Article 6744 of comp.dcom.telecom: Path: sci.ccny.cuny.edu!unmvax!uakari.primate.wisc.edu!samsung!cs.utexas.edu! tut.cis.ohio-state.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: tele...@eecs.nwu.edu (TELECOM Moderator) Newsgroups: comp.dcom.telecom Subject: The Jolnet Scandal Message-ID: <4...@accuvax.nwu.edu> Date: 2 Mar 90 06:57:03 GMT Sender: n...@accuvax.nwu.edu Organization: TELECOM Digest Lines: 16 Approved: Tele...@eecs.nwu.edu X-Submissions-To: tele...@eecs.nwu.edu X-Administrivia-To: telecom-requ...@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 137, Message 11 of 11 I had planned on putting an article in the Digest today based on the recent interview with Mr. Andrews... But, I had a long conversation with him on the phone Thursday, and he said he did have net access, so he sent a lengthy article of his own, telling his side of the affair. I want to wait and add my remarks (if they are not redundant to his) at the same time. I told him if his article showed up here anytime before about midnight I would manage to get it in on Friday... it still is not here as of 1:45 AM. Maybe it will arrive in time for tomorrow..... and if not, then I will print my article anyway, with or without his. Patrick Townson
Date: Sat, 3 Mar 90 19:34:54 CST From: TELECOM Moderator <tele...@eecs.nwu.edu> Subject: A Conversation With Rich Andrews After the first articles appeared here relating to the seizure of Jolnet, and the indictment of some people for their part in the theft of '911 software', I got various messages from other folks in response. Some were published, while others were just personal correspondence to me. One from Chip Rosenthal was held over, and is included in this special issue today. One writer, whose comments were attributed to 'Deep Throat' spent some time on two occassions on the phone, in a conference call between himself, David Tamkin and myself. What was lacking in the several messages which appeared over the past week were comments from Rich Andrews, system administrator of Jolnet. I got one note from someone in Canada who said Andrews wanted to speak with me, and giving a phone number where I could call Andrews at his place of employment. I put in a call there, with David Tamkin on the other line and had a long discussion with Andrews, who was aware of David being on the line with me. I asked Andrews if he had any sort of net access available to him at all -- even a terminal and modem, plus an account on some site which could forward his mail to telecom. You see, I thought, and still think it is extremely important to include Rich Andrews in any discussion here. He assured me he did have an account on a Chicago area machine, and that a reply would be forthcoming within hours. I had a second conversation with him the next morning, but without David on the line. He again told me he would have a response to the several articles written in the Digest ready and in the email 'very soon'. This was on Wednesday morning, and we estimated his message would be here sometime later in the day -- certainly by midnight or so, when I am typically working up an issue of the Digest. Midnight came and went with no message. None showed up Thursday or Friday. I deliberatly withheld saying anything further in the hopes his reply would be here to include at the same time. I guess at this point we have to go on without him. When David Tamkin and I talked to him the first time, on Tuesday evening this past week, the first thing Andrews said to us, after the usual opening greetings and chitchat was, "I've been cooperating with them for over a year now. I assume you know that." We asked him to define 'them'. His response was that 'them' was the United States Secret Service, and the Federal Bureau of Investigation. He said this without us even asking him if he was doing so. We asked him to tell us about the raid on his home early in February. He said the agents showed up that Saturday afternoon with a warrant, and took everything away as 'evidence' to be used in a criminal prosecution. ME> "If you have been working and cooperating with them for this long, why did they take your stuff?" RA> "They wanted to be sure it would be safe, and that nothing would be destroyed." ME> "But if you wanted to simply keep files safe, you could have taken Jolnet off line for a few weeks/months by unplugging the modems from the phone jacks, no? Then, plugged in a line when you wanted to call or have a trusted person call you." RA> "They thought it was better to take it all with them. It was mostly for appearance sake. They are not charging me with anything." ME> "Seems like a funny way to treat a cooperative citizen, at least one who is not in some deep mess himself." He admitted to us that several crackers had accounts on Jolnet, with his knowledge and consent, and that it was all part of the investigation going on ... the investigation he was cooperating in. Here is how he told the tale of the '911 software': The software showed up on his system one day, almost two years ago. It came to him from netsys, where Len Rose was the sysadmin. According to Andrews, when he saw this file, and realized what it was, he knew the thing to do was to 'get it to the proper authorities as soon as possible', so he chose to do that by transferring it to the machine then known as killer, a/k/a attctc, where Charlie Boykin was the sysadmin. Andrews said he sent it to Boykin with a request that Boykin pass it along to the proper people at AT&T. ME> "After you passed it along to Boykin, did you then destroy the file and get it off your site?" RA> "Well, no... I kept a copy also." ME> "Did Charlie Boykin pass it along to AT&T as you had requested?" RA> "I assume he did." But then, said Andrews, a funny thing happened several months later. The folks at AT&T, instead of being grateful for the return of their software came back to Andrews to (in his words) 'ask for it again.' Somehow, they either never got it the first time; got it but suspected there were still copies of it out; or were just plain confused. So he was contacted by the feds about a year ago, and it was at that point he decided it was in his best interest to cooperate with any investigation going on. Andrews pointed out that the '911 software' was really just ".... a small part of what this is all about..." He said there was other proprietary information going around that should not be circulating. He said also the feds were particularly concerned by the large number of break-ins on computers which had occurred in the past year or so. He said there have been literally "....thousands of attempts to break into sites in the past year....", and part of his cooperation with the authorities at this time dealt with information on that part of it. We asked him about killer/attctc: ME> "You knew of course that killer went off line very abruptly about a week ago. What caused that? It happened a week or so after the feds raided you that Saturday." RA> "Well the official reason given by AT&T was lack of funds, but you know how that goes...." Now you'd think, wouldn't you, that if it was a funding problem -- if you can imagine AT&T not having the loose change in its corporate pocket it took to provide electrical power and phone lines to attctc (Charlie got no salary for running it) -- that at least an orderly transition would have taken place; i.e. an announcement to the net; an opportunity to distribute new maps for mail and news distribution, etc; and some forthcoming shut down date -- let's say March 1, or April 1, or the end of the fiscal year, or something.... But oh, no... crash boom, one day it is up, the next day it is gone. ME> "What do you know about the temporary suspension of killer some time ago? What was that all about?" RA> "It was a security thing. AT&T Security was investigating Charlie and some of the users then." Andrews referred to the previous shutdown of killer as 'a real blunder by AT&T', but it is unclear to me why he feels that way. We concluded our conversation by Andrews noting that "there is a lot happening out there right now." He said the [Phrack] magazine distribution, via netsys, attctc and jolnet was under close review. "One way to get them (crackers) is by shutting down the sites they use to distribute stuff..." And now, dear reader, you know everything I know on the subject. Well, almost everything, anyway.... From other sources we know that Len Rose of netsys was in deep trouble with the law *before* this latest scandal. How deep? Like he was ready to leave the country and go to the other side of the world maybe? Like he was in his car driving on the expressway when they pulled him over, stopped the car and placed him under arrest? Deep enough? This latest thing simply compounded his legal problems. Patrick Townson