British Hacker Story

[nobody@replay.com (Name withheld on request)]

   From: newsbytes@clarinet.com (NB-LON)
   Subject: London Newspaper Runs Old "Superhacker" Story
   01/03/95
   Date: 3 Jan 95 20:44:22 GMT

   LONDON, ENGLAND, 1995 JAN 3 (NB) -- As the UK started back
   to work today after the long Christmas and New Year
   shutdown, readers of the Independent newspaper were treated
   to the banner headline "British Boy Raided US Defense
   Secrets."

   The curious thing about the story was that none of the
   other nationalpapers or news wires carried any reports. On
   investigation, Newsbytes discovered why -- the story dates
   back to July of last year, and briefly resurfaced in early
   November on the US news wires.

   According to the Independent, a 16-year-old British boy has
   been arrested in connection with a alleged unauthorized
   intrusions into the US government's computers and "was able
   to watch secret communications between US agents in North
   Korea during the crisis over nuclear inspections last
   spring."

   The story is quite correct, except that the boy in question
   was arrested last July, when the original story broke.
   Commenting on the story, Peter Sommer, a leading security
   consultant and a senior with the Computer Research Center
   at the London School of Economics, said that it smacked of
   the British Telecom secrets case of late November,also
   reported in the Independent.

   That story, as reported by Newsbytes, turned out to be
   something of a non-event when the hacker, who posted
   details of top secret files on BT's ex-directory computer
   "across the Internet," turned out to be Steve Fleming, a
   Scottish freelance journalist who worked as a temp for BT
   in the summer and broke BT's own security rules by
   downloading files from the BT's Customer Service System
   (CSS) computer, then mailed them -- across the Internet --
   to other people.

   "I'm amazed at the Independent running yet another story
   involving the Internet," Sommer told Newsbytes, adding that
   it is "a very old story. It seems that all they have to do
   is to work up a story about a hacking attempt, whether
   successful or not, and weave in a story about the Internet,
   and it's a headline story."

   Ken Young, newly installed editor of Communicate, a leading
   industry communications magazine in London, and a veteran
   of the UK communications industry for more than a decade,
   told Newsbytes that the story seemed a little thin.

   "It looks like another hacking story except that (the
   newspaper) has written in something about the Internet, and
   bingo! You've got a report that the information was
   accessible to 32 million users on the Internet," he said.

   Sommer, meanwhile, told Newsbytes that he had made his own
   discreet inquiries about the story with high level
   authorities when it broke last summer.

   "There are two problems with this case. Firstly, any lawyer
   worth his salt would invoke Section 69 of the Police &
   Criminal Evidence Act," he said. This Act, Sommer
   explained, requires that, before a computer can be
   considered as admissible evidence in court, the owner of
   the computer must issue a certificate of correct working.

   This, he said, could not be issued, as a casual user of a
   PC would be unable to make such a certification.

   Sommer went on to explain that the second reason that the
   case could be problematic for the prosecution was "that the
   lawyer would ask the court for full disclosure of all
   affected files on victim's host computers," which, since
   such files are almost certain to be classified in the US,
   could not be revealed in a British courtroom.

   The facts surrounding the case, as reported by Newsbytes,
   were that the 16-year-old -- operating under the code name
   of Data Stream -- was one of several who gained
   unauthorized access to the US defense computer network in
   late 1993 and early 1994 and that some files were deleted.

   At the time, press reports said that as many as a million
   passwords were compromised, and may have compromised the
   military readiness of the United States. The case has,
   Newsbytes understands, been fully investigated by the US
   Air Force Office of Special Investigations (OSI) although
   details of the report of the investigation by the USAF OSI
   are classified.

   Originally, the press reports of the time speculated
   whether the youth would be the first under-18 to be
   extradited to the US to face charges. It seems that,
   following last summer's arrest and submission of the report
   to the Crown Prosecution Service that the case is being
   quietly shuffled into a file because of the practical
   problems in pursuing a prosecution.