December 1988 and July 1989. They also dabbled in
ordering delivery of stolen goods through card-fraud. Fry
Guy was intoxicated with success. The sixteen-year-old
fantasized wildly to hacker rivals, boasting that he'd used
rip-off money to hire himself a big limousine, and had
driven out-of-state with a groupie from his favorite heavy-
metal band, Motley Crue.
Armed with knowledge, power, and a gratifying
stream of free money, Fry Guy now took it upon himself to
call local representatives of Indiana Bell security, to
brag,
boast, strut, and utter tormenting warnings that his
powerful friends in the notorious Legion of Doom could
crash the national telephone network. Fry Guy even
named a date for the scheme: the Fourth of July, a
national holiday.
This egregious example of the begging-for-arrest
syndrome was shortly followed by Fry Guy's arrest. After
the Indiana telephone company figured out who he was,
the Secret Service had DNRs -- Dialed Number
Recorders -- installed on his home phone lines. These
devices are not taps, and can't record the substance of
phone calls, but they do record the phone numbers of all
calls going in and out. Tracing these numbers showed Fry
Guy's long-distance code fraud, his extensive ties to pirate
bulletin boards, and numerous personal calls to his LoD
friends in Atlanta. By July 11, 1989, Prophet, Urvile and
Leftist also had Secret Service DNR "pen registers"
installed on their own lines.
The Secret Service showed up in force at Fry Guy's
house on July 22, 1989, to the horror of his unsuspecting
parents. The raiders were led by a special agent from the
Secret Service's Indianapolis office. However, the raiders
were accompanied and advised by Timothy M. Foley of
the Secret Service's Chicago office (a gentleman about
whom we will soon be hearing a great deal).
Following federal computer-crime techniques that
had been standard since the early 1980s, the Secret
Service searched the house thoroughly, and seized all of
Fry Guy's electronic equipment and notebooks. All Fry
Guy's equipment went out the door in the custody of the
Secret Service, which put a swift end to his depredations.
The USSS interrogated Fry Guy at length. His case
was put in the charge of Deborah Daniels, the federal US
Attorney for the Southern District of Indiana. Fry Guy was
charged with eleven counts of computer fraud,
unauthorized computer access, and wire fraud. The
evidence was thorough and irrefutable. For his part, Fry
Guy blamed his corruption on the Legion of Doom and
offered to testify against them.
Fry Guy insisted that the Legion intended to crash
the phone system on a national holiday. And when AT&T
crashed on Martin Luther King Day, 1990, this lent a
credence to his claim that genuinely alarmed telco
security and the Secret Service.
Fry Guy eventually pled guilty on May 31, 1990. On
September 14, he was sentenced to forty-four months'
probation and four hundred hours' community service.
He could have had it much worse; but it made sense to
prosecutors to take it easy on this teenage minor, while
zeroing in on the notorious kingpins of the Legion of
Doom.
But the case against LoD had nagging flaws.
Despite the best effort of investigators, it was impossible
to prove that the Legion had crashed the phone system on
January 15, because they, in fact, hadn't done so. The
investigations of 1989 did show that certain members of
the Legion of Doom had achieved unprecedented power
over the telco switching stations, and that they were in
active conspiracy to obtain more power yet. Investigators
were privately convinced that the Legion of Doom
intended to do awful things with this knowledge, but mere
evil intent was not enough to put them in jail.
And although the Atlanta Three -- Prophet, Leftist,
and especially Urvile -- had taught Fry Guy plenty, they
were not themselves credit-card fraudsters. The only
thing they'd "stolen" was long-distance service -- and since
they'd done much of that through phone-switch
manipulation, there was no easy way to judge how much
they'd "stolen," or whether this practice was even "theft"
of
any easily recognizable kind.
Fry Guy's theft of long-distance codes had cost the
phone companies plenty. The theft of long-distance
service may be a fairly theoretical "loss," but it costs
genuine money and genuine time to delete all those
stolen codes, and to re-issue new codes to the innocent
owners of those corrupted codes. The owners of the codes
themselves are victimized, and lose time and money and
peace of mind in the hassle. And then there were the
credit-card victims to deal with, too, and Western Union.
When it came to rip-off, Fry Guy was far more of a thief
than LoD. It was only when it came to actual computer
expertise that Fry Guy was small potatoes.
The Atlanta Legion thought most "rules" of
cyberspace were for rodents and losers, but they *did*
have rules. *They never crashed anything, and they never
took money.* These were rough rules-of-thumb, and
rather dubious principles when it comes to the ethical
subtleties of cyberspace, but they enabled the Atlanta
Three to operate with a relatively clear conscience (though
never with peace of mind).
If you didn't hack for money, if you weren't robbing
people of actual funds -- money in the bank, that is --
then
nobody *really* got hurt, in LoD's opinion. "Theft of
service" was a bogus issue, and "intellectual property" was
a bad joke. But LoD had only elitist contempt for rip-off
artists, "leechers," thieves. They considered themselves
clean. In their opinion, if you didn't smash-up or crash
any
systems -- (well, not on purpose, anyhow -- accidents can
happen, just ask Robert Morris) then it was very unfair to
call you a "vandal" or a "cracker." When you were
hanging out on-line with your "pals" in telco security, you
could face them down from the higher plane of hacker
morality. And you could mock the police from the
supercilious heights of your hacker's quest for pure
knowledge.
But from the point of view of law enforcement and
telco security, however, Fry Guy was not really dangerous.
The Atlanta Three *were* dangerous. It wasn't the crimes
they were committing, but the *danger,* the potential
hazard, the sheer *technical power* LoD had
accumulated, that had made the situation untenable.
Fry Guy was not LoD. He'd never laid eyes on
anyone in LoD; his only contacts with them had been
electronic. Core members of the Legion of Doom tended
to meet physically for conventions every year or so, to get
drunk, give each other the hacker high-sign, send out for
pizza and ravage hotel suites. Fry Guy had never done any
of this. Deborah Daniels assessed Fry Guy accurately as
"an LoD wannabe."
Nevertheless Fry Guy's crimes would be directly
attributed to LoD in much future police propaganda. LoD
would be described as "a closely knit group" involved in
"numerous illegal activities" including "stealing and
modifying individual credit histories," and "fraudulently
obtaining money and property." Fry Guy did this, but the
Atlanta Three didn't; they simply weren't into theft, but
rather intrusion. This caused a strange kink in the
prosecution's strategy. LoD were accused of
"disseminating information about attacking computers to
other computer hackers in an effort to shift the focus of
law enforcement to those other hackers and away from the
Legion of Doom."
This last accusation (taken directly from a press
release by the Chicago Computer Fraud and Abuse Task
Force) sounds particularly far-fetched. One might
conclude at this point that investigators would have been
well-advised to go ahead and "shift their focus" from the
"Legion of Doom." Maybe they *should* concentrate on
"those other hackers" -- the ones who were actually
stealing money and physical objects.
But the Hacker Crackdown of 1990 was not a simple
policing action. It wasn't meant just to walk the beat in
cyberspace -- it was a *crackdown,* a deliberate attempt to
nail the core of the operation, to send a dire and potent
message that would settle the hash of the digital
underground for good.
By this reasoning, Fry Guy wasn't much more than
the electronic equivalent of a cheap streetcorner dope
dealer. As long as the masterminds of LoD were still
flagrantly operating, pushing their mountains of illicit
knowledge right and left, and whipping up enthusiasm for
blatant lawbreaking, then there would be an *infinite
supply* of Fry Guys.
Because LoD were flagrant, they had left trails
everywhere, to be picked up by law enforcement in New
York, Indiana, Florida, Texas, Arizona, Missouri, even
Australia. But 1990's war on the Legion of Doom was led
out of Illinois, by the Chicago Computer Fraud and Abuse
Task Force.
#
The Computer Fraud and Abuse Task Force, led by
federal prosecutor William J. Cook, had started in 1987
and had swiftly become one of the most aggressive local
"dedicated computer-crime units." Chicago was a natural
home for such a group. The world's first computer
bulletin-board system had been invented in Illinois. The
state of Illinois had some of the nation's first and
sternest
computer crime laws. Illinois State Police were markedly
alert to the possibilities of white-collar crime and
electronic fraud.
And William J. Cook in particular was a rising star in
electronic crime-busting. He and his fellow federal
prosecutors at the U.S. Attorney's office in Chicago had a
tight relation with the Secret Service, especially go-
getting
Chicago-based agent Timothy Foley. While Cook and his
Department of Justice colleagues plotted strategy, Foley
was their man on the street.
Throughout the 1980s, the federal government had
given prosecutors an armory of new, untried legal tools
against computer crime. Cook and his colleagues were
pioneers in the use of these new statutes in the real-life
cut-and-thrust of the federal courtroom.
On October 2, 1986, the US Senate had passed the
"Computer Fraud and Abuse Act" unanimously, but there
were pitifully few convictions under this statute. Cook's
group took their name from this statute, since they were
determined to transform this powerful but rather
theoretical Act of Congress into a real-life engine of legal
destruction against computer fraudsters and scofflaws.
It was not a question of merely discovering crimes,
investigating them, and then trying and punishing their
perpetrators. The Chicago unit, like most everyone else in
the business, already *knew* who the bad guys were: the
Legion of Doom and the writers and editors of *Phrack.*
The task at hand was to find some legal means of putting
these characters away.
This approach might seem a bit dubious, to someone
not acquainted with the gritty realities of prosecutorial
work. But prosecutors don't put people in jail for crimes
they have committed; they put people in jail for crimes
they have committed *that can be proved in court.*
Chicago federal police put Al Capone in prison for
income-tax fraud. Chicago is a big town, with a rough-
and-ready bare-knuckle tradition on both sides of the law.
Fry Guy had broken the case wide open and alerted
telco security to the scope of the problem. But Fry Guy's
crimes would not put the Atlanta Three behind bars --
much less the wacko underground journalists of *Phrack.*
So on July 22, 1989, the same day that Fry Guy was raided
in Indiana, the Secret Service descended upon the Atlanta
Three.
This was likely inevitable. By the summer of 1989, law
enforcement were closing in on the Atlanta Three from at
least six directions at once. First, there were the leads
from Fry Guy, which had led to the DNR registers being
installed on the lines of the Atlanta Three. The DNR
evidence alone would have finished them off, sooner or
later.
But second, the Atlanta lads were already well-known
to Control-C and his telco security sponsors. LoD's
contacts with telco security had made them overconfident
and even more boastful than usual; they felt that they had
powerful friends in high places, and that they were being
openly tolerated by telco security. But BellSouth's
Intrusion Task Force were hot on the trail of LoD and
sparing no effort or expense.
The Atlanta Three had also been identified by name
and listed on the extensive anti-hacker files maintained,
and retailed for pay, by private security operative John
Maxfield of Detroit. Maxfield, who had extensive ties to
telco security and many informants in the underground,
was a bete noire of the *Phrack* crowd, and the dislike was
mutual.
The Atlanta Three themselves had written articles for
*Phrack.* This boastful act could not possibly escape telco
and law enforcement attention.
"Knightmare," a high-school age hacker from
Arizona, was a close friend and disciple of Atlanta LoD,
but he had been nabbed by the formidable Arizona
Organized Crime and Racketeering Unit. Knightmare
was on some of LoD's favorite boards -- "Black Ice" in
particular -- and was privy to their secrets. And to have
Gail Thackeray, the Assistant Attorney General of Arizona,
on one's trail was a dreadful peril for any hacker.
And perhaps worst of all, Prophet had committed a
major blunder by passing an illicitly copied BellSouth
computer-file to Knight Lightning, who had published it in
*Phrack.* This, as we will see, was an act of dire
consequence for almost everyone concerned.
On July 22, 1989, the Secret Service showed up at the
Leftist's house, where he lived with his parents. A massive
squad of some twenty officers surrounded the building:
Secret Service, federal marshals, local police, possibly
BellSouth telco security; it was hard to tell in the crush.
Leftist's dad, at work in his basement office, first noticed
a
muscular stranger in plain clothes crashing through the
back yard with a drawn pistol. As more strangers poured
into the house, Leftist's dad naturally assumed there was
an armed robbery in progress.
Like most hacker parents, Leftist's mom and dad had
only the vaguest notions of what their son had been up to
all this time. Leftist had a day-job repairing computer
hardware. His obsession with computers seemed a bit
odd, but harmless enough, and likely to produce a well-
paying career. The sudden, overwhelming raid left
Leftist's parents traumatized.
The Leftist himself had been out after work with his
co-workers, surrounding a couple of pitchers of
margaritas. As he came trucking on tequila-numbed feet
up the pavement, toting a bag full of floppy-disks, he
noticed a large number of unmarked cars parked in his
driveway. All the cars sported tiny microwave antennas.
The Secret Service had knocked the front door off its
hinges, almost flattening his Mom.
Inside, Leftist was greeted by Special Agent James
Cool of the US Secret Service, Atlanta office. Leftist was
flabbergasted. He'd never met a Secret Service agent
before. He could not imagine that he'd ever done
anything worthy of federal attention. He'd always figured
that if his activities became intolerable, one of his
contacts
in telco security would give him a private phone-call and
tell him to knock it off.
But now Leftist was pat-searched for weapons by grim
professionals, and his bag of floppies was quickly seized.
He and his parents were all shepherded into separate
rooms and grilled at length as a score of officers scoured
their home for anything electronic.
Leftist was horrified as his treasured IBM AT
personal computer with its forty-meg hard disk, and his
recently purchased 80386 IBM-clone with a whopping
hundred-meg hard disk, both went swiftly out the door in
Secret Service custody. They also seized all his disks, all
his notebooks, and a tremendous booty in dogeared telco
documents that Leftist had snitched out of trash
dumpsters.
Leftist figured the whole thing for a big
misunderstanding. He'd never been into *military*
computers. He wasn't a *spy* or a *Communist.* He was
just a good ol' Georgia hacker, and now he just wanted all
these people out of the house. But it seemed they
wouldn't go until he made some kind of statement.
And so, he levelled with them.
And that, Leftist said later from his federal prison
camp in Talladega, Alabama, was a big mistake.
The Atlanta area was unique, in that it had three
members of the Legion of Doom who actually occupied
more or less the same physical locality. Unlike the rest
of
LoD, who tended to associate by phone and computer,
Atlanta LoD actually *were* "tightly knit." It was no real
surprise that the Secret Service agents apprehending
Urvile at the computer-labs at Georgia Tech, would
discover Prophet with him as well.
Urvile, a 21-year-old Georgia Tech student in polymer
chemistry, posed quite a puzzling case for law
enforcement. Urvile -- also known as "Necron 99," as well
as other handles, for he tended to change his cover-alias
about once a month -- was both an accomplished hacker
and a fanatic simulation-gamer.
Simulation games are an unusual hobby; but then
hackers are unusual people, and their favorite pastimes
tend to be somewhat out of the ordinary. The best-known
American simulation game is probably "Dungeons &
Dragons," a multi-player parlor entertainment played with
paper, maps, pencils, statistical tables and a variety of
oddly-shaped dice. Players pretend to be heroic
characters exploring a wholly-invented fantasy world. The
fantasy worlds of simulation gaming are commonly
pseudo-medieval, involving swords and sorcery -- spell-
casting wizards, knights in armor, unicorns and dragons,
demons and goblins.
Urvile and his fellow gamers preferred their
fantasies highly technological. They made use of a game
known as "G.U.R.P.S.," the "Generic Universal Role
Playing System," published by a company called Steve
Jackson Games (SJG).
"G.U.R.P.S." served as a framework for creating a
wide variety of artificial fantasy worlds. Steve Jackson
Games published a smorgasboard of books, full of
detailed information and gaming hints, which were used
to flesh-out many different fantastic backgrounds for the
basic GURPS framework. Urvile made extensive use of
two SJG books called *GURPS High-Tech* and *GURPS
Special Ops.*
In the artificial fantasy-world of *GURPS Special
Ops,* players entered a modern fantasy of intrigue and
international espionage. On beginning the game, players
started small and powerless, perhaps as minor-league CIA
agents or penny-ante arms dealers. But as players
persisted through a series of game sessions (game
sessions generally lasted for hours, over long, elaborate
campaigns that might be pursued for months on end)
then they would achieve new skills, new knowledge, new
power. They would acquire and hone new abilities, such as
marksmanship, karate, wiretapping, or Watergate
burglary. They could also win various kinds of imaginary
booty, like Berettas, or martini shakers, or fast cars with
ejection seats and machine-guns under the headlights.
As might be imagined from the complexity of these
games, Urvile's gaming notes were very detailed and
extensive. Urvile was a "dungeon-master," inventing
scenarios for his fellow gamers, giant simulated
adventure-puzzles for his friends to unravel. Urvile's
game notes covered dozens of pages with all sorts of exotic
lunacy, all about ninja raids on Libya and break-ins on
encrypted Red Chinese supercomputers. His notes were
written on scrap-paper and kept in loose-leaf binders.
The handiest scrap paper around Urvile's college
digs were the many pounds of BellSouth printouts and
documents that he had snitched out of telco dumpsters.
His notes were written on the back of misappropriated
telco property. Worse yet, the gaming notes were
chaotically interspersed with Urvile's hand-scrawled
records involving *actual computer intrusions* that he
had committed.
Not only was it next to impossible to tell Urvile's
fantasy game-notes from cyberspace "reality," but Urvile
himself barely made this distinction. It's no exaggeration
to say that to Urvile it was *all* a game. Urvile was very
bright, highly imaginative, and quite careless of other
people's notions of propriety. His connection to "reality"
was not something to which he paid a great deal of
attention.
Hacking was a game for Urvile. It was an amusement
he was carrying out, it was something he was doing for fun.
And Urvile was an obsessive young man. He could no
more stop hacking than he could stop in the middle of a
jigsaw puzzle, or stop in the middle of reading a Stephen
Donaldson fantasy trilogy. (The name "Urvile" came from
a best-selling Donaldson novel.)
Urvile's airy, bulletproof attitude seriously annoyed
his interrogators. First of all, he didn't consider that
he'd
done anything wrong. There was scarcely a shred of
honest remorse in him. On the contrary, he seemed
privately convinced that his police interrogators were
operating in a demented fantasy-world all their own.
Urvile was too polite and well-behaved to say this straight-
out, but his reactions were askew and disquieting.
For instance, there was the business about LoD's
ability to monitor phone-calls to the police and Secret
Service. Urvile agreed that this was quite possible, and
posed no big problem for LoD. In fact, he and his friends
had kicked the idea around on the "Black Ice" board,
much as they had discussed many other nifty notions,
such as building personal flame-throwers and jury-rigging
fistfulls of blasting-caps. They had hundreds of dial-up
numbers for government agencies that they'd gotten
through scanning Atlanta phones, or had pulled from
raided VAX/VMS mainframe computers.
Basically, they'd never gotten around to listening in
on the cops because the idea wasn't interesting enough to
bother with. Besides, if they'd been monitoring Secret
Service phone calls, obviously they'd never have been
caught in the first place. Right?
The Secret Service was less than satisfied with this
rapier-like hacker logic.
Then there was the issue of crashing the phone
system. No problem, Urvile admitted sunnily. Atlanta
LoD could have shut down phone service all over Atlanta
any time they liked. *Even the 911 service?* Nothing
special about that, Urvile explained patiently. Bring the
switch to its knees, with say the UNIX "makedir" bug, and
911 goes down too as a matter of course. The 911 system
wasn't very interesting, frankly. It might be tremendously
interesting to cops (for odd reasons of their own), but as
technical challenges went, the 911 service was yawnsville.
So of course the Atlanta Three could crash service.
They probably could have crashed service all over
BellSouth territory, if they'd worked at it for a while.
But
Atlanta LoD weren't crashers. Only losers and rodents
were crashers. LoD were *elite.*
Urvile was privately convinced that sheer technical
expertise could win him free of any kind of problem. As
far as he was concerned, elite status in the digital
underground had placed him permanently beyond the
intellectual grasp of cops and straights. Urvile had a lot
to
learn.
Of the three LoD stalwarts, Prophet was in the most
direct trouble. Prophet was a UNIX programming expert
who burrowed in and out of the Internet as a matter of
course. He'd started his hacking career at around age 14,
meddling with a UNIX mainframe system at the
University of North Carolina.
Prophet himself had written the handy Legion of
Doom file "UNIX Use and Security From the Ground Up."
UNIX (pronounced "you-nicks") is a powerful, flexible
computer operating-system, for multi-user, multi-tasking
computers. In 1969, when UNIX was created in Bell Labs,
such computers were exclusive to large corporations and
universities, but today UNIX is run on thousands of
powerful home machines. UNIX was particularly well-
suited to telecommunications programming, and had
become a standard in the field. Naturally, UNIX also
became a standard for the elite hacker and phone phreak.
Lately, Prophet had not been so active as Leftist and
Urvile, but Prophet was a recidivist. In 1986, when he was
eighteen, Prophet had been convicted of "unauthorized
access to a computer network" in North Carolina. He'd
been discovered breaking into the Southern Bell Data
Network, a UNIX-based internal telco network supposedly
closed to the public. He'd gotten a typical hacker
sentence: six months suspended, 120 hours community
service, and three years' probation.
After that humiliating bust, Prophet had gotten rid of
most of his tonnage of illicit phreak and hacker data, and
had tried to go straight. He was, after all, still on
probation.
But by the autumn of 1988, the temptations of cyberspace
had proved too much for young Prophet, and he was
shoulder-to-shoulder with Urvile and Leftist into some of
the hairiest systems around.
In early September 1988, he'd broken into BellSouth's
centralized automation system, AIMSX or "Advanced
Information Management System." AIMSX was an
internal business network for BellSouth, where telco
employees stored electronic mail, databases, memos, and
calendars, and did text processing. Since AIMSX did not
have public dial-ups, it was considered utterly invisible to
the public, and was not well-secured -- it didn't even
require passwords. Prophet abused an account known as
"waa1," the personal account of an unsuspecting telco
employee. Disguised as the owner of waa1, Prophet made
about ten visits to AIMSX.
Prophet did not damage or delete anything in the
system. His presence in AIMSX was harmless and almost
invisible. But he could not rest content with that.
One particular piece of processed text on AIMSX was
a telco document known as "Bell South Standard Practice
660-225-104SV Control Office Administration of Enhanced
911 Services for Special Services and Major Account
Centers dated March 1988."
Prophet had not been looking for this document. It
was merely one among hundreds of similar documents
with impenetrable titles. However, having blundered over
it in the course of his illicit wanderings through AIMSX, he
decided to take it with him as a trophy. It might prove
very
useful in some future boasting, bragging, and strutting
session. So, some time in September 1988, Prophet
ordered the AIMSX mainframe computer to copy this
document (henceforth called simply called "the E911
Document") and to transfer this copy to his home
computer.
No one noticed that Prophet had done this. He had
"stolen" the E911 Document in some sense, but notions of
property in cyberspace can be tricky. BellSouth noticed
nothing wrong, because BellSouth still had their original
copy. They had not been "robbed" of the document itself.
Many people were supposed to copy this document --
specifically, people who worked for the nineteen BellSouth
"special services and major account centers," scattered
throughout the Southeastern United States. That was
what it was for, why it was present on a computer network
in the first place: so that it could be copied and read --
by
telco employees. But now the data had been copied by
someone who wasn't supposed to look at it.
Prophet now had his trophy. But he further decided
to store yet another copy of the E911 Document on
another person's computer. This unwitting person was a
computer enthusiast named Richard Andrews who lived
near Joliet, Illinois. Richard Andrews was a UNIX
programmer by trade, and ran a powerful UNIX board
called "Jolnet," in the basement of his house.
Prophet, using the handle "Robert Johnson," had
obtained an account on Richard Andrews' computer. And
there he stashed the E911 Document, by storing it in his
own private section of Andrews' computer.
Why did Prophet do this? If Prophet had eliminated
the E911 Document from his own computer, and kept it
hundreds of miles away, on another machine, under an
alias, then he might have been fairly safe from discovery
and prosecution -- although his sneaky action had
certainly put the unsuspecting Richard Andrews at risk.
But, like most hackers, Prophet was a pack-rat for
illicit data. When it came to the crunch, he could not bear
to part from his trophy. When Prophet's place in
Decatur, Georgia was raided in July 1989, there was the
E911 Document, a smoking gun. And there was Prophet in
the hands of the Secret Service, doing his best to
"explain."
Our story now takes us away from the Atlanta Three
and their raids of the Summer of 1989. We must leave
Atlanta Three "cooperating fully" with their numerous
investigators. And all three of them did cooperate, as
their Sentencing Memorandum from the US District
Court of the Northern Division of Georgia explained --
just before all three of them were sentenced to various
federal prisons in November 1990.
We must now catch up on the other aspects of the
war on the Legion of Doom. The war on the Legion was a
war on a network -- in fact, a network of three networks,
which intertwined and interrelated in a complex fashion.
The Legion itself, with Atlanta LoD, and their hanger-on
Fry Guy, were the first network. The second network was
*Phrack* magazine, with its editors and contributors.
The third network involved the electronic circle
around a hacker known as "Terminus."
The war against these hacker networks was carried
out by a law enforcement network. Atlanta LoD and Fry
Guy were pursued by USSS agents and federal
prosecutors in Atlanta, Indiana, and Chicago. "Terminus"
found himself pursued by USSS and federal prosecutors
from Baltimore and Chicago. And the war against Phrack
was almost entirely a Chicago operation.
The investigation of Terminus involved a great deal
of energy, mostly from the Chicago Task Force, but it was
to be the least-known and least-publicized of the
Crackdown operations. Terminus, who lived in Maryland,
was a UNIX programmer and consultant, fairly well-
known (under his given name) in the UNIX community,
as an acknowledged expert on AT&T minicomputers.
Terminus idolized AT&T, especially Bellcore, and longed
for public recognition as a UNIX expert; his highest
ambition was to work for Bell Labs.
But Terminus had odd friends and a spotted history.
Terminus had once been the subject of an admiring
interview in *Phrack* (Volume II, Issue 14, Phile 2 --
dated
May 1987). In this article, *Phrack* co-editor Taran King
described "Terminus" as an electronics engineer, 5'9",
brown-haired, born in 1959 -- at 28 years old, quite mature
for a hacker.
Terminus had once been sysop of a phreak/hack
underground board called "MetroNet," which ran on an
Apple II. Later he'd replaced "MetroNet" with an
underground board called "MegaNet," specializing in
IBMs. In his younger days, Terminus had written one of
the very first and most elegant code-scanning programs
for the IBM-PC. This program had been widely
distributed in the underground. Uncounted legions of PC-
owning phreaks and hackers had used Terminus's
scanner program to rip-off telco codes. This feat had not
escaped the attention of telco security; it hardly could,
since Terminus's earlier handle, "Terminal Technician,"
was proudly written right on the program.
When he became a full-time computer professional
(specializing in telecommunications programming), he
adopted the handle Terminus, meant to indicate that he
had "reached the final point of being a proficient hacker."
He'd moved up to the UNIX-based "Netsys" board on an
AT&T computer, with four phone lines and an impressive
240 megs of storage. "Netsys" carried complete issues of
*Phrack,* and Terminus was quite friendly with its
publishers, Taran King and Knight Lightning.
In the early 1980s, Terminus had been a regular on
Plovernet, Pirate-80, Sherwood Forest and Shadowland, all
well-known pirate boards, all heavily frequented by the
Legion of Doom. As it happened, Terminus was never
officially "in LoD," because he'd never been given the
official LoD high-sign and back-slap by Legion maven Lex
Luthor. Terminus had never physically met anyone from
LoD. But that scarcely mattered much -- the Atlanta
Three themselves had never been officially vetted by Lex,
either.
As far as law enforcement was concerned, the issues
were clear. Terminus was a full-time, adult computer
professional with particular skills at AT&T software and
hardware -- but Terminus reeked of the Legion of Doom
and the underground.
On February 1, 1990 -- half a month after the Martin
Luther King Day Crash -- USSS agents Tim Foley from
Chicago, and Jack Lewis from the Baltimore office,
accompanied by AT&T security officer Jerry Dalton,
travelled to Middle Town, Maryland. There they grilled
Terminus in his home (to the stark terror of his wife and
small children), and, in their customary fashion, hauled
his computers out the door.
The Netsys machine proved to contain a plethora of
arcane UNIX software -- proprietary source code formally
owned by AT&T. Software such as: UNIX System Five
Release 3.2; UNIX SV Release 3.1; UUCP
communications software; KORN SHELL; RFS; IWB;
WWB; DWB; the C++ programming language; PMON;
TOOL CHEST; QUEST; DACT, and S FIND.
In the long-established piratical tradition of the
underground, Terminus had been trading this illicitly-
copied software with a small circle of fellow UNIX
programmers. Very unwisely, he had stored seven years
of his electronic mail on his Netsys machine, which
documented all the friendly arrangements he had made
with his various colleagues.
Terminus had not crashed the AT&T phone system
on January 15. He was, however, blithely running a not-
for-profit AT&T software-piracy ring. This was not an
activity AT&T found amusing. AT&T security officer Jerry
Dalton valued this "stolen" property at over three hundred
thousand dollars.
AT&T's entry into the tussle of free enterprise had
been complicated by the new, vague groundrules of the
information economy. Until the break-up of Ma Bell,
AT&T was forbidden to sell computer hardware or
software. Ma Bell was the phone company; Ma Bell was
not allowed to use the enormous revenue from telephone
utilities, in order to finance any entry into the computer
market.
AT&T nevertheless invented the UNIX operating
system. And somehow AT&T managed to make UNIX a
minor source of income. Weirdly, UNIX was not sold as
computer software, but actually retailed under an obscure
regulatory exemption allowing sales of surplus equipment
and scrap. Any bolder attempt to promote or retail UNIX
would have aroused angry legal opposition from computer
companies. Instead, UNIX was licensed to universities, at
modest rates, where the acids of academic freedom ate
away steadily at AT&T's proprietary rights.
Come the breakup, AT&T recognized that UNIX was
a potential gold-mine. By now, large chunks of UNIX
code had been created that were not AT&T's, and were
being sold by others. An entire rival UNIX-based
operating system had arisen in Berkeley, California (one
of the world's great founts of ideological hackerdom).
Today, "hackers" commonly consider "Berkeley UNIX" to
be technically superior to AT&T's "System V UNIX," but
AT&T has not allowed mere technical elegance to intrude
on the real-world business of marketing proprietary
software. AT&T has made its own code deliberately
incompatible with other folks' UNIX, and has written code
that it can prove is copyrightable, even if that code
happens to be somewhat awkward -- "kludgey." AT&T
UNIX user licenses are serious business agreements,
replete with very clear copyright statements and non-
disclosure clauses.
AT&T has not exactly kept the UNIX cat in the bag,
but it kept a grip on its scruff with some success. By the
rampant, explosive standards of software piracy, AT&T
UNIX source code is heavily copyrighted, well-guarded,
well-licensed. UNIX was traditionally run only on
mainframe machines, owned by large groups of suit-and-
tie professionals, rather than on bedroom machines where
people can get up to easy mischief.
And AT&T UNIX source code is serious high-level
programming. The number of skilled UNIX
programmers with any actual motive to swipe UNIX
source code is small. It's tiny, compared to the tens of
thousands prepared to rip-off, say, entertaining PC games
like "Leisure Suit Larry."
But by 1989, the warez-d00d underground, in the
persons of Terminus and his friends, was gnawing at
AT&T UNIX. And the property in question was not sold
for twenty bucks over the counter at the local branch of
Babbage's or Egghead's; this was massive, sophisticated,
multi-line, multi-author corporate code worth tens of
thousands of dollars.
It must be recognized at this point that Terminus's
purported ring of UNIX software pirates had not actually
made any money from their suspected crimes. The
$300,000 dollar figure bandied about for the contents of
Terminus's computer did not mean that Terminus was in
actual illicit possession of three hundred thousand of
AT&T's dollars. Terminus was shipping software back
and forth, privately, person to person, for free. He was
not
making a commercial business of piracy. He hadn't asked
for money; he didn't take money. He lived quite modestly.
AT&T employees -- as well as freelance UNIX
consultants, like Terminus -- commonly worked with
"proprietary" AT&T software, both in the office and at
home on their private machines. AT&T rarely sent
security officers out to comb the hard disks of its
consultants. Cheap freelance UNIX contractors were
quite useful to AT&T; they didn't have health insurance or
retirement programs, much less union membership in the
Communication Workers of America. They were humble
digital drudges, wandering with mop and bucket through
the Great Technological Temple of AT&T; but when the
Secret Service arrived at their homes, it seemed they were
eating with company silverware and sleeping on company
sheets! Outrageously, they behaved as if the things they
worked with every day belonged to them!
And these were no mere hacker teenagers with their
hands full of trash-paper and their noses pressed to the
corporate windowpane. These guys were UNIX wizards,
not only carrying AT&T data in their machines and their
heads, but eagerly networking about it, over machines that
were far more powerful than anything previously
imagined in private hands. How do you keep people
disposable, yet assure their awestruck respect for your
property? It was a dilemma.
Much UNIX code was public-domain, available for
free. Much "proprietary" UNIX code had been
extensively re-written, perhaps altered so much that it
became an entirely new product -- or perhaps not.
Intellectual property rights for software developers were,
and are, extraordinarily complex and confused. And
software "piracy," like the private copying of videos, is
one
of the most widely practiced "crimes" in the world today.
The USSS were not experts in UNIX or familiar with
the customs of its use. The United States Secret Service,
considered as a body, did not have one single person in it
who could program in a UNIX environment -- no, not even
one. The Secret Service *were* making extensive use of
expert help, but the "experts" they had chosen were AT&T
and Bellcore security officials, the very victims of the
purported crimes under investigation, the very people
whose interest in AT&T's "proprietary" software was most
pronounced.
On February 6, 1990, Terminus was arrested by Agent
Lewis. Eventually, Terminus would be sent to prison for
his illicit use of a piece of AT&T software.
The issue of pirated AT&T software would bubble
along in the background during the war on the Legion of
Doom. Some half-dozen of Terminus's on-line
acquaintances, including people in Illinois, Texas and
California, were grilled by the Secret Service in connection
with the illicit copying of software. Except for Terminus,
however, none were charged with a crime. None of them
shared his peculiar prominence in the hacker
underground.
But that did not meant that these people would, or
could, stay out of trouble. The transferral of illicit
data in
cyberspace is hazy and ill-defined business, with
paradoxical dangers for everyone concerned: hackers,
signal carriers, board owners, cops, prosecutors, even
random passers-by. Sometimes, well-meant attempts to
avert trouble or punish wrongdoing bring more trouble
than would simple ignorance, indifference or impropriety.
Terminus's "Netsys" board was not a common-or-
garden bulletin board system, though it had most of the
usual functions of a board. Netsys was not a stand-alone
machine, but part of the globe-spanning "UUCP"
cooperative network. The UUCP network uses a set of
Unix software programs called "Unix-to-Unix Copy," which
allows Unix systems to throw data to one another at high
speed through the public telephone network. UUCP is a
radically decentralized, not-for-profit network of UNIX
computers. There are tens of thousands of these UNIX
machines. Some are small, but many are powerful and
also link to other networks. UUCP has certain arcane links
to major networks such as JANET, EasyNet, BITNET,
JUNET, VNET, DASnet, PeaceNet and FidoNet, as well as
the gigantic Internet. (The so-called "Internet" is not
actually a network itself, but rather an "internetwork"
connections standard that allows several globe-spanning
computer networks to communicate with one another.
Readers fascinated by the weird and intricate tangles of
modern computer networks may enjoy John S.
Quarterman's authoritative 719-page explication, *The
Matrix,* Digital Press, 1990.)
A skilled user of Terminus' UNIX machine could
send and receive electronic mail from almost any major
computer network in the world. Netsys was not called a
"board" per se, but rather a "node." "Nodes" were larger,
faster, and more sophisticated than mere "boards," and
for hackers, to hang out on internationally-connected
"nodes" was quite the step up from merely hanging out on
local "boards."
Terminus's Netsys node in Maryland had a number
of direct links to other, similar UUCP nodes, run by
people who shared his interests and at least something of
his free-wheeling attitude. One of these nodes was Jolnet,
owned by Richard Andrews, who, like Terminus, was an
independent UNIX consultant. Jolnet also ran UNIX, and
could be contacted at high speed by mainframe machines
from all over the world. Jolnet was quite a sophisticated
piece of work, technically speaking, but it was still run by
an individual, as a private, not-for-profit hobby. Jolnet
was
mostly used by other UNIX programmers -- for mail,
storage, and access to networks. Jolnet supplied access
network access to about two hundred people, as well as a
local junior college.
Among its various features and services, Jolnet also
carried *Phrack* magazine.
For reasons of his own, Richard Andrews had become
suspicious of a new user called "Robert Johnson." Richard
Andrews took it upon himself to have a look at what
"Robert Johnson" was storing in Jolnet. And Andrews
found the E911 Document.
"Robert Johnson" was the Prophet from the Legion of
Doom, and the E911 Document was illicitly copied data
from Prophet's raid on the BellSouth computers.
The E911 Document, a particularly illicit piece of
digital property, was about to resume its long, complex,
and disastrous career.
It struck Andrews as fishy that someone not a
telephone employee should have a document referring to
the "Enhanced 911 System." Besides, the document itself
bore an obvious warning.
"WARNING: NOT FOR USE OR DISCLOSURE
OUTSIDE BELLSOUTH OR ANY OF ITS SUBSIDIARIES
EXCEPT UNDER WRITTEN AGREEMENT."
These standard nondisclosure tags are often
appended to all sorts of corporate material. Telcos as a
species are particularly notorious for stamping most
everything in sight as "not for use or disclosure." Still,
this
particular piece of data was about the 911 System. That
sounded bad to Rich Andrews.
Andrews was not prepared to ignore this sort of
trouble. He thought it would be wise to pass the document
along to a friend and acquaintance on the UNIX network,
for consultation. So, around September 1988, Andrews
sent yet another copy of the E911 Document electronically
to an AT&T employee, one Charles Boykin, who ran a
UNIX-based node called "attctc" in Dallas, Texas.
"Attctc" was the property of AT&T, and was run from
AT&T's Customer Technology Center in Dallas, hence the
name "attctc." "Attctc" was better-known as "Killer," the
name of the machine that the system was running on.
"Killer" was a hefty, powerful, AT&T 3B2 500 model, a
multi-user, multi-tasking UNIX platform with 32 meg of
memory and a mind-boggling 3.2 Gigabytes of storage.
When Killer had first arrived in Texas, in 1985, the 3B2
had been one of AT&T's great white hopes for going head-
to-head with IBM for the corporate computer-hardware
market. "Killer" had been shipped to the Customer
Technology Center in the Dallas Infomart, essentially a
high-technology mall, and there it sat, a demonstration
model.
Charles Boykin, a veteran AT&T hardware and digital
communications expert, was a local technical backup man
for the AT&T 3B2 system. As a display model in the
Infomart mall, "Killer" had little to do, and it seemed a
shame to waste the system's capacity. So Boykin
ingeniously wrote some UNIX bulletin-board software for
"Killer," and plugged the machine in to the local phone
ordering delivery of stolen goods through card-fraud. Fry
Guy was intoxicated with success. The sixteen-year-old
fantasized wildly to hacker rivals, boasting that he'd used
rip-off money to hire himself a big limousine, and had
driven out-of-state with a groupie from his favorite heavy-
metal band, Motley Crue.
Armed with knowledge, power, and a gratifying
stream of free money, Fry Guy now took it upon himself to
call local representatives of Indiana Bell security, to
brag,
boast, strut, and utter tormenting warnings that his
powerful friends in the notorious Legion of Doom could
crash the national telephone network. Fry Guy even
named a date for the scheme: the Fourth of July, a
national holiday.
This egregious example of the begging-for-arrest
syndrome was shortly followed by Fry Guy's arrest. After
the Indiana telephone company figured out who he was,
the Secret Service had DNRs -- Dialed Number
Recorders -- installed on his home phone lines. These
devices are not taps, and can't record the substance of
phone calls, but they do record the phone numbers of all
calls going in and out. Tracing these numbers showed Fry
Guy's long-distance code fraud, his extensive ties to pirate
bulletin boards, and numerous personal calls to his LoD
friends in Atlanta. By July 11, 1989, Prophet, Urvile and
Leftist also had Secret Service DNR "pen registers"
installed on their own lines.
The Secret Service showed up in force at Fry Guy's
house on July 22, 1989, to the horror of his unsuspecting
parents. The raiders were led by a special agent from the
Secret Service's Indianapolis office. However, the raiders
were accompanied and advised by Timothy M. Foley of
the Secret Service's Chicago office (a gentleman about
whom we will soon be hearing a great deal).
Following federal computer-crime techniques that
had been standard since the early 1980s, the Secret
Service searched the house thoroughly, and seized all of
Fry Guy's electronic equipment and notebooks. All Fry
Guy's equipment went out the door in the custody of the
Secret Service, which put a swift end to his depredations.
The USSS interrogated Fry Guy at length. His case
was put in the charge of Deborah Daniels, the federal US
Attorney for the Southern District of Indiana. Fry Guy was
charged with eleven counts of computer fraud,
unauthorized computer access, and wire fraud. The
evidence was thorough and irrefutable. For his part, Fry
Guy blamed his corruption on the Legion of Doom and
offered to testify against them.
Fry Guy insisted that the Legion intended to crash
the phone system on a national holiday. And when AT&T
crashed on Martin Luther King Day, 1990, this lent a
credence to his claim that genuinely alarmed telco
security and the Secret Service.
Fry Guy eventually pled guilty on May 31, 1990. On
September 14, he was sentenced to forty-four months'
probation and four hundred hours' community service.
He could have had it much worse; but it made sense to
prosecutors to take it easy on this teenage minor, while
zeroing in on the notorious kingpins of the Legion of
Doom.
But the case against LoD had nagging flaws.
Despite the best effort of investigators, it was impossible
to prove that the Legion had crashed the phone system on
January 15, because they, in fact, hadn't done so. The
investigations of 1989 did show that certain members of
the Legion of Doom had achieved unprecedented power
over the telco switching stations, and that they were in
active conspiracy to obtain more power yet. Investigators
were privately convinced that the Legion of Doom
intended to do awful things with this knowledge, but mere
evil intent was not enough to put them in jail.
And although the Atlanta Three -- Prophet, Leftist,
and especially Urvile -- had taught Fry Guy plenty, they
were not themselves credit-card fraudsters. The only
thing they'd "stolen" was long-distance service -- and since
they'd done much of that through phone-switch
manipulation, there was no easy way to judge how much
they'd "stolen," or whether this practice was even "theft"
of
any easily recognizable kind.
Fry Guy's theft of long-distance codes had cost the
phone companies plenty. The theft of long-distance
service may be a fairly theoretical "loss," but it costs
genuine money and genuine time to delete all those
stolen codes, and to re-issue new codes to the innocent
owners of those corrupted codes. The owners of the codes
themselves are victimized, and lose time and money and
peace of mind in the hassle. And then there were the
credit-card victims to deal with, too, and Western Union.
When it came to rip-off, Fry Guy was far more of a thief
than LoD. It was only when it came to actual computer
expertise that Fry Guy was small potatoes.
The Atlanta Legion thought most "rules" of
cyberspace were for rodents and losers, but they *did*
have rules. *They never crashed anything, and they never
took money.* These were rough rules-of-thumb, and
rather dubious principles when it comes to the ethical
subtleties of cyberspace, but they enabled the Atlanta
Three to operate with a relatively clear conscience (though
never with peace of mind).
If you didn't hack for money, if you weren't robbing
people of actual funds -- money in the bank, that is --
then
nobody *really* got hurt, in LoD's opinion. "Theft of
service" was a bogus issue, and "intellectual property" was
a bad joke. But LoD had only elitist contempt for rip-off
artists, "leechers," thieves. They considered themselves
clean. In their opinion, if you didn't smash-up or crash
any
systems -- (well, not on purpose, anyhow -- accidents can
happen, just ask Robert Morris) then it was very unfair to
call you a "vandal" or a "cracker." When you were
hanging out on-line with your "pals" in telco security, you
could face them down from the higher plane of hacker
morality. And you could mock the police from the
supercilious heights of your hacker's quest for pure
knowledge.
But from the point of view of law enforcement and
telco security, however, Fry Guy was not really dangerous.
The Atlanta Three *were* dangerous. It wasn't the crimes
they were committing, but the *danger,* the potential
hazard, the sheer *technical power* LoD had
accumulated, that had made the situation untenable.
Fry Guy was not LoD. He'd never laid eyes on
anyone in LoD; his only contacts with them had been
electronic. Core members of the Legion of Doom tended
to meet physically for conventions every year or so, to get
drunk, give each other the hacker high-sign, send out for
pizza and ravage hotel suites. Fry Guy had never done any
of this. Deborah Daniels assessed Fry Guy accurately as
"an LoD wannabe."
Nevertheless Fry Guy's crimes would be directly
attributed to LoD in much future police propaganda. LoD
would be described as "a closely knit group" involved in
"numerous illegal activities" including "stealing and
modifying individual credit histories," and "fraudulently
obtaining money and property." Fry Guy did this, but the
Atlanta Three didn't; they simply weren't into theft, but
rather intrusion. This caused a strange kink in the
prosecution's strategy. LoD were accused of
"disseminating information about attacking computers to
other computer hackers in an effort to shift the focus of
law enforcement to those other hackers and away from the
Legion of Doom."
This last accusation (taken directly from a press
release by the Chicago Computer Fraud and Abuse Task
Force) sounds particularly far-fetched. One might
conclude at this point that investigators would have been
well-advised to go ahead and "shift their focus" from the
"Legion of Doom." Maybe they *should* concentrate on
"those other hackers" -- the ones who were actually
stealing money and physical objects.
But the Hacker Crackdown of 1990 was not a simple
policing action. It wasn't meant just to walk the beat in
cyberspace -- it was a *crackdown,* a deliberate attempt to
nail the core of the operation, to send a dire and potent
message that would settle the hash of the digital
underground for good.
By this reasoning, Fry Guy wasn't much more than
the electronic equivalent of a cheap streetcorner dope
dealer. As long as the masterminds of LoD were still
flagrantly operating, pushing their mountains of illicit
knowledge right and left, and whipping up enthusiasm for
blatant lawbreaking, then there would be an *infinite
supply* of Fry Guys.
Because LoD were flagrant, they had left trails
everywhere, to be picked up by law enforcement in New
York, Indiana, Florida, Texas, Arizona, Missouri, even
Australia. But 1990's war on the Legion of Doom was led
out of Illinois, by the Chicago Computer Fraud and Abuse
Task Force.
#
The Computer Fraud and Abuse Task Force, led by
federal prosecutor William J. Cook, had started in 1987
and had swiftly become one of the most aggressive local
"dedicated computer-crime units." Chicago was a natural
home for such a group. The world's first computer
bulletin-board system had been invented in Illinois. The
state of Illinois had some of the nation's first and
sternest
computer crime laws. Illinois State Police were markedly
alert to the possibilities of white-collar crime and
electronic fraud.
And William J. Cook in particular was a rising star in
electronic crime-busting. He and his fellow federal
prosecutors at the U.S. Attorney's office in Chicago had a
tight relation with the Secret Service, especially go-
getting
Chicago-based agent Timothy Foley. While Cook and his
Department of Justice colleagues plotted strategy, Foley
was their man on the street.
Throughout the 1980s, the federal government had
given prosecutors an armory of new, untried legal tools
against computer crime. Cook and his colleagues were
pioneers in the use of these new statutes in the real-life
cut-and-thrust of the federal courtroom.
On October 2, 1986, the US Senate had passed the
"Computer Fraud and Abuse Act" unanimously, but there
were pitifully few convictions under this statute. Cook's
group took their name from this statute, since they were
determined to transform this powerful but rather
theoretical Act of Congress into a real-life engine of legal
destruction against computer fraudsters and scofflaws.
It was not a question of merely discovering crimes,
investigating them, and then trying and punishing their
perpetrators. The Chicago unit, like most everyone else in
the business, already *knew* who the bad guys were: the
Legion of Doom and the writers and editors of *Phrack.*
The task at hand was to find some legal means of putting
these characters away.
This approach might seem a bit dubious, to someone
not acquainted with the gritty realities of prosecutorial
work. But prosecutors don't put people in jail for crimes
they have committed; they put people in jail for crimes
they have committed *that can be proved in court.*
Chicago federal police put Al Capone in prison for
income-tax fraud. Chicago is a big town, with a rough-
and-ready bare-knuckle tradition on both sides of the law.
Fry Guy had broken the case wide open and alerted
telco security to the scope of the problem. But Fry Guy's
crimes would not put the Atlanta Three behind bars --
much less the wacko underground journalists of *Phrack.*
So on July 22, 1989, the same day that Fry Guy was raided
in Indiana, the Secret Service descended upon the Atlanta
Three.
This was likely inevitable. By the summer of 1989, law
enforcement were closing in on the Atlanta Three from at
least six directions at once. First, there were the leads
from Fry Guy, which had led to the DNR registers being
installed on the lines of the Atlanta Three. The DNR
evidence alone would have finished them off, sooner or
later.
But second, the Atlanta lads were already well-known
to Control-C and his telco security sponsors. LoD's
contacts with telco security had made them overconfident
and even more boastful than usual; they felt that they had
powerful friends in high places, and that they were being
openly tolerated by telco security. But BellSouth's
Intrusion Task Force were hot on the trail of LoD and
sparing no effort or expense.
The Atlanta Three had also been identified by name
and listed on the extensive anti-hacker files maintained,
and retailed for pay, by private security operative John
Maxfield of Detroit. Maxfield, who had extensive ties to
telco security and many informants in the underground,
was a bete noire of the *Phrack* crowd, and the dislike was
mutual.
The Atlanta Three themselves had written articles for
*Phrack.* This boastful act could not possibly escape telco
and law enforcement attention.
"Knightmare," a high-school age hacker from
Arizona, was a close friend and disciple of Atlanta LoD,
but he had been nabbed by the formidable Arizona
Organized Crime and Racketeering Unit. Knightmare
was on some of LoD's favorite boards -- "Black Ice" in
particular -- and was privy to their secrets. And to have
Gail Thackeray, the Assistant Attorney General of Arizona,
on one's trail was a dreadful peril for any hacker.
And perhaps worst of all, Prophet had committed a
major blunder by passing an illicitly copied BellSouth
computer-file to Knight Lightning, who had published it in
*Phrack.* This, as we will see, was an act of dire
consequence for almost everyone concerned.
On July 22, 1989, the Secret Service showed up at the
Leftist's house, where he lived with his parents. A massive
squad of some twenty officers surrounded the building:
Secret Service, federal marshals, local police, possibly
BellSouth telco security; it was hard to tell in the crush.
Leftist's dad, at work in his basement office, first noticed
a
muscular stranger in plain clothes crashing through the
back yard with a drawn pistol. As more strangers poured
into the house, Leftist's dad naturally assumed there was
an armed robbery in progress.
Like most hacker parents, Leftist's mom and dad had
only the vaguest notions of what their son had been up to
all this time. Leftist had a day-job repairing computer
hardware. His obsession with computers seemed a bit
odd, but harmless enough, and likely to produce a well-
paying career. The sudden, overwhelming raid left
Leftist's parents traumatized.
The Leftist himself had been out after work with his
co-workers, surrounding a couple of pitchers of
margaritas. As he came trucking on tequila-numbed feet
up the pavement, toting a bag full of floppy-disks, he
noticed a large number of unmarked cars parked in his
driveway. All the cars sported tiny microwave antennas.
The Secret Service had knocked the front door off its
hinges, almost flattening his Mom.
Inside, Leftist was greeted by Special Agent James
Cool of the US Secret Service, Atlanta office. Leftist was
flabbergasted. He'd never met a Secret Service agent
before. He could not imagine that he'd ever done
anything worthy of federal attention. He'd always figured
that if his activities became intolerable, one of his
contacts
in telco security would give him a private phone-call and
tell him to knock it off.
But now Leftist was pat-searched for weapons by grim
professionals, and his bag of floppies was quickly seized.
He and his parents were all shepherded into separate
rooms and grilled at length as a score of officers scoured
their home for anything electronic.
Leftist was horrified as his treasured IBM AT
personal computer with its forty-meg hard disk, and his
recently purchased 80386 IBM-clone with a whopping
hundred-meg hard disk, both went swiftly out the door in
Secret Service custody. They also seized all his disks, all
his notebooks, and a tremendous booty in dogeared telco
documents that Leftist had snitched out of trash
dumpsters.
Leftist figured the whole thing for a big
misunderstanding. He'd never been into *military*
computers. He wasn't a *spy* or a *Communist.* He was
just a good ol' Georgia hacker, and now he just wanted all
these people out of the house. But it seemed they
wouldn't go until he made some kind of statement.
And so, he levelled with them.
And that, Leftist said later from his federal prison
camp in Talladega, Alabama, was a big mistake.
The Atlanta area was unique, in that it had three
members of the Legion of Doom who actually occupied
more or less the same physical locality. Unlike the rest
of
LoD, who tended to associate by phone and computer,
Atlanta LoD actually *were* "tightly knit." It was no real
surprise that the Secret Service agents apprehending
Urvile at the computer-labs at Georgia Tech, would
discover Prophet with him as well.
Urvile, a 21-year-old Georgia Tech student in polymer
chemistry, posed quite a puzzling case for law
enforcement. Urvile -- also known as "Necron 99," as well
as other handles, for he tended to change his cover-alias
about once a month -- was both an accomplished hacker
and a fanatic simulation-gamer.
Simulation games are an unusual hobby; but then
hackers are unusual people, and their favorite pastimes
tend to be somewhat out of the ordinary. The best-known
American simulation game is probably "Dungeons &
Dragons," a multi-player parlor entertainment played with
paper, maps, pencils, statistical tables and a variety of
oddly-shaped dice. Players pretend to be heroic
characters exploring a wholly-invented fantasy world. The
fantasy worlds of simulation gaming are commonly
pseudo-medieval, involving swords and sorcery -- spell-
casting wizards, knights in armor, unicorns and dragons,
demons and goblins.
Urvile and his fellow gamers preferred their
fantasies highly technological. They made use of a game
known as "G.U.R.P.S.," the "Generic Universal Role
Playing System," published by a company called Steve
Jackson Games (SJG).
"G.U.R.P.S." served as a framework for creating a
wide variety of artificial fantasy worlds. Steve Jackson
Games published a smorgasboard of books, full of
detailed information and gaming hints, which were used
to flesh-out many different fantastic backgrounds for the
basic GURPS framework. Urvile made extensive use of
two SJG books called *GURPS High-Tech* and *GURPS
Special Ops.*
In the artificial fantasy-world of *GURPS Special
Ops,* players entered a modern fantasy of intrigue and
international espionage. On beginning the game, players
started small and powerless, perhaps as minor-league CIA
agents or penny-ante arms dealers. But as players
persisted through a series of game sessions (game
sessions generally lasted for hours, over long, elaborate
campaigns that might be pursued for months on end)
then they would achieve new skills, new knowledge, new
power. They would acquire and hone new abilities, such as
marksmanship, karate, wiretapping, or Watergate
burglary. They could also win various kinds of imaginary
booty, like Berettas, or martini shakers, or fast cars with
ejection seats and machine-guns under the headlights.
As might be imagined from the complexity of these
games, Urvile's gaming notes were very detailed and
extensive. Urvile was a "dungeon-master," inventing
scenarios for his fellow gamers, giant simulated
adventure-puzzles for his friends to unravel. Urvile's
game notes covered dozens of pages with all sorts of exotic
lunacy, all about ninja raids on Libya and break-ins on
encrypted Red Chinese supercomputers. His notes were
written on scrap-paper and kept in loose-leaf binders.
The handiest scrap paper around Urvile's college
digs were the many pounds of BellSouth printouts and
documents that he had snitched out of telco dumpsters.
His notes were written on the back of misappropriated
telco property. Worse yet, the gaming notes were
chaotically interspersed with Urvile's hand-scrawled
records involving *actual computer intrusions* that he
had committed.
Not only was it next to impossible to tell Urvile's
fantasy game-notes from cyberspace "reality," but Urvile
himself barely made this distinction. It's no exaggeration
to say that to Urvile it was *all* a game. Urvile was very
bright, highly imaginative, and quite careless of other
people's notions of propriety. His connection to "reality"
was not something to which he paid a great deal of
attention.
Hacking was a game for Urvile. It was an amusement
he was carrying out, it was something he was doing for fun.
And Urvile was an obsessive young man. He could no
more stop hacking than he could stop in the middle of a
jigsaw puzzle, or stop in the middle of reading a Stephen
Donaldson fantasy trilogy. (The name "Urvile" came from
a best-selling Donaldson novel.)
Urvile's airy, bulletproof attitude seriously annoyed
his interrogators. First of all, he didn't consider that
he'd
done anything wrong. There was scarcely a shred of
honest remorse in him. On the contrary, he seemed
privately convinced that his police interrogators were
operating in a demented fantasy-world all their own.
Urvile was too polite and well-behaved to say this straight-
out, but his reactions were askew and disquieting.
For instance, there was the business about LoD's
ability to monitor phone-calls to the police and Secret
Service. Urvile agreed that this was quite possible, and
posed no big problem for LoD. In fact, he and his friends
had kicked the idea around on the "Black Ice" board,
much as they had discussed many other nifty notions,
such as building personal flame-throwers and jury-rigging
fistfulls of blasting-caps. They had hundreds of dial-up
numbers for government agencies that they'd gotten
through scanning Atlanta phones, or had pulled from
raided VAX/VMS mainframe computers.
Basically, they'd never gotten around to listening in
on the cops because the idea wasn't interesting enough to
bother with. Besides, if they'd been monitoring Secret
Service phone calls, obviously they'd never have been
caught in the first place. Right?
The Secret Service was less than satisfied with this
rapier-like hacker logic.
Then there was the issue of crashing the phone
system. No problem, Urvile admitted sunnily. Atlanta
LoD could have shut down phone service all over Atlanta
any time they liked. *Even the 911 service?* Nothing
special about that, Urvile explained patiently. Bring the
switch to its knees, with say the UNIX "makedir" bug, and
911 goes down too as a matter of course. The 911 system
wasn't very interesting, frankly. It might be tremendously
interesting to cops (for odd reasons of their own), but as
technical challenges went, the 911 service was yawnsville.
So of course the Atlanta Three could crash service.
They probably could have crashed service all over
BellSouth territory, if they'd worked at it for a while.
But
Atlanta LoD weren't crashers. Only losers and rodents
were crashers. LoD were *elite.*
Urvile was privately convinced that sheer technical
expertise could win him free of any kind of problem. As
far as he was concerned, elite status in the digital
underground had placed him permanently beyond the
intellectual grasp of cops and straights. Urvile had a lot
to
learn.
Of the three LoD stalwarts, Prophet was in the most
direct trouble. Prophet was a UNIX programming expert
who burrowed in and out of the Internet as a matter of
course. He'd started his hacking career at around age 14,
meddling with a UNIX mainframe system at the
University of North Carolina.
Prophet himself had written the handy Legion of
Doom file "UNIX Use and Security From the Ground Up."
UNIX (pronounced "you-nicks") is a powerful, flexible
computer operating-system, for multi-user, multi-tasking
computers. In 1969, when UNIX was created in Bell Labs,
such computers were exclusive to large corporations and
universities, but today UNIX is run on thousands of
powerful home machines. UNIX was particularly well-
suited to telecommunications programming, and had
become a standard in the field. Naturally, UNIX also
became a standard for the elite hacker and phone phreak.
Lately, Prophet had not been so active as Leftist and
Urvile, but Prophet was a recidivist. In 1986, when he was
eighteen, Prophet had been convicted of "unauthorized
access to a computer network" in North Carolina. He'd
been discovered breaking into the Southern Bell Data
Network, a UNIX-based internal telco network supposedly
closed to the public. He'd gotten a typical hacker
sentence: six months suspended, 120 hours community
service, and three years' probation.
After that humiliating bust, Prophet had gotten rid of
most of his tonnage of illicit phreak and hacker data, and
had tried to go straight. He was, after all, still on
probation.
But by the autumn of 1988, the temptations of cyberspace
had proved too much for young Prophet, and he was
shoulder-to-shoulder with Urvile and Leftist into some of
the hairiest systems around.
In early September 1988, he'd broken into BellSouth's
centralized automation system, AIMSX or "Advanced
Information Management System." AIMSX was an
internal business network for BellSouth, where telco
employees stored electronic mail, databases, memos, and
calendars, and did text processing. Since AIMSX did not
have public dial-ups, it was considered utterly invisible to
the public, and was not well-secured -- it didn't even
require passwords. Prophet abused an account known as
"waa1," the personal account of an unsuspecting telco
employee. Disguised as the owner of waa1, Prophet made
about ten visits to AIMSX.
Prophet did not damage or delete anything in the
system. His presence in AIMSX was harmless and almost
invisible. But he could not rest content with that.
One particular piece of processed text on AIMSX was
a telco document known as "Bell South Standard Practice
660-225-104SV Control Office Administration of Enhanced
911 Services for Special Services and Major Account
Centers dated March 1988."
Prophet had not been looking for this document. It
was merely one among hundreds of similar documents
with impenetrable titles. However, having blundered over
it in the course of his illicit wanderings through AIMSX, he
decided to take it with him as a trophy. It might prove
very
useful in some future boasting, bragging, and strutting
session. So, some time in September 1988, Prophet
ordered the AIMSX mainframe computer to copy this
document (henceforth called simply called "the E911
Document") and to transfer this copy to his home
computer.
No one noticed that Prophet had done this. He had
"stolen" the E911 Document in some sense, but notions of
property in cyberspace can be tricky. BellSouth noticed
nothing wrong, because BellSouth still had their original
copy. They had not been "robbed" of the document itself.
Many people were supposed to copy this document --
specifically, people who worked for the nineteen BellSouth
"special services and major account centers," scattered
throughout the Southeastern United States. That was
what it was for, why it was present on a computer network
in the first place: so that it could be copied and read --
by
telco employees. But now the data had been copied by
someone who wasn't supposed to look at it.
Prophet now had his trophy. But he further decided
to store yet another copy of the E911 Document on
another person's computer. This unwitting person was a
computer enthusiast named Richard Andrews who lived
near Joliet, Illinois. Richard Andrews was a UNIX
programmer by trade, and ran a powerful UNIX board
called "Jolnet," in the basement of his house.
Prophet, using the handle "Robert Johnson," had
obtained an account on Richard Andrews' computer. And
there he stashed the E911 Document, by storing it in his
own private section of Andrews' computer.
Why did Prophet do this? If Prophet had eliminated
the E911 Document from his own computer, and kept it
hundreds of miles away, on another machine, under an
alias, then he might have been fairly safe from discovery
and prosecution -- although his sneaky action had
certainly put the unsuspecting Richard Andrews at risk.
But, like most hackers, Prophet was a pack-rat for
illicit data. When it came to the crunch, he could not bear
to part from his trophy. When Prophet's place in
Decatur, Georgia was raided in July 1989, there was the
E911 Document, a smoking gun. And there was Prophet in
the hands of the Secret Service, doing his best to
"explain."
Our story now takes us away from the Atlanta Three
and their raids of the Summer of 1989. We must leave
Atlanta Three "cooperating fully" with their numerous
investigators. And all three of them did cooperate, as
their Sentencing Memorandum from the US District
Court of the Northern Division of Georgia explained --
just before all three of them were sentenced to various
federal prisons in November 1990.
We must now catch up on the other aspects of the
war on the Legion of Doom. The war on the Legion was a
war on a network -- in fact, a network of three networks,
which intertwined and interrelated in a complex fashion.
The Legion itself, with Atlanta LoD, and their hanger-on
Fry Guy, were the first network. The second network was
*Phrack* magazine, with its editors and contributors.
The third network involved the electronic circle
around a hacker known as "Terminus."
The war against these hacker networks was carried
out by a law enforcement network. Atlanta LoD and Fry
Guy were pursued by USSS agents and federal
prosecutors in Atlanta, Indiana, and Chicago. "Terminus"
found himself pursued by USSS and federal prosecutors
from Baltimore and Chicago. And the war against Phrack
was almost entirely a Chicago operation.
The investigation of Terminus involved a great deal
of energy, mostly from the Chicago Task Force, but it was
to be the least-known and least-publicized of the
Crackdown operations. Terminus, who lived in Maryland,
was a UNIX programmer and consultant, fairly well-
known (under his given name) in the UNIX community,
as an acknowledged expert on AT&T minicomputers.
Terminus idolized AT&T, especially Bellcore, and longed
for public recognition as a UNIX expert; his highest
ambition was to work for Bell Labs.
But Terminus had odd friends and a spotted history.
Terminus had once been the subject of an admiring
interview in *Phrack* (Volume II, Issue 14, Phile 2 --
dated
May 1987). In this article, *Phrack* co-editor Taran King
described "Terminus" as an electronics engineer, 5'9",
brown-haired, born in 1959 -- at 28 years old, quite mature
for a hacker.
Terminus had once been sysop of a phreak/hack
underground board called "MetroNet," which ran on an
Apple II. Later he'd replaced "MetroNet" with an
underground board called "MegaNet," specializing in
IBMs. In his younger days, Terminus had written one of
the very first and most elegant code-scanning programs
for the IBM-PC. This program had been widely
distributed in the underground. Uncounted legions of PC-
owning phreaks and hackers had used Terminus's
scanner program to rip-off telco codes. This feat had not
escaped the attention of telco security; it hardly could,
since Terminus's earlier handle, "Terminal Technician,"
was proudly written right on the program.
When he became a full-time computer professional
(specializing in telecommunications programming), he
adopted the handle Terminus, meant to indicate that he
had "reached the final point of being a proficient hacker."
He'd moved up to the UNIX-based "Netsys" board on an
AT&T computer, with four phone lines and an impressive
240 megs of storage. "Netsys" carried complete issues of
*Phrack,* and Terminus was quite friendly with its
publishers, Taran King and Knight Lightning.
In the early 1980s, Terminus had been a regular on
Plovernet, Pirate-80, Sherwood Forest and Shadowland, all
well-known pirate boards, all heavily frequented by the
Legion of Doom. As it happened, Terminus was never
officially "in LoD," because he'd never been given the
official LoD high-sign and back-slap by Legion maven Lex
Luthor. Terminus had never physically met anyone from
LoD. But that scarcely mattered much -- the Atlanta
Three themselves had never been officially vetted by Lex,
either.
As far as law enforcement was concerned, the issues
were clear. Terminus was a full-time, adult computer
professional with particular skills at AT&T software and
hardware -- but Terminus reeked of the Legion of Doom
and the underground.
On February 1, 1990 -- half a month after the Martin
Luther King Day Crash -- USSS agents Tim Foley from
Chicago, and Jack Lewis from the Baltimore office,
accompanied by AT&T security officer Jerry Dalton,
travelled to Middle Town, Maryland. There they grilled
Terminus in his home (to the stark terror of his wife and
small children), and, in their customary fashion, hauled
his computers out the door.
The Netsys machine proved to contain a plethora of
arcane UNIX software -- proprietary source code formally
owned by AT&T. Software such as: UNIX System Five
Release 3.2; UNIX SV Release 3.1; UUCP
communications software; KORN SHELL; RFS; IWB;
WWB; DWB; the C++ programming language; PMON;
TOOL CHEST; QUEST; DACT, and S FIND.
In the long-established piratical tradition of the
underground, Terminus had been trading this illicitly-
copied software with a small circle of fellow UNIX
programmers. Very unwisely, he had stored seven years
of his electronic mail on his Netsys machine, which
documented all the friendly arrangements he had made
with his various colleagues.
Terminus had not crashed the AT&T phone system
on January 15. He was, however, blithely running a not-
for-profit AT&T software-piracy ring. This was not an
activity AT&T found amusing. AT&T security officer Jerry
Dalton valued this "stolen" property at over three hundred
thousand dollars.
AT&T's entry into the tussle of free enterprise had
been complicated by the new, vague groundrules of the
information economy. Until the break-up of Ma Bell,
AT&T was forbidden to sell computer hardware or
software. Ma Bell was the phone company; Ma Bell was
not allowed to use the enormous revenue from telephone
utilities, in order to finance any entry into the computer
market.
AT&T nevertheless invented the UNIX operating
system. And somehow AT&T managed to make UNIX a
minor source of income. Weirdly, UNIX was not sold as
computer software, but actually retailed under an obscure
regulatory exemption allowing sales of surplus equipment
and scrap. Any bolder attempt to promote or retail UNIX
would have aroused angry legal opposition from computer
companies. Instead, UNIX was licensed to universities, at
modest rates, where the acids of academic freedom ate
away steadily at AT&T's proprietary rights.
Come the breakup, AT&T recognized that UNIX was
a potential gold-mine. By now, large chunks of UNIX
code had been created that were not AT&T's, and were
being sold by others. An entire rival UNIX-based
operating system had arisen in Berkeley, California (one
of the world's great founts of ideological hackerdom).
Today, "hackers" commonly consider "Berkeley UNIX" to
be technically superior to AT&T's "System V UNIX," but
AT&T has not allowed mere technical elegance to intrude
on the real-world business of marketing proprietary
software. AT&T has made its own code deliberately
incompatible with other folks' UNIX, and has written code
that it can prove is copyrightable, even if that code
happens to be somewhat awkward -- "kludgey." AT&T
UNIX user licenses are serious business agreements,
replete with very clear copyright statements and non-
disclosure clauses.
AT&T has not exactly kept the UNIX cat in the bag,
but it kept a grip on its scruff with some success. By the
rampant, explosive standards of software piracy, AT&T
UNIX source code is heavily copyrighted, well-guarded,
well-licensed. UNIX was traditionally run only on
mainframe machines, owned by large groups of suit-and-
tie professionals, rather than on bedroom machines where
people can get up to easy mischief.
And AT&T UNIX source code is serious high-level
programming. The number of skilled UNIX
programmers with any actual motive to swipe UNIX
source code is small. It's tiny, compared to the tens of
thousands prepared to rip-off, say, entertaining PC games
like "Leisure Suit Larry."
But by 1989, the warez-d00d underground, in the
persons of Terminus and his friends, was gnawing at
AT&T UNIX. And the property in question was not sold
for twenty bucks over the counter at the local branch of
Babbage's or Egghead's; this was massive, sophisticated,
multi-line, multi-author corporate code worth tens of
thousands of dollars.
It must be recognized at this point that Terminus's
purported ring of UNIX software pirates had not actually
made any money from their suspected crimes. The
$300,000 dollar figure bandied about for the contents of
Terminus's computer did not mean that Terminus was in
actual illicit possession of three hundred thousand of
AT&T's dollars. Terminus was shipping software back
and forth, privately, person to person, for free. He was
not
making a commercial business of piracy. He hadn't asked
for money; he didn't take money. He lived quite modestly.
AT&T employees -- as well as freelance UNIX
consultants, like Terminus -- commonly worked with
"proprietary" AT&T software, both in the office and at
home on their private machines. AT&T rarely sent
security officers out to comb the hard disks of its
consultants. Cheap freelance UNIX contractors were
quite useful to AT&T; they didn't have health insurance or
retirement programs, much less union membership in the
Communication Workers of America. They were humble
digital drudges, wandering with mop and bucket through
the Great Technological Temple of AT&T; but when the
Secret Service arrived at their homes, it seemed they were
eating with company silverware and sleeping on company
sheets! Outrageously, they behaved as if the things they
worked with every day belonged to them!
And these were no mere hacker teenagers with their
hands full of trash-paper and their noses pressed to the
corporate windowpane. These guys were UNIX wizards,
not only carrying AT&T data in their machines and their
heads, but eagerly networking about it, over machines that
were far more powerful than anything previously
imagined in private hands. How do you keep people
disposable, yet assure their awestruck respect for your
property? It was a dilemma.
Much UNIX code was public-domain, available for
free. Much "proprietary" UNIX code had been
extensively re-written, perhaps altered so much that it
became an entirely new product -- or perhaps not.
Intellectual property rights for software developers were,
and are, extraordinarily complex and confused. And
software "piracy," like the private copying of videos, is
one
of the most widely practiced "crimes" in the world today.
The USSS were not experts in UNIX or familiar with
the customs of its use. The United States Secret Service,
considered as a body, did not have one single person in it
who could program in a UNIX environment -- no, not even
one. The Secret Service *were* making extensive use of
expert help, but the "experts" they had chosen were AT&T
and Bellcore security officials, the very victims of the
purported crimes under investigation, the very people
whose interest in AT&T's "proprietary" software was most
pronounced.
On February 6, 1990, Terminus was arrested by Agent
Lewis. Eventually, Terminus would be sent to prison for
his illicit use of a piece of AT&T software.
The issue of pirated AT&T software would bubble
along in the background during the war on the Legion of
Doom. Some half-dozen of Terminus's on-line
acquaintances, including people in Illinois, Texas and
California, were grilled by the Secret Service in connection
with the illicit copying of software. Except for Terminus,
however, none were charged with a crime. None of them
shared his peculiar prominence in the hacker
underground.
But that did not meant that these people would, or
could, stay out of trouble. The transferral of illicit
data in
cyberspace is hazy and ill-defined business, with
paradoxical dangers for everyone concerned: hackers,
signal carriers, board owners, cops, prosecutors, even
random passers-by. Sometimes, well-meant attempts to
avert trouble or punish wrongdoing bring more trouble
than would simple ignorance, indifference or impropriety.
Terminus's "Netsys" board was not a common-or-
garden bulletin board system, though it had most of the
usual functions of a board. Netsys was not a stand-alone
machine, but part of the globe-spanning "UUCP"
cooperative network. The UUCP network uses a set of
Unix software programs called "Unix-to-Unix Copy," which
allows Unix systems to throw data to one another at high
speed through the public telephone network. UUCP is a
radically decentralized, not-for-profit network of UNIX
computers. There are tens of thousands of these UNIX
machines. Some are small, but many are powerful and
also link to other networks. UUCP has certain arcane links
to major networks such as JANET, EasyNet, BITNET,
JUNET, VNET, DASnet, PeaceNet and FidoNet, as well as
the gigantic Internet. (The so-called "Internet" is not
actually a network itself, but rather an "internetwork"
connections standard that allows several globe-spanning
computer networks to communicate with one another.
Readers fascinated by the weird and intricate tangles of
modern computer networks may enjoy John S.
Quarterman's authoritative 719-page explication, *The
Matrix,* Digital Press, 1990.)
A skilled user of Terminus' UNIX machine could
send and receive electronic mail from almost any major
computer network in the world. Netsys was not called a
"board" per se, but rather a "node." "Nodes" were larger,
faster, and more sophisticated than mere "boards," and
for hackers, to hang out on internationally-connected
"nodes" was quite the step up from merely hanging out on
local "boards."
Terminus's Netsys node in Maryland had a number
of direct links to other, similar UUCP nodes, run by
people who shared his interests and at least something of
his free-wheeling attitude. One of these nodes was Jolnet,
owned by Richard Andrews, who, like Terminus, was an
independent UNIX consultant. Jolnet also ran UNIX, and
could be contacted at high speed by mainframe machines
from all over the world. Jolnet was quite a sophisticated
piece of work, technically speaking, but it was still run by
an individual, as a private, not-for-profit hobby. Jolnet
was
mostly used by other UNIX programmers -- for mail,
storage, and access to networks. Jolnet supplied access
network access to about two hundred people, as well as a
local junior college.
Among its various features and services, Jolnet also
carried *Phrack* magazine.
For reasons of his own, Richard Andrews had become
suspicious of a new user called "Robert Johnson." Richard
Andrews took it upon himself to have a look at what
"Robert Johnson" was storing in Jolnet. And Andrews
found the E911 Document.
"Robert Johnson" was the Prophet from the Legion of
Doom, and the E911 Document was illicitly copied data
from Prophet's raid on the BellSouth computers.
The E911 Document, a particularly illicit piece of
digital property, was about to resume its long, complex,
and disastrous career.
It struck Andrews as fishy that someone not a
telephone employee should have a document referring to
the "Enhanced 911 System." Besides, the document itself
bore an obvious warning.
"WARNING: NOT FOR USE OR DISCLOSURE
OUTSIDE BELLSOUTH OR ANY OF ITS SUBSIDIARIES
EXCEPT UNDER WRITTEN AGREEMENT."
These standard nondisclosure tags are often
appended to all sorts of corporate material. Telcos as a
species are particularly notorious for stamping most
everything in sight as "not for use or disclosure." Still,
this
particular piece of data was about the 911 System. That
sounded bad to Rich Andrews.
Andrews was not prepared to ignore this sort of
trouble. He thought it would be wise to pass the document
along to a friend and acquaintance on the UNIX network,
for consultation. So, around September 1988, Andrews
sent yet another copy of the E911 Document electronically
to an AT&T employee, one Charles Boykin, who ran a
UNIX-based node called "attctc" in Dallas, Texas.
"Attctc" was the property of AT&T, and was run from
AT&T's Customer Technology Center in Dallas, hence the
name "attctc." "Attctc" was better-known as "Killer," the
name of the machine that the system was running on.
"Killer" was a hefty, powerful, AT&T 3B2 500 model, a
multi-user, multi-tasking UNIX platform with 32 meg of
memory and a mind-boggling 3.2 Gigabytes of storage.
When Killer had first arrived in Texas, in 1985, the 3B2
had been one of AT&T's great white hopes for going head-
to-head with IBM for the corporate computer-hardware
market. "Killer" had been shipped to the Customer
Technology Center in the Dallas Infomart, essentially a
high-technology mall, and there it sat, a demonstration
model.
Charles Boykin, a veteran AT&T hardware and digital
communications expert, was a local technical backup man
for the AT&T 3B2 system. As a display model in the
Infomart mall, "Killer" had little to do, and it seemed a
shame to waste the system's capacity. So Boykin
ingeniously wrote some UNIX bulletin-board software for
"Killer," and plugged the machine in to the local phone