[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: PWN III: The Affidavit ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ]
Current issue : #15 | Release date : 1987-07-08 | Editor : Taran King
Phrack XV IntroShooting Shark
More Stupid Unix TricksShooting Shark
Making Free Local Payfone CallsKiller Smurf
Advanced Carding XIVThe Disk Jockey
Gelled Flame FuelsElric of Imrryr
PWN I: The Scoop on Dan The OperatorKnight Lightning
PWN II: The July BustsKnight Lightning
PWN III: The Affidavitunknown
Title : PWN III: The Affidavit
Author : unknown
                      #### PHRACK PRESENTS ISSUE 15 ####

                   ^*^*^*^Phrack World News, Part 1^*^*^*^

                            **** File 8 of 10 ****



SEARCH WARRANT ON WRITTEN AFFIDAVIT

DATE:  7/17/87

TO:  Special Agent Lewis F. Jackson II, U.S. Secret Service or any agent d use
     of access devices, and Title 18 USC 1030 - Computer related fraud.

WHEN:  On or before (10 days) at any time day or night

------------

AFFIDAVIT

   "I, Lewis F. Jackson II, first being duly sworn, do depose and state:..."

[Here he goes on and on about his position in the San Jose Secret Service,
classes he has taken (none of them having to do with computers)]

   "Other individuals involved in the investigation:

    Detective J. McMullen -  Stanford Public Safety/Specialist in computers
    Steve Daugherty       -  Pacific Bell Telephone (sic)/ Specialist in fraud
    Stephen Hansen        -  Stanford Electrical Eng./ Director
    Brian Bales           -  Sprint Telecom./ Security Investigator
    M. Locker             -  ITT Communications/ Security Investigator
    Jerry Slaughter       -  MCI Communications/Security Investigator

4.  On 11/14/86, I met with Detective Sgt. John McMullen, who related the
following:

      a.  Beginning on or about 9/1/86, an unknown suspect or group of
suspects using the code name Pink Floyd repeatedly accessed the Unix and
Portia computer systems at Stanford University without authorization.

      b.  The suspects initially managed to decode the password of a computer
user called "Laurent" and used the account without the permission or knowledge
of the account holder.  The true account holder was given a new account
and a program was set up to print out all activity on the "Laurent" account.

       c & d.  Mentions the systems that were accessed illegally, the most
'dangerous' being Arpanet (geeeee).

       e.  Damage was estimated at $10,000 by Director of Stanford Computers.

       g.  On 1/13/87, the suspect(s) resumed regular break-ins to the
"Laurent" account, however traps and traces were initially unsuccessful in
identifying the suspect(s) because the suspect(s) dialed into the Stanford
Computer System via Sprint or MCI lines, which did not have immediate trap and
trace capabilities.

6.  On 2/19/87 I forwarded the details of my investigation and a request for
collateral investigation to the New York Field Office of The U.S. Secret
Service.  (The USSS [I could say something dumb about USSR here]).  SA Walter
Burns was assigned the investigation.

7.  SA Burns reported telephonically that comparison of the times at which
Stanford suffered break ins [aahhh, poor Stanford] with that of DNR's on
suspects in New York, Pennsylvania, Massachusetts, Maryland and California
showed a correlation.

8.  [Some stuff about Oryan QUEST engineering Cosmos numbers].

9.  On 4/2/87, I was telephoned again by Mr. Daugherty who reported that on
4/1/87, while checking a trouble signal on the above DNR's [on Oryan's lines],
he overheard a call between the central figure in the New York investigation
and [Oryan Quest's real name.]  Mr. Daughtery was able to identify and
distinguish between the three suspects because they addressed each other by
there first name.  During the conversation,  [Oryan Quest] acknowledged being
a member of L.O.D. (Legion Of Doom), a very private and exclusive group of
computer hackers.  [Oryan QUEST never was a member.]

10.  [Mr. Daughtery continued to listen while QUEST tried to engineer some
stuff.  Gee what a coincidence that a security investigator was investigating
a technical problem at the same time a conversation with 2 of the suspects was
happening, and perhaps he just COULDN'T disconnect and so had to listen in for
20 minutes or so.  What luck.]

11.  SA Burns reported that the suspects in New York regularly called the
suspects in California.

14.  From 4/30/87 to 6/15/87 DNR's were on both California suspects and were
monitored by me.

[The data from the DNR's was 'analyzed' and sent to Sprint, MCI, and ITT to
check on codes.  Damages claimed by the various LDX's were:

SPRINT   :  Oryan QUEST   : 3 codes for losses totaling $4,694.72
            Mark Of CA    : 2 codes for losses totaling $1,912.57

ITT      :  Mark Of CA    : 4 codes for losses totaling $639

MCI      :  Mark Of CA    : 1 code for losses totaling $1,813.62

And the winner is....Oryan QUEST at $4,694.72 against Mark with $4,365.19.]

20.  Through my training and investigation I have learned that people who
break into computers ("hackers") and people who fraudulently obtain
telecommunications services ("freakers") are a highly sophisticated and close
knit group.  They routinely communicate with each other directly or through
electronic bulletin boards.

     [Note:  When a Phrack reporter called Lewis Jackson and asked why after
his no doubt extensive training he didn't spell "freakers" correctly with a
'ph' he reacted rather rudely.]

21.
22. [Jackson's in depth analysis of what hackers have ("Blue Boxes are
23.     normally made from pocket calculators...") and their behavior]
24.

26.  Through my training and investigations, I have learned that evidence
stored in computers, floppy disks, and speed dialers is very fragile and can
be destroyed in a matter of seconds by several methods including but not
limited to:  striking one or more keys on the computer keyboard to trigger a
preset computer program to delete information stored within, passing a strong
magnetic source in close proximity to a computer, throwing a light switch
designed to either trigger a preset program or cut power in order to delete
information stored in a computer or speed dialer or computer; or simply
delivering a sharp blow to the computer.  [Blunt blows don't cut it.]

27.  Because of the ease with which evidence stored in computers can be
destroyed or transferred, it is essential that search warrants be executed at
a time when the suspect is least likely to be physically operating the target
computer system and least likely to have access to methods of destroying or
transferring evidence stored within the system.  Because of the rapidity of
modern communications and the ability to destroy or transfer evidence remotely
by one computer to another, it is also essential that in cases involving
multiple suspects, all search warrants must be executed simultaneously.

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2014, Phrack Magazine.