The Terminus of Len Rose

by Craig Neidorf

As many of you probably know, I used to be the editor and publisher of Phrack, a magazine similar to 2600, but not available in a hardcopy format.  During that time I was known as Knight Lightning.  In my capacity as editor and publisher I would often receive text files and other articles for submission to be published.  In point of fact this is how the majority of the material found in Phrack was acquired.  Outside of articles written by co- editor/publisher Taran King (Randy Tischler) or myself, there was no staff, merely a loose, unorganized group of free-lancers who sent us material from time to time.

One such free-lance writer was Len Rose, known to some as Terminus.  To the best of my knowledge, he was a UNIX consultant who ran his own system on UUCP called Netsys.  Netsys was a major electronic mail station for messages passing through UUCP.  Terminus was no stranger to Phrack.  Taran King had interviewed him for Phrack Pro-Phile 10, found in Phrack's fourteenth issue.  I would go into more detail about that article, except that because of last year's events I do not have it in my possession.

Prior to the end of 1988, I had very little contact with Terminus and we were reintroduced when he contacted me through the Internet.  He was very excited that Phrack still existed over the course of the years and he wanted to send us an article.  However, Rose was a professional UNIX consultant, holding contracts with major corporations and organizations across the country and quite reasonably (given the corporate mentality) he assumed that these companies would not understand his involvement with Phrack.  Nevertheless, he did send Phrack article back in 1988.  It was a computer program actually that was called "Yet Another File on Hacking UNIX" and the name on the file was <Unknown User>, adopted from the anonymous posting feature of the once famous Metal Shop Private bulletin board.

The file itself was a password cracking program.  Such programs were then and are still today publicly available intentionally so that system managers can run them against their own password files in order to discover weak passwords.

"An example is the password cracker in COPS, a package that checks a UNIX system for different types of vulnerabilities.  The complete package can be obtained by anonymous FTP from ftp.uu.net.  Like the password cracker published in Phrack, the COPS cracker checks whether any of the words in an online dictionary correspond to a password in the password file."  (Dorothy Denning, Communications of the ACM, March 1991, p. 28)  Perhaps if more people used them, we would not have incidents like the Robert Morris worm, Clifford Stoll's KGB agents, or the current crisis of the system intruders from the Netherlands.

Time passed and eventually we came to January 1990.  At some point during the first week or two of the new year, I briefly logged onto my account on the VM mainframe on the University of Missouri at Columbia and saw that I had received electronic mail from Len Rose.  There was a brief letter followed by some sort of program.  From the text I saw that the program was UNIX-based, an operating system I was virtually unfamiliar with at the time.  I did not understand the significance of the file or why he had sent it to me.  However, since I was logged in remotely I decided to let it sit until I arrived back at school a few days later.  In the meantime I had noticed some copyright markings on the file and sent a letter to a friend at Bellcore Security asking about the legalities in having or publishing such material.  As it turns out, this file was never published in Phrack.

Although Taran King and I had already decided not to publish this file, other events soon made our decision irrelevant.  On January 12, 1990, we discovered that all access to our accounts on the mainframe of the University of Missouri had been revoked without explanation.  On January 18, 1990 I was visited by the U.S. Secret Service for reasons unrelated to the UNIX program Len Rose had sent.  That same day under obligation from a subpoena issued by a Federal District Court judge, the University turned over all files from my mainframe account to the U.S. Secret Service including the UNIX file.  Included below is the text portion of that file:

"Here is a specialized login for System V 3.2 sites.  I presume that any competent person can get it working on other levels of System V.  It took me about 10 minutes to make the changes and longer to write the README file and this bit of mail.

It comes from original AT&T SVR3.2 sources, so it's definitely not something you wish to get caught with.  As people will probably tell you, it was originally part of the port to an AT&T 3B2 system.  Just so that I can head off any complaints, tell them I also compiled it with a minimal change on a 386 running AT&T UNIX System V 3.2 (they'll have to fiddle with some defines, quite simple to do).  Any changes I made are bracketed with comments, so if they run into something terrible tell them to blame AT&T and not me.

I will get my hands on some Berkeley 4.3 code and do the same thing if you like (it's easy of course)."

In the text of the program it also reads: "WARNING: This is AT&T proprietary source code.  Do NOT get caught with it."and "Copyright (c) 1984 AT&T All Rights Reserved * THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T * The copyright notice above does not evidence any actual or intended publication of such source code."

As it turned out the program that Rose had sent was modified to be a Trojan horse program that could capture accounts and passwords, saving them into a file that could later be retrieved.  However, knowing how to write a Trojan horse login program is no secret.  For example, "such programs have been published in The Cuckoo's Egg by Clifford Stoll and an article by Grampp and Morris.  Also in his ACM touring lecture, Ken Thompson, one of the Bell Labs co-authors of UNIX, explained how to create a powerful Trojan horse that would allow its author to log onto any account with either the password assigned to the account or a password chosen by the author."  (Dorothy Denning, Communications of the ACM, March 1991, p. 29-30)

Between the UNIX 3.2 source code, the UNIX password cracking file, and the added fact that Terminus was a subscriber to Phrack, the authorities turned their attention to Len Rose.  Rose was raided by the United States Secret Service (including Agent Tim Foley, who was the case agent in U.S. v. Neidorf) at his Middletown, Maryland home on February 1, 1990.  The actual search on his home was another atrocity in and of itself.

"For five hours, the agents - along with two Bellcore employees - confined Leonard Rose to his bedroom for questioning and the computer consultant's wife, Sun, in another room while they searched the house.  The agents seized enough computers, documents, and personal effects - including Army medals, Sun Rose's personal phone book, and sets of keys to their house - to fill a 14-page list in a pending court case."  "No Kid Gloves For The Accused," UNIX Today, June 11, 1990, page 1)

The agents also did serious damage to the house itself.  Rose was left without the computers that belonged to him and which he desperately needed to support himself and his family.  Essentially, Rose went into bankruptcy and was blacklisted by AT&T.  This culminated in a May 15, 1990 indictment.  There were five counts charging him with violations of the 1986 Computer Fraud and Abuse Act and Wire Fraud.  The total maximum penalty he faced was 32 years in prison and fines of $950,000.  Furthermore, the U.S. Attorney's office in Baltimore insisted that Rose was a member of the Legion of Doom, a claim that he and known LOD members have consistently denied.

This was just the beginning of another long saga of bad luck for Len Rose.  He had no real lawyer, he had no money, and he had no job.  In addition, he suffered a broken leg rescuing his son during a camping trip.

Eventually Rose found work with a company in Naperville, Illinois (DuPage County in the suburbs of Chicago): a UNIX consulting firm called InterActive.  He had a new lawyer named Jane Macht.  The future began to look a little brighter temporarily.  But within a week InterActive was making claims that Rose had copied UNIX source code from them.  Illinois State Police and SSA Tim Foley (what is he doing here!?) came to Rose's new home and took him away.  In addition to the five count indictment in Baltimore, he was now facing criminal charges from the State of Illinois.  It was at this point that attorney Sheldon T. Zenner (who had successfully defended me) took on the responsibility of defending Rose against the state charges.

Rose's spin of bad luck was not over yet.  Assistant U.S. Attorney William Cook in Chicago wanted a piece of the action, in part perhaps to redeem himself from his miserable defeat in U.S. v. Neidorf.  A third possible indictment for Rose seemed inevitable.  In fact, there were threats made that I personally may have been subpoenaed to testify before the grand jury about Rose, but this never took place.

As time passed and court dates kept being delayed, Rose was running out of money and barely surviving.  His wife wanted to leave him and take away his children, he could not find work, he was looking at two serious indictments for sure, and a possible third, and he just could not take it any longer.

Rose's legal arguments were strong in many respects and it is widely believed that if he had fought the charges that he may very well have been able to prove his innocence.  Unfortunately, the pileup of multiple indictments, in a legal system that defines justice in terms of how much money you can afford to spend defending yourself, took its toll.  The U.S. Attorney in Baltimore did not want to try the case and they offered him a deal, part of which was that Cook got something as well.  Rose would agree to plead guilty to two wire fraud charges, one in Baltimore, one in Chicago.  The U.S. Attorney's office would offer a recommendation of a prison sentence of 10 months, the State of Illinois would drop its charges, and Rose would eventually get his computer equipment back.

In the weeks prior to accepting this decision I often spoke with Rose, pleading with him to fight based upon the principles and importance of the issues, no matter what the costs.  However, I was blinded by idealism while Rose still had to face the reality.

At this time Len Rose is still free and awaiting formal sentencing.  United States v. Rose was not a case about illegal intrusion into other people's computers.  Despite this the Secret Service and AT&T are calling his case a prime example of a hacker conspiracy.  In reality, it is only an example of blind justice and corporate power.  Like many criminal cases of this type, it is all a question of how much justice can a defendant afford.  How much of this type of injustice can the American public afford?