Страницы: - 1
take strong measures to
avoid any publicity; this is especially true of banks,
who fear a loss of investor confidence should an
embezzlement-case or wire-fraud surface. And
some victims are so helplessly confused by their own
high technology that they never even realize that a
crime has occurred -- even when they have been
fleeced to the bone.
The results of this situation can be dire.
Criminals escape apprehension and punishment.
The computer-crime units that do exist, can't get
work. The true scope of computer-crime: its size, its
real nature, the scope of its threats, and the legal
remedies for it -- all remain obscured.
Another problem is very little publicized, but it
is a cause of genuine concern. Where there is
persistent crime, but no effective police protection,
then vigilantism can result. Telcos, banks, credit
companies, the major corporations who maintain
extensive computer networks vulnerable to hacking
-- these organizations are powerful, wealthy, and
politically influential. They are disinclined to be
pushed around by crooks (or by most anyone else,
for that matter). They often maintain well-organized
private security forces, commonly run by
experienced veterans of military and police units,
who have left public service for the greener pastures
of the private sector. For police, the corporate
security manager can be a powerful ally; but if this
gentleman finds no allies in the police, and the
pressure is on from his board-of-directors, he may
quietly take certain matters into his own hands.
Nor is there any lack of disposable hired-help in
the corporate security business. Private security
agencies -- the 'security business' generally -- grew
explosively in the 1980s. Today there are spooky
gumshoed armies of "security consultants," "rent-a-
cops," "private eyes," "outside experts" -- every
manner of shady operator who retails in "results"
and discretion. Or course, many of these
gentlemen and ladies may be paragons of
professional and moral rectitude. But as anyone
who has read a hard-boiled detective novel knows,
police tend to be less than fond of this sort of
Companies in search of computer-security have
even been known to hire hackers. Police shudder at
Police treasure good relations with the business
community. ъarely will you see a policeman so
indiscreet as to allege publicly that some major
employer in his state or city has succumbed to
paranoia and gone off the rails. Nevertheless, police
-- and computer police in particular -- are aware of
this possibility. Computer-crime police can and do
spend up to half of their business hours just doing
public relations: seminars, "dog and pony shows,"
sometimes with parents' groups or computer users,
but generally with their core audience: the likely
victims of hacking crimes. These, of course, are
telcos, credit card companies and large computer-
equipped corporations. The police strongly urge
these people, as good citizens, to report offenses and
press criminal charges; they pass the message that
there is someone in authority who cares,
understands, and, best of all, will take useful action
should a computer-crime occur.
But reassuring talk is cheap. Sundevil offered
The final message of Sundevil was intended for
internal consumption by law enforcement. Sundevil
was offered as proof that the community of
American computer-crime police had come of age.
Sundevil was proof that enormous things like
Sundevil itself could now be accomplished.
Sundevil was proof that the Secret Service and its
local law-enforcement allies could act like a well-
oiled machine -- (despite the hampering use of
those scrambled phones). It was also proof that the
Arizona Organized Crime and ъacketeering Unit --
the sparkplug of Sundevil -- ranked with the best in
the world in ambition, organization, and sheer
And, as a final fillip, Sundevil was a message
from the Secret Service to their longtime rivals in the
Federal Bureau of Investigation. By Congressional
fiat, both USSS and FBI formally share jurisdiction
over federal computer-crimebusting activities.
Neither of these groups has ever been remotely
happy with this muddled situation. It seems to
suggest that Congress cannot make up its mind as to
which of these groups is better qualified. And there
is scarcely a G-man or a Special Agent anywhere
without a very firm opinion on that topic.
For the neophyte, one of the most puzzling
aspects of the crackdown on hackers is why the
United States Secret Service has anything at all to do
with this matter.
The Secret Service is best known for its primary
public role: its agents protect the President of the
United States. They also guard the President's
family, the Vice President and his family, former
Presidents, and Presidential candidates. They
sometimes guard foreign dignitaries who are visiting
the United States, especially foreign heads of state,
and have been known to accompany American
officials on diplomatic missions overseas.
Special Agents of the Secret Service don't wear
uniforms, but the Secret Service also has two
uniformed police agencies. There's the former
White House Police (now known as the Secret
Service Uniformed Division, since they currently
guard foreign embassies in Washington, as well as
the White House itself). And there's the uniformed
Treasury Police Force.
The Secret Service has been charged by
Congress with a number of little-known duties.
They guard the precious metals in Treasury vaults.
They guard the most valuable historical documents
of the United States: originals of the Constitution,
the Declaration of Independence, Lincoln's Second
Inaugural Address, an American-owned copy of the
Magna Carta, and so forth. Once they were
assigned to guard the Mona Lisa, on her American
tour in the 1960s.
The entire Secret Service is a division of the
Treasury Department. Secret Service Special
Agents (there are about 1,900 of them) are
bodyguards for the President et al, but they all work
for the Treasury. And the Treasury (through its
divisions of the U.S. Mint and the Bureau of
Engraving and Printing) prints the nation's money.
As Treasury police, the Secret Service guards
the nation's currency; it is the only federal law
enforcement agency with direct jurisdiction over
counterfeiting and forgery. It analyzes documents
for authenticity, and its fight against fake cash is still
quite lively (especially since the skilled
counterfeiters of Medellin, Columbia have gotten
into the act). Government checks, bonds, and other
obligations, which exist in untold millions and are
worth untold billions, are common targets for
forgery, which the Secret Service also battles. It
even handles forgery of postage stamps.
But cash is fading in importance today as
money has become electronic. As necessity
beckoned, the Secret Service moved from fighting
the counterfeiting of paper currency and the forging
of checks, to the protection of funds transferred by
From wire-fraud, it was a simple skip-and-jump
to what is formally known as "access device fraud."
Congress granted the Secret Service the authority to
investigate "access device fraud" under Title 18 of
the United States Code (U.S.C. Section 1029).
The term "access device" seems intuitively
simple. It's some kind of high-tech gizmo you use to
get money with. It makes good sense to put this sort
of thing in the charge of counterfeiting and wire-
However, in Section 1029, the term "access
device" is very generously defined. An access device
is: "any card, plate, code, account number, or other
means of account access that can be used, alone or
in conjunction with another access device, to obtain
money, goods, services, or any other thing of value,
or that can be used to initiate a transfer of funds."
"Access device" can therefore be construed to
include credit cards themselves (a popular forgery
item nowadays). It also includes credit card account
*numbers,* those standards of the digital
underground. The same goes for telephone charge
cards (an increasingly popular item with telcos, who
are tired of being robbed of pocket change by
phone-booth thieves). And also telephone access
*codes,* those *other* standards of the digital
underground. (Stolen telephone codes may not
"obtain money," but they certainly do obtain
valuable "services," which is specifically forbidden
by Section 1029.)
We can now see that Section 1029 already pits
the United States Secret Service directly against the
digital underground, without any mention at all of
the word "computer."
Standard phreaking devices, like "blue boxes,"
used to steal phone service from old-fashioned
mechanical switches, are unquestionably
"counterfeit access devices." Thanks to Sec.1029, it
is not only illegal to *use* counterfeit access devices,
but it is even illegal to *build* them. "Producing,"
"designing" "duplicating" or "assembling" blue
boxes are all federal crimes today, and if you do this,
the Secret Service has been charged by Congress to
come after you.
Automatic Teller Machines, which replicated all
over America during the 1980s, are definitely "access
devices," too, and an attempt to tamper with their
punch-in codes and plastic bank cards falls directly
under Sec. 1029.
Section 1029 is remarkably elastic. Suppose you
find a computer password in somebody's trash. That
password might be a "code" -- it's certainly a "means
of account access." Now suppose you log on to a
computer and copy some software for yourself.
You've certainly obtained "service" (computer
service) and a "thing of value" (the software).
Suppose you tell a dozen friends about your swiped
password, and let them use it, too. Now you're
"trafficking in unauthorized access devices." And
when the Prophet, a member of the Legion of Doom,
passed a stolen telephone company document to
Knight Lightning at *Phrack* magazine, they were
both charged under Sec. 1029!
There are two limitations on Section 1029. First,
the offense must "affect interstate or foreign
commerce" in order to become a matter of federal
jurisdiction. The term "affecting commerce" is not
well defined; but you may take it as a given that the
Secret Service can take an interest if you've done
most anything that happens to cross a state line.
State and local police can be touchy about their
jurisdictions, and can sometimes be mulish when
the feds show up. But when it comes to computer-
crime, the local police are pathetically grateful for
federal help -- in fact they complain that they can't
get enough of it. If you're stealing long-distance
service, you're almost certainly crossing state lines,
and you're definitely "affecting the interstate
commerce" of the telcos. And if you're abusing
credit cards by ordering stuff out of glossy catalogs
from, say, Vermont, you're in for it.
The second limitation is money. As a rule, the
feds don't pursue penny-ante offenders. Federal
judges will dismiss cases that appear to waste their
time. Federal crimes must be serious; Section 1029
specifies a minimum loss of a thousand dollars.
We now come to the very next section of Title
18, which is Section 1030, "Fraud and related activity
in connection with computers." This statute gives
the Secret Service direct jurisdiction over acts of
computer intrusion. On the face of it, the Secret
Service would now seem to command the field.
Section 1030, however, is nowhere near so ductile as
The first annoyance is Section 1030(d), which
"(d) The United States Secret Service shall, *in
addition to any other agency having such authority,*
have the authority to investigate offenses under this
section. Such authority of the United States Secret
Service shall be exercised in accordance with an
agreement which shall be entered into by the
Secretary of the Treasury *and the Attorney
General.*" (Author's italics.)
The Secretary of the Treasury is the titular head
of the Secret Service, while the Attorney General is
in charge of the FBI. In Section (d), Congress
shrugged off responsibility for the computer-crime
turf-battle between the Service and the Bureau, and
made them fight it out all by themselves. The result
was a rather dire one for the Secret Service, for the
FBI ended up with exclusive jurisdiction over
computer break-ins having to do with national
security, foreign espionage, federally insured banks,
and U.S. military bases, while retaining joint
jurisdiction over all the other computer intrusions.
Essentially, when it comes to Section 1030, the FBI
not only gets the real glamor stuff for itself, but can
peer over the shoulder of the Secret Service and
barge in to meddle whenever it suits them.
The second problem has to do with the dicey
term "Federal interest computer." Section 1030(a)(2)
makes it illegal to "access a computer without
authorization" if that computer belongs to a
financial institution or an issuer of credit cards
(fraud cases, in other words). Congress was quite
willing to give the Secret Service jurisdiction over
money-transferring computers, but Congress balked
at letting them investigate any and all computer
intrusions. Instead, the USSS had to settle for the
money machines and the "Federal interest
computers." A "Federal interest computer" is a
computer which the government itself owns, or is
using. Large networks of interstate computers,
linked over state lines, are also considered to be of
"Federal interest." (This notion of "Federal interest"
is legally rather foggy and has never been clearly
defined in the courts. The Secret Service has never
yet had its hand slapped for investigating computer
break-ins that were *not* of "Federal interest," but
conceivably someday this might happen.)
So the Secret Service's authority over
"unauthorized access" to computers covers a lot of
territory, but by no means the whole ball of
cyberspatial wax. If you are, for instance, a *local*
computer retailer, or the owner of a *local* bulletin
board system, then a malicious *local* intruder can
break in, crash your system, trash your files and
scatter viruses, and the U.S. Secret Service cannot
do a single thing about it.
At least, it can't do anything *directly.* But the
Secret Service will do plenty to help the local people
The FBI may have dealt itself an ace off the
bottom of the deck when it comes to Section 1030;
but that's not the whole story; that's not the street.
What's Congress thinks is one thing, and Congress
has been known to change its mind. The *real* turf-
struggle is out there in the streets where it's
happening. If you're a local street-cop with a
computer problem, the Secret Service wants you to
know where you can find the real expertise. While
the Bureau crowd are off having their favorite shoes
polished -- (wing-tips) -- and making derisive fun of
the Service's favorite shoes -- ("pansy-ass tassels") --
the tassel-toting Secret Service has a crew of ready-
and-able hacker-trackers installed in the capital of
every state in the Union. Need advice? They'll give
you advice, or at least point you in the right
direction. Need training? They can see to that, too.
If you're a local cop and you call in the FBI, the
FBI (as is widely and slanderously rumored) will
order you around like a coolie, take all the credit for
your busts, and mop up every possible scrap of
reflected glory. The Secret Service, on the other
hand, doesn't brag a lot. They're the quiet types.
*Very* quiet. Very cool. Efficient. High-tech.
Mirrorshades, icy stares, radio ear-plugs, an Uzi
machine-pistol tucked somewhere in that well-cut
jacket. American samurai, sworn to give their lives
to protect our President. "The granite agents."
Trained in martial arts, absolutely fearless. Every
single one of 'em has a top-secret security clearance.
Something goes a little wrong, you're not gonna hear
any whining and moaning and political buck-
passing out of these guys.
The facade of the granite agent is not, of course,
the reality. Secret Service agents are human beings.
And the real glory in Service work is not in battling
computer crime -- not yet, anyway -- but in
protecting the President. The real glamour of Secret
Service work is in the White House Detail. If you're
at the President's side, then the kids and the wife see
you on television; you rub shoulders with the most
powerful people in the world. That's the real heart
of Service work, the number one priority. More than
one computer investigation has stopped dead in the
water when Service agents vanished at the
There's romance in the work of the Service. The
intimate access to circles of great power; the esprit-
de-corps of a highly trained and disciplined elite; the
high responsibility of defending the Chief Executive;
the fulfillment of a patriotic duty. And as police
work goes, the pay's not bad. But there's squalor in
Service work, too. You may get spat upon by
protesters howling abuse -- and if they get violent, if
they get too close, sometimes you have to knock one
of them down -- discreetly.
The real squalor in Service work is drudgery
such as "the quarterlies," traipsing out four times a
year, year in, year out, to interview the various
pathetic wretches, many of them in prisons and
asylums, who have seen fit to threaten the
President's life. And then there's the grinding stress
of searching all those faces in the endless bustling
crowds, looking for hatred, looking for psychosis,
looking for the tight, nervous face of an Arthur
Bremer, a Squeaky Fromme, a Lee Harvey Oswald.
It's watching all those grasping, waving hands for
sudden movements, while your ears strain at your
radio headphone for the long-rehearsed cry of
It's poring, in grinding detail, over the
biographies of every rotten loser who ever shot at a
President. It's the unsung work of the Protective
ъesearch Section, who study scrawled, anonymous
death threats with all the meticulous tools of anti-
And it's maintaining the hefty computerized
files on anyone who ever threatened the President's
life. Civil libertarians have become increasingly
concerned at the Government's use of computer
files to track American citizens -- but the Secret
Service file of potential Presidential assassins, which
has upward of twenty thousand names, rarely
causes a peep of protest. If you *ever* state that you
intend to kill the President, the Secret Service will
want to know and record who you are, where you are,
what you are, and what you're up to. If you're a
serious threat -- if you're officially considered "of
protective interest" -- then the Secret Service may
well keep tabs on you for the rest of your natural life.
Protecting the President has first call on all the
Service's resources. But there's a lot more to the
Service's traditions and history than standing guard
outside the Oval Office.
The Secret Service is the nation's oldest general
federal law-enforcement agency. Compared to the
Secret Service, the FBI are new-hires and the CIA
are temps. The Secret Service was founded 'way
back in 1865, at the suggestion of Hugh McCulloch,