Tuesday, October 20, 2009

Hackers-(MafiaBoy and Robert Morris)








MafiaBoy
  • was the Internet alias of Michael Calce
  • a high school student from the middle-class suburban area of the West Island in Montreal, Canada who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
  • Canada's Youth Criminal Justice Act forbids Canadian news outlets from publication of MafiaBoy's real name in connection with this incident. Non-Canadian media outlets including USA Today and The Register identified the boy's father as 45-year-old John Calce because he was arrested simultaneously on unrelated charges.
  • American journalist James Meek and, later, American computer security critic Rob Rosenberger revealed the attacker to be Calce, who was only 15 years old at the time.
  • The U.S. Federal Bureau of Investigation and the Royal Canadian Mounted Police first noticed Mr. Calce when he started claiming in IRC chatrooms that he was responsible for the attacks.
  • He became the chief suspect when he claimed to have brought down Dell's website, an attack that had not been publicized at that time.
  • Mr. Calce initially denied responsibility but later pled guilty to most of the charges brought against him.
  • His lawyer insisted the child had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to Italy for its lax computer crime laws.
  • The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.
  • Matthew Kovar, a senior analyst at the market research firm Yankee Group, generated some publicity when he told reporters the attacks caused USD $1.2 billion in global economic damages.
  • Media outlets would later attribute a then-1.45:1 conversion value of CAD $1.7 billion to the Royal Canadian Mounted Police.
  • Computer security experts now often cite the larger figure(sometimes incorrectly declaring it in U.S. dollars), but a published report says the trial prosecutor gave the court a figure of roughly $7.5 million.

  • During the later half of 2005, Mr. Calce wrote as a columnist on computer security topics for the Francophone newspaper Le Journal de Montréal.
  • In the Autumn of 2008, Mr. Calce, together with journalist Craig Silverman, announced a book, Mafiaboy: How I Cracked the Internet and Why It's Still Broken.
  • On October 26, 2008 he appeared on the French-Canadian TV show Tout le monde en parle to talk about his book.
  • The entire interview (in French) can be seen at the Télévision de Radio-Canada website. An English-language interview is available at: Mafiaboy interview on The Hour. The book received generally positive reviews.

Robert Morris, Jr.



Morris Personal Record and Experiences

2005

  • Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazieres, Frans Kaashoek, and Robert Morris, Labels and Event Processes in the Asbestos Operating System, SOSP 2005.
  • John Bicket, Daniel Aguayo, Sanjit Biswas, and Robert Morris, Architecture and Evaluation of an Unplanned 802.11b Mesh Network, ACM Mobicom 2005.
  • Sanjit Biswas and Robert Morris, Opportunistic Routing in Multi-Hop Wireless Networks, ACM SIGCOMM 2005.
  • Jinyang Li, Jeremy Stribling, Robert Morris, and M. Frans Kaashoek, Bandwidth-efficient Management of DHT Routing Tables, NSDI 2005.
  • Jeremy Stribling, Isaac G. Councill, Jinyang Li, M. Frans Kaashoek, David R. Karger, Robert Morris, and Scott Shenker, OverCite: A Cooperative Digital Research Library, IPTPS 2005.
  • Jinyang Li, Jeremy Stribling, Robert Morris, M. Frans Kaashoek, and Thomer M. Gil, A performance vs. cost framework for evaluating DHT design tradeoffs under churn, INFOCOM 2005.

2004

  • Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan, Robert Morris, Scott Shenker, Middleboxes No Longer Considered Harmful, OSDI 2004.
  • Daniel Aguayo, John Bicket, Sanjit Biswas, Glenn Judd, Robert Morris, Link-level Measurements from an 802.11b Mesh Network, SIGCOMM 2004, Aug 2004,
  • Frank Dabek, Russ Cox, Frans Kaashoek, Robert Morris, Vivaldi: A Decentralized Network Coordinate System, SIGCOMM 2004, Aug 2004,
  • Frank Dabek, M. Frans Kaashoek, Jinyang Li, Robert Morris, James Robertson, and Emil Sit, Designing a DHT for Low Latency and High Throughput, NSDI 2004, Mar 2004,
  • Jinyang Li, Jeremy Stribling, Thomer M. Gil, Robert Morris, Frans Kaashoek, Comparing the performance of distributed hash tables under churn, 3rd International Workshop on Peer-to-Peer Systems (IPTPS), Feb 2004,

2003

  • Sanjit Biswas and Robert Morris, Opportunistic Routing in Multi-Hop Wireless Networks, HotNets Workshop, 2003. PS,
  • Russ Cox, Frank Dabek, Frans Kaashoek, Jinyang Li, Robert Morris, Practical Distributed Network Coordinates, HotNets Workshop, 2003. PS,
  • Douglas S. J. De Couto, Daniel Aguayo, John Bicket, Robert Morris, A High-Throughput Path Metric for Multi-Hop Wireless Routing, ACM Mobicom 2003. PS,
  • Nickolai Zeldovich, Alexander Yip, Frank Dabek, Robert T. Morris, David Mazieres, Frans Kaashoek, Multiprocessor Support for Event-Driven Programs, USENIX 2003 Annual Technical Conference, June 2003.
  • Benjie Chen and Robert Morris, Certifying Program Execution with Secure Processors, HotOS 2003,
  • Jinyang Li, Boon Thau Loo, Joe Hellerstein, Frans Kaashoek, David R. Karger, Robert Morris, On the Feasibility of Peer-to-Peer Web Indexing and Search, 2nd International Workshop on Peer-to-Peer Systems (IPTPS), Feb 2003. PostScript,
  • Hari Balakrishnan, Frans Kaashoek, David Karger, Robert Morris, and Ion Stoica, Looking up data in P2P systems, Communications of the ACM, February 2003.


2002

  • A. Muthitacharoen, R. Morris, T. Gil, and B. Chen, Ivy: A Read/Write Peer-to-peer File System, Fifth Symposium on Operating Systems Design and Implementation (OSDI), December 2002. Abstract, Postscript,
  • Michael J. Freedman and Robert Morris, Tarzan: A Peer-to-Peer Anonymizing Network Layer, ACM Conference on Computer and Communications Security (CCS 9), November 2002.
  • Douglas De Couto, Daniel Aguayo, Benjamin Chambers, Robert Morris, Performance of Multihop Wireless Networks: Shortest Path is Not Enough, First Workshop on Hot Topics in Networks (HotNets-I), October 2002.
  • Eddie Kohler, Robert Morris, Benjie Chen, Programming Language Optimizations for Modular Router Configurations, 10th Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), October 2002,
  • Benjie Chen, Kyle Jamieson, Hari Balakrishnan, and Robert Morris, Span: An Energy-Efficient Coordination Algorithm for Topology Maintenance in Ad Hoc Wireless Networks, ACM Wireless Networks Journal, Volume 8, Number 5, September, 2002. Pages 481 - 494.
  • Frank Dabek, Nickolai Zeldovich, M. Frans Kaashoek, David Mazières, and Robert Morris, Event-driven programming for robust software, Proceedings of the 10th ACM SIGOPS European Workshop, pages 186-189, September 2002.
  • Eddie Kohler, Robert Morris, Massimiliano Poletto, Modular Components for Network Address Translation, Proc. IEEE Openarch '02, June 2002. PostScript,
  • Russ Cox, Athicha Muthitacharoen, Robert Morris, Serving DNS Using a Peer-to-peer Lookup Service, 1st International Workshop on Peer-to-Peer Systems (IPTPS), March 2002, Abstract, PostScript,
  • Emil Sit and Robert Morris, Security Considerations for Peer-to-Peer Distributed Hash Tables, 1st International Workshop on Peer-to-Peer Systems (IPTPS), March 2002, Abstract, PostScript,

2001

  • Jaeyeon Jung, Emil Sit, Hari Balakrishnan, and Robert Morris, DNS Performance and the Effectiveness of Caching, Proc. ACM SIGCOMM Internet Measurement Workshop, 2001. Abstract, PostScript,
  • Frank Dabek, M. Frans Kaashoek, David Karger, Robert Morris, and Ion Stoica, Wide-area cooperative storage with CFS, ACM SOSP 2001, Banff, October 2001. Abstract, PostScript,
  • David Andersen, Hari Balakrishnan, M. Frans Kaashoek, and Robert Morris, Resilient Overlay Networks, ACM SOSP 2001, Banff, October 2001. Abstract, PostScript,
  • Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, and Hari Balakrishnan, Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications, ACM SIGCOMM 2001, San Deigo, CA, August 2001. Abstract, PostScript,
  • Jinyang Li, Charles Blake, Douglas S. J. De Couto, Hu Imm Lee, and Robert Morris, Capacity of Ad Hoc Wireless Networks, Proceedings of the 7th ACM International Conference on Mobile Computing and Networking (MobiCom '01), Rome, Italy, July 2001, pages 61-69. Abstract, PostScript,
  • Benjie Chen, Kyle Jamieson, Hari Balakrishnan, and Robert Morris, Span: An Energy-Efficient Coordination Algorithm for Topology Maintenance in Ad Hoc Wireless Networks, Proceedings of the 7th ACM International Conference on Mobile Computing and Networking (MobiCom '01), Rome, Italy, July 2001, pages 85-96. Abstract, PostScript,
  • Benjie Chen and Robert Morris, Flexible Control of Parallelism in a Multiprocessor PC Router, Proceedings of the USENIX 2001 Annual Technical Conference, June 2001, pages 333-346. Abstract,, PostScript, PDF, HTML.
  • Frank Dabek, Emma Brunskill, M. Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, and Hari Balakrishnan, Building Peer-to-Peer Systems With Chord, a Distributed Lookup Service, Proceedings of the 8th Workshop on Hot Topics in Operating Systems (HotOS-VIII), May 2001. Abstract, PostScript,
  • David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert Morris, The Case for Resilient Overlay Networks, Proc. of the 8th Annual Workshop on Hot Topics in Operating Systems (HotOS-VIII), May 2001. Abstract,, PostScript, PDF.

2000

  • Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, and M. Frans Kaashoek, The Click Modular Router, ACM Transactions on Computer Systems, August 2000, 18(4), pages 263-297. Abstract, PostScript, PDF.
  • Robert Morris, John Jannotti, Frans Kaashoek, Jinyang Li, Douglas Decouto, CarNet: A Scalable Ad Hoc Wireless Network System, 9th ACM SIGOPS European Workshop, Kolding, Denmark, September 2000. Abstract, PostScript, PDF.
  • Jinyang Li, John Jannotti, Douglas S. J. De Couto, David R. Karger, Robert Morris, A Scalable Location Service for Geographic Ad Hoc Routing, ACM Mobicom 2000, Boston, MA, pages 120-130. Abstract, PostScript, PDF.
  • Robert Morris, Scalable TCP Congestion Control, IEEE INFOCOM 2000, Tel Aviv, March 2000, pages 1176-1183. Abstract, PostScript, PDF.
  • Robert Morris and Dong Lin, Variance of Aggregated Web Traffic, IEEE INFOCOM 2000, Tel Aviv, March 2000, pages 360-366. Abstract, PostScript, PDF.

1999

  • Robert Morris, Eddie Kohler, John Jannotti, M. Frans Kaashoek, The Click Modular Router, In the Proceedings of the 17th ACM Symposium on Operating Systems Principles (SOSP '99), Kiawah Island, South Carolina, December 1999, pages 217-231. Abstract, PostScript, PDF.
  • Robert Morris, Scalable TCP Congestion Control, PhD thesis, January 1999. Abstract, PostScript, PDF.

1997

  • Robert Morris, TCP Behavior with Many Flows, IEEE International Conference on Network Protocols, October 1997, Atlanta, Georgia, pages 205-211. Abstract, PostScript, PDF.
  • Dong Lin and Robert Morris, Dynamics of Random Early Detection, ACM SIGCOMM 1997 Conference, pages 127-137. Abstract, PostScript, PDF.
  • Robert Morris, Bulk Multicast Transport Protocol, INFOCOM 97, Kobe, Japan. Abstract, PostScript, PDF.

1995

  • Robert Morris and H. T. Kung, Impact of ATM switching and Flow Control on TCP Performance: Measurements on an Experimental Switch, Proc. IEEE Global Telecom. Conf. GLOBECOM'95, November 1995. Abstract, PostScript, PDF.
  • H. T. Kung and Robert Morris, Credit-Based Flow Control for ATM Networks, IEEE Network Magazine, Volume 9 Number 2, pages 40-48, March 1995. Abstract, PostScript, PDF.

1994

  • T. Blackwell, K. Chan, K. Chang, T. Charuhas, B. Karp, H. T. Kung, D. Lin, R. Morris, M. Seltzer, M. Smith, and C. Young, O. Bahgat, M. Chaar, A. Chapman, G. Depelteau, K. Grimble, S. Huang, P. Hung, M. Kemp, I. Mahna, J. McLaughlin, T. Ng, J. Vincent, and J. Watchorn, An Experimental Flow-Controlled Multicast ATM Switch, Proceedings of the First Annual Conference on Telecommunications R&D in Massachusetts. October, 1994. Abstract, PostScript, PDF.
  • Trevor Blackwell, Kee Chan, Koling Chang, Thomas Charuhas, J. Gwertzman, Brad Karp, H. T. Kung, David Li, Dong Lin, Robert Morris, R. Polansky, Diane Tang, Clif Young, John Zao, Secure Short-Cut Routing for Mobile IP, Conference Proceedings of Usenix Summer 1994 Technical Conference, Boston, Massachusetts, June 6-10, 1994, pp. 305-316. Abstract, PostScript, PDF.

1993 and before

  • H. T. Kung, Robert Morris, Thomas Charuhas, Dong Lin, Use of Link-by-Link Flow Control in Maximizing ATM Network Performance: Simulation Results, Proceedings of the IEEE Hot Interconnects Symposium, Palo Alto, CA, August 1993. Abstract, PostScript, PDF.
  • Robert Morris, Implementation of an Activity Coordination System, IEEE 1991 Knowledge-Based Software Engineering Conference, Syracuse, New York. Abstract, PostScript.
  • Robert Morris, A Weakness in the 4.2BSD Unix TCP/IP Software, Bell Labs Computer Science Technical Report 117. Abstract, PostScript, PDF.
  • MIT Roofnet Performance, MSR Mesh Summit, June 2004, PowerPoint, PDF.
  • A Prototype Multi-Hop 802.11b Rooftop Network, Intel, Hillsboro, Oregon, December 2003. PowerPoint, PDF.
  • Chord+DHash+Ivy: Building Principled Peer-to-Peer Systems, Harvard, September 2002. PowerPoint.
  • Wide-area cooperative storage with CFS, SOSP 2001. PowerPoint.
  • Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications, SIGCOMM 2001. PowerPoint.
  • Building Peer-to-Peer Systems With Chord, a Distributed Lookup Service, HotOS-VIII, May 2001. PowerPoint.
  • CarNet/Grid: Scalable Ad-Hoc Geographic Routing, February 2001. PowerPoint.
  • Resilient Overlay Networks, DARPA PI Meeting, July 2000. PowerPoint.
  • Resilient Overlay Networks and Distributed Denial of Service Attacks, July 2000. PowerPoint.
  • CarNet: Scalable Ad-Hoc Mobile Networking, June 2000. PowerPoint.

According to Robert Morris, Jr.

  • I'm at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in the PDOS group.
  • I'm currently teaching 6.828.
  • I'm building data networking infrastructure that's easy to configure and control.
  • The Click toolkit, for example, brings a new level of flexibility to network configuration by viewing routers as compositions of packet processing modules. Roofnet is a self-configuring wireless mesh network for Internet access, spread out over a few dozen nodes in Cambridge.
  • The Resilient Overlay Networks project allows end-system control over Internet routing, so that applications can choose their own tradeoffs among qualities such as delay, bandwidth, and reliability. Chord and DHash provide a peer-to-peer distributed data lookup and storage system, which Ivy uses to build a shared read/write file system, and Pastwatch uses to provide serverless CVS-like version control.

Robert Morris Jr. Work or Masterpiece

  • Morris created the worm while he was a graduate student at Cornell University.
  • The original intent, according to him, was to gauge the size of the Internet.
  • He released the worm from MIT to conceal the fact that it actually originated from Cornell.
  • The worm was designed to count how many machines were connected to the internet.
  • Unknown to Morris, the worm had a design flaw.
  • The worm was programmed to check each computer it found to determine if the infection was already present.
  • Morris believed that some administrators might try to defeat his worm by instructing the computer to report a false positive.
  • To compensate for this possibility, Morris directed the worm to copy itself anyway, 14% of the time, no matter the response to the infection-status interrogation.
  • This level of replication proved excessive and the worm spread rapidly, infecting several thousand computers.
  • It was estimated that the cost of "potential loss in productivity" caused by the worm at each system ranged from $20,000 to more than $530,000.
  • The worm exploited several vulnerabilities to gain entry to targeted systems, including:
  1. a hole in the debug mode of the Unix sendmail program
  2. a buffer overrun hole in the fingerd network service
  3. the transitive trust enabled by people setting up rexec/rsh network logins without password requirements.
  • Internet worms are automated intrusion agents; they will attack a vulnerable host, infect it, and then use it as a base to attack further vulnerable targets.
  • Worms differ from viruses in their approach; viruses generally expose human weaknesses, tricking the user into initiating the virus.
  • Worms however, more subtly attack the technical weaknesses of a host.
  • They also differ in design, a virus attaches onto existing programs while a worm will run independently.
  • was the worm that managed to dominate the front pages for over a week and thus secure its place in the wall of fame of internet worms.
  • gave the concept notoriety that surely inspired others to follow in his footsteps. Efforts have been made to model the behavior of worms as they propagate. Cliff Zau's paper "Monitoring and Early Warning for Internet Worms" uses the following discrete model.
  • When it reinfected a machine, there was a fixed chance that the new infection wouldn't quit, causing the number of running worms on a machine to build up, thereby causing a heavy load on many systems.
  • Even on a modern machine, such bugs would have a similar effect of overwhelming the system.
  • This caused the worm to be quickly noticed and caused significant disruption. Most subsequent worms have mechanisms to prevent this from happening
  • demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers.
  • The worm was supposed to occupy little computer operation time, and thus not interfere with normal use of the computers
  • Multiple copies of the worm on a computer would make the worm easier to detect and would bog down the system and ultimately cause the computer to crash. Therefore, Morris designed the worm to "ask" each computer whether it already had a copy of the worm. If it responded "no," then the worm would copy onto the computer; if it responded "yes," the worm would not duplicate.

But still Robert Morris served no jail time, but was sentenced to community service and probation, even though federal sentencing guidelines in such cases called for much harsher consequences.

Story Behind of Robert Morris Jr. and his internet worm

  • On November 2, 1988, Robert Morris, Jr., a graduate student in Computer Science at Cornell, wrote an experimental, self-replicating, self-propagating program called a worm and injected it into the Internet.
  • He chose to release it from MIT, to disguise the fact that the worm came from Cornell.
  • Morris soon discovered that the program was replicating and reinfecting machines at a much faster rate than he had anticipated---there was a bug.
  • Ultimately, many machines at locations around the country either crashed or became ``catatonic.'' When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution.
  • Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late.
  • Computers were affected at many sites, including universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.
  • The program took advantage of a hole in the debug mode of the Unix sendmail program, which runs on a system and waits for other systems to connect to it and give it email, and a hole in the finger daemon fingerd, which serves finger requests.
  • People at the University of California at Berkeley and MIT had copies of the program and were actively disassembling it (returning the program back into its source form) to try to figure out how it worked.
  • Teams of programmers worked non-stop to come up with at least a temporary fix, to prevent the continued spread of the worm.
  • After about twelve hours, the team at Berkeley came up with steps that would help retard the spread of the virus. Another method was also discovered at Purdue and widely published. The information didn't get out as quickly as it could have, however, since so many sites had completely disconnected themselves from the network.
  • After a few days, things slowly began to return to normalcy and everyone wanted to know who had done it all.
  • Morris was later named in The New York Times as the author (though this hadn't yet been officially proven, there was a substantial body of evidence pointing to Morris). Robert T. Morris was convicted of violating the computer Fraud and Abuse Act (Title 18), and sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision. His appeal, filed in December, 1990, was rejected the following March.

Because of this..............

  • Robert T. Morris, the author of the Internet Worm program, was convicted of a Federal felony in the case.
  • The law involved was 18 USC1030 (A)(5)(a), the Computer Crime and Abuse Act of 1986. He was foundguilty in February of 1990 in US District Court in Syracuse, NY. In May of 1990, he was sentenced -- outside of Federal sentencingguidelines -- to 3 years of probation, 400 hours of community service,and $10,050 in fines plus probation costs.
  • His lawyers appealed the conviction to the Circuit Court of Appeals, and the conviction wasupheld. His lawyers then appealed to the Supreme Court, but the Courtdeclined to hear the case -- leaving the conviction intact.
  • For a while, Robert was (allegedly) working as a programmer(non-security related) for CenterLine Software (makers of CodeCenter,et. al.). More recently, Robert has been working on his Ph.D. under the direction of H.T. Kung at Harvard University.
  • He is also involvedwith the ViaWeb company: . To the best of my knowledge, he has not spoken publicly about theincident, nor has he attempted to work in computer security.

Verdict: "GUILTY"

  • Student "worm" whiz is found guilty.
  • A U.S. court jury returned its verdict about 9:30 pm after approximately six hours of deliberation.
  • Robert T. Morriswas found guilty of federal computer tampering charges for unleashing a rogueprogram that crippled a nationwide computer network (Internet system).
  • A date for sentencing has not yet been set.
  • Morris faces up to five years in prisonand a $250,000 fine.
  • He is the first person brought to trial under a 1986federal computer fraud and abuse law that makes it a felony to break into afederal computer network and prevent authorized use of the system.
  • Morris testified that he had made a programming error that caused a computer "worm" togo berserk and cripple the Internet system back on November 2, 1988.
  • The"worm" he designed immobilized an estimated 6,000 computers linked to Internet,including ones at the NASA, some military facilities and a few majoruniversities.
  • Morris's attorney Thomas Guidoboni argued that Morris neverintended to prevent authorized access. However testimony showed Morris didindeed deliberately steal computer passwords from hundreds of people so the"worm" could break into as many computers as possible. It was brought out inthe trial that he took deliberate and conscious steps to make the rogue programdifficult to detect and eliminate.
  • Morris camouflaged sending of the programby unleashing it from the computer system at Massachusetts Institute ofTechnology in Cambridge and made it look like it had been sent from theUniversity of California at Berkeley so authorship of the program could not betraced to him at Cornell.
  • Other evidences showed Morris had at least sixearlier versions of the "worm", which had been found on his Cornell computeraccounts and that his own comments on the "worm" program used the words"break-in" and "steal".

And then...................

  • Cornell University has suspended the graduate student identified by schoolofficials as the author of [the Internet worm].
  • In a May 16 letter to Robert Tappan Moris, 23, the dean of the Cornell Uni-versity Graduate School said a university panel had found him guilty of vio-lating the school's Code of Academic Integrity.
  • He will be suspended until the beginning of the fall semester of 1990, andthen could reapply.
  • No criminal charges have been filed against Morris.
  • A federal grand jury this year forwarded its recommendations to the Justice Department, which hasnot taken any action.

Monday, October 19, 2009

Hackers- (Legion of Doom)

LEGION OF DOOM
  • was a very influential hacker group that was active from the 1980s to the late 1990s and early 2000.
  • Their name appears to be a reference to the main antagonists of Challenge of the Superfriends.
  • was founded by the hacker Lex Luthor, after a rift with his previous group the Knights of Shadow (much as the Masters of Deception would later be founded after Phiber Optik had a rift with Chris Goggans
  • eventually leading to the Great Hacker War and disbanding of both groups.
  • was split into LOD and LOD/LOH (Legion of Doom/Legion of Hackers) for the members that were more skilled at hacking than pure phone phreaking.
  • Unlike Masters of Deception there were different opinions regarding what the Legion of Doom was.
  • published the Legion of Doom Technical Journals and regularly contributed to the overall pool of hacking knowledge and information, while causing no direct harm to the phone systems and computer networks they took over.
  • On the other hand, many LOD members were raided, charged and in some cases successfully prosecuted for causing damage to systems and reprogramming phone company computers (Grant, Darden and Riggs, etc).
  • While the "Bellsouth" case could be construed as exploration of the phone system, with claims that no real damage was done, there are other former LOD members such as Corey A. Lindsly (a.k.a. Mark Tabas) who were clearly interested in for-profit computer crime, with no goal except personal gain.
  • Although the overall expressed beliefs and behavior of LOD and MOD were different, it can be difficult to untangle the individual actions of any given member.
  • In many cases there seems to be cross-over between the two groups or collaboration between LOD and MOD members, even in the midst of The Great Hacker War.
  • It is claimed that the mockery of the LOD name was a statement to the underground that LOD had lost its direction.

Members of LOD

  • As of 2009 what has happened to each individual member of the Legion of Doom is unknown.
  • A small handful of the higher-profile LOD members who are accounted for includes:

  1. Chris Goggans "Erik Bloodaxe"





















  2. Dave Buchwald "Bill From RNOC"




















  3. Patrick K. Kroupa "Lord Digital"











  4. Loyd Blankenship "The Mentor"













  5. Bruce Fancher "Dead Lord"












  6. Mark Abene "Phiber Optik", who was a member of both LOD and Masters of Deception (MOD).
  • Other members included:















  1. Leonard Rose "Terminus"
  2. Steven Nygard "The Dragyn"



















  3. Steven G. Steinberg "Frank Drake"












  4. Corey A. Lindsly "Mark Tabas"






  5. Peter Jay Salzman "Thomas Covenant"













  6. Kenton Clark "Monster X"
  7. Adam Grant "The Urvile"
  8. Frank Darden "The Leftist"
  9. Robert Riggs "The Prophet"
  10. Todd Lawrence "The Marauder"
  11. Scott Chasin "Doc Holiday"
  12. Dan Karon "Control-C" aka "Phase Jitter"
  13. Robert Keyes "Dr. Who" aka "Skinny Puppy"
  • Former LOD people whose legal names are unknown include:
  1. Agrajag The Prolonged
  2. King Blotto
  3. Blue Archer
  4. Unknown Soldier
  5. Sharp Razor
  6. Paul Muad'Dib (deceased)
  7. Phucked Agent 04
  8. Randy Smith, Steve Dahl
  9. The Warlock
  10. Terminal Man
  11. Silver Spy
  12. The Videosmith
  13. Kerrang Khan
  14. Gary Seven
  15. Carrier Culprit
  16. Phantom Phreaker
  17. Doom Prophet
  18. Prime Suspect
  19. Professor Falken
  20. Compu-Phreak

1. Chris Goggans

  • who used the name Erik Bloodaxe in honor of the Viking king Eric I of Norway, is a founding member of the Legion of Doom group, and a former editor of Phrack Magazine.
  • Loyd Blankenship, aka The Mentor, described Goggans/Bloodaxe as "the best hacker I ever met".
  • Goggans was raided by the US Secret Service on March 1, 1990, but was not charged.
  • In a 1994 interview he claimed he had never engaged in malicious hacking, explaining:
    “Malicious hacking pretty much stands against everything that I adhere to. You always hear people talking about this so called hacker ethic and I really do believe that. I would never wipe anything out. I would never take a system down and delete anything off of a system. Any time I was ever in a system, I'd look around the system, I'd see how the system was architectured, see how the directory structures differed from different types of other operating systems, make notes about this command being similar to that command on a different type of system, so it made it easier for me to learn that operating system.
    "Sure, I was in The Legion of Doom. I have been in everybody's system. But I have never been arrested. I have never broken anything, I have never done anything really, really, criminally bad.”
  • But in a phone call intercepted by the Australian Federal Police as part of an investigation into Australian hacker Phoenix (Nahshon Even-Chaim) Goggans was heard planning a raid in which the pair would steal source code and developmental software from Execucom, an Austin, Texas, software and technology company, and sell it to the company’s rivals.
    In the call, recorded on February 22, 1990 and later presented in the County Court of Victoria, as evidence against Even-Chaim, Goggans and Even-Chaim canvassed how much money they could make from such a venture and how they would split fees from Execucom’s competitors.
  • During the call Goggans provided Even-Chaim with a number of dial-up access numbers to Execom’s computers, commenting: "There are serious things I want to do at that place", and "There’s stuff that needs to happen to Execucom."
  • While there is no evidence that Goggans and Even-Chaim acted on this discussion, Goggans' statement of his intentions calls into question the nobility of his hacking ethics.
  • According to Michelle Slatella and Joshua Quittner in their 1995 book Masters of Deception: The Gang That Ruled Cyberspace, Goggans was in 1990 in the process of establishing his own computer security company in Texas.
  • They claim he planned to recruit companies as clients by hacking them and showing how vulnerable their systems were to other hackers.
    As of 2005
  • Goggans is an internationally-recognized expert on information security. He has performed network security assessments for some of the world's largest corporations, including all facets of critical infrastructure, with work spanning 22 countries across four continents. Chris has worked with US Federal law-enforcement agencies on some of America's most notorious computer crime cases. His work has been referenced in publications such as Time, Newsweek and Computerworld, and on networks such as CNN and CNBC.
  • He is a frequent lecturer on computer security and has held training seminars in nine countries for clients such as NATO, the United States Department of Defense, and Federal Law Enforcement agencies as well as numerous corporate entities.
  • He been asked to present at major conferences as COMDEX, CSI, ISACA, INFOWARCON, and the Black Hat Briefings.
  • He has also co-authored numerous books including "Implementing Internet Security," "Internet Security Professional Reference," "Windows NT Security," and "The Complete Internet Business Toolkit."
  • During the summer of 2003, Goggans was invited to become an Associate Professor at the University of Tokyo's Center for Collaborative Research.
  • During the winter of 2008, Chris Goggans was in India for ClubHack, India's own hackers' convention.
  • Goggans is president of SDI, Inc., a Virginia-based corporation providing information security consulting.Patrick Karel Kroupa (also known as Lord Digital, born January 20, 1969, in Los Angeles, California) is an American writer, hacker and activist.
  • Kroupa was a member of the legendary Legion of Doom hacker group and co-founded MindVox in 1991, with Bruce Fancher.
  • He was a heroin addict from age 14 to 30 and got clean through the use of the hallucinogenic drug ibogaine.

2. Patrick Karel Kroupa (also known as Lord Digital, born January 20, 1969, in Los Angeles, California)

  • was a member of the legendary Legion of Doom hacker group and co-founded MindVox in 1991, with Bruce Fancher.
  • He was a heroin addict from age 14 to 30 and got clean through the use of the hallucinogenic drug ibogaine
  • was born in Los Angeles, California, of Bohemian parents who left Prague, Czechoslovakia, after the Soviet invasion in 1968.
  • His parents were divorced when Kroupa was six, and he relocated to New York City, where he was raised by his mother.
  • He is the nephew of Czech opera singer Zdeněk Kroupa (b. 1921, d. 1999).
  • part of the first generation to grow up with home computers and network access.
  • he has repeatedly listed two events which were important in shaping the course of his later years.
  • The first was being exposed to one of the first two Cray supercomputers that were ever built, which was located at NCAR (the National Center for Atmospheric Research) where his father was a physicist, who took him through the labs and taught him to program in Fortran and feed the Cray using punched cards.
  • This happened during the same year that Woody Allen was filming Sleeper, using NCAR in many of the futuristic background scenes that appeared in the movie.
  • Kroupa got an Apple II computer for his own use around the time he was seven or eight years old.
  • The second event was being part of the last days of Abbie Hoffman's YIPL/TAP (Youth International Party Lines/Technological Assistance Program) counter-culture/Yippie meetings that were taking place in New York City's Lower East Side, during the early 1980s. Kroupa again lists this event, repeatedly in interviews, as opening many new doors for him and changing his perceptions about technology.
  • Patrick K. Kroupa, late 1980s.
    TAP was the original hacker and phone phreak publication which predated 2600 by decades (at the time of the last TAP meetings, 2600 magazine was just starting to publish its first issues).
  • met many people there who would become part of his life in the years to come.
  • Three of the main characters would be his future partner and life-long friend, Bruce Fancher; Yippie/Medical Marijuana activist Dana Beal (The Theoretician), who was part of the John Draper (Cap'n Crunch) /Abbie Hoffman, technologically-inclined branch of the counter-culture and perhaps most important: Herbert Huncke, who introduced Kroupa to heroin at age 14.
  • With the exception of the counter-cultural and hard-drug elements, the preceding history made Kroupa part of a small group, composed of a few hundred kids who were either wealthy enough to afford home computers in the late 70's, or had technologically-savvy families who understood the potentials of what the machines could do.
  • The Internet as it is today did not exist, only a small percentage of the population had home computers and out of those who did, even fewer had online access through the use of modems.
  • During his time in the computer underground Kroupa was a member of the first Pirate/Cracking crew to ever exist for the Apple II computer: The Apple Mafia as well as various phreaking/hacking groups, the most high-profile being the Knights of Shadow.
  • When KOS fell apart after a series of arrests, many of the surviving members were absorbed into Kroupa's final group affiliation: the Legion of Doom (LoD/H).
  • he started publishing some of his hacking techniques when he would have been around 12 or 13.
  • There is a significant progression through years of text, which captures Kroupa's early evolution and skills, culminating in an extensive, programmable phone phreaking and hacking toolkit for the Apple II computer, called Phantom Access (which is where the name Phantom Access Technologies, the parent corporation behind MindVox, would later come from).

3. Filmmaker David Buchwald, once known as Bill From RNOC (born September 4 1970)

  • was a hacker and leader of the Legion of Doom in the mid-1980s.
  • was a social engineer, with the ability to manipulate phone system employees anywhere in the United States.
  • he had a hacking skill with regard to Bell and AT&T systems (specifically COSMOS, SCCS, and LMOS), which allowed him virtually unrestricted access to phone lines, including the ability to monitor conversations, throughout the country.
  • Some of his original ideas are still in use by social engineers today.In 1995, Dave served as a technical consultant to the movie Hackers.
  • In 1997, Buchwald co-founded Crossbar Security with Mark Abene (a.k.a. Phiber Optik) and Andrew Brown. Crossbar provided information security services for a number of large corporations, but became a casualty of the dot-com bubble.
  • Crossbar went defunct in 2001, largely due to cuts in corporate security spending and an increase in the cost of corporate computer security advertising.
  • he works as a film editor and freelance photographer in New York City. He produces cover art for 2600 Magazine.
  • In August 2006, he completed his first feature film, Urchin.
  • He is recently produced and edited the independent film Love Simple and is in pre-production on the film Kuru, the second movie by the production company The Enemy.
  • He currently resides in the Bay Ridge area of Brooklyn, New York.

4. Loyd Blankenship (a.k.a. The Mentor) (born 1965)

5. Bruce Fancher (also known as Timberwolf)

  • was born on April 13, 1971.
  • was a member of the legendary Legion of Doom hacker group and co-founded MindVox in 1991, with Patrick K. Kroupa.
  • he was grew up in New York City.
  • He is the son of Ed Fancher, who founded the Village Voice with Dan Wolf and Norman Mailer, in 1955.
  • Much like Patrick Kroupa and many of his compatriots from the Legion of Doom, Bruce Fancher was part of the first generation to grow up with access to home computers and the networks that pre-dated the wide-scale adaptation of what became known as the internet.
  • Unlike most others, Fancher seems to have met most of the people who played major roles in his formative years, in person, at the YIPL/TAP meetings that were taking place on the Lower East Side of New York City.
  • Almost from the start, Fancher's peers were some of the smartest and most accomplished hackers and phone phreaks of the day.
  • The hacker underground didn't care how many years you had spent online; the only prerequisite for acceptance was to be highly intelligent.
  • Fancher fit right in and adapted and refined the cynical and jaded attitude that many of the LOD members had arrived at, and used his newfound skills to wreak havoc and play games with the so-called "Elite" of the time.
  • The hacker publication Phrack, is filled with out-of-character rants and indignant anger at the games Fancher was playing, as Timberwolf and a host of other names.
  • All of this culminated right around the time MindVox was first launched, with Phrack's first (and only) humor issue (Phrack #36), also called "Diet Phrack", which was filled with LOD members stepping out from behind their usual handles and acting more like what the world had grown to expect from their rival gang, MOD (Masters of Deception).
  • Among other articles, such as Chris Goggans' infamous "jive" version of the Book of MOD that set off the Great Hacker War, Phrack 36 included the first and last, official publication of an article co-written by Fancher and Kroupa, called "Elite Access", which was a cynical and funny expose of the "elite" and private hacker underground of the day.
  • The article was apparently worked on and edited during a 5 year period, and there are at least 3 different versions of it that still remain online including a much earlier, hardcore technical revision which has most of the commands to control phone company computers, deleted out of it.
  • Fancher and Kroupa's games with the "elite" made it into Kroupa's "Agr1ppa", a surreal parody of William Gibson's, Agrippa, which had been leaked to the world from MindVox.
  • The opening verses include a letter dated 1985, from the SysOp (System Operator) of a pirate BBS which had apparently thrown both Fancher and Kroupa off the system, for uploading cracked software, which they then infected with a virus.

6. Leonard Rose 1959 (age 49–50)

  • was in 1991 convicted of illicit use of proprietary software (UNIX 3.2 code) owned by AT&T.
  • More specifically the U.S. Attorney's Office in Baltimore stated that he stole Unix source code from AT&T and distributed two Trojan Horse programs designed to allow for unauthorized access to computer systems.
  • Incidents occurred between May, 1988 and January, 1990, according to the indictment.
  • a 33-year-old computer consultant and father of two, is also a felon.
  • He recently completed 81/2 months in a federal prison camp in North Carolina, plus 2 months in a halfway house. His crime? Passing along by computer some software code filched from Bell Labs by an AT&T employee.
  • who now lives in California, says he is still dazed by the harsh punishment he received. "The Secret Service," he says, "made an example of me."
    Maybe so. But if so, why are the cops suddenly cracking down on the hackers? Answer: because serious computer crime is beginning to reach epidemic proportions.
  • The authorities are struggling to contain the crimes, or at least slow their rapid growth.
    Rose agrees the hacker world is rapidly changing for the worse. "You're getting a different sort of person now," he says of the hacker community. "You're seeing more and more criminals using computers."
  • One well-known veteran hacker, who goes by the name Cheshire Catalyst, puts it more bluntly: "The playground bullies are coming indoors and learning how to type."
  • Rose and the Cheshire Catalyst are talking about a new breed of computer hackers. These aren't just thrill-seeking, boastful kids, but serious (if boastful) cybercrooks.
  • They use computers and telecommunications links partly for stunt hacking--itself a potentially dangerous and costly game--but also to steal valuable information, software, phone service, credit card numbers and cash. And they pass along and even sell their services and techniques to others--including organized crime.
  • Hacker hoods often exaggerate their escapades, but there is no doubt that their crimes are extensive and becoming more so at an alarming rate. Says Bruce Sterling, a noted cyberpunk novelist and author of the nonfiction The Hacker Crackdown (Bantam Books, 1992, $23): "Computer intrusion, as a nonprofit act of intellectual exploration and mastery, is in slow decline, at least in the United States; but electronic fraud, especially telecommunications crime, is growing by leaps and bounds."
  • Take the 19-year-old kid who calls himself Kimble--
  1. he is a very real person, but for reasons that will become clear, he asks us to mask his identity.
    Based in Germany, Kimble is the leader of an international hacker group called Dope.
  2. He is also one of the most celebrated hackers in his country.
  3. He has appeared on German Tv (in disguise) and is featured in the December issue of the German magazine Capital.
  4. From his computer terminal, Kimble spends part of each day cracking PBX systems in the U.S., a lucrative form of computer crime. PBXs are the phone systems businesses own or lease. Hackers break into them to steal access numbers, which they then resell to other hackers and, increasingly, to criminals who use the numbers to transact their business.
  5. These are hardly victimless crimes; businesses that rightfully own the numbers are expected to pay the billions of dollars of bogus phone bills charged on their stolen numbers each year (Forbes, Aug. 3).
  6. Kimble, using a special program he has written, claims he can swipe six access codes a day. He says he escapes prosecution in Germany because the antihacking laws there are more lax than in the U.S. "Every PBX iS an open door for me," he brags, claiming he now has a total of 500 valid PBX codes. At Kimble's going price of $200 a number, that's quite an inventory, especially since numbers can be sold to more than one customer.
  7. Kimble works the legal side of the street, too. For example, he sometimes works for German banks, helping them secure their systems against invasions. This might not be such a hot idea for the banks. "Would you hire a former burglar to install your burglar alarm? " asks Robert Kane, president of Intrusion Detection, a New York-based computer security consulting firm.
  8. Kimble has also devised an encrypted telephone that he says cannot be tapped. In just three months he says he has sold 100.
    Other hacker hoods Forbes Spoke to in Europe say they steal access numbers and resell them for up to $500 to the Turkish mafia. A solid market. Like all organized crime groups, they need a constant supply of fresh, untraceable and untappable telephone numbers to conduct drug and other illicit businesses.
  • Some crooked hackers will do a lot worse for hire. For example, one is reported to have stolen an East German Stasi secret bomb recipe in 1989 and sold it to the Turkish mafia. Another boasted to Forbes that he broke into a London police computer and, for $50,000 in deutsche marks, delivered its access codes to a young English criminal.
    According to one knowledgeable source, another hacker brags that he recently found a way to get into Citibank's computers. For three months he says he quietly skimmed off a penny or so from each account. Once he had $200,000, he quit. Citibank says it has no evidence of this incident and we cannot confirm the hacker's story. But, says computer crime expert Donn Parker of consultants sri International: "Such a 'salami attack' is definitely possible, especially for an insider."

Several LOD members were close friends of MOD who had been raided and indicted by the government, causing the majority of those who remained to drop out of the underground for safety reasons including those people above.

In their absence, LOD largely fell into disarray causing the disagreement and disillusionment that led Phiber Optik to align himself with MOD in an effort to restore the direction of the spirit of underground hacking.