Chapter 14

Originally, SKiMo broke into the mobile phone carriers' network because he wanted `to go completely cellular'—a transition which he hoped would make him both mobile and much harder to trace. Being able to eavesdrop on other people's calls— including those of the police—was going to be a bonus.

However, as he pursued this project, he discovered that the code from a mobile phone manufacturer which he needed to study was `a multi-lingual project'. `I don't know whether you have ever seen a multi-lingual project,' SKiMo says, `where nobody defines a common language that all programmers must use for their comments and function names? They look horrible. They are no fun to read.' Part of this one was in Finnish.

SKiMo says he has hacked a number of major vendors and, in several cases, has had access to their products' source codes.

Has he had the access to install backdoors in primary source code for major vendors? Yes. Has he done it? He says no. On other hand, I asked him who he would tell if he did do it. `No-one,' he said, `because there is more risk if two people know than if one does.'

SKiMo is mostly a loner these days. He shares a limited amount of information about hacking exploits with two people, but the conversations are usually carefully worded or vague. He substitutes a different vendor's names for the real one, or he discusses technical computer security issues in an in-depth but theoretical manner, so he doesn't have to name any particular system.

He doesn't talk about anything to do with hacking on the telephone. Mostly, when he manages to capture a particularly juicy prize, he keeps news of his latest conquest to himself.

It wasn't always that way. `When I started hacking and phreaking, I had the need to learn very much and to establish contacts which I could ask for certain things—such as technical advice,' SKiMo said. `Now I find it much easier to get that info myself than asking anyone for it. I look at the source code, then experiment and discover new bugs myself.'

Asked if the ever-increasing complexity of computer technology hasn't forced hackers to work in groups of specialists instead of going solo, he said in some cases yes, but in most cases, no. `That is only true for people who don't want to learn everything.'

SKiMo can't see himself giving up hacking any time in the near future.

Who is on the other side these days?

In Australia, it is still the Australian Federal Police, although the agency has come a long way since the early days of the Computer Crimes Unit. When AFP officers burst in on Phoenix, Nom and Electron, they were like the Keystone Cops. The police were no match for the Australian hackers in the subsequent interviews. The hackers were so far out in front in technical knowledge it was laughable.

The AFP has been closing that gap with considerable alacrity. Under the guidance of officers like Ken Day, they now run a more technically skilled group of law enforcement officers. In 1995-96, the AFP had about 2800 employees, although some 800 of these worked in `community policing'—serving as the local police in places like the ACT and Norfolk Island. The AFP's annual expenditure was about $270 million in that year.

As an institution, the AFP has recently gone through a major reorganisation, designed to make it less of a command-and-control military structure and more of an innovative, service oriented organisation.

Some of these changes are cosmetic. AFP officers are now no longer called `constable' or `detective sergeant'—they are all just `federal agents'. The AFP now has a `vision' which is `to fight crime and win'.3 Its organisational chart had been transformed from a traditional, hierarchical pyramid of square boxes into a collection of little circles linked to bigger circles—all in a circle shape. No phallo-centric structures here. You can tell the politically correct management consultants have been visiting the AFP.

The AFP has, however, also changed in more substantive ways. There are now `teams' with different expertise, and AFP investigators can draw on them on an as-needed basis. In terms of increased efficiency, this fluidity is probably a good thing.

There are about five permanent officers in the Melbourne computer crimes area. Although the AFP doesn't release detailed budget breakdowns, my back-of-the-envelope analysis suggested that the AFP spends less than $1 million per year on the Melbourne computer crimes area in total. Sydney also has a Computer Crimes Unit.

Catching hackers and phreakers is only one part of the unit's job. Another important task is to provide technical computer expertise for other investigations.

Day still runs the show in Melbourne. He doesn't think or act like a street cop. He is a psychological player, and therefore well suited to his opponents. According to a reliable source outside the underground, he is also a clean cop, a competent officer, and `a nice guy'.

However, being the head of the Computer Crimes Unit for so many years makes Day an easy target in the underground. In particular, hackers often make fun of how seriously he seems to take both himself and his job. When Day appeared on the former ABC show `Attitude', sternly warning the audience off hacking, he told the viewers, `It's not a game. It's a criminal act'.

To hackers watching the show, this was a matter of opinion. Not long after the episode went to air, a few members of Neuro-cactus, an Australian group of hackers and phreakers which had its roots in Western Australia, decided to take the mickey out of Day. Two members, Pick and Minnow, clipped Day's now famous soundbite. Before long, Day appeared to be saying, `It's not a criminal act. It's a game'—to the musical theme of `The Bill'. The Neuro-cactus crowd quickly spread their lampoon across the underground via an illicit VMB connected to its own toll-free 008 number.

Although Day does perhaps take himself somewhat seriously, it can't be much fun for him to deal with this monkey business week in and week out. More than one hacker has told me with great excitement, `I know someone who is working on getting Day's home number'. The word is that a few members of the underground already have the information and have used it. Some people think it would be hilarious to call up Day at home and prank him. Frankly, I feel a bit sorry for the guy. You can bet the folks in traffic operations don't have to put up with this stuff.

But that doesn't mean I think these pranksters should be locked up either.

If we, as a society, choose not to lock hackers up, then what should we do with them?

Perhaps a better question is, do we really need to do anything with them?

One answer is to simply ignore look-see hacking. Society could decide that it makes more sense to use valuable police resources to catch dangerous criminals—forgers, embezzlers, white-collar swindlers, corporate spies and malicious hackers—than to chase look-see hackers.

The law must still maintain the capacity to punish hard where someone has strayed into what society deems serious crime. However, almost any serious crime committed by a hacker could be committed by a non-hacker and prosecuted under other legislation. Fraud, wilful damage and dealing in stolen property are crimes regardless of the medium—and should be punished appropriately.

Does it make sense to view most look-see hackers—and by that I mean hackers who do not do malicious damage or commit fraud—as criminals? Probably not. They are primarily just a nuisance and should be treated as such. This would not be difficult to do. The law-makers could simply declare look-see hacking to be a minor legal infringement. In the worst-case scenario, a repeat offender might have to do a little community service. But such community service needs to be managed properly. In one Australian case, a corrections officer assigned a hacker to dig ditches with a convicted rapist and murderer.

Many hackers have never had a job—in part because of the high youth unemployment in some areas—and so their community service might be their first `position'. The right community service placement must involve hackers using their computer skills to give something back to society, preferably in some sort of autonomous, creative project. A hacker's enthusiasm, curiosity and willingness to experiment can be directed toward a positive outcome if managed properly.

In cases where hacking or phreaking has been an addiction, the problem should be treated, not criminalised. Most importantly, these hackers should not have convictions recorded against them, particularly if they're young. As Paul Galbally said to the court at Mendax's sentencing, `All the accused are intelligent—but their intelligence outstretched their maturity'. Chances are, most will be able to overcome or outgrow their addiction.

In practice, most Australia's judges have been reasonably fair in their sentencing, certainly compared to judges overseas. None of the Australian hackers detailed in this work received a prison sentence. Part of this is due to happenstance, but part is also due to the sound judgments of people like Judge Lewis and Judge Kimm. It must be very tempting, sitting on the bench every day, to shoot from the hip interpreting new laws.

As I sat in court listening to each judge, it quickly became clear that these judges had done their homework. With psychologist Tim Watson-Munro on the stand, Judge Lewis rapidly zeroed in on the subject of `free will'—as applied to addiction—regarding Prime Suspect. In Trax's case, Judge Kimm asked pointed questions which he could only have formulated after serious study of the extensive legal brief. Their well-informed judgments suggested a deeper understanding both of hacking as a crime, and of the intent of the largely untested computer crime legislation.

However, a great deal of time and money has been wasted in the pursuit of look-see hackers, largely because this sort of hacking is treated as a major crime. Consider the following absurd situation created by Australia's federal computer criminal legislation.

A spy breaks into a computer at the Liberal Party's headquarters and reads the party's top-secret election strategy, which he may want to pass on to the Labor Party. He doesn't insert or delete any data in the process, or view any commercial information. The penalty under this legislation? A maximum of six months in prison.

That same spy decides he wants to get rich quick. Using the local telephone system, he hacks into a bank's computer with the intention of defrauding the financial institution. He doesn't view any commercial or personal information, or delete or insert any files. Yet the information he reviews—about the layout of a bank building, or how to set off its fire alarm or sprinkler system—proves vital in his plan to defraud the bank. His penalty: a maximum of two years prison.

Our spy now moves onto bigger and better things. He penetrates a Department of Defence computer with the intention of obtaining information about Australia's military strategies and passing it on to the Malaysians. Again, he doesn't delete or insert any data—he just reads every sensitive planning document he can find. Under the federal anti-hacking laws, the maximum penalty he would receive would also be two years prison.

Meanwhile, a look-see hacker breaks into a university computer without doing any damage. He doesn't delete any files. He FTPs a public-domain file from another system and quietly tucks it away in a hidden, unused corner of the university machine. Maybe he writes a message to someone else on-line. If caught, the law, as interpreted by the AFP and the DPP, says he faces up to ten years in prison. The reason? He has inserted or deleted data.

Although the spy hacker might also face other charges—such as treason—this exercise illustrates some of the problems with the current computer crime legislation.

The letter of the law says that our look-see hacker might face a prison term five times greater than the bank fraud criminal or the military spy, and twenty times greater than the anti-Liberal Party subversive, if he inserts or deletes any data. The law, as interpreted by the AFP, says that the look-see hacking described above should have the same maximum ten-year prison penalty as judicial corruption. It's a weird mental image—the corrupt judge and the look-see hacker sharing a prison cell.

Although the law-makers may not have fully understood the technological aspects of hacking when they introduced the computer crimes legislation, their intent seems clear. They were trying to differentiate between a malicious hacker and a look-see hacker, but they could have worded it better.

As it's worded, the legislation puts malicious, destructive hacking on a par with look-see hacking by saying that anyone who destroys, erases, alters or inserts data via a carrier faces a prison term, regardless of the person's intent. There is no gradation in the law between mere deletion of data and `aggravated deletion'—the maximum penalty is ten years for both. The AFP has taken advantage of this lack of distinction, and the result has been a steady stream of look-see hackers being charged with the most serious computer crime offences.

Parliament makes the laws. Government institutions such as the AFP, the DPP and the courts interpret and apply those laws. The AFP and to some extent the DPP have applied the strict letter of the law correctly in most of the hacking cases described in this book. They have, however, missed the intention of the law. Change the law and they may behave differently. Make look-see hacking a minor offence and the institutions will stop going after the soft targets and hopefully spend more time on the real criminals.

I have seen some of these hackers up close, studied them for two years and learned a bit about what makes them tick. In many ways, they are quintessentially Australian, always questioning authority and rebelling against `the establishment'. They're smart—in some cases very smart. A few might even be classified as technical geniuses. They're mischievous, but also very enterprising. They're rebels, public nuisances and dreamers.

Most of all, they know how to think outside the box.

This is not a flaw. Often, it is a very valuable trait—and one which pushes society forward into new frontiers. The question shouldn't be whether we want to crush it but how we should steer it in a different direction.

If you would like to comment on this book, please write to feedback@underground-book.net. All comments are passed onto Dreyfus & Assange.

UNDERGROUND — Glossary and Abbreviations.

AARNET Australian Academic Research Network

ACARB Australian Computer Abuse Research Bureau, once called CITCARB

AFP Australian Federal Police

Altos West German chat system and hacker hang-out, connected to X.25 network and run by Altos Computer Systems, Hamburg

ANU Australian National University

ASIO Australian Security Intelligence Organisation

Backdoor A program or modification providing secret access to a computer system, installed by a hacker to bypass normal security. Also used as a verb

BBS Bulletin Board System

BNL Brookhaven National Laboratory (US)

BRL Ballistics Research Laboratory (US)

BT British Telecom

CCITT Committee Consultatif Internationale Telegraph et Telephonie:Swiss telecommunications standards body (now defunct; see ITU)

CCS Computer Crime Squad

CCU Computer Crimes Unit (Australian Federal Police)

CERT Computer Emergency Response Team

CIAC Computer Incident Advisory Capability: DOE's computer security team

CITCARB Chisholm Institute of Technology Computer Abuse ResearchBureau (now defunct. See ACARB)

COBE Cosmic Background Explorer project: a NASA research project

DARPA Defense Advanced Research Projects Agency (US)

DCL Digital Command Language, a computer programming language used onVMS computers

DDN Defense Data Network

DEC Digital Equipment Corporation

DECNET A network protocol used to convey information between (primarily) VAX/VMS machines

DEFCON (a) Defense Readiness Conditions, a system of progressive alert postures in the US; (b) the name of Force's computer program which automatically mapped out computer networks and scanned for accounts

DES Data Encryption Standard, an encryption algorithm developed byIBM, NSA and NIST

Deszip Fast DES Unix password-cracking system developed by MatthewBishop

Dial-up Modem access point into a computer or computer network

DMS-100 Computerised telephone switch (exchange) made by NorTel

DOD Department of Defense (US)

DOE Department of Energy (US)

DPP Director of Public Prosecutions

DST Direction de la Surveillance du Territoire— French secret service agency

EASYNET Digital Equipment Corporation's internal communication network(DECNET)

GTN Global Telecommunications Network: Citibank's international data network

HEPNET High Energy Physics Network: DECNET-based network, primarily controlled by DOE, connected to NASA's SPAN

IID Internal Investigations Division. Both the Victoria Police and theAFP have an IID

IP Internet Protocol (RFC791): a data communications protocol, used to transmit packets of data between computers on the Internet

IS International Subversive (electronic magazine)

ISU Internal Security Unit: anti-corruption unit of the VictoriaPolice

ITU International Telecommunications Union, the international telecommunications standards body

JANET Joint Academic Network (UK), a network of computers

JPL Jet Propulsion Laboratory—a California-based NASA research centre affiliated with CalTech

LLNL Lawrence Livermore National Laboratory (US)

LOD Legion of Doom

Lutzifer West German computer, connected to the X.25 network, which had a chat facility

MFC Multi Frequency Code (Group III): inter-exchange telecommunications system used by Telstra (Telecom)

MILNET Military Network: TCP/IP unclassified US DOD computer network

MOD Masters of Deception (or Destruction)

Modem Modulator De-modulator: a device used to transmit computer data over a regular telephone line

NCA National Crime Authority

Netlink A Primos/Dialcom command used to initiate a connection over anX.25 network

NIST National Institute of Standards (US)

NIC Network Information Center (US), run by DOD: a computer which assigned domain names for the Internet.

NRL Naval Research Laboratory (US)

NSA National Security Agency (US)

NUA Network User Address: the `telephone' number of a computer on anX.25 network

NUI Network User Identifier (or Identification): combined username/password used on X.25 networks for billing purposes

NorTel Northern Telecom, Canadian manufacturer of telecommunications equipment

PABX Private Automatic Branch Exchange

PAD Packet Assembler Disassembler—ASCII gateway to X.25 networks

PAR `PAR?'—command on PAD to display PAD parameters

RMIT Royal Melbourne Institute of Technology

RTG Radioisotope Thermoelectric Generator, space probe Galileo's plutonium-based power system

RTM Robert Tappan Morris (Jr), the Cornell University student who wrote the Internet worm, also known as the RTM worm

Scanner A program which scans and compiles information, such as a list of NUAs

SPAN Space Physics Analysis Network: global DECNET- based network, primarily controlled by NASA

Sprint US telecommunications company, an X.25 network provider

Sprinter Word used by some Australian and English hackers to denote scanner. Derived from scanning attacks on Sprint communications

Sprintnet X.25 network controlled by Sprint communications

Sun Sun Microsystems—a major producer of Unix workstations

TCP Transmission Control Protocol (RFC793): a standard for data connection between two computers on the Internet

TELENET An X.25 network, DNIC 3110

Telnet A method of connection between two computers on the Internet or other TCP/IP networks

Trojan A program installed by hackers to secretly gather information, such as passwords. Can also be a backdoor

Tymnet An X.25 network controlled by MCI, DNIC 3106

Unix Multi-user computer operating system developed by AT&T andBerkeley CSRG

VAX Virtual Address Extension: series of mini/mainframe computer systems produced by DEC

VMS Virtual Memory System: computer operating system produced by DEC and used on its VAX machines

WANK Worms Against Nuclear Killers: the title of DECNET/VMS-based worm released into SPAN/DEC/HEPNET in 1989

X.25 International data communications network, using the X.25 communications protocol. Network is run primarily by major telecommunications companies. Based on CCITT standard # X.25

Zardoz A restricted computer security mailing list

1. Words And Music by Rob Hirst/Martin Rotsey/James Moginie/Peter Garrett/Peter Gifford. (c) Copyright 1982 Sprint Music. Administered for the World—Warner/ Chappell Music Australia Pty Ltd. Used By Permission.

2. I have relied on numerous wire service reports, particularly those of UPI Science Reporter William Harwood, for many of my descriptions of Galileo and the launch.

3. William Harwood, `NASA Awaits Court Ruling on Shuttle Launch Plans', UPI, 10 October 1989.

4. William Harwood, `Atlantis "Go" for Tuesday Launch', UPI, 16 October 1989.

5. Ibid.

6. From NASA's World Wide Web site.

7. Thomas A. Longstaff and E. Eugene Schulz, `Analysis of the WANK and OILZ Worms', Computer and Security, vol. 12, no. 1, February 1993, p. 64.

8. Katie Haffner and John Markoff, Cyberpunk, Corgi, London 1994, p. 363.

9. The Age, 22 April 1996, reprinted from The New York Times.

10. DEC, Annual Report, 1989, listed in `SEC Online'.

11. GEMTOP was corrected to GEMPAK in a later advisory by CIAC.

12. `Officially' was spelled incorrectly in the original banner.

13. This advisory is printed with the permission of CIAC and Kevin Oberman. CIAC requires the publication of the following disclaimer:

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government, nor the University of California, nor any of their employees makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favouring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

14. Michael Alexander and Maryfran Johnson, `Worm Eats Holes in NASA's Decnet', Computer World, 23 October 1989, p. 4.

15. Ibid.

16. William Harwood, `Shuttle Launch Rained Out', UPI, 17 October 1989.

17. Vincent Del Guidice, `Atlantis Set for Another Launch Try', UPI, 18 October 1989.

18. William Harwood, `Astronauts Fire Galileo on Flight to Jupiter', UPI, 18 October 1989.

2. FIRST was initially called CERT System. It was an international version of CERT, the Computer Emergency Response Team, funded by the US Department of Defense and run out of Carnegie Mellon University.

3. OTC was later merged with Telecom to become Telstra.

4. Stuart Gill is described in some detail in Operation Iceberg;Investigation of Leaked Confidential Police Information and RelatedMatters, Ordered to be printed by the Legislative Assembly ofVictoria, October 1993.

2. The full text of the articles, used by permission News Ltd and Helen Meredith, is:

3. From Operation Iceberg; Investigations and Recommendations intoAllegations of Leaked Confidential Police Information, included asAppendix 1 in the report of the Deputy Ombudsman, Operation Iceberg;Investigation of Leaked Confidential Police Information and RelatedMatters.

4. Ibid., pp. 26-7.

5. Michael Alexander, `International Hacker "Dave" Arrested', Computer World, 9 April 1990, p. 8.

6. Matthew May, `Hacker Tip-Off', The Times, 5 April 1990; Lou Dolinar, `Australia Arrests Three in Computer Break-Ins', Newsday, 3 April 1990.

2. Rupert Battcock, `The Computer Misuse Act Five years on—the Record since 1990', paper, Strathclyde University, Glasgow, UK.

3. For the British material in this chapter, I have relied on personal interviews, media reports (particularly for the Wandii case), journal articles, academic papers and commission reports.

4. Colin Randall, `Teenage Computer Hacker "Caused Worldwide Chaos"', Daily Telegraph, 23 February 1993.

5. The local phone company agreed to reduce the bill to [sterling]3000, EORTIC information systems manager Vincent Piedboeuf told the court.

6. Susan Watts, `Trial Haunted by Images of Life in the Twilight Zone', The Independent, 18 March 1993.

7. Toby Wolpe, `Hacker Worked on Barclay's Software', Computer Weekly, 4 March 1993.

8. David Millward, `Computer Hackers Will be Pursued, Vow Police', Daily Telegraph, 19 March 1993.

9. Chester Stern, `Hackers' Threat to Gulf War Triumph', Mail on Sunday, 21 March 1993.

10. `Crimes of the Intellect—Computer Hacking', editorial, The Times, 20 March 1993.

11. `Owners Must Act to Put End to Computer Hacker "Insanity"', South China Morning Post, 30 March 1993.

12. Nick Nuttall, `Hackers Stay Silent on Court Acquittal', The Times, 19 March 1993.

13. Melvyn Howe, Press Association Newsfile, Home News section, 21 May 1993.

2. This is an edited version.

1. Words And Music by Rob Hirst/James Moginie/Martin Rotsey/AndrewJames. (c) Copyright 1978 Sprint Music. Administered for theWorld—Warner/Chappell Music Australia Pty Ltd and Andrew James. UsedBy Permission.

1. Words And Music by James Moginie (lyrics adapted from the book The Great Prawn War And Other Stories by Dennis Kevans). (c) Copyright 1984 Sprint Music. Administered for the World—Warner/Chappell Music Australia Pty Ltd. Used By Permission.

Afterword

1. Victorian Ombudsman, Operation Iceberg; Investigation of Leaked Confidential Police Information and Related Matters.

2. The police report was printed as an appendix in the Ombudsman's report. See Chapter 5, note 1, above.

3. Australian Federal Police, Annual Report, 1995-1996, p. 7.

Bibliography.

Australian Federal Police (AFP), Annual Report 1995-1996, Canberra, 1996.

——, Annual Report 1994-1995, Canberra, 1995.

——, Annual Report 1993-1994, Canberra, 1994.

Bourne, Philip E., `Internet security; System Security', DECProfessional, vol. 11, June 1992.

Cerf, Vinton G., `Networks', Scientific American, vol. 265, September 1991.

Clyde, Robert A., `DECnet security', DEC Professional, vol. 10, April 1991.

Commonwealth Attorney-General's Department, Interim Report on ComputerCrime (The Gibbs Report), Canberra, 1988.

Commonwealth Director of Public Prosecutions (DDP), Annual Report 1993-1994, Canberra, 1994.

Commonwealth Scientific and Industrial Research Organisation (CSIRO),Annual Report 1994-1995, Canberra, 1995.

Davis, Andrew W., `DEC Pathworks the mainstay in Mac-to-VAX connectivity', MacWeek, vol. 6, 3 August 1992.

Department of Foreign Affairs and Trade, Australian Treaty Series 1993, no. 40, Australian Government Publishing Service, Canberra, 1993.

Digital Equipment Corporation, Annual Report 1989, Securities andExchange Commission (SEC) Online (USA) Inc., 1989.

——, Quarterly Report for period ending 12.31.89, SEC Online (USA).

Gezelter, Robert, `The DECnet TASK object; Tutorial', Digital SystemsJournal, vol. 16, July 1994.

Gianatasio, David, `Worm infestation hits 300 VAX/VMS systems worldwide via DECnet', Digital Review, vol. 6, 20 November 1989.

Haffner, Katie & Markoff, John, Cyberpunk, Corgi Books (Transworld),Moorebank NSW, 1994.

Halbert, Debora, `The Potential for Modern Communication Technology toChallenge Legal Discourses of Authorship and Property', MurdochUniversity E-Law Journal, vol. 1, no. 2.

Kelman, Alistair, `Computer Crime in the 1990s: A Barrister's View',Paper for the Twelfth International Symposium on Economic Crime,September 1994.

Law Commission (UK) Working Paper, no. 110, 1988.

Lloyd, J. Ian & Simpson, Moira, Law on the Electronic Frontier, DavidHume Institute, Edinburgh, 1996.

Longstaff, Thomas A., & Schultz, E. Eugene, `Beyond preliminary analysis of the WANK and OILZ worms: a case study of malicious code', Computers & Security, vol. 12, February 1993.

Loundy, David J., `Information Systems Law and Operator Liability Revisited', Murdoch University E-Law Journal, vol. 1, no. 3, September 1994.

McMahon, John, `Practical DECnet security', Digital Systems Journal, vol. 14, November 1992.

Melford, Robert J., `Network security; computer networks', InternalAuditor, Institute of Internal Auditors, vol. 50, February 1993.

Natalie, D. & Ball, W, EIS Coordinator, North Carolina Emergency Management, `How North Carolina Managed Hurricane Hugo', EIS News, vol. 3, no. 11, 1988.

NorTel Australia Pty Ltd, Discovering Tomorrow's TelecommunicationsSolutions, Chatswood, NSW (n.d.).

Northern Telecom, Annual Report 1993, Ontario, 1993.

Slatalla, Michelle & Quittner, Joshua, Masters of Deception,HarperCollins, New York, 1995.

Royal Commission into Aboriginal Deaths in Custody, Report of theInquiry into the Death of the Woman Who Died at Ceduna, AustralianGovernment Publishing Service, Canberra, 1990.

Scottish Law Commission's Report on Computer Crime, no. 174, 1987.

SPAN Management Office, `Security guidelines to be followed in the latest worm attack', an Intranetwork Memorandum released by the SPAN Management Office, NASA, 30 October 1989.

Sterling, Bruce, The Hacker Crackdown, Penguin Books, Melbourne, 1994.

Stoll, Clifford, The Cuckoo's Egg, Pan Books, London, 1991.

Tencati, Ron, `Information regarding the DECNET worm and protection measures', an Intranetwork Memorandum released by the SPAN Management Office, NASA, 19 October 1989.

——, `Network Security Suplemental Information—Protecting the DECNETAccount', security advisory, released by SPAN, NASA/Goddard SpaceFlight Center, 1989.

The Victorian Ombudsman, Operation Iceberg: Investigation of LeakedConfidential Police Information and Related Matters, Report of theDeputy Ombudsman (Police Complaints), L.V. North Government Printer,Melbourne, 1993.

`USA proposes international virus team', Computer Fraud & SecurityBulletin (Elsevier Advanced Technology Publications), August 1991.

Victoria Police, Operation Iceberg—Investigation and Recommendations into Allegations of Leaked Confidential Police Information, 1 June, Memorandum from Victoria Police Commander Bowles to Chief Commissioner Comrie (also available as Appendix 1 in the Victorian Ombudsman's Operation Iceberg Report, tabled in Victorian Parliament, October 1993), 1993.

Vietor, Richard, Contrived Competition: Regulation and Deregulation inAmerica, BelKnap/Harvard University Press, Cambridge, 1994.

Yallop, David, To the Ends of the Earth, Corgi Books (Transworld),Moorebank, NSW, 1994.

Acts:

Computer Misuse Act 1990 (UK)

Crimes Act 1914 (no. 5) (Cwlth)

Crimes Legislation Amendment Act 1989, no. 108

Computer Fraud and Abuse Act 1986 (US), 18 USC 1030

Computer Misuse Crimes Legislation Amendment Bill 1989 (AUS),Explanatory Memo Clause 7

Crimes (Computers) Act, no. 36 of 1988 (VIC)

Other publications and databases:

American Bar Association Journal

Associated Press

Attorney General's Information Service (Australia)

Australian Accountant

Australian Computer Commentary

Aviation Week and Space Technology (USA)

Banking Technology

Business Week

Cable News Network (CNN)

Card News (USA)

CERT Advisories (The Computer Emergency Response Team at CarnegieMellon University)

Chicago Daily Law Bulletin

CommunicationsWeek

CommunicationsWeek International

Computer Incident Advisory Capability (CIAC)

Computer Law and Practice (Australia)

Computer Law and Security Report (Australia)

Computer Weekly

Computergram

Computerworld

Computing

Corporate EFT Report (USA)

Daily Mail (UK)

Daily Telegraph (Sydney)

Daily Telegraph (UK)

Data Communications

Datalink

Evening Standard (UK)

Export Control News (USA)

FinTech Electronic Office (The Financial Times)

Gannett News Service

Government Computer News (USA)

InfoWorld

Intellectual Property Journal (Australia)

Intelligence Newsletter (Indigo Publications)

Journal of Commerce (The New York Times)

Journal of the Law Society of Scotland

Korea Economic Daily

Law Institute Journal (Melbourne)

Law Society's Gazette (UK)

Law Society's Guardian Gazette (UK)

Legal Times (USA)

Lexis-Nexis (Reed Elsevier)

Lloyds List

Mail on Sunday (UK)

Media Week

MIS Week

Mortgage Finance Gazette

Network World

New Law Journal (UK)

New York Law Journal

Newsday

PC Week (USA)

Press Association Newsfile

Reuter

Reuter News Service—United Kingdom Science

South China Morning Post

St Louis Post-Dispatch

St Petersburg Times

Sunday Telegraph (Sydney)

Sunday Telegraph (UK)

Sunday Times (UK)

Telecommunications (Horizon House Publications Inc.)

The Age

The Australian

The Australian Financial Review

The Bulletin

The Computer Lawyer (USA)

The Connecticut Law Tribune

The Daily Record (USA)

The Engineer (UK)

The Gazette (Montreal)

The Guardian

The Herald (Glasgow)

The Herald (Melbourne)

The Herald Sun (Melbourne)

The Independent

The Irish Times

The Legal Intelligencer (USA)

The Los Angeles Times

The Nation

The National Law Journal (USA)

The New York Times

The Recorder (USA)

The Reuter European Community Report

The Reuter Library Report

The Scotsman

The Sun (Melbourne)

The Sunday Age

The Sydney Morning Herald

The Times

The Washington Post

The Washington Times

The Weekend Australian

Time Magazine

United Nations Chronicle

United Press International

USA Today

Transcripts:

Hearing of the Transportation, Aviation and Materials Subcommittee of the House Science, Space and Technology Committee transcript: witness Clifford Stoll, 10 July 1990

`Larry King Live' transcript, interview with Clifford Stoll, 23 March 1990

The World Uranium Hearing, Salzburg 1992, witness transcripts

US Government Accounting Office Hearing (computer security) witness transcripts, 1996

Judgments:

Chris Goggans, Robert Cupps and Scott Chasin, Appellants v. Boyd &Fraser Publishing Co., a Division of South-Western Publishing Co.,Appellee No. 01-95-00331-Cv 1995 Tex. App.

Gerald Gold v. Australian Federal Police, no. V93/1140

Gerald Gold v. National Crime Authority, no. V93/1141 AAT No. 9940Freedom of Information (1994) 37 ALD 168

Henry John Tasman Rook v. Lucas Richard Maynard (no. 2) no. LCA 52/1994 ; judgment no. A64/1994

Pedro Juan Cubillo v. Commonwealth Of Australia, no. NG 571 of 1991FED no. 1006/95 Tort—Negligence

R v. Gold and another, House of Lords (UK), [1988] 1 AC 1063, [1988] 2All ER 186, [1988] 2 WLR 984, 87 Cr App Rep 257, 152 JP 445, [1988]Crim LR 437

Steve Jackson Games Incorporated, et al., Plaintiffs, v. United StatesSecret Service, United States Of America, et al., Defendants no. A 91CA 346 Ss 816 F. Supp. 432; 1993 U.S. Dist.

United States of America v. Julio Fernandez, et al. 92 Cr. 563 (RO)

United States of America, Plaintiff, v. Robert J. Riggs, also known asRobert Johnson, also known as Prophet, and Craig Neidorf, also knownas Knight Lightning, Defendants No. 90 CR 0070 743 F. Supp. 556; 1990U.S. Dist.

United States of America, Appellee, v. Robert Tappan Morris,Defendant-Appellant No. 90-1336 928 F.2d 504; 1991 U.S. App.

Wesley Thomas Dingwall v. Commonwealth of Australia no. NG575 of 1991Fed no. 296/94 Torts

William Thomas Bartlett v. Claire Patricia Weir, Henry J T Rook, Noel E. Aikman, Philip Edwards and Michael B McKay no. TG7 of 1992; FED no. 345/94

Additional court records:

(Court documents of most cases described in this book)

Memos and reports to/from:

Bureau of Criminal Intelligence, Victoria Police

Internal Security Unit, Victoria Police

The NASA SPAN office relating to the WANK worm

Office of the District Attorney, Monterey, California

Overseas Telecommunications Commission (Australia)

Police Department, City of Del Rey Oaks, California

Police Department, City of Salinas, California

Stuart Gill

The United States Secret Service

US Attorney's Office, New York

Numerous Internet sites, including those of NASA, Sydney University,Greenpeace, the Australian Legal Information Institute, and the LegalAspects of Computer Crime Archives.

End of book.

Back to Index Next