. Barlow also met with

Mitch Kapor, another WELL-being and the coauthor of Lotus 1-2-3, a best-selling

computer program. Kapor had been shrewd enough to sell his stake in Lotus at

(or very near) the top. Among other things, his earnings enabled him to operate

his own business jet, which he used to fly to Wyoming for the meeting.

 

Both Kapor and Barlow empathized with the raided hackers though neither would

ever condone criminal or malicious activity of any kind. Their concern was

about whether the Feds knew what they were doing or were merely being pulled

along by uninformed hysteria about hacking.

 

Together, Barlow and Kapor agreed to set up the Electronic Frontier Foundation.

 

Its purpose was not necessarily to protect hackers, but to extend the

protection of freedom of speech, freedom of the press, and freedom of

expression to computer-based media: bulletin boards, electronic publishing,

computer conferencing, and so on. The foundation dedicated itself to six aims,

all related to influencing future legislation so that the civil liberties of

computer users, whether they were hackers or not, would not be ignored. It

attracted the support of a number of affluent technocrats in the computer

industry—including $150,000 from Steve Wozniak, one of the Apple founders.

(Woz had remained faithful to the original ideals of Apple. He resigned his

position at the company in the early 1980s when it became too “corporate” and

busied himself promoting music festivals and teaching, among other things.)

By the time the Foundation was established, the full force of the federal

crackdown had already been felt. The New York hackers Acid Phreak, Phiber

Optik, and the Scorpion had been raided; Craig Neidorf had been arrested; the

Atlanta Three had been indicted; Loyd Blankenship (the Mentor) and Steve

Jackson had been busted and their equipment confiscated; and the nationwide

raids had rounded up LoD, MoD, and DPAC members, as well as an assortment of

independent hackers.

 

The catalog of charges ranged from wire fraud to handling stolen property, from

unauthorized possession of access devices to misappropriating source codes.

There were also allegations of credit card fraud, bank fraud, and altering

hospital computer records, and references to specific incidents: dropping

computer bombs in telephone switches and stealing the E911 documents. It had

all of the makings of a nationwide conspiracy.

 

The first case the Foundation took on was in Chicago. Assistant U.S. Attorney

William Cook, who had earlier successfully prosecuted Kyrie—the “Fagin” of the

stolen access code gang—and who had become something of an authority on

computer crime, was now in charge of the case against PHRACK editor Craig

Neidorf. Neidorf had been indicted for transporting the stolen E911 document

across state lines. He finally came to trial in Chicago on July 23rd.

 

The prosecution’s case was opened by Cook, who outlined the government claim of

a conspiracy involving Neidorf and members of the Legion of Doom and asserted

that the E911 file was “a highly proprietary and sensitive document” valued at

$79,449.

 

Four days later the case collapsed.

 

The defense demonstrated that the same E911 information was available from

local bookstores and in libraries. Furthermore, by dialing a free 1-800 number,

two publications could be obtained from Bellcore for $34 which contained even

more detailed information. Neidorf’s lawyers also argued that, far from being

the serious and imminent threat represented by Bellcore, the file had been

published in PHRACK nearly a year before the telephone company bothered to do

anything about it. Neidorf was cleared of all charges, but though he was helped

by the foundation, he was still left with some $100,000 in legal costs.

 

The E911 file, however, was to come up once again.

 

On November 16, the Atlanta Three pleaded guilty to a number of charges

variously described as computer fraud, wire fraud, access code fraud, and

interstate transportation of stolen property—the latter referring to the E911

document.

 

Because the three agreed to guilty pleas the charges were reduced, but as a

result no defense could be mounted. In the sentencing memorandum, the prosecution said that Robert Riggs (the Prophet) had

stolen the E911 file “containing the program for the emergency 911 dialling

system,” adding that “any damage to that very sensitive system could result in

a dangerous breakdown in police, fire and ambulance services.” The file’s

value, the prosecution added, was $24,639.05—the 5 cents presumably included

to indicate that the figure had been very accurately determined. The memo also

stated that the three had gained free telephone service and access to BellSouth

computers.

 

The Electronic Frontier Foundation was enraged. Although the plea bargaining

precluded a formal defense, the Foundation said the claims about the E911 file

were “clearly false. Defense witnesses … were prepared to testify that the

E911 document was not a [computer] program, that it could not be used to

disrupt 911 service, and the same information could be ordered from BellSouth

at a cost of less than $20.” The foundation also noted that the prosecution had

begun its memorandum by detailing the planting of computer bombs. “Only after

going to some length describing these allegations does the prosecution state,

in passing, that the defendants were not implicated in these crimes [Foundation

italics].”

 

Despite the protests, Robert Riggs (the Prophet) was sentenced to twenty-one

months and his two colleagues—Adam Grant (the Urvile) and Frank Dearden (the

Leftist)—received fourteen months each. They also had to make restitutional

payments of $233,000 for the value of the “access devices” found in their

possession. The access devices were the IDs and passwords that they had

collected from BellSouth during their various raids.

 

There was no question that the Atlanta Three were hackers who had, without

doubt, broken into BellSouth. But the valuation of the “access devices”—

computer codes, telephone card numbers—was highly questionable. As the

foundation asked, how can a value be assessed when no loss can be demonstrated?

But in the new climate engendered by the crackdown, everything associated with

hacking was suspect. Every self-proclaimed hacker acquired a Secret Service

dossier, irrespective of his activities; every hacker with a handle qualified

for a bust; every busted hacker was suspected of belonging to the Legion of

Doom; and the mere mention of the word Cyberpunk seemed enough to bring down

the full force of the law.

 

Under the circumstances, Steve Jackson had drawn a full house. Not only did he

employ a known hacker—Loyd Blankenship, who had a handle and was even a member

of the LoD—he was also engaged in producing a “hacker handbook” called

Cyberpunk.

 

During the raid on Steve Jackson Games, the Secret Service had confiscated much

of the company’s computer equipment, without which equipment the company could

barely function. It took months, and the assistance of a foundation-supplied

lawyer, before the Feds returned the equipment—some of it, according to Steve,

damaged, with valuable data missing.

 

The Secret Service kept the equipment as potential evidence for a “crime” that

was never committed. For, while GURPS Cyberpunk does contain information on

dumpster diving and social engineering, it is ultimately a game. It is no more

a “handbook on hacking” than, say, this book is. (The game was finally

published later that year, without causing any noticeable increase in hacking

crimes.)

Even though no charges were filed against Steve, his business suffered while

the Secret Service held his computer systems. His turnover was down and half of

his staff was laid off. He estimates his losses for the period at over

$300,000. With the help of the foundation, he has since filed a civil suit

against the Secret Service and two of its agents, Assistant U.S. Attorney

William Cook, and a Bellcore security manager.

 

At the time of writing, Loyd Blankenship (the Mentor) has not been charged with

anything either, although he still has not received his computer equipment

back. Given his background in the LoD, it is not thought likely that he ever

will. As a known hacker, he is not pressing the Secret Service too hard;

instead, said a friend, he’s “Lying low.”

 

The Electronic Frontier Foundation couldn’t help everyone. Phiber Optik was

sentenced to a period of thirty-five hours of community service for a

relatively minor hacking offense. Even worse, he suffered the shame of being

thrown out of the Legion of Doom—though that had nothing to do with his

arrest. His crime, in the LoD’s eyes, was that he and Acid Phreak (a

non-Legionnaire) had demonstrated their hacking skills for a magazine article

published in Esquire in December 1990. Although both he and Acid Phreak had

kept their identities secret even using phony handles—the other Legionnaires

felt that the young hacker was on “an ego trip,” a charge confirmed for them

when he appeared on a number of television shows. Phiber Optik, the other

Legionnaires decided, had too high a profile for the Legion.

 

Not being in LoD didn’t stop him from hacking. He joined the MoD instead—but

then he was busted along with four other MoD members: Outlaw, Corrupt, Renegade

Hacker, and the Wing. These arrests were devastating to the gang, principally

because their equipment was confiscated. (The MoD accused the Legion of turning

them in as a last reprisal in the hacker wars, but this seems unlikely.) In

July ‘92 a federal grand jury indicted Outlaw, Corrupt, Phiber Optik, Acid

Phreak, and Scorpion for breaking into telco and credit agency computers, and

for stealing data.

 

Given all the effort, this was a modest payoff—hardly justification for a

massive crackdown. Even the Operation Sundevil busts of May 8th, which the

foundation called a use of “force and terror which would have been more

appropriate to the apprehension of urban guerrillas than barely postpubescent

computer nerds,” have yielded remarkably few indictments. Gail Thackeray, an

attorney in Phoenix dealing with the aftermath of the Sundevil busts, notes

that “80 percent of those arrested were adults [over eighteen years old]”—

hardly postpubescents. She says that more indictments are still being prepared,

and that the delay was caused by the sheer weight of evidence: more than twenty

thousand diskettes have been examined, which has taken the authorities over

twelve months.

 

But perhaps indictments were never the point. Sundevil was a search-and-seizure

operation; the quarantined computers and diskettes will be held until the

material can be analyzed. Only at that point will the indictments, if any, be

handed down, and the authorities are in no rush. While the computers are in

their possession, the Cyberpunks are out of action.

 

As for the Phoenix Project, it, too, was probably a false alarm. The vaunted

rebirth of hacking, which convinced the Secret Service that there was a

nationwide conspiracy, may not have been what it seemed. After all, the

Project’s organizers had only exhorted hackers to welcome the new age “with the

use of every legal means available.” A sympathetic interpretation of the Phoenix Project would suggest that older hackers were simply counseling others not

to break the law. It was a timely warning: the Computer Fraud and Misuse Act

had entered the statute books two years previously, and some jail sentences had

already been handed out. Hacking was no longer being viewed tolerantly, and the

Phoenix Project’s organizers expected a crackdown by the authorities. They got

that right at least.

 

However, there was yet another hacker swept up in the Secret Service busts,

who, unlike the others, was unquestionably hacking for profit. In mid-June 1989

BellSouth had begun investigating two relatively minor incidents