Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site mit-eddie.UUCP Path: utzoo!linus!decvax!genrad!mit-eddie!bcn From: bcn@mit-eddie.UUCP (Clifford Neuman) Newsgroups: net.legal Subject: Intruder roundup Message-ID: <973@mit-eddie.UUCP> Date: Mon, 28-Nov-83 23:53:00 EST Article-I.D.: mit-eddi.973 Posted: Mon Nov 28 23:53:00 1983 Date-Received: Wed, 30-Nov-83 02:16:01 EST Organization: MIT, Cambridge, MA Lines: 39 Date: 31 Oct 1983 11:02:45 PST From: guy @ UCLA-LOCUS Subject: Re: HACKER ROUNDUP - WITNESSES NEEDED In-reply-to: Your message of 31 October 1983 10:29 EST. Text: I just got off the phone with ..........., the deputy DA prosecuting the case. He says that since we have talked with all the folks we expect to be using, there's no problem in telling all the site administrators what's been going on. If any new evidence/sites turn up, we're interested, but it is doubtful that it would be used in this particular case. Note especially that we're only filing charges against one of the two guys, and if more info turns up on the second, that would be VERY useful. The two key first names are 'ron' and 'kev', short for Ronald and Kevin. These guys have a habit of changing their UNIX 'full name' to at least be their first name, if not their last name as well. (they have been known to use a fictitious surname on-line.) We're filing against Ronald, initially. They were active at UCLA from August 1 through Sep 22, when they were served search warrants, and their toys confiscated. One had a Commodore, the other a TRS color computer. Both had cassettes, neither had floppys or printers. Both had 300-baud modems. Both had UNIX manuals--one had a two volume set from Bell system III; the other had the Yates book. One had also purchased UCLA CSDept documents on using UNIX. We know that a third person was involved, and that accesses to UCLA continued briefly even after the equipment was confiscated. Other sites have also noticed that some activity is still occurring. richard ps I suspect that this note, with excerpts from the others, are what you want to publish to the liasons/administrators. Also note, that due to the wonder of transparent gateways, ANY host accessible directly by ftp/telnet is a potential victim. Not to mention anyone with a dial-in. Our bandits used (fraudently) both MCI-type long-distance dialing codes, as well as dial-out facilities from various penetrated systems.