------------------------------

Date:      Undated
From:      Anonymous
Subject:   Len Rose's Search Warrant

********************************************************************
***  CuD #2.00: File 3 of 5: Len Rose's Search Warrant           ***
********************************************************************



                     UNITED STATES DISTRICT COURT


   District of Maryland
                                              APPLICATION AND AFFIDAVIT
                                                 FOR SEARCH WARRANT
 In the matter of the Search of:

               Residence of
               7018 Willow Tree Drive         CASE NUMBER: 90-0002G
               Middletown, Maryland


I Timothy Foley being duly sworn depose and say:

I am a Special Agent and have reason to believe that on the property or
premises known as: the residence at 7018 Willow Tree Drive, Middletown,
Maryland (see attachment B) in the District of Maryland there is now
concealed a certain person or property ,namely (see attachment A) which is
concerning a violation of Title 18 United States code,Sections 2314 and 1030.
The facts to support a finding of Probable Cause are as follows: (see
attachment C)



Sworn to before me and subscribed in my presence

February 1,1990 at Baltimore Maryland

Clarence F. Goetz,U.S. Magistrate





                             ATTACHMENT A

  computer hardware (including central processing unit(s),monitors,memory
  devices, modem(s), programming equipment,communications equipment,disks,
  prints,and computer software (including but not limited to memory disks,
  floppy disks, storage media) and written material and documents relating
  to the use of the computer system (including networking access files,
  documentation relating to the attacking of computer and advertising the
  results of the computer attack (including telephone numbers and location
  information), which constitute evidence,instrumentalities and fruits of
  federal crimes, including interstate transportation of stolen property
  (18 USC 2314) and interstate transportation of computer access information
  (18 USC 1030(a)(6)). This warrant is for the seizure of the above described
  computer and computer data and for the authorization to read information
  stored and contained on the above described computer and computer data.




                             ATTACHMENT B


   Two level split-foyer style house with a upper story overhang on either
   side of a central indentation for the front door. House is white upper
   with red brick lower portion under the overhanging upper story. Front
   door is white. There is a driveway on the lefthand side of the house as
   you face the front. Mail box is situated on a post adjacent to the
   driveway and mailbox displays the number 7018.




                             ATTACHMENT C


 State of Maryland   )
                     ) SS
 County of Frederick )

                             AFFIDAVIT

 1. I, Timothy Foley, am a Special Agent of the United States Secret Service
    and have been so employed for the past two years. I am presently assigned
    to the Computer Fraud Section of the United States Secret Service in
    Chicago. Prior to that I was employed as an attorney of law practicing
    in the City of Chicago and admitted to practice in the State of Illinois.
    I am submitting this affidavit in support of the search warrant for the
    premises known as the residence of Leonard Rose at 7018 Willow Tree Drive
    in Middletown, Maryland.

 2. This affidavit is based upon my investigation and information provided
    to me by Special Agent Barbara Golden of the Computer Fraud Section of
    the United States Secret Service in Chicago. S.A. Golden has been
    employed by the Secret Service for 13 years, and has been a Special Agent
    with the Secret Service for 3 years and by other agents of the United
    States Secret Service.

 3. I have also received technical information and investigative assistance
    from the experts in the fields of telecommunications, computer technology,
    software development and computer security technology, including:

    a. Reed Newlin, a Security Officer of Southwestern Bell, who has numerous
       years of experience in operations,maintenance and administration of
       telecommunication systems as an employee of the Southwestern Bell
       Telephone Company.

    b. Henry M. Kluepfel, who has been employed by the Bell System or its
       divested companies for the last twenty-four years. Kleupfel is
       presently employed by Bell Communications Research, (Bellcore) as
       a district manager responsible for coordinating security technology
       and consultation at Bellcore in support of its owners, the seven (7)
       regional telephone companies, including BellSouth Telephone Company
       and Southwestern Bell Telephone Company. Mr. Kleupfel has participated
       in the execution of numerous Federal and State search warrants relative
       to telecommunications and computer fraud investigations. In addition,
       Mr. Kleupfel has testified on at least twelve (12) occasions as an
       expert witness in telecommunications and computer fraud related
       crimes.

    c. David S. Bauer, who has been employed by Bell Communications Research,
       (Bellcore) since April 1987. Bauer is a member of the technical staff
       responsible for research and development in computer security
       technology and for consultation in support for its owners, the seven
       (7) regional telephone companies, including BellSouth. Mr. Bauer is
       an expert in software development,communications operating systems,
       telephone and related security technologies. Mr. Bauer has conducted
       the review and analysis of approximately eleven (11) computer hacking
       investigations for Bellcore. He has over nine (9) years of professional
       experience in the computer related field.

    d. At all times relevant to this affidavit, "computer hackers" were
       individuals involved with the unauthorized access of computer systems
       by various means. The assumed names used by the hackers when contacting
       each other were referred to as "hacker handles."

                         Violations Involved
                         -------------------

 5.  18 USC 2314 provides federal criminal sanctions against individuals
     who knowingly and intentionally transport stolen property or property
     obtained by fraud, valued at $5,000.00 or more, in interstate commerce.
     My investigation has revealed that on or about January 8, 1990
     Leonard Rose, using the hacker handle Terminus, transported a stolen
     or fraudulently obtained computer program worth $77,000.00 from
     Middletown, Maryland to Columbia, Missouri.

 6.  18 USC 1030(a) (6) provides federal criminal sanctions against
     individuals who knowingly and with intent to defraud traffic in
     interstate commerce any information through which a computer may be
     accessed without authorization in interstate commerce. My investigation
     has revealed that on or about January 8,1990 Leonard Rose trafficked
     a specially modified copy of AT&T Unix source code SVR 3.2 in interstate
     commerce from Middletown, Maryland to Columbia,Missouri. (Source code
     is a high level computer language which frequently uses English letters
     and symbols for constructing computer programs. Programs written in
     source code can be converted or translated by a "compiler" program into
     object code for use by the computer.) This Unix source code SVR 3.2 had
     been specially modified so that it could be inserted by a computer hacker
     into any computer using a Unix operating system and thereafter enable the
     hacker to illegally capture logins and passwords used by legitimate
     users of the computer.

                Discovery of the Altered Unix Source Code
                -----------------------------------------

 7. For the past seven (7) months I have been one of the United States
    Secret Service agents involved in a national investigation into attacks
    on telephone computer switches by various computer "hackers" including
    an organization referred to as the Legion of Doom (LOD).

 8. My investigation to date has disclosed that hackers have stolen sensitive
    proprietary information from various telecommunications organizations
    and published this information in "hacker" publications such as "Phrack"
    newsletter. On Janurary 18,1990 Craig Neidorf (hacker handle Knight
    Lightning) the editor and co-publisher of "PHRACK" was caught in
    possession of various stolen computer files including the source code
    for UNIX SVR3.2 and the text file for the Bell South's enhanced 911 (E911)
    system.

 9. On January 18,1990 Reed Newlin, Southwestern Bell, and I conducted an
    examination of the computer files of Craig Neidorf, a hacker known to us
    as Knight Lightning,at the University of Missouri at Columbia in Columbia,
    Missouri (referred to hereafter simply as Neidorf computer files).
    Newlin's examination of the Neidorf computer files extended from the night
    of January 18 into the early morning hours of January 19. Later on
    January 19 Newlin advised me that his examination of the Neidorf computer
    files had disclosed the existence of what he believed to be proprietary
    AT&T UNIX SVR3.2 source code in among Neidorf's computer files. He further
    advised me that the AT&T source code appeared to have been modified into
    a hacker tutorial which would enable a computer hacker to illegally
    obtain password and login information from computers running on a UNIX
    operating system.

10. On January 29, 1990 I interviewed Craig Neidorf and he advised me that
    Leonard Rose (hacker handle "Terminus") had provided him with the AT&T
    UNIX SVR3.2 source code which had been taken by me from his computer
    files on the computers at the University of Missouri. (Neidorf is soon to
    be indicted in Chicago for violations of 18 USC 1030,1343, and 2314.
    Neidorf's interview took place while he was aware of the potential
    charges which might be brought against him.)

11. Neidorf's identification of Leonard Rose (Terminus) as his source for
    the stolen UNIX source code is corroborated by the physical evidence.
    That evidence also shows that Terminus knew the code was stolen. On
    January 20, 21, and 31, 1990 I personally examined the 19 pages of AT&T
    UNIX SVR3.2 found in the Neidorf computer files by Newlin. On pages one
    and two of the AT&T document the author of the file identifies himself
    by the hacker handle "Terminus". On the first page of the document
    Terminus advised Neidorf that the source code came originally  from AT&T
    "so it's definitely not something you wish to get caught with".
    Terminus also inserts the following warning into the text of the program
    on the first page: "Warning: this is AT&T proprietary source code. Do
    NOT get caught with it.." On page 26 of the program Terminus also states:

    "Hacked by Terminus to enable stealing passwords.. This is obviously
     not a tool for initial system penetration, but instead will allow you
     to collect passwords and accounts once it's been installed. Ideal for
     situations where you have a one-shot opportunity for super user
     privileges.. This source code is not public domain..(so don't get
     caught with it).

     In addition to these warnings from Terminus the AT&T source code also
     carries what appears to be the original warnings installed in the
     program by AT&T on pages 2,5,6,7,26  and 28:

     Copyright (c) 1984 AT&T
     All rights reserved
     THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
     The copyright notice above does not evidence and actual or intended
     publication of the source code.

 12. On January 26 and 30, 1990 copies of the UNIX SVR 3.2 source code
     found in the Neidorf computer files and discussed above were sent to
     UNIX experts with AT&T (Mr. Al Thompson) and Bellcore (Mr. David Bauer
     and Mr. Hank Kleupfel) for their evaluation.

 13. On January 30, 1990 Al Thompson of AT&T advised me that his initial
     review of the document and the initial review of the document by AT&T's
     software licensing group had disclosed the following:

     a. The document was in fact a copy of the AT&T UNIX SVR3.2 source
        code login program.

     b. The program's value was approximately $75,000.00

     c. Neither Leonard Rose nor Craig Neidorf were licensed to own or
        possess the source code in question.

     d. The source code provided to him had been made into a tutorial
        for hackers which could be used to install "trap doors" into
        a computer and it's operating system. These trap doors would
        enable a hacker to illegally obtain the passwords and logins
        of the legitimate users of a computer running on a UNIX
        operating system.

             Identification of Leonard Rose as Terminus
             ------------------------------------------

 14. The AT&T Unix SVR3.2 source code described in paragraphs 9 through
     13 above reflected that a hacker named Terminus was the author of
     the modifications.

 15. On January 15 and 30, 1990 David Bauer of Bellcore advised me that
     Terminus is the hacker handle for an individual named Leonard Rose
     who resides in Maryland. Bauer advised me that in e-mail between
     Terminus and a hacker known as the Prophet (Robert Riggs), on October
     9, 1988 Terminus had identified himself as:

          Len Rose
          Len@Netsys.COM,postmaster@Netsys.COM
          301-371-4497
          Netsys,Inc. 7018 Willowtree Drive Middletown MD 21769

 16. In addition, Bauer's examination disclosed that Terminus received
     e-mail at the following addresses: "len@ames.arc.nasa.gov" or
     "len@netsys.com". The address "len@ames.arc.nasa.gov" indicates
     that the author has the account "len" on the system named "Ames"
     in the domain "arc" that is owned and operated by the National
     Air and Space Agency of the United States government.

 17. My continuing review on January 25,1990 of the Neidorf computer files
     disclosed that Rose was continuing to send e-mail to Neidorf and to
     receive e-mail from Neidorf. On December 28,1989,Leonard Rose
     (Terminus) sent an e-mail message to Neidorf in which Rose gives his
     address as 7018 Willowtree Drive in Middletown, Maryland 21769 and
     gives his e-mail address as follows:

      "len@netsys.netsys.com"

 18. On January 30, 1990 I was advised by individuals with the Computer
     Emergency Reaction team (CERT) that the e-mail address
     "len@netsys.netsys.com" is located at 7018 Willowtree Drive,Middletown,
     Maryland 21769. CERT is an organization located at the Carnegie-Mellon
     Institute and funded by the Defense Advanced Research Projects Agency.
     It records contain information about the location of many computers
     in the United States.

 19. There is additional evidence identifying Terminus as Leonard Rose.
     On January 30, 1990 I received a May 24,1987 copy of "Phrack"
     magazine from Hank Kluepfel of Bellcore wherein hacker Taran King
     (Randy Tischler) interviewed and "profiled" Terminus (a/k/a Leonard
     Rose). The personal background information in the article included
     the following:

        Handle:                    Terminus
        Call him:                  Len
        Past Handles:              Terminal Technician
        Handle Origin:             Terminal Technician originated because of
                                   Len's view of himself as a hacker. Terminus
                                   was an offshoot of that and, although it
                                   is an egotistical view, it means he has
                                   reached the final point of being a
                                   proficient hacker.
        Date of birth:             1/10/59
        Age at current date:       29
        Height:                    5'9"
        Weight:                    About 190 lbs.
        Eye Color:                 Hazel
        Hair Color:                Brown
        Computers:                 6800 home brew system, Apple II,Altair
                                   S100, 2 Apple II+s,IBM PC,IBM XT,IBM 3270,
                                   IBM AT, and 2 Altos 986's
        Sysop/Co-Sysop:            MetroNet,MegaNet, and NetSys Unix

     Terminus is further described as an electronic engineer and he designs
     boards for different minicomputers like PDP-11s,Data Generals,Vaxes,
     and Perkin-Elmer who also writes software and writes computer code in
     machine language.

 20. My January 25 review of the Neidorf computer files also disclosed a
     January 9,1990 e-mail message from Rose to Neidorf at 12:20 am which
     corroborated the fact that Rose had sent Neidorf the UNIX SVR3.2
     source code on or around January 7,1990. In this message Rose tells
     Neidorf that he (Rose) lost his copy of what he sent to Neidorf the
     other night because his (Rose's) hard drive had crashed.

 21. My January 25 review also disclosed a second e-mail message from Rose
     to Neidorf on January 9,1990, at 3:05 pm . This message indicates that
     Neidorf had sent a copy of the requested source code back to Rose as
     requested (see paragraph 20 above). Rose's message began:
     "RE: UNIX file" and stated that the copy of the stolen source code
     received back from Neidorf had some type of "glitch".

 22. These messages reflect that Rose still has at least one copy of the
     UNIX SVR3.2 source code in his possession.

 23. On January 29,1990 Craig Neidorf advised me that on or around January
     9, 1990 he received a copy of the Unix SVR3.2 source code which was
     telecommunicated to him via Bitnet from Leonard Rose in Maryland.

 24. On January 30,1990, Hank Kluepfel of Bellcore advised me that based
     upon his background experience and investigation in this case and
     investigating approximately 50 other incidents this year involving
     the unauthorized use of other computer systems,hackers that run
     computer bulletin boards typically keep and use the following types
     of hardware,software and documents to execute their fraud schemes and
     operate their bulletin boards:

     a. Hardware - a central processing unit,a monitor, a modem,a keyboard,
        a printer, and storage devices (either floppy disks or auxiliary
        disk units),telephone equipment (including automatic dialing
        equipment,cables and connectors), tape drives and recording equipment.

     b. Software - hard disks, and floppy disks containing computer programs,
        including, but not limited to software data files, e-mail files,
        UNIX software and other AT&T proprietary software.

     c. Documents - computer related manuals, computer related textbooks,
        looseleaf binders, telephone books,computer printouts,videotapes
        and other documents used to access computers and record information
        taken from the computers during the above referred to breakins.

 25. Based upon the above information and my own observation, I believe
     that at the residence known as 7018 Willow Tree Drive, Middletown,
     Maryland there is computer hardware (including central processing
     unit(s),monitors,memory devices,modem(s),programming equipment,
     communication equipment,disks,prints and computer software (including
     but not limited to memory disks,floppy disks,storage media) and
     written material and documents relating to the use of the computer
     system (including networking access files,documentation relating to the
     attacking of computer and advertising the results of the computer
     attack (including telephone numbers and location information.) This
     affidavit is for the seizure of the above described computer and
     computer data and for the authorization to read information stored
     and contained on the above described computer and computer data
     which are evidence of violations of 18 USC 2314 and 1030, as well as
     evidence,instrumentalities or fruits of the fraud scheme being
     conducted by the operator of the computer at that location.

                         Location to be Searched

 26. On January 31, 1990 I was advised by S.A. John Lewis, USSS in
     Baltimore that 7018 Willow Tree Drive in Middletown, Maryland
     is a two-level split-foyer style house with an upper story
     overhang on either side of a central indentation for the front door.
     The front door is white. There is a driveway on the left side of the
     house as you face the front. A mail box is situated on a post next
     to the driveway and displays the number 7018.

 27. Request is made herein to search and seize the above described
     computer and computer data and to read the information contained
     in and on the computer and computer data.



                                        Special Agent TIMOTHY FOLEY
                                        United States Secret Service




    Sworn and Subscribed to before
    me this 1st day of February, 1990


    Clarence E. Goetz
    United States Magistrate


********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************