Facts and Rumors

Over the past year there has been a great deal of publicity concerning the actions of computer hackers.  Since we began publishing in 1984 we've pointed out cases of hackers being unfairly prosecuted and victimized.  We wish we could say things were getting better but we cannot.  Events of recent months have made it painfully clear that the authorities, above all else, want to "send a message."  That message of course being that hacking is not good.  And there seems to be no limit as to how far they will go to send that message.

And so we come to the latest chapter in this saga: the sentencing of three hackers in Atlanta, Georgia on November 16.  The three, Robert Riggs (The Prophet), Frank Darden, Jr. (The Leftist), and Adam Grant (The Urville) were members of the Legion of Doom, one of the country's leading hacker "groups."  Members of LOD were spread all over the world but there was no real organization, just a desire to learn and share information.  Hardly a gang of terrorists, as the authorities set out to prove.

The three Atlanta hackers had pleaded guilty to various charges of hacking, particularly concerning SBDN (the Southern Bell Data Network, operated by BellSouth).  Supposedly Riggs had accessed SBDN and sent the now famous 911 document to Craig Neidorf for publication in Phrack.  Earlier this year, BellSouth valued the document at nearly $80,000.  However, during Neidorf's trial, it was revealed that the document was really worth $13.  That was enough to convince the government to drop the case.

But Riggs, Darden, and Grant had already pleaded guilty to accessing BellSouth's computer.  Even though the facts in the Neidorf case showed the world how absurd BellSouth's accusations were, the "Atlanta Three" were sentenced as if every word had been true.  Which explains why each of them received substantial prison time, 21 months for Riggs, 14 months for the others.  We're told they could have gotten even more.

This kind of a sentence sends a message all right.  The message is that the legal system has no idea how to handle computer hacking.  Here we have a case where some curious people logged into a phone company's computer system.  No cases of damage to the system were ever attributed to them.  They shared information which we now know was practically worthless.  And they never profited in any way, except to gain knowledge.  Yet they are being treated as if they were guilty of rape or manslaughter.  Why is this?

In addition to going to prison, the three must pay $233,000 in restitution.  Again, it's a complete mystery as to how this staggering figure was arrived at.  BellSouth claimed that approximate figure in "stolen logins/passwords" which we have a great deal of trouble understanding.  Nobody can tell us exactly what that means.  And there's more.  BellSouth claims to have spent $1.5 million tracking down these individuals.  That's right, one and a half million dollars for the phone company to trace three people!  And then they had to go and spend $3 million in additional security.  Perhaps if they had sprung for security in the first place, this would never have happened.  But, of course, then they would have never gotten to send the message to all the hackers and potential hackers out there.

We think it's time concerned people sent a message of their own.  Three young people are going to prison because a large company left its doors wide open and doesn't want to take any responsibility.  That in itself is a criminal act.

We've always believed that if people cause damage or create a nuisance, they should pay the price.  In fact, the LOD believed this too.  So do most hackers.  And so does the legal system.  By blowing things way out of proportion because computers were involved, the government is telling us they really don't know what's going on or how to handle it.  And that is a scary situation.

If the media had been on top of this story and had been able to grasp its meaning, things might have been very different indeed.  And if BellSouth's gross exaggerations had been taken into account at the sentencing, this injustice couldn't have occurred.  Consider this: if Riggs' sentence were as much of an exaggeration as BellSouth's stated value of their $13 document, he would be able to serve it in full in just over two hours.  And the $233,000 in restitution would be under $40.  So how much damage are we really talking about?  Don't look to BellSouth for answers.

In early 1991, the three are to begin their sentences.  Before that happens, we need to reach as many people as possible with this message.  We don't know if it will make a difference in this particular case if the general public, government officials, and the media hear this side of the story.  But we do know it would be criminal not to try.

***

When we needed to get the word out on the Neidorf story, we learned something about the power of electronic communications.  By making use of the Internet, the story spread throughout the globe rapidly and responses poured back.  One computer system in particular, The WELL, located in the Bay Area of California and affiliated with the Whole Earth Review was an instrumental tool in opening those communications.  We hope to see many other affordable multi-user systems that offer lively discussions and useful services in the future.  We encourage our readers to get involved in this technology before participation in it becomes regulated and restricted by those who don't appreciate it.  You can register online at The WELL by calling 415-332-6106.

***

In another tale of nobody really knowing what's going on, two teenage brothers were arrested in November and charged with causing $2.4 million worth of damage to a voice mail system.  It seems that the kids were promised a poster with their subscription to GamePro magazine.  When they didn't get it after repeated complaints, they figured out how to get into the company's voice mail system.  They were able to get into 200 different mailboxes, including that of the company president.  The company accuses the brothers of wiping out messages, changing passwords, and changing user names.  A company official expressed surprise that they were able to change names, claiming that it was not an easy thing to do.

If, as has been reported, the voice mail system was ROLM's PhoneMail, the company is almost totally responsible for what happened to them.  PhoneMail allows passwords to be up to 24-digits in length.  These clowns apparently left their passwords as the default, which is usually a mere 3-digits.  Hence the ease of entry.  And the fact that the system administrator left his/her password as the default explains how they were able to change user names so easily.  A child could do it.

Not many people will claim that what these kids did was acceptable.  But the way the authorities handled this was absurd, at best.  Kids have always done mischievous things and they always will.  And no matter how hard the authorities try, they're not going to find any conspiracy here.  These were kids being naughty and taking advantage of incompetence.  A stern warning would undoubtedly have put an end to it.  Instead, they're being charged with all kinds of federal crimes and told that they caused $2.4 million in damage.  And the U.S. Secret Service and the New York State Police seem real proud of this.

***

Speaking of the New York State Police, according to a report from the news service Newsbytes, Donald Delaney, New York State Police Special Investigator, admits to spying on 2600 meetings at the Citicorp Center in New York City.  Spies working for him took pictures of people as they attended the monthly gatherings.  It seems pretty absurd that they would waste their time sneaking around when we're having a public meeting right smack in the middle of Midtown Manhattan.  Add to this the fact that we discovered them doing this back in the spring (see Spring 1990 issue) and one gets the distinct impression that these folks haven't yet found their niche in society.

***

In a typical case of jumping on the bandwagon, a New York therapist is attempting to get some new clients out of a recent hacker story.  "According to Jonathan Berent," his press release reads:

"Director of Berent Associates Social Therapy Center in Great Neck, NY, [the story of ZOD, a recently raided hacker] illustrates classic symptoms of social phobia - defined as the extreme fear and avoidance of people outside of one's immediate family.  Mr. Berent explains that, 'Social phobics often turn to computers in an attempt to create a substitute for the social interaction with friends that they find lacking in their daily lives.  Additionally, they frequently exhibit denial - they deny that any social problem exists.  They claim that they have plenty of friends - but just choose to spend their free time with the computer instead of peers.  Other characteristics of social phobia include fear of people, anxiety attacks in social situations, over-dependence upon parents, difficulty with social skills, and family chaos.  Another key characteristic of social phobia is anger coupled with destructive behavior.  This may explain the $250,000 worth of [completely unsubstantiated as usual] computer system damages that ZOD has been accused of.'

"According to Mr. Berent, social phobia often leads to addictive behaviors - including addictions to computers, telephone party lines, television - even addiction to avoidance itself.  Far from a mere passing phase, Jonathan Berent explains, 'Social phobia has a tendency to get worse and worse if left alone.  Fortunately, however, it has been proven that social phobia is a controllable and curable problem.  In our program of individual and social group therapy, we have seen countless recoveries from social phobia through clients' learning first to control their anxiety, and then learning the specific social skills that underly social success.  Through goal-oriented therapy and programs that offer an opportunity for social practice, we have been able to help facilitate social phobics in breaking through their self-imposed limitations to form quality relationships - often for the first time in their lives - and live much happier lives as a result.'

"Mr. Berent has been working with social phobics for over 10 years."

Imagine that.  A cure for hacking.  Will wonders never cease?

***

Last issue we printed a number that read back whatever phone number you were calling from, nationwide.  Our readers found this useful for payphones, tie-lines, airplane phones, or any situation where knowing the telephone number they were using was important or just interesting.  Unfortunately that number has stopped working.  But a new number has surfaced: 800-933-3258

Wisconsin Bell is the latest of the phone companies to drop the charge for Touch-Tone service.  We won't rest until they've all been eliminated.

Speaking of rate changes, New York Telephone asked the state Public Service Commission for an $831.7 million (13 percent) rate increase earlier this year.  Many people were outraged by this request.  So, apparently, were the PSC administrative law judges, who recommended a rate increase of only $23.6 million (0.37 percent).  In fact, after reports surfaced of wild NYNEX sex parties as well as other unethical business practices, the PSC decided to explore the possibility of forcing New York Telephone to divest itself from NYNEX.  Not all public servants keep their heads in the sand, something these companies ought to keep in mind...

With regards to rip-offs: did you know it costs less to call an international sex line than it does to call a local one?  That's right, we saw advertisements for sex lines in the Netherlands Antilles (011-599-2424, -2626, and -6262) right next to all of those other ads.  The ironic thing is that most people see the 011 and figure the call will cost more.  Guess again...

Both Sprint and AT&T are offering free fax services related to the Gulf Crisis.  By calling Sprint at 800-676-2255 you can direct a fax update to any fax machine in the country.  And AT&T is offering Desert Fax.  By going to an AT&T Phone Center and filling out an official fax form, you can have that fax sent to anyone in active duty in the Gulf.  They won't tell us how exactly they do it.  Sorry...

AT&T is accusing MCI of stealing 90,000 customers over the last six months.  Nothing new there, but according to Reuters, there's now a name for this practice.  Changing a customer's long distance service to another company without permission is called "slamming."  Would we lie?...

Finally, a light-hearted store: in early November, police in Montgomery County, Alabama were testing the new E911 system.  The dispatcher received ten consecutive calls from the home of Linda and Danny Hurst.  When the police arrived at the Hurst house, the culprit was soon found: an overripe tomato.  The tomato was hanging over the telephone in a wire basket, dripping juice into the couple's answering machine.  Apparently the juice got into the machine's dialing system and caused it to dial the police.  "We're not sure how," Chief Deputy Milton Graham said.  "Maybe they had speed dialing and it shorted out."  Linda Hurst also was baffled.  "I didn't know the answering machine could even dial out.  It's just supposed to take messages."