(Also see issues 128 though 150 of Volume 10 for frequent references to the jolnet situation and other boards and sites closed down.) Date: Sat, 24 Feb 90 11:02:07 CST From: TELECOM Moderator [To]: telecom@eecs.nwu.edu Subject: TELECOM Digest Special: Wither Jolnet? BCC: Message-ID: <9002241102.ab02277@delta.eecs.nwu.edu> TELECOM Digest Sat, 24 Feb 90 11:00:00 CST Special: Wither Jolnet? Today's Topics: Moderator: Patrick Townson Fate of Jolnet (David Svoboda) What Happened To Jolnet? (David Tamkin) Ramifications of Jolnet's Trouble (Bill Kuykendall via David Tamkin) Re: The Purpose and Intent of the Legion of Doom (Thomas Narten) Re: The Purpose and Intent of the Legion of Doom (Milo S. Medin) ---------------------------------------------------------------------- Date: Fri, 23 Feb 90 10:04:49 CST From: David Svoboda Subject: Fate of Jolnet Reply-To: motcid!svoboda@uunet.uu.net Moderator said, at sometime or other: >[Moderator's Note: ... No further discussion here, please. >I have no desire to see eecs.nwu.edu wind up like the late Jolnet, >which it is doubtful will be back on line anytime soon. PT] What exactly happened to Jolnet? I have not been able to read any netnews for a while, so I may have missed it. Dave Svoboda, Motorola CID, RTSG, 1510 W Shure Dr., Arlington Heights, IL uucp => {uunet|mcdchd|gatech|att}!motcid!svoboda 60004 internet => motcid!svoboda@chg.mcd.mot.com Don't listen to me, I'm just a puppet of individuality. [Moderator's Note: What happened was the feds cracked down on Jolnet when they discovered cracker/phreak messages in the files there. They shut him down and seized all the equipment; quite rudely, I might add, based on David Tamkin's report which follows. David was on line at Jolnet when the feds raided the Andrews' home and pulled the plug. PT] ------------------------------ From: David Tamkin Subject: What Happened To Jolnet? Date: Thu, 22 Feb 90 10:44:45 CST Gordon Meyer wrote in TELECOM Digest, Volume 10, Issue 118: | Could someone post a summary of what "troubles" Jolnet has seen | because of this LoD/e991 flap? Was it closed down, and by what agency | and under what charges? From my understanding it merely acted as a | conduit of the information and closing it down would be akin to | shutting down CompuServe if somone sent a copy of WordPerfect to my | mail box. That is what the rest of us understand as well: that Rich Andrews (the system administrator of Jolnet) has not been charged, but that his equipment has been seized as evidence. Jolnet served as a news and mail feed for several downstream sites, including a junior college, so those have had to do without links to the rest of the net or had to find new feeds. I was logged into Jolnet on the afternoon of February 3, reading netnews with rn. The article selection prompt began to show "(Mail)" but I kept reading news, figuring that I'd check mail when I was done. I was starting to display a new article, and after its header I pressed the space bar to see the first page. Before any text of the article came through there was a system message that the box was coming down in two minutes and that we should log off immediately to prevent corruption of files; that was followed by the first page of the netnews article, the pager prompt, and NO CARRIER. So I have unread mail there as well as some personally important files; I'll probably never see either. Jolnet has a Lockport mailing address but an Orland Park telephone number, so it probably is in Homer Township of Will County. I have been under the impression that its location is the Andrews' home. Rich pretty much ran it alone, with some assistance from two of his sons. I'd been a user there since January 29, 1989, and I had met Rich once, that being June 10, 1989, at the home of another local public site administrator. Rich was always a person who stayed out of controversies; he got along just fine with people who were at each other's throats. Other site administrators I have known love to jump into the fray or to forment the trouble in the first place, so it's rather sadly ironic that it was a nice, easygoing fellow like Rich who got burned. It's hard to say that it was his very lack of interference that got him in trouble, since all the illegally disseminated information appears to have been spread via email. Jolnet's login lines have gone unanswered since February 3, 1990. There is a contact phone number in its map entry, but I have not tried it yet. It looks like a business number in form, and I have the feeling that it, too, would ring without answer now. The Andrews' home telephone number is unlisted, and I don't know it. It's probably the only line still operating at Jolnet's location. On Sunday, February 4, there started to be news about the 911 break-in with references to "a Lockport, Illinois, bulletin board system." When Jolnet had been down for several days I started to wonder whether there was a connection, since after all, Jolnet's mailing address was in Lockport. By that Thursday there was talk about it on Chinet (a public site on the Northwest Side of Chicago), stating that Jolnet had been closed by federal agents because of its involvement. Jolnet was an AKCSNet site, but only a handful of AKCS posts came from there, mostly from three or four of us. Few people posted to Usenet from there either, at least as far as I could see in the groups I read. (In fact, except for control messages from Rich, test messages, and chi.forsale and chi.wanted [Chicago area groups], I cannot remember the last time I saw a Usenet article from Jolnet that I didn't write.) A large part of its usage came from silent readers, from uucp connections, from people who were writing, compiling, and testing code, and from people playing games like nethack and yahtzee on line. I had the impression that a significant group of the gaming crowd were friends of the Andrews' boys, but I never really knew. Others PCP'ed to Jolnet (it was dialable from ILCHI) from across the country and there were a few accounts with addresses in other countries. In total, there were 5% of the users of whom I could say that I knew what they used Jolnet for. If someone had asked me whether kracking and phreaking information was being exchanged there, I'd have said, "Not that I know; maybe in email but certainly not in public postings." Now I'd have to change that to "So I heard after it shut down but not that I ever saw while it was still running." Jolnet was my net.home; I'm now reading TELECOM Digest on Point and netnews on Gagme. I've decided to write to Rich Andrews on paper and ask what is going on with his family and his legal situation, but I cannot guarantee when or whether he will respond. Bill Kuykendall (pronounced "Kirk'ndall"), administrator of The Point (point.UUCP, from which I am submitting this), put up a system news item about how Jolnet's problems will affect The Point. He's given me permission to send it to the Digest, but this submission is already getting very long, so I am sending it under separate cover. David W. Tamkin dattier@point.UUCP ...{ddsw1,obdient!vpnet}!point!dattier BIX: dattier GEnie: D.W.TAMKIN CIS: 73720,1570 (708) 518-6769 (312) 693-0591 P. O. Box 813 Rosemont, Illinois 60018-0813 Other point users may disagree. ------------------------------ From: David Tamkin Subject: Ramifications of Jolnet's Trouble Date: Thu, 22 Feb 90 11:11:07 CST Reply-To: point!wek@ddsw1.uucp The Point is a public access AKCS and UNIX site in Chicago, Illinois. On Wednesday, February 21, 1990, its administrator, Bill Kuykendall, posted the following as a system news item in the wake of the seizure of jolnet. With his permission I am submitting it to TELECOM Digest. Mr. Kuykendall requests copies of any responses. He is reachable at wek@point.UUCP or ddsw1!point!wek. ----------------- text of announcement follows --------------------- New Restrictions at The Point ----------------------------- By now you may already be aware that 'Jolnet', one of The Point's sister systems on Usenet, has been seized as evidence in a prosecution of one or more users of the system. As far as I know, no allegations of wrongdoing have been made against Rich Andrews, Jolnet's owner, at this time. Nevertheless, Rich is without his computer until the authorities see fit to give it back to him. They may of course, opt to press some charge against him as an accomplice to the crimes of the guy they're really after. There is no guarantee that Rich's life will return to normal any time in the near future. We all wish him the best, believing that he's done nothing wrong -- except perhaps in being too generous with his personal computing resources, and trusting that appreciative users would use his system for the purposes he offered it for. Today, there is no law or precedent which affords me, as owner and system administrator of The Point, the same legal rights that other common carriers have against prosecution should some other party (you) use my property (The Point) for illegal activities. That worries me. By comparison, AT&T cannot be held liable should someone use their phone lines to transmit military secrets to an enemy. Likewise, Acme Trucking is not vulnerable to drug trafficking charges should they pull a sealed trailer of cocaine to some destination unknowingly. Yet somehow, I am presumed to be cognizant of the contents of every public message, mailed message, and file upload that passes through this public access system. On a system this size, that may be nearly a gigabyte (1+ Billion characters!) of information a year. I fully intend to explore the legal questions raised here. In my opinion, the rights to free assembly and free speech would be threatened if the owners of public meeting places were charged with the responsibility of policing all conversations held in the hallways and lavatories of their facilities for references to illegal activities. Under such laws, all privately owned meeting places would be forced out of existence, and the right to meet and speak freely would vanish with them. The common sense of this reasoning has not yet been applied to electronic meeting places by the legislature. This issue must be forced, or electronic bulletin boards will cease to exist. In the meantime, I intend to continue to operate The Point, with as little risk to myself as possible. Therefore, I am implementing a few new policies: o No user will be allowed to post any message, public or private, until his name and address has been adequately verified. Most users in the metropolitan Chicago area have already been validated through the telephone number directory service provided by Illinois Bell. Those of you who received validation notices stating that your information had not been checked due to a lack of time on my part will now have to wait until I get time before being allowed to post. Out of state addresses cannot be validated in the manner above. I am considering a U.S. Mail registration scheme, but I am skeptical about the amount of additional work involved, and the potential ways to beat the system. The short term solution for users outside of the Chicago area is to find a system closer to home than The Point. o Some of the planned enhancements to The Point are simply not going to happen until the legal issues are resolved. There will be no shell access and no file upload/download facility for now. The philosophy behind these changes is simple. I cannot (and would not want to) censor the content of all users' messages on The Point. I can encourage self-censorship, and introduce another level of accountability by removing the anonymity of the author. Shell access and file transfer would afford other opportunities for abuse of the system, and I would prefer to put any time that might be spent policing users' directories toward obtaining common carrier status for The Point, and other systems like it. My apologies to all who feel inconvenienced by these policies, but under the circumstances, I think your complaints would be most effective if made to your state and federal legislators. Please do so! Thanks. Bill Kuykendall wek@point.UUCP -------------- end of text -------------------- Submitted to Telecom Digest by David W. Tamkin dattier@point.UUCP ...{ddsw1,obdient!vpnet}!point!dattier BIX: dattier GEnie: D.W.TAMKIN CIS: 73720,1570 (708) 518-6769 (312) 693-0591 P. O. Box 813 Rosemont, Illinois 60018-0813 All other point users disagree. ------------------------------ Subject: Re: The Purpose and Intent of the Legion of Doom Date: Fri, 23 Feb 90 07:12:51 EST From: Thomas Narten >Well, I had to speak up. There has been a lot of frothing (mostly by >people who believe everything that they read in the paper) about >Legion of Doom. >LOD was formed to bring together the best minds from the computer >underground - not to do any damage or for personal profit, but to >share experiences and discuss computing. The group has *always* >maintained the highest ethical standards of hacker (or "cracker," as >you prefer) ethics. [...etc,etc.] Give me a break. Let me get this straight: the LOD's high ethical standards include hiding behind a shield of anonymity? Next you'll equate "setting the record straight" with the high ethical standards of the whistle blowers at Morton Thiokel (who risked their careers by taking a public stand). Thomas Narten PS to Moderator: Anonymous postings are a waste of everybody's time. If they want to tell their side of the story, let them accept full responsibility for it. [Moderator's Note: Indeed, I have very mixed reactions to anonymous postings. Most of them are tossed out. Now and then (as with LoD) I use them, but with reservations. PT] ------------------------------ From: "Milo S. Medin" Subject: Re: The Purpose and Intent of the Legion of Doom Date: 24 Feb 90 07:29:45 GMT Reply-To: "Milo S. Medin" Organization: NASA Science Internet Project Office Funny, if you guys are not out to do damage or mischief, and always maintain the highest professional standards, then why do the PHRACK newsletters and email we confiscated on a compromised system indicate so much childish nonsense and information on how to crack computers in many phone companies and various bad things like building explosive devices and other wholesome youthful activities? What about crazy parties at conferences that included drug use and a blatent disregard for the law? Or maybe the information that came from a BBS system that was run by LOD members wasn't representative of the great things your organization strives for? Doesn't strike me as being very cool. Thanks, Milo ------------------------------ End of TELECOM Digest Special: Wither Jolnet? ******************************  Date: Sat, 3 Mar 90 20:46:44 CST From: TELECOM Moderator To: telecom@eecs.nwu.edu Subject: TELECOM Digest Special: Jolnet, Again Message-ID: <9003032046.aa06875@delta.eecs.nwu.edu> TELECOM Digest Sat, 3 Mar 90 20:45:00 CST Special: Jolnet, Again Today's Topics: Moderator: Patrick Townson Re: AT&T Sourcecode: Poison! (Chip Rosenthal) Jolnet Seizure (Mike Riddle) Article Regarding JOLNET/e911/LoD/Phrack (Ben Rooney) A Conversation With Rich Andrews (TELECOM Moderator) Killer/attctc Permanently Down (Charlie Boykin) ---------------------------------------------------------------------- From: Chip Rosenthal Subject: Re: AT&T Sourcecode: Poison! Date: 3 Mar 90 00:00:00 GMT Organization: Unicom Systems Development, Austin (yay!) [Moderator's Note: Original date of 2/25 changed to prevent premature expiration. PT] You've got a lot of nerve, Patrick. telecom@eecs.nwu.edu (TELECOM Moderator) writes: >We're told by a deep-throat type that AT&T is on the war path about >their software [...] Like jolnet, netsys went down abruptly, with >*everything* confiscated [...] Now comes news that attcdc [sic], formerly >known as killer went off line in a hurry..... Yessir, after all your complaints about that about anonymous Legion of Doom message, this is a really crummy thing to post. Based upon unattributed conversations, you imply that Len Rose and Charlie Boykin were involved in wrongdoing which lead to the shutdown of their systems. I don't know Len personally, but have had uucp connections with him in the past. Charlie, on the other hand, I do know personally. He is very well regarded in the Dallas/Fort Worth area, and was voted "1989 DFW Administrator of the Year" by the DFW lunch-bunch...errr....DFW Association of Unix System Administrators. You have cast some crummy aspersions towards these guys. Since I know them, I will wait for the facts to come in. Others who don't know them could very well jump to conclusions on the basis of this posting. Was this message really called for? Chip Rosenthal | Yes, you're a happy man and you're chip@chinacat.Lonestar.ORG | a lucky man, but are you a smart Unicom Systems Development, 512-482-8260 | man? -David Bromberg ------------------------------ Date: Wed, 28 Feb 90 21:38:39 EST From: Mike Riddle Subject: Jolnet Seizure Reply-to: Mike.Riddle@p6.f666.n285.z1.fidonet.org Organization: DRBBS Technical BBS, Omaha, Ne. 402-896-3537 Has anyone tried a novel legal approach to the case of equipment seizure as "evidence"? As I remember the Electronic Communications Privacy Act, it contains specific procedures for authorities to obtain copies/listings of data on a system (which system may have been used for illegal purposes, but whose operator is not at the moment charged). From this I think a creative attorney could construct an argument that the national policy was not to seize equipment, merely to obtain all the information contained therein. After all, it's the data that caused any harm. Also, the Federal Rules of Evidence, and most state rules, provide that computer generated copies are "originals" for evidentiary purposes. I hope that someone close enough to the scene can keep us informed about what is happening on this one. {standard disclaimer goes here--don't pay any attention to me!} --- Ybbat (DRBBS) 8.9 v. 3.07 r.1 * Origin: [1:285/666.6@fidonet] The Inns of Court, Papillion, NE (285/666.6) --- Through FidoNet gateway node 1:16/390 Mike.Riddle@p6.f666.n5010.z1.fidonet.org ------------------------------ From: brooney@sirius.uvic.ca Date: 3 Mar 90 2:36 -0800 Subject: Article Regarding JOLNET/e911/LoD/Phrack The following is an article I received five days ago which contains, to my knowledge, information as yet unpublished in comp.dcom.telecom regarding the ongoing JOLNET/e911/LoD discussion. It was printed in a weekly magazine with a publishing date of Feb. 27 but other than that I have no exact idea of when the events mentioned herein took place. - Ben Rooney MISSOURI STUDENT PLEADS INNOCENT IN 911 SYSTEM INTRUSION CASE Craig Neidorf, a 19-year-old University of Missouri student, has pleaded not guilty to federal allegations that he invaded the 911 emergency phone network for 9 states. As reported earlier, he was indicted this month along with Robert J. Riggs, 20, of Decatur, Ga. Both are charged with interstate transportation of stolen property, wire fraud, and violations of the federal Computer Fraud and Abuse Act of 1986. Prosecutors contend the two used computers to enter the 911 system of Atlanta's Bell South, then copied the program that controls and maintains the system. The stolen material later allegedly was published on a computer bulletin board system operating in the Chicago suburb of Lockport. Authorities contend Neidorf edited the data for an electronic publication known as "Phrack." According to Associated Press writer Sarah Nordgren, in a recent hearing on the case Assistant U.S. Attorney William Cook was granted a motion to prevent the 911 program from becoming part of the public record during the trial. U.S. District Judge Nicholas Bua set April 16 for a trial. The 911 system in question controls emergency calls to police, fire, ambulance and emergency services in cities in Alabama, Mississippi, Georgia, Tennessee, Kentucky, Louisiana, North Carolina, South Carolina and Florida. --------------------------------------- Article from "A Networker's Journal" by Charles Bowen. Info-Mat Magazine (Vol. 6, No. 2) [Moderator's Note: {Info-Mat Magazine}, by the way, is the excellent electronic journal distributed on many BBS machines throughout the United States who are fortunate enough to be accepted as part of the magazine's distribution network. I personally wish it was distributed on Usenet as well: it is well written and very informative. PT] ------------------------------ Date: Sat, 3 Mar 90 19:34:54 CST From: TELECOM Moderator Subject: A Conversation With Rich Andrews After the first articles appeared here relating to the seizure of Jolnet, and the indictment of some people for their part in the theft of '911 software', I got various messages from other folks in response. Some were published, while others were just personal correspondence to me. One from Chip Rosenthal was held over, and is included in this special issue today. One writer, whose comments were attributed to 'Deep Throat' spent some time on two occassions on the phone, in a conference call between himself, David Tamkin and myself. What was lacking in the several messages which appeared over the past week were comments from Rich Andrews, system administrator of Jolnet. I got one note from someone in Canada who said Andrews wanted to speak with me, and giving a phone number where I could call Andrews at his place of employment. I put in a call there, with David Tamkin on the other line and had a long discussion with Andrews, who was aware of David being on the line with me. I asked Andrews if he had any sort of net access available to him at all -- even a terminal and modem, plus an account on some site which could forward his mail to telecom. You see, I thought, and still think it is extremely important to include Rich Andrews in any discussion here. He assured me he did have an account on a Chicago area machine, and that a reply would be forthcoming within hours. I had a second conversation with him the next morning, but without David on the line. He again told me he would have a response to the several articles written in the Digest ready and in the email 'very soon'. This was on Wednesday morning, and we estimated his message would be here sometime later in the day -- certainly by midnight or so, when I am typically working up an issue of the Digest. Midnight came and went with no message. None showed up Thursday or Friday. I deliberatly withheld saying anything further in the hopes his reply would be here to include at the same time. I guess at this point we have to go on without him. When David Tamkin and I talked to him the first time, on Tuesday evening this past week, the first thing Andrews said to us, after the usual opening greetings and chitchat was, "I've been cooperating with them for over a year now. I assume you know that." We asked him to define 'them'. His response was that 'them' was the United States Secret Service, and the Federal Bureau of Investigation. He said this without us even asking him if he was doing so. We asked him to tell us about the raid on his home early in February. He said the agents showed up that Saturday afternoon with a warrant, and took everything away as 'evidence' to be used in a criminal prosecution. ME> "If you have been working and cooperating with them for this long, why did they take your stuff?" RA> "They wanted to be sure it would be safe, and that nothing would be destroyed." ME> "But if you wanted to simply keep files safe, you could have taken Jolnet off line for a few weeks/months by unplugging the modems from the phone jacks, no? Then, plugged in a line when you wanted to call or have a trusted person call you." RA> "They thought it was better to take it all with them. It was mostly for appearance sake. They are not charging me with anything." ME> "Seems like a funny way to treat a cooperative citizen, at least one who is not in some deep mess himself." He admitted to us that several crackers had accounts on Jolnet, with his knowledge and consent, and that it was all part of the investigation going on ... the investigation he was cooperating in. Here is how he told the tale of the '911 software': The software showed up on his system one day, almost two years ago. It came to him from netsys, where Len Rose was the sysadmin. According to Andrews, when he saw this file, and realized what it was, he knew the thing to do was to 'get it to the proper authorities as soon as possible', so he chose to do that by transferring it to the machine then known as killer, a/k/a attctc, where Charlie Boykin was the sysadmin. Andrews said he sent it to Boykin with a request that Boykin pass it along to the proper people at AT&T. ME> "After you passed it along to Boykin, did you then destroy the file and get it off your site?" RA> "Well, no... I kept a copy also." ME> "Did Charlie Boykin pass it along to AT&T as you had requested?" RA> "I assume he did." But then, said Andrews, a funny thing happened several months later. The folks at AT&T, instead of being grateful for the return of their software came back to Andrews to (in his words) 'ask for it again.' Somehow, they either never got it the first time; got it but suspected there were still copies of it out; or were just plain confused. So he was contacted by the feds about a year ago, and it was at that point he decided it was in his best interest to cooperate with any investigation going on. Andrews pointed out that the '911 software' was really just ".... a small part of what this is all about..." He said there was other proprietary information going around that should not be circulating. He said also the feds were particularly concerned by the large number of break-ins on computers which had occurred in the past year or so. He said there have been literally "....thousands of attempts to break into sites in the past year....", and part of his cooperation with the authorities at this time dealt with information on that part of it. We asked him about killer/attctc: ME> "You knew of course that killer went off line very abruptly about a week ago. What caused that? It happened a week or so after the feds raided you that Saturday." RA> "Well the official reason given by AT&T was lack of funds, but you know how that goes...." Now you'd think, wouldn't you, that if it was a funding problem -- if you can imagine AT&T not having the loose change in its corporate pocket it took to provide electrical power and phone lines to attctc (Charlie got no salary for running it) -- that at least an orderly transition would have taken place; i.e. an announcement to the net; an opportunity to distribute new maps for mail and news distribution, etc; and some forthcoming shut down date -- let's say March 1, or April 1, or the end of the fiscal year, or something.... But oh, no... crash boom, one day it is up, the next day it is gone. ME> "What do you know about the temporary suspension of killer some time ago? What was that all about?" RA> "It was a security thing. AT&T Security was investigating Charlie and some of the users then." Andrews referred to the previous shutdown of killer as 'a real blunder by AT&T', but it is unclear to me why he feels that way. We concluded our conversation by Andrews noting that "there is a lot happening out there right now." He said the [Phrack] magazine distribution, via netsys, attctc and jolnet was under close review. "One way to get them (crackers) is by shutting down the sites they use to distribute stuff..." And now, dear reader, you know everything I know on the subject. Well, almost everything, anyway.... From other sources we know that Len Rose of netsys was in deep trouble with the law *before* this latest scandal. How deep? Like he was ready to leave the country and go to the other side of the world maybe? Like he was in his car driving on the expressway when they pulled him over, stopped the car and placed him under arrest? Deep enough? This latest thing simply compounded his legal problems. Patrick Townson ------------------------------ Date: Fri Mar 2 06:59:23 1990 From: Charlie Boykin Subject: Killer/attctc Is Permanently Down Hello, Regarding a couple of things as well as a message from Bill Huttig. The system WAS shut down a couple of years ago - for three weeks - as part of a security inquiry. It has been in continous operation since. On July 4, 1989, it was moved to a Customer Demonstration location at the Dallas Infomart and the node name changed to attctc (for AT&T Customer Technology Center). The system was closed down on February 20, 1990 after 5 years of operation. There are no charges pending and the "management" of the system have been ostensibly cleared of any illegal activities. As of now, there are no intentions of returning the system to service. There are hopeful plans and proposals that could conceivably result in the system being placed back in service in a different environment and under different management. Respectfully, Charles F. Boykin Formerly sysop\@attctc (killer) ------------------------------ End of TELECOM Digest Special: Jolnet, Again ******************************  (also see various references in issues 128 through 150 of volume 10 covering period late February through mid-March, 1990 for frequent references to the jolnet/attctc/netsys scandal, including a message from the Legion of Doom.)