Hacker view of the "Legion of Doom" sentencing in Atlanta

Date: Fri, 30 Nov 90 01:00:21 pst
From: emman...@well.UUCP (Emmanuel Goldstein)
Subject: Hacker view of the "Legion of Doom" sentencing in Atlanta

The following is from the forthcoming Autumn 1990 edition of 2600, The Hacker
Quarterly. We would appreciate it being distributed to as many interested
people as possible. We consider this to be a very major and very frightening
issue. If there are any questions or comments, we can be reached at
2...@well.sf.ca.us or (516) 751-2600.

Emmanuel Goldstein, Editor, 2600 Magazine

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Over the past year there has been a great deal of publicity concerning the
actions of computer hackers. Since we began publishing in 1984 we've pointed
out cases of hackers being unfairly prosecuted and victimized. We wish we could
say things were getting better but we cannot. Events of recent months have made
it painfully clear that the authorities, above all else, want to "send a
message". That message of course being that hacking is not good. And there
seems to be no limit as to how far they will go to send that message.

And so we come to the latest chapter in this saga: the sentencing of three
hackers in Atlanta, Georgia on November 16. The three, Robert Riggs (The
Prophet), Frank Darden, Jr. (The Leftist), and Adam Grant (The Urville) were
members of the Legion of Doom, one of the country's leading hacker "groups".
Members of LOD were spread all over the world but there was no real
organization, just a desire to learn and share information. Hardly a gang of
terrorists, as the authorities set out to prove.

The three Atlanta hackers had pleaded guilty to various charges of hacking,
particularly concerning SBDN (the Southern Bell Data Network, operated by
BellSouth). Supposedly Riggs had accessed SBDN and sent the now famous 911
document to Craig Neidorf for publication in PHRACK. Earlier this year,
BellSouth valued the document at nearly $80,000. However, during Neidorf's
trial, it was revealed that the document was really worth $13. That was enough
to convince the government to drop the case.

But Riggs, Darden, and Grant had already pleaded guilty to accessing
BellSouth's computer. Even though the facts in the Neidorf case showed the
world how absurd BellSouth's accusations were, the "Atlanta Three" were
sentenced as if every word had been true. Which explains why each of them
received substantial prison time, 21 months for Riggs, 14 months for the
others. We're told they could have gotten even more.

This kind of a sentence sends a message all right. The message is that the
legal system has no idea how to handle computer hacking. Here we have a
case where some curious people logged into a phone company's computer
system. No cases of damage to the system were ever attributed to them. They
shared information which we now know was practically worthless. And they
never profited in any way, except to gain knowledge. Yet they are being
treated as if they were guilty of rape or manslaughter. Why is this?

In addition to going to prison, the three must pay $233,000 in restitution.
Again, it's a complete mystery as to how this staggering figure was arrived at.
BellSouth claimed that approximate figure in "stolen logins/passwords" which we
have a great deal of trouble understanding. Nobody can tell us exactly what
that means. And there's more. BellSouth claims to have spent $1.5 million
tracking down these individuals. That's right, one and a half million dollars
for the phone company to trace three people! And then they had to go and spend
$3 million in additional security. Perhaps if they had sprung for security in
the first place, this would never have happened.  But, of course, then they
would have never gotten to send the message to all the hackers and potential
hackers out there.

We think it's time concerned people sent a message of their own. Three young
people are going to prison because a large company left its doors wide open and
doesn't want to take any responsibility. That in itself is a criminal act.

We've always believed that if people cause damage or create a nuisance, they
should pay the price. In fact, the LOD believed this too. So do most hackers.
And so does the legal system. By blowing things way out of proportion because
computers were involved, the government is telling us they really don't know
what's going on or how to handle it. And that is a scary situation.

If the media had been on top of this story and had been able to grasp its
meaning, things might have been very different indeed. And if BellSouth's gross
exaggerations had been taken into account at the sentencing, this injustice
couldn't have occurred. Consider this: if Riggs' sentence were as much of an
exaggeration as BellSouth's stated value of their $13 document, he would be
able to serve it in full in just over two hours. And the $233,000 in
restitution would be under $40. So how much damage are we really talking about?
Don't look to BellSouth for answers.

In early 1991, the three are to begin their sentences. Before that happens, we
need to reach as many people as possible with this message. We don't know if it
will make a difference in this particular case if the general public,
government officials, and the media hear this side of the story.  But we do
know it would be criminal not to try.