"'Hacker' Pleads Guilty in AT&T CASE: Sentence Urged for Md. Man Among Stiffest Yet for Computer Crime" By Mark Potts/Washington Post Staff Writer BALTIMORE, March 22--A computer "hacker" who was trying to help others steal electronic passwords guarding large corporate computer systems around the country today pleaded guilty to wire fraud in a continuing government crackdown on computer crime. Federal prosecutors recommended that Leonard Rose Jr., 32, of Middletown, Md., be sent to prison for one year and one day, which would be one of the stiffest sentences imposed to date for computer crime. Sentencing is scheduled for May before U.S. District Judge J. Frederick Motz. Cases such as those of Rose and a Cornell University graduate student who was convicted last year of crippling a nationwide computer network have shown that the formerly innocent pastime of hacking has potentially extreme economic ramifictions. Prosecutors, industry officials and even some veteran hackers now question the once popular and widely accepted practice of breaking into computer systems and networks in search of information that can be shared with others. "It's just like any other form of theft, except that it's more subtle and it's more sophisticated," said Geoffrey R. Garinther, the assistant U.S. attorney who prosecuted the Rose case. Rose--once part of a group of maverick hackers who called themselves the Legion of Doom--and his attorneys were not available for comment after the guilty plea today. The single fraud count replaced a five-count indictment of the computer programmer that was issued last May after a raid on his home by Secret Service agents. According to prosecutors, Rose illegally obtained information that would permit him to secretly modify a widely used American Telephone & (See HACKER, A10, Col 1) Telegraph Co. Unix software program--the complex instructions that tell computers what to do. The two former AT&T software emplyees who provided these information "codes" have not yet been prosecuted. Rose altered the AT&T software by inserting a "Trojan horse" program that would allow a hacker to secretly gain access to the computer systems usng the AT&T Unix softare and gather passwords used on the system. The passwords could then be distributed to other hackers, permitting them to use the system without the knowledge of its rightful operators, prosecutors said. Rose's modifications made corporate purchasers of the $77,000 AT&T Unix program vulnerable to electronic break-ins and the theft of such services as toll-free 800 numbers and other computer-based telecommunications services. After changing the software, Rose sent it to three other computer hackers, including one in Chicago, where authorities learned of the scheme through a Secret Service computer crime investigation called Operation Sun Devil. Officials say they do not believe the hackers ever broke into computer systems. At the same time he pleaded guilty here, Rose pleaded guilty to a similar charge in Chicago; the sentences are to be served concurrently, and he will be eligible for parole after 10 months. Rose and his associates in the Legion of Doom, whose nickname was taken from a gang of comic-book villains, used names like Acid Phreak Terminus--Rose's nickname--as their computer IDs. They connected their computers by telephone to corporate and government computer networks, outwitted security screens and passwords to sign onto the systems and rummaged through the information files they found, prosecutors said. Members of the group were constantly testing the boundaries of the "hacker ethic," a code of conduct dating back to the early 1960s that operates on the belief that computers and the information on them should be free for everyone to share, and that such freedom would accelerate the spread of computer technology, to society's benefit. Corporate and government computer information managers and many law enforcement officials have a different view of the hackers. To them, the hackers are committing theft and computer fraud. After the first federal law aimed at computer fraud was enacted in 1986, the Secret Service began the Operation Sun Devil investigation, which has since swept up many members of the Legion of Doom, including Rose. The investigation has resulted in the arrest and prosecution of several hackers and led to the confiscation of dozens of computers, thousands of computer disks and related items. "We're authorized to enforce the computer fraud act, and we're doing it to the best of our ability," Garry Jenkins, assistant director of investigations for the Secret Service, said last summer. "We're not interested in cases that are at the lowest threshold of violating the law...They have to be major criminal violations before we get involved." The Secret Service crackdown closely followed the prosecution of the most celebrated hacker case to date, that of Robert Tappan Morris Cornell Univesity computer science graduate student and son of a computer sicentist at the Natonal Security Agency. Morris was convicted early last year of infecting a vast nationawide computer network in 1988 with a hugely disruptive computer "virus," or rogue instructions. Although he could have gone to jail for five years, Mo $10,000, given three years probation and ordered to do 400 hours of community service work. Through Operation Sun Devil and the Morris case, law enforcement authorities have begun to define the boundaries of computer law. Officials are grappling with how best to punish hackers and how to differentiate between mere computer pranks and serious computer espionage. "We're all trying to get a handle for what is appropriate behavior in this new age, where we have computers and computer networks linked together," said Lance Hoffman, a computer science professor at George Washington University. "There clearly are a bunch of people feeling their way in various respects," said David R. Johnson, an attorney at Wilmer, Cutler & Pickering and an expert on computer law. However, he said, "Things are getting a lot clearer. It used to be a reasonably respectable argument that people gaining unauthorized access to computer systems and causing problems were just rambunctious youth." Now, however, the feeling is that "operating in unauthorized computing spaces can be an antisocial act," he said. Although this view is increasingly shared by industry leaders, some see the risk of the crackdown on hackers going to far. Among those concerned is Mitch Kapor, the inventor of Lotus 1-2-3, the best-selling computer "spreadsheet" program for carrying out mathematical and accounting analysis. Kapor and several other computer pioneers last year contributed several hundred thousands dollars to set up the Electron Freedom Foundation, a defense fund for computer hackers. EFF has funded much of Rose's defense and filed a friend-of-the-court brief protesting Rose's indictment. --end of article-- From: The Washington Post, Tuesday March 26, 1991, Page A3. CORRECTION [to Saturday March 23, 1991 article] "Leonard Rose, Jr., the Maryland computer hacker who pleaded guilty last week to two counts of wire fraud involving his illegal possession of an American Telephone & Telegraph Co. computer program, was not a member of the "Legion of Doom" computer hacker group, as was reported Saturday, and did not participate in the group's alleged activities of breaking into and rummaging through corporate and government computer systems."