------------------------------ From: Gene Spafford < spaf@CS.PURDUE.EDU> Subject: Northern District (Ill.) Press Release on Len Rose Date: Fri, 29 Mar 91 19:10:13 EST ******************************************************************** *** CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose *** ******************************************************************** Information Release US Department of Justice United States Attorney Northern District of Illinois March 22, 1991 FRED FOREMAN, United States Attorney for the Northern District of Illinois, together with TIMOTHY J. McCARTHY, Special Agent In Charge of the United States Secret Service in Chicago, today announced the guilty plea of LEONARD ROSE, 32, 7018 Willowtree Drive, Middletown, Maryland to felony charges brought against him in Chicago and in Baltimore involving Rose trafficing with others in misappropriated AT&T computer programs and computer access programs between May 1988 and February 1, 1990. Under the terms of plea agreements submitted to the United States District Court in Maryland, Rose will serve an agreed, concurrent one year prison term for his role in each of the fraud schemes charged. In pleading guilty to the Baltimore charges, Rose admitted that on October 5, 1989, he knowingly received misappropriated source code(1) for the AT&T UNIX computer operating system from a former AT&T technical contractor. The UNIX operating system is a series of computer programs used on a computer which act as an interface or intermediary between a user and the computer system itself. The UNIX operating system, which is licensed by AT&T at $77,000 per license, provides certain services to the computer user, such as the login program which is designed to restrict access to a computer system to authorized users. The login program is licensed by AT&T at $27,000 per license. In pleading guilty to the Chicago charges, Rose admitted that, after receiving the AT&T source code, he modified the source code governing the computer's login program by inserting a secret set of instructions commonly known as a "trojan horse." This inserted program would cause the computer on which the source code was installed to perform functions the program's author did not intend, while still executing the original program so that the new instructions would not be detected. The "trojan horse" program that Rose inserted into the computer program enabled a person with "system administrator" privileges to secretly capture the passwords and login information of authorized computer users on AT&T computers and store them in a hidden file. These captured logins and passwords could later be recovered from this hidden file and used to access and use authorized users' accounts without their knowledge. The program did not record unsuccessful login attempts. In connection with the Chicago charge, Rose admitted that on January 7, 1990, he transmitted his modified AT&T UNIX login program containing the trojan horse from Middletown, Maryland to a computer operator in Lockport, Illinois, and a student account at the University of Missouri, Columbia Campus. In pleading guilty to the Chicago charges, Rose acknowledged that when he distributed his trojan horse program to others he inserted several warnings so that the potential users would be alerted to the fact that they were in posession of proprietary AT&T information. In the text of the program Rose advised that the source code originally came from AT&T "so it's definitely not something you wish to get caught with." and "Warning: This is AT&T proprietary source code. DO NOT get caught with it." The text of the trojan horse program also stated: Hacked by Terminus to enable stealing passwords. This is obviously not a tool to be used for initial system penetration, but instead will allow you to collect passwords and accounts once it's been installed. (I)deal for situations where you have a one-shot opportunity for super user privileges.. This source code is not public domain..(so don't get caught with it). Rose admitted that "Terminus" was a name used by him in communications with other computer users. In addition to these warnings, the text of Rose's trojan horse program also retained the original warnings installed in the program by AT&T: Copyright (c) 1984 AT&T All rights reserved THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T This copyright notice above does not evidence any actual or intended publication of the source code. Inspection of this modified AT&T UNlX login source code by AT&T's UNIX licensing group revealed that the modified source code was in fact a "derivative work" based upon the standard UNIX login source code, which was regarded by AT&T as proprietary information and a trade secret of AT&T, which was not available in public domain software. In pleading guilty to the federal charges in Chicago and Baltimore, Rose also acknowledged that, after being charged with computer fraud and theft in federal court in Baltimore, he became employed at Interactive Systems Inc. in Lisle, Illinois. He acknowledged that his former employers at Interactive would testify that he was not authorized by them to obtain copies of their AT&T source code which was licensed to them by AT&T. Rose further admitted that John Hickey, a Member of Technical Staff with AT&T Bell Laboratories in Lisle, Illinois, correctly determined that Rose had downloaded copies of AT&T source code programs from the computer of Interactive to Rose's home computers in Naperville. The computers were examined after they were seized by the Naperville Police Department, executing a State search warrant, As part of the plea agreement charges filed by the DuPage County State's Attorney's Office will be dismissed without prejudice to refiling. The forfeited UNIX computer seized will be retained by the Naperville Police Department. Commenting on the importance of the Chicago and Baltimore cases, Mr. Foreman noted that the UNIX computer operating system, which is involved in this investigation, is used to support international, national, and local telephone systems. Mr. Foreman stated, "The traffic which flows through these systems is vital to the national health and welfare. People who invade our telecommunications and related computer systems for profit or personal amusement create immediate and serious consequences for the public at large. The law enforcement community and telecommunications industry are attentive to these crimes, and those who choose to use their intelligence and talent in an attempt to disrupt these vital networks will find themselves vigorously prosecuted." Mr. Foreman also stated that the criminal information filed in Chicago and a companion information in Baltimore are the initial results of a year long investigation by agents of the United States Secret Service in Chicago, Maryland, and Texas. Mr. Foreman praised the cooperation of the DuPage County State's Attorney's Office and the Naperville Police Department in the investigation. He also acknowledged AT&T's technical assistance to the United States Secret Service in analyzing the computer data seized pursuant to search warrants in Chicago, Baltimore and Austin, Texas. TIMOTHY J. McCARTHY, Special Agent ln Charge of the United States Secret Service in Chicago, noted that Rose's conviction is the latest result of the continuing investigation of the computer hacker organization, the "Legion of Doom." This investigation being conducted by the United States Secret Service in Chicago, Atlanta, New York and Texas, and has resulted in convictions of six other defendants for computer related crimes. Assistant United States Attorney William J. Cook, who heads the Computer Fraud and Abuse Task Force, and Assistant United States Attorneys Colleen D. Coughlin and David Glockner supervised the Secret Service investigation in Chicago. ---------- (1) The UNIX operating system utility programs are written initially in a format referred to as "source code," a high-level computer language which frequently uses English letters and symbols for constructing computer programs. The source code was translated, using another program known as a compiler, into another form of program which a computer can rapidly read and execute, referred to as the "object code." ******************************************************************** >> END OF THIS FILE << ***************************************************************************