[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]

..[ Phrack Magazine ]..
.:: PWN/Part03 ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #31 | Release date : 1990-05-28 | Editor : Crimson Death
Introduction to Phrack 31DH
Phrack Pro-Phile of Markus HessMarkus Hess & PHz
Hacking Rolm's CBXIIDH
TAMS & Telenet SecurityPhrack Accident
The history of The Legion Of Doomunknown
Cosmos OverviewEBA
Tymnet Security Memounknown
PWN/Part01Phrack Accident
PWN/Part02Phrack Accident
PWN/Part03Phrack Accident
Title : PWN/Part03
Author : Phrack Accident
                              ==Phrack Inc.==
               Volume Three, Issue Thirty-one, Phile #10 of 10
             PWN             Phrack World News               PWN
             PWN           Issue XXXI, Part Three            PWN
             PWN        Compiled by Phreak_Accident          PWN

     The following is excerpts from comp.dcom.telecom regard the now "Infamous"
Legion Of Doom busts.  I know most of you have seen some of these
somewhere-sometime, but I thought I would try to get these out for those
unfortunate souls that don't have Usenet access.
     I know there have been many controversies over the following material and
the busts as a whole -- Henceforth, Phrack Inc. will not comment on any of such
busts.  Mainly because we don't want to jeopardize any current investigations
concerning LOD and others.  Leave it alone.  It's old news.  Let this sum it up
for you guys and then forget about it.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Newsgroups: comp.dcom.telecom
Subject: CBS News Special Report - "The Busting of The Mentor"
Message-ID: <4747@accuvax.nwu.edu>
Date: 5 Mar 90 06:11:49 GMT
Sender: news@accuvax.nwu.edu
Organization: Capital Area Central Texas Unix Society, Austin, TX
Lines: 37
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 145, Message 6 of 6
...I've just gotten a new update on the Mentor's recent apprehension by
the Feds. Thought you might like to hear something as close to as direct
from the Mentor as possible under the circumstances.
   From: Daneel Olivaw #96 @5283
   Date: Sun Mar 04 19:55:28 1990
I'll have to play the Mentor for now (with permission granted).
If you haven't heard the rumors, here is the truth.
The Mentor was awakened at 6:30am on Thursday (3/1/90) with the gun of
a Secret Service agent pointed at his head.  The SS proceded to search
and seize for the next 4 1/2 hours.  Things taken include an AT with
80mb HD, HP LaserJet II, various documents, and other thing.  They
then proceded to raid his office at work, and sieze the computer and
laser printer there.  Lost in the shuffle was a complete novel (being
written and due in 2 weeks), and various other things.
Across town: Those of you who know Erik Bloodaxe, he was also
awakened, and his house searched.
Neither have been charged with anything, but they expect to at least
be called as witnesses at the case of the Phrack Boys (Knight
Lightning and Tarren King) in Chicago April 15.
Apparently, they did a shoddy job, as they tagged a book that Mentor
had borrowed from me (Quarterman's "The Matrix"), and then forgot to
take it, oh well....
It ain't lookin so lovely.  Also the UT computer systes are under
*VERY* close watch, as they were/are being hacked on by hackers around
the world, including some in Australia, and England.
From: cosell@bbn.com (Bernie Cosell)
Newsgroups: comp.dcom.telecom
Subject: Keeping Copies of Illegal Things (was Re: Jolnet, Again)
Message-ID: <4725@accuvax.nwu.edu>
Date: 4 Mar 90 04:36:50 GMT
Sender: news@accuvax.nwu.edu
Organization: TELECOM Digest
Lines: 52
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 143, Message 3 of 8
}TELECOM Digest     Sat, 3 Mar 90 20:45:00 CST    Special: Jolnet, Again
This isn't misc.legal, and this isn't the time to be excessively picky
and critical, but:
}Here is how he told the tale of the '911 software':
}The software showed up on his system one day, almost two years ago. It
}came to him from netsys, where Len Rose was the sysadmin. According to
}Andrews, when he saw this file, and realized what it was, he knew the
}thing to do was to 'get it to the proper authorities as soon as
}ME> "After you passed it along to Boykin, did you then destroy the
}file and get it off your site?"
}RA> "Well, no... I kept a copy also."
It strikes me that this is a KEY faux pas, regardless of good
intentions or not.
}But then, said Andrews, a funny thing happened several months later.
}The folks at AT&T, instead of being grateful for the return of their
}software came back to Andrews to (in his words) 'ask for it again.'
}Somehow, they either never got it the first time; got it but suspected
}there were still copies of it out; or were just plain confused.
Just so, and if RA *supplied* another copy, I suspect they'd interpret
that as pretty convincing evidence that it WAS further distributed,
and with RA's knowledge.  I know that they didn't actually contact him
and ask/tell him to expunge all copies of the stuff, but his actions
clearly demonstrated his knowledge of just what it was he was messing
with, and I think they could easily show that he incurred an
obligation to act prudently with it, or else [just guessing now] he
could be liable to being an accessory after the fact.
}So he was contacted by the feds about a year ago, and it was at that
}point he decided it was in his best interest to cooperate with any
}investigation going on.
Perhaps his sudden cooperation was less out of pangs of conscience
that it might have appeared...  [not to besmirch his motives here,
only to point out that a call from the FBI pointing out that while you
may not have really DONE anything, your actions _could_ end up landing
you in court with some serious potential badness going down (and none
of this untested cheesiness about the the technicalities of bbs's and
such...  nice mainstream legal liability), could be pretty persuasive
at converting a concerned, but out-of-the-loop, citizen into an active
From: dattier@chinet.chi.il.us (David Tamkin)
Newsgroups: comp.dcom.telecom
Subject: Seizures Spreading
Message-ID: <4724@accuvax.nwu.edu>
Date: 4 Mar 90 05:55:20 GMT
Sender: news@accuvax.nwu.edu
Organization: TELECOM Digest
Lines: 15
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 143, Message 2 of 8
News is that Illuminati BBS, a system run by a company named Steve
Jackson Games somewhere in Texas, was also shut down and its equipment
seized by the federal government because two suspected Legion of Doom
members were among its users.
[Moderator's Note: And I suspect the raids will continue during the
next week or two. I wonder which sites will be next?  Each place they
raid, the local crackers point their fingers at each other like
naughty children, and to make themselves seem like the good guys they
say, "Have you talked to so-and-so yet?". Let's see now: netsys,
jolnet, attctc, illuminati, (your name here?)... Apparently even
getting rid of incriminating evidence won't work any longer, if
someone upstream of you tattled.  PT]
From: mosley@peyote.cactus.org (Bob Mosley III)
Newsgroups: comp.dcom.telecom
Subject: Austin, TX BBS Shut Down From Joinet Bust Fallout
Message-ID: <4723@accuvax.nwu.edu>
Date: 4 Mar 90 17:22:26 GMT
Sender: news@accuvax.nwu.edu
Organization: Capital Area Central Texas Unix Society, Austin, TX
Lines: 28
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 143, Message 1 of 8
This hit most BBS's in the Austin area on Thursday. It's believed
the bust came down Wednesday morning. In a nutshell, here's what
Wednesday morning, Feb. 28, the offices of Steve Jackson Games, inc.,
were raided by FBI and Secret Service officials. The establishment was
shit down, and all computer systems, including the Illuminati BBS,
were confiscated.
At that time, a 'retired' member of the LoD, who was identified as
'The Mentor' was arrested. The charges reportedly are related to the
recent 911 bust that has shut down joinet and attatc (or whatever
Killerused to be called). His home system was confiscated, complete
with an entire collection of "Phrack" issues and related paraphanalia.
As of this writing, the Mentor is reportedly out on bail, sans system
and network connection. The Illuminati BBS is still down, although SJ
Games is back in operation, and no charges have been filed against any
of the employees other than The Mentor. The systems owned by SJ Games
have not been returned as of this writing.
Finally, rumors were trickling in early this morning (Saturday, 3/4)
that two BBS's in Dallas, three in Houston, and one in San Antonio
were busted by the same authorites in relation to the same case.
[in light of the Mentor's posted defense of the LoD, I kinda thought
you'd like to see this one! - OM]
From: telecom@eecs.nwu.edu (TELECOM Moderator)
Newsgroups: comp.dcom.telecom
Subject: Jolnet, Again
Message-ID: <4701@accuvax.nwu.edu>
Date: 4 Mar 90 02:45:00 GMT
Sender: news@accuvax.nwu.edu
Organization: TELECOM Digest
Lines: 350
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Special: Jolnet, Again
TELECOM Digest     Sat, 3 Mar 90 20:45:00 CST    Special: Jolnet, Again
Today's Topics:                             Moderator: Patrick Townson
    Re: AT&T Sourcecode: Poison! (Chip Rosenthal)
    Jolnet Seizure (Mike Riddle)
    Article Regarding JOLNET/e911/LoD/Phrack (Ben Rooney)
    A Conversation With Rich Andrews (TELECOM Moderator)
    Killer/attctc Permanently Down (Charlie Boykin)
From: Chip Rosenthal <chip@chinacat.lonestar.org>
Subject: Re: AT&T Sourcecode: Poison!
Date: 3 Mar 90 00:00:00 GMT
Organization: Unicom Systems Development, Austin (yay!)
[Moderator's Note: Original date of 2/25 changed to prevent premature
expiration.  PT]
You've got a lot of nerve, Patrick.
telecom@eecs.nwu.edu (TELECOM Moderator) writes:
>We're told by a deep-throat type that AT&T is on the war path about
>their software [...] Like jolnet, netsys went down abruptly, with
>*everything* confiscated [...] Now comes news that attcdc [sic], formerly
>known as killer went off line in a hurry.....
Yessir, after all your complaints about that about anonymous Legion of
Doom message, this is a really crummy thing to post.  Based upon
unattributed conversations, you imply that Len Rose and Charlie Boykin
were involved in wrongdoing which lead to the shutdown of their
I don't know Len personally, but have had uucp connections with him in
the past.  Charlie, on the other hand, I do know personally.  He is
very well regarded in the Dallas/Fort Worth area, and was voted "1989
DFW Administrator of the Year" by the DFW lunch-bunch...errr....DFW
Association of Unix System Administrators.
You have cast some crummy aspersions towards these guys.  Since I know
them, I will wait for the facts to come in.  Others who don't know
them could very well jump to conclusions on the basis of this posting.
Was this message really called for?
Chip Rosenthal                            |  Yes, you're a happy man and you're
chip@chinacat.Lonestar.ORG                |  a lucky man, but are you a smart
Unicom Systems Development, 512-482-8260  |  man?  -David Bromberg
Date: Wed, 28 Feb 90 21:38:39 EST
From: Mike Riddle <Mike.Riddle@p6.f666.n5010.z1.fidonet.org>
Subject: Jolnet Seizure
Reply-to: Mike.Riddle@p6.f666.n285.z1.fidonet.org
Organization: DRBBS Technical BBS, Omaha, Ne. 402-896-3537
Has anyone tried a novel legal approach to the case of equipment
seizure as "evidence"?  As I remember the Electronic Communications
Privacy Act, it contains specific procedures for authorities to obtain
copies/listings of data on a system (which system may have been used
for illegal purposes, but whose operator is not at the moment
charged).  From this I think a creative attorney could construct an
argument that the national policy was not to seize equipment, merely
to obtain all the information contained therein.  After all, it's the
data that caused any harm.
Also, the Federal Rules of Evidence, and most state rules, provide
that computer generated copies are "originals" for evidentiary
I hope that someone close enough to the scene can keep us informed
about what is happening on this one.
{standard disclaimer goes here--don't pay any attention to me!}
   --- Ybbat (DRBBS) 8.9 v. 3.07 r.1
  * Origin: [1:285/666.6@fidonet] The Inns of Court, Papillion, NE  (285/666.6)
   --- Through FidoNet gateway node 1:16/390
From: brooney@sirius.uvic.ca
Date:  3 Mar 90  2:36 -0800
Subject: Article Regarding JOLNET/e911/LoD/Phrack
The following is an article I received five days ago which contains, to my
knowledge, information as yet unpublished in comp.dcom.telecom regarding the
ongoing JOLNET/e911/LoD discussion.  It was printed in a weekly magazine
with a publishing date of Feb. 27 but other than that I have no exact idea
of when the events mentioned herein took place.
 - Ben Rooney
 [Knight Lightning], a 19-year-old University of Missouri student, has
pleaded not guilty to federal allegations that he invaded the 911
emergency phone network for 9 states.
 As reported earlier, he was indicted this month along with [The Prophet],
20, of Decatur, Ga.  Both are charged with interstate
transportation of stolen property, wire fraud, and violations of the
federal Computer Fraud and Abuse Act of 1986.
 Prosecutors contend the two used computers to enter the 911 system of
Atlanta's Bell South, then copied the program that controls and
maintains the system.  The stolen material later allegedly was
published on a computer bulletin board system operating in the Chicago
suburb of Lockport.  Authorities contend Neidorf edited the data for
an electronic publication known as "Phrack."
 According to Associated Press writer Sarah Nordgren, in a recent
hearing on the case Assistant U.S. Attorney William Cook was granted a
motion to prevent the 911 program from becoming part of the public
record during the trial.  U.S. District Judge Nicholas Bua set April
16 for a trial.
 The 911 system in question controls emergency calls to police, fire,
ambulance and emergency services in cities in Alabama, Mississippi,
Georgia, Tennessee, Kentucky, Louisiana, North Carolina, South
Carolina and Florida.
          Article from "A Networker's Journal" by Charles Bowen.
                    Info-Mat Magazine (Vol. 6, No. 2)
[Moderator's Note: {Info-Mat Magazine}, by the way, is the excellent
electronic journal distributed on many BBS machines throughout the
United States who are fortunate enough to be accepted as part of the
magazine's distribution network.  I personally wish it was distributed
on Usenet as well: it is well written and very informative.   PT]
Date: Sat, 3 Mar 90 19:34:54 CST
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: A Conversation With Rich Andrews
After the first articles appeared here relating to the seizure of
Jolnet, and the indictment of some people for their part in the theft
of '911 software', I got various messages from other folks in
response. Some were published, while others were just personal
correspondence to me. One from Chip Rosenthal was held over, and is
included in this special issue today.
One writer, whose comments were attributed to 'Deep Throat' spent some
time on two occassions on the phone, in a conference call between
himself, David Tamkin and myself.
What was lacking in the several messages which appeared over the past
week were comments from Rich Andrews, system administrator of Jolnet.
I got one note from someone in Canada who said Andrews wanted to speak
with me, and giving a phone number where I could call Andrews at his
place of employment.
I put in a call there, with David Tamkin on the other line and had a
long discussion with Andrews, who was aware of David being on the line
with me.  I asked Andrews if he had any sort of net access available
to him at all -- even a terminal and modem, plus an account on some
site which could forward his mail to telecom. You see, I thought, and
still think it is extremely important to include Rich Andrews in any
discussion here.
He assured me he did have an account on a Chicago area machine, and
that a reply would be forthcoming within hours. I had a second
conversation with him the next morning, but without David on the line.
He again told me he would have a response to the several articles
written in the Digest ready and in the email 'very soon'.  This was on
Wednesday morning, and we estimated his message would be here sometime
later in the day -- certainly by midnight or so, when I am typically
working up an issue of the Digest.
Midnight came and went with no message. None showed up Thursday or
Friday.  I deliberatly withheld saying anything further in the hopes
his reply would be here to include at the same time. I guess at this
point we have to go on without him.
When David Tamkin and I talked to him the first time, on Tuesday
evening this past week, the first thing Andrews said to us, after the
usual opening greetings and chitchat was,
 "I've been cooperating with them for over a year now. I assume you
know that."
We asked him to define 'them'.  His response was that 'them' was the
United States Secret Service, and the Federal Bureau of Investigation.
He said this without us even asking him if he was doing so.
We asked him to tell us about the raid on his home early in February.
He said the agents showed up that Saturday afternoon with a warrant,
and took everything away as 'evidence' to be used in a criminal
ME> "If you have been working and cooperating with them for this long,
why did they take your stuff?"
RA> "They wanted to be sure it would be safe, and that nothing would be
ME> "But if you wanted to simply keep files safe, you could have taken
Jolnet off line for a few weeks/months by unplugging the modems from
the phone jacks, no? Then, plugged in a line when you wanted to call
or have a trusted person call you."
RA> "They thought it was better to take it all with them. It was mostly
for appearance sake. They are not charging me with anything."
ME> "Seems like a funny way to treat a cooperative citizen, at least
one who is not in some deep mess himself."
He admitted to us that several crackers had accounts on Jolnet, with
his knowledge and consent, and that it was all part of the investigation
going on ... the investigation he was cooperating in.
Here is how he told the tale of the '911 software':
The software showed up on his system one day, almost two years ago. It
came to him from netsys, where Len Rose was the sysadmin. According to
Andrews, when he saw this file, and realized what it was, he knew the
thing to do was to 'get it to the proper authorities as soon as
possible', so he chose to do that by transferring it to the machine
then known as killer, a/k/a attctc, where Charlie Boykin was the
Andrews said he sent it to Boykin with a request that Boykin pass it
along to the proper people at AT&T.
ME> "After you passed it along to Boykin, did you then destroy the
file and get it off your site?"
RA> "Well, no... I kept a copy also."
ME> "Did Charlie Boykin pass it along to AT&T as you had requested?"
RA> "I assume he did."
But then, said Andrews, a funny thing happened several months later.
The folks at AT&T, instead of being grateful for the return of their
software came back to Andrews to (in his words) 'ask for it again.'
Somehow, they either never got it the first time; got it but suspected
there were still copies of it out; or were just plain confused.
So he was contacted by the feds about a year ago, and it was at that
point he decided it was in his best interest to cooperate with any
investigation going on.
Andrews pointed out that the '911 software' was really just ".... a
small part of what this is all about..."  He said there was other
proprietary information going around that should not be circulating.
He said also the feds were particularly concerned by the large number
of break-ins on computers which had occurred in the past year or so.
He said there have been literally "....thousands of attempts to break
into sites in the past year....", and part of his cooperation with the
authorities at this time dealt with information on that part of it.
We asked him about killer/attctc:
ME> "You knew of course that killer went off line very abruptly about
a week ago. What caused that? It happened a week or so after the feds
raided you that Saturday."
RA> "Well the official reason given by AT&T was lack of funds, but you
know how that goes...."
Now you'd think, wouldn't you, that if it was a funding problem -- if
you can imagine AT&T not having the loose change in its corporate
pocket it took to provide electrical power and phone lines to attctc
(Charlie got no salary for running it) -- that at least an orderly
transition would have taken place; i.e. an announcement to the net; an
opportunity to distribute new maps for mail and news distribution,
etc; and some forthcoming shut down date -- let's say March 1, or
April 1, or the end of the fiscal year, or something....
But oh, no...  crash boom, one day it is up, the next day it is gone.
ME> "What do you know about the temporary suspension of killer some
time ago? What was that all about?"
RA> "It was a security thing. AT&T Security was investigating Charlie
and some of the users then."
Andrews referred to the previous shutdown of killer as 'a real blunder
by AT&T', but it is unclear to me why he feels that way.
We concluded our conversation by Andrews noting that "there is a lot
happening out there right now."
He said the [Phrack] magazine distribution, via netsys, attctc and
jolnet was under close review. "One way to get them (crackers) is by
shutting down the sites they use to distribute stuff..."
And now, dear reader, you know everything I know on the subject. Well,
almost everything, anyway....
 From other sources we know that Len Rose of netsys was in deep
trouble with the law *before* this latest scandal.  How deep? Like he
was ready to leave the country and go to the other side of the world
maybe?  Like he was in his car driving on the expressway when they
pulled him over, stopped the car and placed him under arrest?  Deep
enough? This latest thing simply compounded his legal problems.
Patrick Townson
Date: Fri Mar  2 06:59:23 1990
From: Charlie Boykin <cfb@sulaco.sigma.com>
Subject: Killer/attctc Is Permanently Down
    Regarding a couple of things as well as a message from Bill Huttig.
    The system WAS shut down a couple of years ago - for three weeks -
as part of a security inquiry. It has been in continous operation
since. On July 4, 1989, it was moved to a Customer Demonstration
location at the Dallas Infomart and the node name changed to attctc
(for AT&T Customer Technology Center). The system was closed down on
February 20, 1990 after 5 years of operation. There are no charges
pending and the "management" of the system have been ostensibly
cleared of any illegal activities.
   As of now, there are no intentions of returning the system to
service.  There are hopeful plans and proposals that could conceivably
result in the system being placed back in service in a different
environment and under different management.
                                        Charles F. Boykin
                                        Formerly sysop\@attctc (killer)
End of TELECOM Digest Special: Jolnet, Again
[reprinted without permission from the Feb. 12th, 1990 issue of Telephony]
Dawn Bushaus, Assistant Editor
     Four alleged computer hackers were indicted last week on charges that they
schemed to steal and publish proprietary BellSouth Corp. emergency data.  The
alleged activity could have produced disruptions in 911 networks nationwide,
according to federal officials.
     The case could raise new concerns about the security of local exchange
carriers' internal computer networks, which house data records on customers,
equipment and operations.
     "Security has always been a concern for the telephone companies," said
Peter Bernstein, an analyst with Probe Research.  "If you can crack the 911
system, what does that say about the operational support system or the billing
     A federal grand jury in Chicago handed down two indictments charging
[The Prophet], 20, of Decatur, Ga., and [Knight Lightning], 19, of
Chesterfield, Mo., with wire fraud, violations of the 1986 Computer Fraud Act
and interstate transportation of stolen property.
     Facing similar criminal charges in Atlanta are [The Urvile], 22, and
[The Leftist], 23.
     The four, alleged to be part of a closely knit group of hackers calling
themselves the Legion of Doom, reportedly participated in a scheme to steal the
BellSouth 911 data, valued at $80,000, and publish it in a hacker magazine
known as "Phrack."
     The Legion of Doom reportedly is known for entering telephone companies'
central office switches to reroute calls, stealing computer data and giving
information about accessing computers to fellow hackers.
     According to the Chicago indictment, XXXXX, also known as "The Prophet,"
stole a copy of the BellSouth 911 program by using a computer outside the
company to tap into the BellSouth computer.  Riggs then allegedly transferred
the data to a computer bulletin board in Lockport, Ill.
     XXXXXXX, also known as "Knight Lightning," reportedly downloaded the
information into his computer at the University of Missouri, Columbia, where he
edited it for publication in the hacker magazine, the indictment said.
     The indictment also charges that the hackers disclosed the stolen
information about the operation of the enhanced 911 system to other hackers so
that they could illegally access the system and potentially disrupt or halt
other systems across the country.
     The indictments followed a year-long investigation, according to U.S.
Attorney Ira Raphaelson.  If convicted, the alleged hackers face 31 to 32 years
in prison and $122,000 in fines.
     A BellSouth spokesman said the company's security system discovered the
intrusion, which occurred about a year ago, and the company then notified
federal authorities.
     Hacker invasion in the BellSouth network is very rare, the spokesman said,
adding that the company favors "stringent laws on the matter."
     The indictment solicited concern about the vulnerability of the public
network to computer hacking.
From: MM02885@swtexas.bitnet
Newsgroups: comp.dcom.telecom
Subject: Re: Hacker Group Accused of Scheme Against BellSouth
Message-ID: <4153@accuvax.nwu.edu>
Date: 20 Feb 90 11:16:00 GMT
Sender: news@accuvax.nwu.edu
Organization: TELECOM Digest
Lines: 95
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 118, message 3 of 6
                            -< General Discussion >-
Note 155.6                 the MENTOR of the tree tops                  6 of 6
SWT::RR02026 "Ray Renteria [ F L A T L I N E ] "   89 lines  20-FEB-1990 00:18
                         -< Life, The Universe, & LOD >-
To set the record straight, a member of LOD who is a student in Austin
and who has had his computer account at UT subpoenaed by the DA out of
Chicago because of dealings with the above happenings:
My name is Chris, but to the computer world, I am Erik Bloodaxe.  I
have been a member of the group known as Legion of Doom since its
creation, and admittedly I have not been the most legitimate computer
user around, but when people start hinting at my supposed
Communist-backed actions, and say that I am involved in a world-wide
consipracy to destroy the nations computer and/or 911 network, I have
to speak up and hope that people will take what I have to say
Frank, Rob and Adam were all definately into really hairy systems.
They had basically total control of a packet-switched network owned by
Southern Bell (SBDN)...through this network they had access to every
computer Southern Bell owned...this ranging from COSMOS terminals up
to LMOS front ends.  Southern Bell had not been smart enough to
disallow connections from one public pad to another, thus allowing
anyone who desired to do so, the ability to connect to, and seize
information from anyone else who was using the network...thus they
ended up with accounts and passwords to a great deal of systems.
This was where the 911 system came into play.  I don't know if this
system actually controlled the whole Southern Bell 911 network, or if
it was just a site where the software was being developed, as I was
never on it.  In any case, one of the trio ended up pulling files off
of it for them to look at.  This is usually standard proceedure: you
get on a system, look around for interesting text, buffer it, and
maybe print it out for posterity.  No member of LOD has ever (to my
knowledge) broken into another system and used any information gained
from it for personal gain of any kind...with the exception of maybe a
big boost in his reputation around the underground.  Rob took the
documentation to the system and wrote a file about it.  There are
actually two files, one is an overview, the other is a glossary.  (Ray
has the issue of PHRACK that has the files) The information is hardly
something anyone could possibly gain anything from except knowledge
about how a certain aspect of the telephone company works.
The Legion of Doom used to publish an electronic magazine called the
LOD Technical Journal.  This publication was kind of abandoned due to
laziness on our part.  PHRACK was another publication of this sort,
sent to several hundred people over the Internet, and distributed
widely on bulletin boards around the US.  Rob sent the files to PHRACK
for the information to be read.  One of PHRACK's editors, Craig,
happened to be the one who received the files.  If Rob had sent the
files to one address higher, Randy would have been the one who would
probably be in trouble.  In anycase, Craig, although he may have
suspected, really had no way to know that the files were propriatary
information and were stolen from a Southern Bell computer.
The three Atlanta people were busted after having voice and data taps
on their lines for 6 months.  The Phrack people were not busted, only
questioned, and Craig was indicted later.
What I don't understand is why Rob and Craig are singled out more
often than any other people.  Both of them were on probation for other
incidents and will probably end up in jail due to probation violations
now.  Frank and Adam still don't know what is going on with their
cases, as of the last time I spoke with them.
The whole bust stemmed from another person being raided and rolling
over on the biggest names he could think of to lighten his burden.
Since that time, Mr. William Cook, the DA in Chicago, has made it his
life's goal to rid the world of the scourge of LOD.  The three Atlanta
busts, two more LOD busts in New York, and now, my Subpoena.
People just can't seem to grasp the fact that a group of 20 year old
kids just might know a little more than they do, and rather than make
good use of us, they would rather just lock us away and keep on
letting things pass by them.  I've said this before, you cant stop
burglars from robbing you when you leave the doors unlocked and merely
bash them in the head with baseball bats when they walk in.  You need
to lock the door.  But when you leave the doors open, but lock up the
people who can close them for you another burglar will just walk right
If anyone really wants to know anything about what is going on or just
wants to offer any opinions about all this directly to me, I'm
but my account is being monitored so don't ask anything too explicit.
Well, as some of you may already know, the people that put out Phrack were
busted recently.  Up until now, details were scarce, but things are starting to
appear in the news.
[reprinted without permission from the Milwaukee Journal Wed. Feb. 7th]
        Chicago, Ill. - AP - A computer hacker broke into the 911 emergency
telephone network covering nine states in the South and another intruder passed
on the access data to other hackers, authorities said.
        [The Prophet], 20, of Decatur, GA., and [Knight Lightning],
19, of Chesterfield, MO., were indicted Tuesday by
a federal grand jury and accused of computer crimes, said acting US Atty. Ira
H. Raphaelson.
        He said Riggs was a member of the so-called Legion of Doom hackers
group, whose members are involved in numerous illegal activities.
        Riggs and two other alleged members also were indicted in Atlanta and
charged in other computer break-ins.
        The government would not say if any emergency calls were disrupted or
whether other damage was done during the tampering.
Name: The Prophet #104
Date: Tue Feb 06 23:55:15 1990
Imagine that you're deaf, dumb, blind, and paralyzed from the neck down and
totally unable to experience or communicate with the outside world.  How long
could you retain your sanity?  How many of you would choose to die instead?
How many of you think you could muster the willpower to create your own little
mental world to live in for the rest of your life, and how long do you think
the hospital would wait before putting you out of your misery?
  -The Prophet
Name: The Mentor #1
Date: Sat Jan 20 02:58:54 1990
Welp, Phrack magazine is dead. Those of you who pay attention to BITNET know
that the phrack accounts at U of M have been shut down. The story is as
Government agents (not sure of the dept., probably SS) have apparently been
monitoring the e-mail of the Phrack kids (Knight Lightning & Taran King) for
some time now. Apparently, a portion of a file sent to them (and subsequently
published) contained copyrighted information. This is all they needed. They
have now seized the entire Phrack net mailing list (over 500 accounts), plust
every piece of information that Randy & Craig have (and they have a *LOT*) on
real names, addresses and phone numbers.
This is evolving directly out of the busts of three LOD members (Urvile,
Leftist & Prophet). The Prophet (who is on probation) is apparently being
threatened with a prison term if he doesn't cooperate. We don't know for sure
if he cooperated or not, but what would you do in the same position?
The same officials are apparently *VERY* interested in our co-sys, Mr.
Bloodaxe. His net account is being watched, etc. I'll let him tell the story.
board only. I will be adding a secure (and I mean fucking secure) encryption
routine into the e-mail in the next 2 weeks - I haven't decided exactly how to
implement it, but it'll let two people exchange mail encrypted by a password
only know to the two of them. Hmmmm... carry this conversation to the
programming board.
Anyway, I do not think I am due to be busted, but then again, I don't do
anything but run a board. Still, there is that possibility. I assume that my
lines are all tapped until proven otherwise.
There is some question to the wisdom of leaving the board up at all, but I hae
(have) personally phoned several government investigators and invited them to
join us here on the board. If I begin to feel that the board is putting me in
any kind of danger, I'll pull it down with no notice - I hope everyone
It looks like it's sweeps-time again for the feds. Let's hope all of us are
still around in 6 months to talk about it.
The Mentor
Legion of Doom!
[Phoenix Project has been down for some time now.]
Newsgroups: comp.dcom.telecom
Subject: The Purpose and Intent of the Legion of Doom
Message-ID: <4248@accuvax.nwu.edu>
From: anytown!legion@cs.utexas.edu (Legion of Doom)
Date: 22 Feb 90 04:42:04 GMT
Sender: news@accuvax.nwu.edu
Organization: Anytown USA
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 121, message 4 of 5
Lines: 51
[Moderator's Note: This anonymous message came in the mail today.  PT]
Well, I had to speak up. There has been a lot of frothing (mostly by
people who believe everything that they read in the paper) about
Legion of Doom. I have been involved in the group since 1987, and
dislike seeing irresponsible press concerning our "plot to crash 911"
or our "links to organized crime."
LOD was formed to bring together the best minds from the computer
underground - not to do any damage or for personal profit, but to
share experiences and discuss computing. The group has *always*
maintained the highest ethical standards of hacker (or "cracker," as
you prefer) ethics.  On many occasions, we have acted to prevent abuse
of systems that were *dangerous* to be out - from government systems
to Easter Seals systems.  I have known the people involved in this 911
case for many years, and there was *absolutely* no intent to interfere
with or molest the 911 system in any manner. While we have
occasionally entered a computer that we weren't supposed to be in, it
is grounds for expulsion from the group and social ostracism to do any
damage to a system or to attempt to commit fraud for personal profit.
The biggest crime that has been committed is that of curiosity. Kim,
your 911 system is safe (from us, at least). We have been instrumental
in closing many security holes in the past, and had hoped to continue
to do so in the future. The list of computer security people who count
us as allies is long, but must remain anonymous. If any of them choose
to identify themselves, we would appreciate the support.
I am among the people who no longer count themselves as "active"
members of the group. I have been "retired" for well over a year. But
I continue to talk to active members daily, and support the group
through this network feed, which is mail-routed to other LODers, both
active and accessible.
Anyone who has any questions is welcome to mail us - you'll find us
friendly, although a bit wary. We will also be glad to talk voice with
anyone if they wish to arrange a time to call.  In spite of all the
media garbage, we consider ourselves an ethical, positive force in
computing and computer security. We hope others will as well.
The Mentor/Legion of Doom
[Moderator's Note: As an 'ethical, positive force in computing', why
can't you sign your name to messages such as the above?  Usually I
don't even consider anonymous messages for publication in the Digest;
but your organization has a perfect right to tell your side of the
story, and I am derelict if I don't print it. Real names and
addresses go a long way toward closing credibility gaps here.  PT]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     There you go.  It's over now, forget it and move on.  Nothing more to
report on the subject that hasn't been printed, typed, spoken, or heard in the
last couple of months.

Phrack 31 -  .end

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.