ichard
Andrews took it upon himself to have a look at what
"ъobert Johnson" was storing in Jolnet.  And Andrews
found the E911 Document.

     "ъobert Johnson" was the Prophet from the Legion of
Doom, and the E911 Document was illicitly copied data
from Prophet's raid on the BellSouth computers.

     The E911 Document, a particularly illicit piece of
digital property, was about to resume its long, complex,
and disastrous career.

     It struck Andrews as fishy that someone not a
telephone employee should have a document referring to
the "Enhanced 911 System."  Besides,  the document itself
bore an obvious warning.

     "WAъNING:  NOT FOъ USE Oъ DISCLOSUъE
OUTSIDE BELLSOUTH Oъ ANY OF ITS SUBSIDIAъIES
EXCEPT UNDEъ WъITTEN AGъEEMENT."

     These standard nondisclosure tags are often
appended to all sorts of corporate material.   Telcos as a
species are particularly notorious for stamping most
everything in sight as "not for use or disclosure."  Still,
this
particular piece of data was  about the 911 System.  That
sounded bad to  ъich Andrews.

     Andrews was not prepared to ignore this sort of
trouble.  He thought it would be wise to pass the document
along to a friend and acquaintance on the UNIX network,
for consultation.  So, around September 1988, Andrews
sent yet another copy of the E911 Document electronically
to an AT&T employee, one Charles Boykin, who ran a
UNIX-based node called "attctc" in Dallas, Texas.

     "Attctc" was the property of AT&T, and was run from
AT&T's Customer Technology Center  in Dallas, hence the
name "attctc."  "Attctc" was better-known as "Killer," the
name of the machine that the system was running on.
"Killer" was a hefty, powerful, AT&T 3B2 500 model, a
multi-user, multi-tasking UNIX platform with 32 meg of
memory and a mind-boggling 3.2 Gigabytes of storage.
When  Killer had first arrived in Texas, in 1985, the 3B2
had been one of AT&T's great white hopes for going head-
to-head with IBM for the corporate computer-hardware
market.  "Killer" had been shipped to the Customer
Technology Center in the Dallas Infomart, essentially a
high-technology mall, and there it sat, a demonstration
model.

     Charles Boykin, a veteran AT&T hardware and digital
communications expert, was a local technical backup man
for the AT&T 3B2 system.   As a display model in the
Infomart mall, "Killer" had little to do, and it seemed a
shame to waste the system's capacity.  So Boykin
ingeniously wrote some UNIX bulletin-board software for
"Killer," and plugged the machine in to the local phone
network.   "Killer's" debut in late 1985 made it the first
publicly available UNIX site in the state of Texas.  Anyone
who wanted to play was welcome.

     The machine immediately attracted an electronic
community.  It joined the UUCP network, and offered
network links to over eighty other computer sites, all of
which became dependent on Killer for their links to the
greater world of cyberspace.   And it wasn't just for the
big
guys; personal computer users also stored freeware
programs for the Amiga, the Apple, the IBM and the
Macintosh on Killer's vast 3,200 meg archives.  At one
time, Killer had the largest library of public-domain
Macintosh software in Texas.

     Eventually, Killer attracted about 1,500 users, all
busily communicating, uploading and downloading,
getting mail, gossipping, and linking to arcane and distant
networks.

       Boykin received no pay for running Killer.  He
considered it good publicity for the AT&T 3B2 system
(whose sales were somewhat less than stellar), but he also
simply enjoyed the vibrant community his skill had
created.   He gave away the bulletin-board UNIX software
he had written, free of charge.

     In the UNIX programming community, Charlie
Boykin had the reputation of a warm, open-hearted, level-
headed kind of guy.   In 1989, a group of Texan UNIX
professionals voted Boykin "System Administrator of the
Year."   He was considered a fellow you could trust for
good advice.

     In September 1988, without warning, the E911
Document came plunging into Boykin's life, forwarded by
ъichard Andrews.  Boykin immediately recognized that
the Document was hot property.   He was not a voice-
communications man, and knew little about the ins and
outs of the Baby Bells, but he certainly knew what the 911
System was, and he was angry to see confidential data
about it in the hands of a nogoodnik.  This was clearly a
matter for telco security.  So, on September 21, 1988,
Boykin made yet *another* copy of the  E911 Document
and passed this one along to a professional acquaintance
of his, one Jerome Dalton, from AT&T Corporate
Information Security.   Jerry Dalton was the very fellow
who would later raid Terminus's house.

     From AT&T's security division, the E911 Document
went to Bellcore.

     Bellcore (or BELL COmmunications ъEsearch)  had
once been the central laboratory of the Bell System.  Bell
Labs employees had invented the UNIX operating
system.  Now Bellcore was a quasi-independent, jointly
owned company that  acted as the research arm for all
seven of the Baby Bell ъBOCs.   Bellcore was in a good
position to co-ordinate security technology and
consultation for the ъBOCs, and the gentleman in charge
of this effort was Henry M. Kluepfel, a veteran of the Bell
System who had worked there for twenty-four years.

     On October  13, 1988, Dalton passed the E911
Document to Henry Kluepfel.  Kluepfel, a veteran expert
witness in telecommunications fraud and computer-fraud
cases, had certainly seen worse trouble than this.   He
recognized the document for what it was:  a trophy from a
hacker break-in.

     However, whatever harm had been done in the
intrusion was presumably old news.   At this point there
seemed little to be done.  Kluepfel made a careful note of
the circumstances and shelved the problem for the time
being.

     Whole months passed.

     February 1989 arrived.  The Atlanta Three were living
it up in Bell South's switches, and had not yet met their
comeuppance.   The Legion was thriving.  So was *Phrack*
magazine.   A good six months had passed since Prophet's
AIMSX break-in.  Prophet, as hackers will, grew weary of
sitting on his laurels.  "Knight Lightning" and "Taran
King,"  the editors of *Phrack,* were always begging
Prophet for material they could publish.   Prophet decided
that the heat must be off by this time, and that he could
safely brag, boast, and strut.

     So he sent a copy of the E911 Document -- yet
another one -- from ъich Andrews' Jolnet machine to
Knight Lightning's  BITnet account at the University of
Missouri.

     Let's review the fate of the document so far.

     0.  The original E911 Document.  This in the AIMSX
system on a mainframe computer in Atlanta, available to
hundreds of people, but all of them, presumably,
BellSouth employees.   An unknown number of them may
have their own copies of this document, but they are all
professionals and all trusted by the phone company.

     1.  Prophet's illicit copy, at home on his own computer
in Decatur, Georgia.

     2.  Prophet's back-up copy, stored on ъich Andrew's
Jolnet machine in the basement of ъich Andrews'  house
near Joliet Illinois.

     3.  Charles Boykin's copy on "Killer" in Dallas, Texas,
sent by ъich Andrews from Joliet.

     4.  Jerry Dalton's copy at AT&T Corporate
Information Security in New Jersey, sent from Charles
Boykin in Dallas.

     5.  Henry Kluepfel's copy at Bellcore security
headquarters in New Jersey, sent by Dalton.

     6.  Knight Lightning's copy, sent by Prophet from
ъich Andrews' machine, and now in Columbia, Missouri.

      We can see that the "security" situation of this
proprietary document, once dug out of AIMSX,  swiftly
became bizarre.   Without any money changing hands,
without any particular special effort, this data had been
reproduced at least six times and had spread itself all over
the continent.  By far the worst, however, was yet to come.

     In February 1989, Prophet and Knight Lightning
bargained electronically over the fate of this trophy.
Prophet wanted to boast, but, at the same time, scarcely
wanted to be caught.

     For his part, Knight Lightning was eager to publish as
much of the document as he could manage.   Knight
Lightning was a fledgling political-science major with a
particular interest in freedom-of-information issues.  He
would gladly publish most anything that would reflect
glory on the prowess of the underground and embarrass
the telcos.   However, Knight Lightning himself had
contacts in telco security, and sometimes consulted them
on material he'd received that might be too dicey for
publication.

     Prophet and  Knight Lightning decided to edit the
E911 Document so as  to delete most of its identifying
traits.   First of all, its large "NOT FOъ USE Oъ
DISCLOSUъE" warning had to go.  Then there were other
matters.  For instance, it listed the office telephone
numbers of several BellSouth 911 specialists in Florida.  If
these phone numbers were published in *Phrack,* the
BellSouth employees involved would very likely be
hassled by phone phreaks, which would anger BellSouth
no end, and pose a definite operational hazard for both
Prophet and *Phrack.*

     So Knight Lightning cut the Document almost in half,
removing the phone numbers and some of the touchier
and more specific information.  He passed it back
electronically to Prophet;  Prophet was still nervous, so
Knight Lightning cut a bit more.  They finally agreed that
it was ready to go, and that it would be published in
*Phrack* under the pseudonym, "The Eavesdropper."

     And this was done on February 25, 1989.

     The twenty-fourth issue of *Phrack*  featured a chatty
interview with co-ed phone-phreak "Chanda Leir," three
articles on BITNET and its links to other computer
networks,  an article on 800 and 900 numbers by "Unknown
User,"  "VaxCat's" article on telco basics (slyly entitled
"Lifting Ma Bell's Veil of Secrecy,)" and the usual "Phrack
World News."

     The News section, with painful irony, featured an
extended account of the sentencing of "Shadowhawk,"  an
eighteen-year-old Chicago hacker who had just been put
in federal prison by William J. Cook himself.

     And then there were the two articles by "The
Eavesdropper."   The first was the  edited E911 Document,
now titled "Control Office Administration Of Enhanced
911 Services for Special Services and Major Account
Centers."  Eavesdropper's second article was a glossary of
terms explaining the blizzard of telco acronyms and
buzzwords in the E911 Document.

     The hapless document was now distributed, in the
usual *Phrack* routine, to a good one hundred and fifty
sites.  Not a hundred and fifty *people,* mind you -- a
hundred and fifty *sites,* some of these sites linked to
UNIX nodes or bulletin board systems, which themselves
had readerships of tens, dozens, even hundreds of people.

     This was February 1989.  Nothing happened
immediately.  Summer came, and the Atlanta crew were
raided by the Secret Service.   Fry Guy was apprehended.
Still nothing whatever happened to *Phrack.* Six more
issues of *Phrack* came out, 30 in all, more or less on a
monthly schedule.  Knight Lightning and co-editor Taran
King went untouched.

     *Phrack* tended to duck and cover whenever the
heat came down.  During the summer busts of 1987 --
(hacker busts tended to cluster in summer, perhaps
because hackers were easier to find at home than in
college) -- *Phrack* had ceased publication for several
months, and laid low.   Several LoD hangers-on had been
arrested, but nothing had happened to the *Phrack*  crew,
the premiere gossips of the underground.  In 1988,
*Phrack* had been taken over by a new editor, "Crimson
Death," a raucous youngster with a taste for anarchy files.

      1989, however, looked like a bounty year for the
underground.  Knight Lightning and his co-editor Taran
King took up the reins again, and *Phrack* flourished
throughout 1989.   Atlanta LoD went down hard in the
summer of 1989, but *Phrack* rolled merrily on.   Prophet's
E911 Document seemed unlikely to cause *Phrack* any
trouble.  By January 1990, it had been available in
*Phrack* for almost a year.   Kluepfel and Dalton, officers
of Bellcore and AT&T  security, had possessed the
document for sixteen months -- in fact, they'd had it even
before Knight Lightning himself, and had done nothing in
particular to stop its distribution.  They hadn't even told
ъich Andrews or Charles Boykin to erase the copies from
their UNIX nodes, Jolnet and Killer.

     But then came the monster Martin Luther King Day
Crash of January 15, 1990.

     A flat three days later, on January 18,  four agents
showed up at Knight Lightning's fraternity house.   One
was Timothy Foley, the second Barbara Golden, both of
them Secret Service agents from the Chicago office.   Also
along was a University of Missouri security officer, and
ъeed Newlin, a security man from Southwestern Bell, the
ъBOC having jurisdiction over Missouri.

     Foley accused Knight Lightning of causing the
nationwide crash of the phone system.

     Knight Lightning was aghast at this allegation.   On
the face of it, the suspicion was not entirely implausible -
-
though Knight Lightning knew that he himself hadn't
done it.   Plenty of hot-dog hackers had bragged that they
could crash the phone system, however.  "Shadowhawk,"
for instance, the Chicago hacker whom William Cook had
recently put in jail, had several times  boasted on boards
that he could "shut down AT&T's public switched
network."

      And now this event, or something that looked just
like it, had actually taken place.  The Crash had lit a fire
under the Chicago Task Force.  And the former fence-
sitters at Bellcore and AT&T were now ready to roll.  The
consensus among telco security -- already horrified by the
skill of the BellSouth intruders  -- was that the digital
underground was out of hand.  LoD and *Phrack* must go.

     And in publishing Prophet's E911 Document,
*Phrack* had provided law enforcement with what
appeared to be a powerful legal weapon.

     Foley confronted Knight Lightning about the  E911
Document.

     Knight Lightning was cowed.  He immediately began
"cooperating fully" in the usual tradition of the digital
underground.

     He gave Foley a complete run of *Phrack,*printed
out in a set of three-ring binders.   He handed over his
electronic mailing list of *Phrack* subscribers. Knight
Lightning was grilled for four hours by Foley and his
cohorts.  Knight Lightning admitted that Prophet had
passed him the E911 Document, and he admitted that he
had known it was stolen booty from a hacker raid on a
telephone company.  Knight Lightning signed a statement
to this effect, and agreed, in writing, to cooperate with
investigators.

     Next day -- January 19, 1990, a Friday  -- the Secret
Service returned with a search warrant, and thoroughly
searched Knight Lightning's upstairs room in the
fraternity house.   They took all his floppy disks, though,
interestingly, they left Knight Lightning in possession of
both his computer and his modem.  (The computer had no
hard disk, and in Foley's judgement was not a store of
evidence.)   But this was a very minor bright spot among
Knight Lightning's rapidly multiplying troubles.  By this
time, Knight Lightning was in plenty of hot water, not only
with federal police, prosecutors, telco investigators, and
university security, but with the elders of his own campus
fraternity, who were outraged to think that they had been
unwittingly harboring a federal computer-criminal.

     On Monday, Knight Lightning was summoned to
Chicago, where he was further grilled by Foley and USSS
veteran agent Barbara Golden, this time with an attorney
present.  And on Tuesday, he was formally indicted by a
federal grand jury.

     The trial of Knight Lightning, which occurred on July
24-27, 1990, was the crucial show-trial of the Hacker
Crackdown.  We will examine the trial at some length in
Part Four of this book.

     In the meantime, we must continue our dogged
pursuit of the E911 Document.

     It must have been clear by January 1990 that the E911
Document, in the form *Phrack* had published it back in
February 1989, had gone off at the speed of light in at
least
a hundred and fifty different directions.   To attempt to
put
this electronic genie back in the bottle was flatly
impossible.

     And yet, the E911 Document was *still* stolen
property, formally and legally speaking.  Any electronic
transference of this document, by anyone unauthorized to
have it, could be interpreted as an act of wire fraud.
Interstate transfer of stolen property, including electronic
property, was a federal crime.

     The Chicago Computer Fraud and Abuse Task Force
had been assured that the E911 Document was worth a
hefty sum of money.  In fact, they had a precise estimate
of its worth from BellSouth security personnel:  $79,449.
A
sum of this scale seemed to warrant vigorous prosecution.
Even if the damage could not be undone, at least this large
sum offered a good legal pretext for stern punishment of
the thieves.   It seemed likely to impress judges and
juries.
And it could be used in court to mop up the Legion of
Doom.

     The Atlanta crowd was already in the bag, by the time
the Chicago Task Force had gotten around to *Phrack.*
But the Legion was a hydra-headed thing.   In late 89, a
brand-new Legion of Doom board, "Phoenix Project," had
gone up in Austin, Texas.  Phoenix Project was sysoped by
no less a man than the Mentor himself, ably assisted by
University of Texas student and hardened Doomster "Erik
Bloodaxe."

     As we have seen from his *Phrack* manifesto, the
Mentor was a hacker zealot who regarded computer
intrusion as something close to a moral duty.  Phoenix
Project  was an ambitious effort, intended to revive the
digital underground to what Mentor considered the full
flower of the early 80s.  The Phoenix board would also
boldly bring elite hackers face-to-face with the telco
"opposition."  On "Phoenix," America's cleverest hackers
would supposedly shame the telco squareheads out of
their stick-in-the-mud attitudes, and perhaps convince
them that the Legion of Doom elite were really an all-right
crew.  The  premiere of "Phoenix Project" was heavily
trumpeted by *Phrack,* and "Phoenix Project" carried a
complete run of *Phrack* issues, including the E911
Document as *Phrack* had published it.

     Phoenix Project was only one of many -- possibly
hundreds -- of nodes and boards all over America that
were in guilty possession of the E911 Document.  But
Phoenix was an outright, unashamed Legion of Doom
board.  Under Mentor's guidance, it was flaunting itself in
the face of telco security personnel. Worse yet, it was
actively trying to *win them over* as sympathizers for the
digital underground elite.   "Phoenix" had no cards or
codes on it.  Its hacker elite considered Phoenix at least
technically legal.   But Phoenix was a corrupting influence,
where hacker anarchy was eating away like digital acid at
the underbelly of corporate propriety.

     The Chicago Computer Fraud and Abuse Task Force
now prepared to descend upon Austin, Texas.

     Oddly, not one but *two* trails of the Task Force's
investigation led toward Austin.  The city of Austin, like
Atlanta, had made itself a bulwark of the Sunbelt's
Information Age, with a strong university research
presence, and a number of cutting-edge electronics
companies, including Motorol