------------------------------

From: Gene Spafford < spaf@CS.PURDUE.EDU>
Subject: Northern District (Ill.) Press Release on Len Rose
Date: Fri, 29 Mar 91 19:10:13 EST

********************************************************************
***  CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose   ***
********************************************************************

Information Release
US Department of Justice
United States Attorney
Northern District of Illinois

March 22, 1991

FRED FOREMAN, United States Attorney for the Northern District of
Illinois, together with TIMOTHY J. McCARTHY, Special Agent In Charge
of the United States Secret Service in Chicago, today announced the
guilty plea of LEONARD ROSE, 32, 7018 Willowtree Drive, Middletown,
Maryland to felony charges brought against him in Chicago and in
Baltimore involving Rose trafficing with others in misappropriated
AT&T computer programs and computer access programs between May 1988
and February 1, 1990. Under the terms of plea agreements submitted to
the United States District Court in Maryland, Rose will serve an
agreed, concurrent one year prison term for his role in each of the
fraud schemes charged.

In pleading guilty to the Baltimore charges, Rose admitted that on
October 5, 1989, he knowingly received misappropriated source code(1)
for the AT&T UNIX computer operating system from a former AT&T technical
contractor. The UNIX operating system is a series of computer programs
used on a computer which act as an interface or intermediary between a
user and the computer system itself. The UNIX operating system, which is
licensed by AT&T at $77,000 per license, provides certain services to
the computer user, such as the login program which is designed to
restrict access to a computer system to authorized users. The login
program is licensed by AT&T at $27,000 per license.

In pleading guilty to the Chicago charges, Rose admitted that, after
receiving the AT&T source code, he modified the source code governing
the computer's login program by inserting a secret set of instructions
commonly known as a "trojan horse." This inserted program would cause
the computer on which the source code was installed to perform
functions the program's author did not intend, while still executing
the original program so that the new instructions would not be detected.
The "trojan horse" program that Rose inserted into the computer
program enabled a person with "system administrator" privileges to
secretly capture the passwords and login information of authorized
computer users on AT&T computers and store them in a hidden file. These
captured logins and passwords could later be recovered from this
hidden file and used to access and use authorized users' accounts
without their knowledge. The program did not record unsuccessful login
attempts.

In connection with the Chicago charge, Rose admitted that on January
7, 1990, he transmitted his modified AT&T UNIX login program containing
the trojan horse from Middletown, Maryland to a computer operator in
Lockport, Illinois, and a student account at the University of
Missouri, Columbia Campus.

In pleading guilty to the Chicago charges, Rose acknowledged that when
he distributed his trojan horse program to others he inserted several
warnings so that the potential users would be alerted to the fact that
they were in posession of proprietary AT&T information. In the text of
the program Rose advised that the source code originally came from
AT&T "so it's definitely not something you wish to get caught with."
and "Warning: This is AT&T proprietary source code. DO NOT get caught
with it." The text of the trojan horse program also stated:
   Hacked by Terminus to enable stealing passwords.
   This is obviously not a tool to be used for initial
   system penetration, but instead will allow you to
   collect passwords and accounts once it's been
   installed.  (I)deal for situations where you have a
   one-shot opportunity for super user privileges..
   This source code is not public domain..(so don't get
   caught with it).
Rose admitted that "Terminus" was a name used by him in
communications with other computer users.

In addition to these warnings, the text of Rose's trojan horse program
also retained the original warnings installed in the program by AT&T:
   Copyright (c) 1984 AT&T
   All rights reserved
   THIS IS UNPUBLISHED PROPRIETARY
   SOURCE CODE OF AT&T

   This copyright notice above does
   not evidence any actual or intended
   publication of the source code.

Inspection of this modified AT&T UNlX login source code by AT&T's UNIX
licensing group revealed that the modified source code was in fact a
"derivative work" based upon the standard UNIX login source code, which
was regarded by AT&T as proprietary information and a trade secret of
AT&T, which was not available in public domain software.

In pleading guilty to the federal charges in Chicago and Baltimore, Rose
also acknowledged that, after being charged with computer fraud and
theft in federal court in Baltimore, he became employed at Interactive
Systems Inc. in Lisle, Illinois. He acknowledged that his former
employers at Interactive would testify that he was not authorized by
them to obtain copies of their AT&T source code which was licensed to
them by AT&T. Rose further admitted that John Hickey, a Member of
Technical Staff with AT&T Bell Laboratories in Lisle, Illinois,
correctly determined that Rose had downloaded copies of AT&T source code
programs from the computer of Interactive to Rose's home computers in
Naperville.  The computers were examined after they were seized by the
Naperville Police Department, executing a State search warrant,

As part of the plea agreement charges filed by the DuPage County State's
Attorney's Office will be dismissed without prejudice to refiling. The
forfeited UNIX computer seized will be retained by the Naperville Police
Department.

Commenting on the importance of the Chicago and Baltimore cases, Mr.
Foreman noted that the UNIX computer operating system, which is involved
in this investigation, is used to support international, national, and
local telephone systems. Mr. Foreman stated, "The traffic which flows
through these systems is vital to the national health and welfare.
People who invade our telecommunications and related computer systems
for profit or personal amusement create immediate and serious
consequences for the public at large. The law enforcement community and
telecommunications industry are attentive to these crimes, and those who
choose to use their intelligence and talent in an attempt to disrupt
these vital networks will find themselves vigorously prosecuted."

Mr. Foreman also stated that the criminal information filed in Chicago
and a companion information in Baltimore are the initial results of a
year long investigation by agents of the United States Secret Service in
Chicago, Maryland, and Texas. Mr. Foreman praised the cooperation of the
DuPage County State's Attorney's Office and the Naperville Police
Department in the investigation.  He also acknowledged AT&T's technical
assistance to the United States Secret Service in analyzing the computer
data seized pursuant to search warrants in Chicago, Baltimore and
Austin, Texas.

TIMOTHY J. McCARTHY, Special Agent ln Charge of the United States Secret
Service in Chicago, noted that Rose's conviction is the latest result of
the continuing investigation of the computer hacker organization, the
"Legion of Doom." This investigation being conducted by the United
States Secret Service in Chicago, Atlanta, New York and Texas, and has
resulted in convictions of six other defendants for computer related
crimes.

Assistant United States Attorney William J. Cook, who heads the Computer
Fraud and Abuse Task Force, and Assistant United States Attorneys
Colleen D. Coughlin and David Glockner supervised the Secret Service
investigation in Chicago.

----------
(1) The UNIX operating system utility programs are written initially
in a format referred to as "source code," a high-level computer
language which frequently uses English letters and symbols for
constructing computer programs. The source code was translated, using
another program known as a compiler, into another form of program
which a computer can rapidly read and execute, referred to as the
"object code."

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************