SECRET SERVICE SEARCH WARRANT AFFADAVIT

(COMPUTER UNDERGROUND DIGEST ISSUE 2.11)

This is the affidavit submitted by the Secret Service in order to get permission to raid the SJ Games offices on March First. Also included here is the relevant section of the Phoenix Project log - the material on which the Secret Service agent based his allegation of "conspiracy". [Note that the Secret Service did NOT append the actual log material to the affidavit the judge saw - but we're including it so YOU can see it. It's interesting that they chose to omit it. It's interesting that the magistrate granted the warrant anyway.]

The moderators of Computer Underground Digest re-typed all this material from a photocopy supplied by SJ Games. To acknowledge their effort, we are reproducing their issue 2.11 in the form they distributed it, complete with their editorial comments, rather than just publishing the affidavit itself.

Correspondence about CuD should go directly to its moderators.

  ****************************************************************************
                  C O M P U T E R   U N D E R G R O U N D
                                D I G E S T
              ***  Volume 2, Issue #2.11 (November 13, 1990)   **
        *** SPECIAL ISSUE: SEARCH AFFIDAVIT FOR STEVE JACKSON GAMES ***
  ****************************************************************************

MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. It is assumed that non-personal mail to the moderators may be reprinted, unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
            views of the moderators. Contributors assume all responsibility
            for assuring that articles submitted do not violate copyright
            protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The application and affidavit for the search warrant for Steve Jackson Games (Case #A-90-54m), dated February 28, 1990, and signed by U.S. Magistrate Stephen H. Capelle in Austin Texas and Special Agent Timothy M. Foley of the U.S. Secret Service, has been released. The application alleges violations of Title 18 USC Sections 2314 and 1030 and was issued in the U.S. District Court (Western District of Texas).

We have retyped it, and there may be some typographical errors, but we have done our best to recreate it as is.

There are several features about the affidavit. First, the bulk of it is repititious and simply establishes the credentials of the investigators, summarizes basic terms, and provides general background that seems inconsequential in linking the persons to be searched to any substantive criminal activity. It should also be remembered that the "$79,449.00" document in question was shown to contain nothing of substance that is not available to the general public for under $14. Further, to our knowledge, there is no evidence, contrary to suggestions, that E911 software was obtained.

Most troublesome is the interpretation given to attached logs from The Phoenix Project that creates a conspiratorial scenario from a few ambiguous messages. While imaginative use of narrative is admirable in fiction, its use as a weapon of power is dangerous. At root, Steve Jackson Games was raided because an employee ran a BBS that made available, as did perhaps thousands of others BBSs nationwide, Phrack. The employee was also accused of being part of a "fraud scheme" because he had the temerity to explain what a Kermit protocol is in a two line message.

Perhaps Agent Foley is competent, but in reviewing this warrant questions arise regarding the raid on SJG that should not go unanswered.


ATTACHMENT A

2700 "A" Metcalfe Road is located in the city of Austin, State of Texas, County of Travis. Said address is a two-story square building measuring approximately 50 feet on a side located on the south side of Metcalfe Street.

The bottom story is multi-colored brick face and the upper story is white wood frame construction.

A balcony surrounds the upper story. The address "2700A" is on two sides in white letters, and the numbers are approximately ten inches high. An outside wooden stairway connects the floors on the south side of the building. The driveway is of gravel. A large all-metal warehouse-type building is immediately behind the address.

(End Attachment A)


ATTACHMENT B

Computer hardware (including, but not limited to, central processing unit(s), monitors, memory devices, modem(s), programming equipment, communication equipment, disks, and prints) [sic] and computer software (including but not limited to, memory disks, floppy disks, storage media) and written material and documents relating to the use of the computer system (including networking access files), documentation relating to the attacking of computers and advertising the results of computer attacks (including telephone numbers and licensing documentation relative to the computer programs and equipment at the business known as Steve Jackson Games which constitute evidence, instrumentalities and fruits of federal crimes, including interstate transportation of stolen property (18 USC 2314) and interstate transportation of computer access information (18 USC 1030 (a)(6)). This warrant is for the seizure of the above described computer and computer data and for the authorization to read information stored and contained on the above described computer and computer data.

(End Attachment B)



State of Texas      )
                    )     ss
County of Travis    )

AFFIDAVIT

1. I, Timothy Foley, am a Special Agent of the United States Secret Service and have been so employed for the past two years. I am presently assigned to the United States Secret Service in Chicago. Prior to that I was employed as an attorney practicing in the City of Chicago and admitted to practice in the State of Illinois. I am submitting this affidavit in support of the search warrants for the premises known as: (a) the residence of Loyd Dean Blankenship, 1517G Summerstone, Austin, Texas; (b) the employment location of Blankenship, the business known as Steve Jackson Games, 2700-A Metcalfe Road, Austin Texas; and (c) the residence of Chris Goggans, 3524 Graystone #192, Austin, Texas.

SOURCES OF INFORMATION

2. This affidavit is based on my investigation and information provided to me by Special Agent Barbara Golden of the Computer Fraud Section of the United States Secret Service in Chicago and by other agents of the United States Secret Service.

3. I have also received technical information and investigative assistance from the experts in the fields of telecommunications, computer technology, software development and computer security technology, including:

a. Reed Newlin, a Security Officer of Southwestern Bell, who has numerous years of experience in operations, maintenance and administration of telecommunications systems as an employee of the Southwestern Bell Telephone Company.

b. Henry M. Kluepfel, who has been employed by the Bell System or its divested companies for the last twenty-four years. Mr. Kluepfel is presently employed by Bell Communications Research, (Bellcore) as a district manager responsible for coordinating security technology and consultation at Bellcore in support of its owners, the seven regional telephone companies, including Bell South Telephone Company and Southwestern Bell Telephone Company. Mr. Kluepfel has participated in the execution of numerous Federal and State search warrants relative to telecommunications and computer fraud investigations. In addition, Mr. Kluepfel has testified on at least twelve occasions as an expert witness in telecommunications and computer-fraud related crimes.

c. David S. Bauer, who has been employed by Bell Communications Research (Bellcore) since April 1987. Mr. Bauer is a member of the technical staff responsible for research and development in computer security technology and for consultation in support of its owners, the seven regional telephone companies, including Bell South. Mr. Bauer is an expert in software development, communications operating systems, telephone and related security technologies. Mr. Bauer has conducted the review and analysis of approximately eleven computer hacking investigations for Bellcore. He has over nine years professional experience in the computer related field.

Violations Involved

4. 18 USC 2314 provides federal criminal sanctions against individuals who knowingly and intentionally transport stolen property or property obtained by fraud, valued at $5,000 or more ininterstate commerce. My investigation has revealed that on or about February 24, 1989, Craig Neidorf transported a stolen or fraudulently obtained computerized text file worth approximately $79,000.000 from Columbia, Missouri, through Lockport, Illinois to Austin, Texas to Loyd Blankenship and Chris Goggans.

5. 18 USC 1030 (a)(6) and (b) provide federal criminal sanctions against individuals who knowingly and with intent to defraud traffic or attempt to traffic, in interstate commerce, in passwords or similar information through which a computer may be accessed without authorization. My investigation has revealed that on or about January 30, 1990, Loyd Blankenship and Chris Goggans attempted to traffic in illegally obtained encrypted passwords received from other computer hackers. My investigation has further revealed that, through the use of sophisticated decryption equipment and software, they planned to decrypt the encrypted passwords provided by the hackers. They then planned to provide the original hackers with the decrypted passwords which they in turn could use to illegally access previously guarded computers.

DEFINITIONS

6. COMPUTER HACKERS/INTRUDERS - Computer hackers or intruders are individuals involved with the unauthorized access of computer systems by various means. The assumed names used by the hackers when contacting each other are referred to as "hacker handles."

7. BULLETIN BOARD SYSTEM (BBS) - A bulletin board system (also referred to as a "Bulletin board" or "BBS") is an electronic bulletin board accessible by computer. Users of a bulletin board may leave messages, data, and software readable by others with access to the bulletin board. Bulletin board readers may copy, or "download," onto their own machines material that appears on a bulletin board. Bulletin boards typically are created and maintained by "systems operators" or "system administrators". Hackers frequently use bulletin boards to exchange information and data relating to the unauthorized use of computers.

8. E911 - E911 means the enhanced 911 telephone service in universal use for handling emergency calls (police, fire, ambulance, etc.) in municipalities. Dialing 911 provides the public with direct access to a municipality's Public Safety Answering Point (PSAP). Logistically, E911 runs on the public telephone network with regular telephone calls into the telephone company switch. However, incoming 911 calls are given priority over all other calls. Then the 911 call travels on specially dedicated telephone lines from the telephone company's switch to the fire, police and emergency reaction departments in the city closest to the location of the caller. It is essential for the emergency unit to know the location of the caller, so one of the most important parts of the system is the Automatic Location Identifier (ALI), which automatically locates where the telephone call originates, and the Automataic Number Identification (ANI), which holds the telephone number of the calling party even if the caller hangs up. The E911 system of Bell South is described in the text of a computerized file program and is highly proprietary and closely held by its owner, Bell South. The file describes the computerized control, operation and maintenance of the E911 system.

9. ELECTRONIC MAIL - Electronic mail, also known as e-mail, is a common form of communication between individuals on the same or on separate computer systems. Persons who may send or receive electronic mail are identified by an electronic mail address, similar to a postal address. Although a person may have more than one electronic mail address, each mail address identifies a person uniquely.

10. LEGION OF DOOM - At all times relevant herein, the Legion of Doom, (LOD), was a closely knit group of computer hackers involved in:

a. Disrupting telecommunications by entering telephone switches and changing the routing on the circuits of the computers.

b. Stealing propriety (sic) computer source code and information from individuals that owned the code and information

c. Stealing credit information on individuals from credit bureau computers.

d. Fraudulently obtaining money and property from companies by altering the computerized information used by the companies.

e. Disseminating information with respect to their methods of attacking computers to other computer hackers in an effort to avoid the focus of law enforcement agencies and telecommunication security experts.

11. PASSWORD ENCRYPTION - A password is a security device that controls access to a computer, (log on privileges) or to special portions of a computer's memory. Encryption further limits access to a computer by converting the ordinary language and/or numerical passwords used on a computer into cipher or code. Decryption is the procedure used to transform coded text into the original ordinary language and/or numerical format.

12. TRANSFER PROTOCOL - transfer protocol is a method of transferring large files of information from one computer to another over telephone lines. Using a transfer protocol a file is uploaded (sent) and downloaded (received). This transfer procedure breaks blocks of data into smaller packages for transmission and insures that each block of data is an error free copy of the original data. Transfer protocols may also encode and decode transmissions to insure the privacy of the transferred information.

INVESTIGATION OVERVIEW

13. My investigation to date has disclosed that computer hacker Robert Riggs of the Legion of Doom, (LOD), stole the highly proprietary and sensitive Bell South E911 Practice text file from Bell South in Atlanta, Georgia in about December, 1988 and that this stolen document was distributed in "hacker" newsletters through the use of e-mail. These newsletters included the "Phrack" newsletter issue #24 distributed in February, 1989 by Crig Neidorf to LOD members, including Loyd Blankenship and Chris Goggans of Austin, Texas. The E911 Practice was posted on the "Phoenix Project" BBS, in January, 1990, so that anyone with access to the BBS could download a copy of the E911 Practice onto any other computer. The "Phoenix Project" BBS is run jointly by co-systems operators Loyd Blankenship, (hacker handle, The Mentor), and Chris Goggans, (hacker handle, Eric [sic] Bloodaxe), who both have sent e-mail communications identifying themselves as members of LOD. My investigation has also disclosed that Loyd Blankenship and Chris Goggans, through their hacker BBS "Phoenix Project," have established a password decryption service for hackers who had obtained encrypted passwords from computers they had been attacking.

THEFT OF E911 TEXT FILE

14. In March, 1988, Bell South developed a sophisticated new program which describes in great detail the operation of the E911 system and the 911 support computer in Sunrise, Florida that controls ALI and ANI information. This program, which was enginered at a cost of $79,449.00, was locked in a secure computer (AIMSX) in Bell South's corporate headquarters in Atlanta, Georgia. The document was and is highly proprietary and contained the following warning:

NOTICE: NOT FOR USE OR DISCLOSURE OUTSIDE BELL SOUTH OR ANY OF ITS SUBSIDIARIES EXCEPT UNDER WRITTEN AGREEMENT.

15. In July, 1989, Robert Riggs apartment in Decatur, Georgia was searched by United States Secret Service agents from Atlanta pursuant to a federal search warrant.

16. At the time of the search, Riggs, (hacker handle, The Prophet), was interviewed by Special Agent James Cool of the USSS- Atlanta and representatives of Bell South from Atlanta. During this extensive interview, Riggs admitted that he illegally gained remote access into Bell South's AIMSX computer through an account to which access was not secured by a password, and that once on the machine he executed a program designed to search for passwords and to obtain other account names on the computer. He stated that once he was on the computer, he found the E911 protocol document and downloaded it from the Bell South computer to his home computer. He subsequently uploaded the E911 file from his home computer to a computer bulletin board. (He did not give the agents the name of the bulletin board).

17. Riggs' admissions were corroborated by interviews with Rich Andrews, the operator of the computer bulletin board known as JOLNET BBS in Lockport, Illinois. Andrews disclosed that in about January, 1989, a hacker known to him by the handle PROPHET uploaded an E911 program with bell South proprietary markings onto his BBS. This program was then downloaded from the BBS to another hacker known to him by the handle Knight Lightning (Craig Neidorf).

PHRACK PUBLICATION

18. On January 18, 1990, pursuant to a federal grand jury subpoena, I received documents from the administration of the University of Missouri regarding computer publications of Craig Neidorf, a student at University of Missouri and Randly Tishler, a former student at University of Missouri, (hacker handle, Taran King), which showed that Neidorf and Tishler were publishing the computer hacker newsletter entitled "Phrack" which they were distributing to computer hackers around the United States through the use of the University of Missouri account on a telecommunication network called Bitnet.

19. On January 18, 1990, Security Officer Reed Newlin of Southwestern Bell Telephone and I interviewed Craig Neidorf at the Zeta Beta Tau Fraternity House at Columbia, Missouri. During the course of the interview, Neidorf admitted to me and Security Officer Newlin that he used the hacker handle Knight Lightning; that he and Randy Tishler were the publishsers of two hacker newsletters entitled "Phrack" and "Pirate."

20. Also during the course of this interview, Neidorf admitted that he had a copy of a hacker tutorial regarding the operation of the E911 system in his room. He admited that he had edited the E911 Practice into a hacker tutorial. He also admitted that he knew that the E911 Practice had been stolen from a telecommunications company by Robert J. Riggs and that the tutorial, (the edited E911 Practice File), had been published in the Phrack newsletter issue 24. At this point of the interview, Neidorf excused himself, saying he was going to his room, and he returned moments later with a floppy disk containing the copy of the E911 document published in Phrack magazine. 21. In addition to Neidorf's admission that he knew the E911 tutorial had been stolen, my investigation has revealed other facts reflecting that Neidorf was aware that the E911 data received from Riggs in Atlanta was stolen. In July, 1989, I reviewed documentation received from Rich Andrews, the system administrator of the JOLNET BBS. Included in the documentation was an edited version of the E911, the document received from Neidorf, dated January 23, 1989, which included the following notation on his version:

NOTICE: NOT FOR USE OR DISCLOSURE OUTSIDE BELLSOUTH OR ANY OF ITS SUBSIDIARIES EXCEPT UNDER WRITTEN AGREEMENT. (WHOOPS)

22. Distribution records of Phrack 24 recovered from Richard Andrews in Lockport in July 1989 reflect that copies of this newsletter containing the proprietary E911 information and the proprietary markings from Bell South were forwarded from Neidorf's computer in Colombia [sic], Missouri to Loyd Blankenship's computer in Austin, Texas on or about February 24, 1989.

23. I have personally examined the Phrack newsletter number 24 and observed that the newsletter does in fact contain a slightly edited copy of the stolen Bell South E911 Practice text file with the warning:

NOTICE: NOT FOR USE OR DISCLOSURE OUTSIDE BELLSOUTH OR ANY OF ITS SUBSIDIARIES EXCEPT UNDER WRITTEN AGREEMENT. (WHOOPS)

REPUBLICATION OF E911 BY PHOENIX PROJECT

24. On February 26, 1990, Hank Kluepfel of Bellcore advised me that the Phoenix Project BBS run by Loyd Blankenship and Chris Goggans was in operation on January 15, 1990. Mr. Kluepfel advised that he had made this determination by successfully logging on to Phoenix Project at telephone number 512-441-0229 on about January 30, 1990 and observing messages dated from January 15, 1990 to January 30, 1990, on the BBS. Mr. Kluepfel also advised me that the BBS system information identified the Mentor and Erik Bloodaxe as the system administrators on the BBS.

25. On February 14, 1990, Mr. Kluepfel advised me that after accessing the Phoenix Project BBS, he had gone to the Phrack sub- menu of the BBS and observed Phrack 24 on the menu. Mr. Kluepfel further advised me that upon review of Phrack 24, he observed that the Bell South E911 Practice text file was still in the edition carried by the Phoenix Project BBS.

26. On February 14, 1990, Mr. Kluepfel advised me that he had downloaded a copy of Phoenix Project's user list (its electronic mailing list) and that it reflected that seeral of the hackers on the list of users were located in the Northern District of Illinois.

PHOENIX PROJECT DECRYPTION SERVICE

27. On February 14, 1990, Mr. Kluepfel advised me that on January 23, 1990, the co-systems administrator on the Phoenix Project BBS, Erik Bloodaxe, had published a notice that the BBS was beginning a new decryption service. Bloodaxe invited the readers of the newsletter to send the BBS encrypted passwords for any UNIX or Prime computer system, and the system administrators would decrypt the passwords and return them. Bloodaxe also indicated that the systemes administrators would probably access the computer using the password as well. In a later message on January 26, 1990, The Mentor responded to a question about a transfer protocol that had been set out, but not explained in Bloodaxe's notice, indicating his involvement in the decryption scheme.

28. On February 14, 1990, Mr. Kluepfel advised me that the password file decryption service offered by the Phoenix Project provided computer hackers with information through which a computer could be acessed without authorization under the meaning of 18 USC 1030 (a)(6) and (b) and constituted a threat to Bellcore's client companies including Bell South.

IDENTIFICATION OF BLANKENSHIP AND GOGGANS

29. Among the documents that had been printed out from the University of Missouri computers, which I received from the University of Missouri computers, which I received from the administration of the University of Missouri, were lists of hackers and their corresponding real names. On that list were the names of Loyd Blankenship and Chris Goggans and their respective hacker handles of The Mentor and Erik Bloodaxe.

30. Among the documents seized in the search of Neidorf's house were phone lists which included the full names of Loyd Blankenship and Chris Goggans and identified them as The Mentor and Erik Bloodaxe, respectively.

31. On February 6, 1990, Mr. Kluepfel provided me with copies of a Phrack newsletter which contained a September 23, 1989, profile of computer hacker Erik Bloodaxe. The profile indicated that the Erik Bloodaxe's real name was Chris, that he was 20 years old, 5'10", 130 pounds, that he had blue eyes, brown hair and that he used various computers including an Atari 400, various computer terminals with limited computing capability that are or can be linked to a central computer, and a CompuAid Turbo T. The profile reflects that Erik Bloodaxe was a student in computer science at the University of Texas in Austin.

32. On February 6, 1990, Mr. Kluepfel provided me with a copy of Phrack containing a January 18, 1989 profile of the computer hacker known as The Mentor. The profile indicated that the Mentor's real name was Loyd, that he was 23 years old, 120 pounds, 5'10", that he had brown hair, brown eyes and that he had owned a TRS-80, an Apple IIe, an Amiga 1000, and a PC/AT.

33. The identification of Loyd Blankenship as The Mentor in the Phrack profile was corroborated on February 22, 1990, by information provided by Larry Coutorie an inspector with campus security at the University in Austin, Texas who advised me that his review of locator information at the University of Texas in Austin disclosed current drivers license information on Loyd Dean Blankenship reflecting that Blankenship resides at 1517G Summerstone, in Austin, Texas, telephone number 512-441-2916 and is described as a white, male, 5'10", with brown hair and brown eyes. He further advised that Blankenship is employed at Steve Jackson Games, 2700-A Metcalfe Road, Austin, Texas where he is a computer programmer and where he uses a bulletin board service connected to telephone number 512-447-4449.

34. According to telephone company records the telephone number 512-441-0229, the number for the Phoenix Project BBS, is assigned to the address 1517 G Summerstone, Austin, Texas, which is the residence of Loyd Blankenship.

35. Hank Kluepfel has advised me that he has loged on to the BBS at 512-447-4449 and that The Mentor is listed as the systems operator of the BBS. Mr. Kluepfel further advised me that the user list of that BBS contains the name of Loyd Blankenship and others known to Mr. Kluepfel has hackers. Also, Mr. Kluepfel observed that Loyd Blankenship is a frequent user of the BBS.

36. Similarly, the identification of Chris Goggans as the Erik Bloodaxe described in the Phrack profile was corroborated on February 22, 1990, by Larry Coutorie who advised me that his review of locator information at the University of Texas with respect to Chris Goggans disclosed that Goggans resides at 3524 Graystone #192, in AUstin, Texas and that his full name is Erik Christian Goggans. Goggans, who goes by the name Chris, is a white, male, with blond hair and blue eyes date of birth 5/5/69, 5'9", 120 pounds.

37. On February 19, 1990, I was advised by Margaret Knox, Assistant Director of the Computation Center, University of Texas, Austin, Texas, that a young man presented himself to her as Chris Goggans in response to the University sending a notification of the Grand Jury subpoena for University records pertaining to Chris Goggans to Chris Goggans at 3524 Graystone #192, Austin, Texas. The young man also told her that he was Erik Bloodaxe of the Legion of Doom.

Locations to be Searched

38. Based on the above information and my own observations, I believe that the E911 source code and text file and the decryption software program are to be found in the computers located at 1517G Summerstone, Austin, Texas, or at 2700-A Metcalfe Road, Austin, Texas, or at 3524 Graystone #192, Austin, Texas, or in the computers at each of those locations.

39. The locations to be searched are described as: the premises known as the residence of Loyd Dean Blankenship, 1517G Summerstone, Austin, Texas; the employment location of Blankenship, the business known as Steve Jackson Games, 2700-A Metcalfe Road, AUstin, Texas; and the residence of Chris Goggans, 3524 Graystone #192, Austin, Texas. Those locations are further described in Attachment A to this Affidavit for Search Warrant.

Evidence To Be Found

40. On February 2, 1990, Jerry Dalton of AT&T advised me that based upon his background, experience and investigation in this case and investigating approximately 50 other incidents this year involving the unauthorized use of other computer systems, including individuals that run computer bulletin boards, these individuals typically keep and use the following types of hardware, software and documents to execute their fraud schemes and operate their computers and computer bulletin boards:

a. Hardware - a central processing unit, a monitor, a modem, a key board, a printer, and storage devices (either cartridge tapes, 9-track magnetic tapes, floppy disks or axillary [sic] disk units), telephone equipment (including) automatic dialing equipment, cables and connectors), tape drives and recording equipment.

b. Software - hard disks and floppy disks containing computer programs, including, but not limited to software data files, electronic mail files, UNIX software and other AT&T proprietary software.

c. Documents - computer related manuals, computer related textbooks, looseleaf binders, telephone books, computer printout, cassette tapes, videotapes and other documents used to access computers and record information taken from the computers during the above referred breakins. Financial and licensing information with respect to the computer hardware and software.

41. Based on the above information and my own observation, I believe that at the premises known as the residence of Loyd Dean Blankenship, 1571G Summerstone, Austin, Texas; the employment location of Blankenship, the business known as Steve Jackson Games, 2700-A Metcalfe Road, Austin, Texas; and the residence of Chris Goggans, 3524 Graystone, #192, Austin Texas there is computer hardware (including central processing unit(s), monitors, memory devices, (modem(s), programming equipment, communication equipment, disks, prints and computer software (including but not limited to memory disks, floppy disks, storage media) and written material and documents relating to the use of the computer system (including networking access files, documentation relating to the attacking of computer and advertising the results of the computer attack (including telephone numbers and location information). This affidavit is for the seizure of the above described computer and computer data and for the authorization to read information stored and contained on the above described computer and computer data which are evidence of violations of 18 USC 2314 and 1030, as well as evidence, instrumentalities or fruits of the fraud scheme being conducted by the operator of the computer at that location.

42. Request is made herein to search and seize the above described computer and computer data and to read the information contained in and on the computer and computer data.

                               (signature of) Timothy M. Foley
                               Special Agent Timothy Foley
                               United States Secret Service
Sworn and Subscribed to before
me this 28th day of February, 1990

(signature of) Stephen H. Capelle
UNITED STATES MAGISTRATE

(END OF SEARCH AFFIDAVIT)



A document attached to the search affidavit reproduced 17 messages from The Phoenix Project written from Jan. 23 - Jan. 29, 1990. We have retyped messages 13/17, but substituted the original posts (18/29) from TPP logs we have obtained. The differences in message numbers (eg 13/58 from Henry Kluepfel's logs, or our source's logs, eg, 22/47) reflect that the notes were captured on different days. We have compared the logs from both our source and the document, and they are identical. Hence, the difference in capturing dates is of no consequence.

There are several points that should be considered in reading the logs:

1. The affidavit claims that the logs substantiate the claim that an encryption service existed. In fact, they do no such thing. The claim is based primarily on message 13 (Jan 23), which includes the comment "What do you people think? Bad idea? Good idea? Hell...It is just another attempt by me to piss everyone off."

2. The bulk of these messages are inconsequential general discussions, and include brief discussion of transfer protocols.

3. Timothy Foley's "evidence" that The Mentor is involved in the situation is message 23, in which The Mentor is "guilty" of saying that Kermit is a 7-bit transfer protocol, is found on mainframes, and works through outdials. From this, Foley says:

In a later message on January 26, 1990, the Mentor responded to a question about a transfer protocol that been set out, but not explained in Bloodaxe's notice, indicating his involvement in the decryption scheme (#27, p. 12).

4. The messages before and after these dates are general, and there is little substantive discussion of the "decryption service."

It appears that Loyd Blankenship is "guilty" of posting phracks on The Phoenix Project, as are perhaps thousands of other sysops across the country, and of the "criminal act" of summarizing Kermit.

We will leave it to others to judge and comment upon the logic and quality of the document(s).

+++++++++++++++++++++++++++++++++++++++++++++++++
(The following is the first page of a 3 page document attached to
the affidavit. It has been retyped from the original).
+++++++++++++++++++++++++++++++++++++++++++++++++

New user pw= GUNSHIP

13/58: things...
Name: Erik Bloodaxe #2
Date: Tue Jan 23 22:57:29 1990
I think it's time for your friend at The Legion of Doom to start a new
service...(with great help from friends)
Decryption service! On any unix or Prime, send the etc/passwd file, or the
UAF file to the sysop directory, and you will be mailed back the encrypted
UAF file to the sysop directory, and you will be mailed back the encrypted
passwords...(on UNIX any pw that the deszip could bust)
The Prime UAF must be in binary, so kermit it from the site, and xmodem it
here.
In return, we will not distribute any information gained from your site, but
we will probably look around it anyway...but it will remain between you and
us.
What do you people think? Bad idea? Good idea? Hell...It is just another
attempt by me to piss everyone off.
->ME

14/58: aha..!
Name: Phoenix #17
Date: Wed Jan 24 01:30:35 1990
ummm...hmmm
(doesn't know what to say..)

15/58: Heck
Name: The Parmaster #21
Date: Wed Jan 24 07:48:01 1990
    Personally i like it :-)
Jason.

16/58: Decryption
Name: Grey Owl #10
Date: Wed Jan 24 19:10:52 1990
I think it's a great idea. I get a whole shitload of passwd files and some
UAF files too.               |||_______got!
grey owl

17/58: Just a couple of questions...
Name: Konica #47
Date: Wed Jan 24 23:41:13 1990
Well since the feds know this is a hacker board whats stopping them from
tracing every incoming call to Pheonix Project and getting all the #'s, then
monitoring then for illegal activity?

And just say I was calling through my personal calling card....What would
they get as the incomming #?
If I had a DNR on my line is there any way I could find out?
Sorry about this but I am not as good as most of you (except for the guy that
keeps posting codes) and the only way I am going to learn is by trying shit
out and asking questions...
Hope this is the right sub for these questions....

+++++++++++++++
(The following are the actual logs; Typos were not removed)
+++++++++++++++

18/47: vv
Name: Dtmf #27
Date: Thu Jan 25 03:22:29 1990

RE: Just a couple of questions...

To check the DNR the best bet woud be to call bell security, or the SCC

19/47: well..
Name: Phoenix #17
Date: Thu Jan 25 07:27:43 1990

nothing stops them from tracing..
I dont know how it works there.. but down here all traces are illegal unless
they are for drug/murder reasons.. (well not traces, but taps are..)

20/47: Feds...
Name: Erik Bloodaxe #2
Date: Thu Jan 25 17:05:35 1990

Absolutely nothing would stop them from collecting all local calls, and/or any
longdistance company records of calls coming into this number...in fact, I
kind of expect them to at least get all local calls here...hell Austin is all
ess...most of them 5's...(I think...maybe 1's)

However, I doubt that tapping the data line is worth their while...especially
when they can just log on and read everything anyway.  And the mail just isn't
that spectacular...

In any case, all calls here made by legal means are legaal, so don't worry
about it.  Just because tee nature of this bbs isn't that of your average
mainstream bbs, doesn't negate its legality.  Information posted here is kept
legal.

If you are truly worried about it, don't call, and sit home being paranoid.

Hell, I'm local...I call direct...and now I do it at 300 baud.  Hell, I can
almost tell what's being typed at 300 baud while listening to it...forget the
data tap!  Hehe, although a 300 baud data tap is SO simple to playback
completely error free...at 1200 or 2400 you kind of have to get the recording
levels just right...but 300 gives you plenty of room for error...

21/47: ess 1,5
Name: Dark Sun #11
Date: Thu Jan 25 20:14:00 1990

hey, whats the diff??? :-)
                                  DS

22/47: decryption
Name: Silencer #31
Date: Thu Jan 25 23:35:01 1990

hmmm....like...you mean once you have an account...read the user file and then
you will deencrypt all the passcodez...sounds good....but what the fuck is
kermit...
     - Silencer

23/47: kermit
Name: The Mentor #1
Date: Fri Jan 26 10:11:23 1990

Kermit is a 7-bit transfer protocol that is used to transfer files to/from
machines. It is mostly found on mainframes (it's a standard command on VAX,
for instance). Kermit has the added advantage of being able to work through an
outdial (because it is 7-bit).

Mentor

24/47: Kermit
Name: Sicilumm Thorne #28
Date: Fri Jan 26 11:20:10 1990

    Kermit is merely another transfer protocol like Sealink, Xmodem, Modem7,
Zmodem, et cetera.

    Its relatively slow, but was thought to be better than Xmodem, due to its
capabilties.  (Don't remember what they are, I use Zmodem).

    Sic.

25/47: my kermit
Name: Ravage #19
Date: Fri Jan 26 12:24:21 1990

lets me set it at 8 bits also. just another trivial note.

26/47: from what I know...
Name: Dark Sun #11
Date: Fri Jan 26 16:26:55 1990

kermit was originally designed to allow transmission of data across 2
computers running with different parity settings.
                             DS

27/47: and..
Name: Phoenix #17
Date: Sat Jan 27 07:28:45 1990

as a major disadvantage.. it is damn slow!

Phoenix

28/47: Well....
Name: Johnny Hicap #45
Date: Sat Jan 27 21:28:18 1990

No one answered that question (forget who posted it) that if he was calling
through a calling card is it possible to get the number of the person who
called even he was calling through hs calling card? What would they get as the
number comming in? Would they get the card? Of course then they would just see
who owns it.

JH!

29/47: more Kermit BS
Name: Grey Owl #10
Date: Sat Jan 27 23:53:57 1990

Kermit is slower than Xmodem, BTW.  The packets are smaller (usually 64 bytes)
and the error-checking is shot to hell with any line noise.  It's better than
ASCII though!

grey owl

********************************************************************
                          ** END OF CuD #2.11 **
********************************************************************