*** SEIZURE WARRANT DOCUMENTS FOR RIPCO BBS *** ******************************************************************** On May 8, 1990, RIPCO BBS was closed and the equipment seized as the result of a seizure warrant. FULL DISCLOSURE Magazine obtained publicly available copies of the various documents related to the warrant, which are reproduced below. The documents include (in order presented): 1. Government's petition for Assistance during Execution of Search Warrant 2. ORDER approving assistance 3. Order authorizing blocking out income telephone and data calls 4. Application for order to block out calls 5. Application and affidavit for seizure warrant (Barbara Golden, affiant) 6. Application and affidavit for seizure warrant (G. Kirt Lawson, affiant) Attached to the original documents (but not presented here) are an application (by Ira H. Raphaelson and William J. Cook, United States attorney and AUSA) to suppress the seizure warrant for 90 days, and a variety of photographs of Dr. Ripco's premises. ******************************************************************* **************************************** Government's Petition for Assistance **************************************** UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION UNITED STATES OF AMERICA ) ) v. ) No. 90-M-187 & 90-M-188 ) Magistrate James T. Balog ) xxxx NORTH CLYBOURN, CHICAGO ) ILLINOIS AND xxxx NORTH ) LAWNDALE, CHICAGO, ILLINOIS ) GOVERNMENT'S PETITION FOR ASSISTANCE DURING EXECUTION OF SEARCH WARRANT The United States of America, by its attorney, Ira H. Raphaelson, United States Attorney for the Northern District of Illinois, petitions this Court for an order directing representatives of AT&T's Corporate Security Division to accompany Special Agents of the Secret Service during the execution of the search warrant against the premises of xxxx North Clybourn, Chicago, Illinois, and xxxx North Lawndale, Chicago, Illinois. This petition is supported by the following: 1. The affidavit of Special Agent Barbara Golden of the Secret Service is incorporated herein by reference. 2. AT&T has offered the assistance of Jerry Dalton and John Hickey of AT&T Corporate Security/Information Protection to the government and this Court. Both men are very experienced in the operation of computers and especially in the analysis of UNIX systems. 3. We also request that Sergeant Abigail Abrahams of the Illinois State Police be authorized in the execution of the aforementioned warrants. Sergeant Abrahams has investigated the computer bulletin board (BBS) operation since approximately 1988 - 1 - and has extensive details with respect to the structure of the BBS and its contents. While these individuals will not be seizing evidence, their assistance is necessary to quickly read and identify the critical files in the computer being searched. Moreover, their presence during the search will insure that the records on the computer are not accidentally erased and remain intact. Respectfully submitted, IRA H. RAPHAELSON United States Attorney BY: (signature of) WILLIAM J. COOK Assistant United States Attorney - 3 - UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION UNITED STATES OF AMERICA ) ) v. ) No. 90-M-187 & 90-M-188 ) Magistrate James T. Balog ) xxxx NORTH CLYBOURN, CHICAGO ) ILLINOIS AND xxxx NORTH ) LAWNDALE, CHICAGO, ILLINOIS ) ORDER In view of the specialized nature of the evidence that is being sought in this warrant, _______________, as indicated in the government's petition and the affidavit for the search warrant, which is incorporated herein by reference; It is Hereby Ordered that representatives of AT&T's Corporate Security Division and Sergeant Abigail Abrahams of the Illinois State Police accompany Special Agents of the United States Secret Service during the execution of the search warrant to assist those agents in the recovery and identification of the evidence sought in the warrant. (signature) James T. Balog 5-7-90 UNITED STATES MAGISTRATE - 3 - UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION IN THE MATTER OF THE ) APPLICATION OF THE UNITED STATES ) OF AMERICAN FOR AN ORDER FOR THE ) No. 90-M-187 & 90-M-188 BLOCKING OF INCOMING TELEPHONE ) Magistrate James T. Balog AND DATA CALLS AT (312 )528-5020 ) (312 )xxx-xxxx AND (312)xxx-xxxx ) ORDER AUTHORIZING BLOCKING OUT INCOME TELEPHONE DATA CALLS An application having been made before me by Colleen D. Coughlin, an Assistant United States Attorney for the Northern District of Illinois, pursuant to Title 28, United States Code, Section 1651, for an Order to "block out" incoming telephone and data calls by the Illinois Bell Telephone company, and there is reason to believe that requested actions are relevant to a legitimate law enforcement investigation; IT IS ORDERED THAT: 1. Illinois Bell Telephone company servicing said telephone lines shall "Block out" of incoming telephone and data calls on (312) 528-5020, (312) xxx-xxxx and (312) xxx-xxxx, which telephone and data lines are on premises which are the subject of federal search warrants to be executed the 8th day of May, 1990 at approximately 0630 hours. Such "blocking out" of incoming telephone and data calls shall commence at 0500 hours on May 8, 1990 and continue up to and incoming 1700 hours on May 8, 1990, or until the completion of the search warrants, whichever is the earlier. 2. The "blocking out" of incoming telephone and data calls will likely assist in the execution of search warrants seeking - 4 - evidence of violations of Title 18, United States Code, Sections 1343, 1030, 1962, 1963, and 371. (signature of) JAMES T. BALOG Magistrate 5-7-89 (sic) - 5 - UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION IN THE MATTER OF THE ) APPLICATION OF THE UNITED STATES ) OF AMERICAN FOR AN ORDER FOR THE ) No. 90-M-187 & 90-M-188 BLOCKING OF INCOMING TELEPHONE ) Magistrate James T. Balog AND DATA CALLS AT (312 )528-5020 ) (312 )xxx-xxxx AND (312)xxx-xxxx ) A P P L I C A T I O N Now comes the UNITED STATES OF AMERICA, by IRA H. RAPHAELSON, United States Attorney and Colleen D. Coughlin, Assistant United States Attorney, and makes application pursuant to Title 28, United States Code, Section 1651, the All Writs Act, for an Order to stop or "block out" incoming telephone calls to particular telephone and/or data lines, as described below, by the Illinois Bell Telephone Company. In support of this Application the undersigned states as follows: 1. This Application seeks an order requiring the Illinois Bell Telephone Company to "block out" incoming telephone and data calls from 0500 hours until 1700 on May 8, 1990 regarding the following numbers (312) 528-5020, (312) xxx-xxxx and (312) xxx- xxxx. 2. The United States Secret Service has been conducting a two year investigation into the activities of computer hackers which will result in thirty-two search warrants being executed across the United States on May 8, 1990 beginning at 0630 hours. 3. Because the United States Secret Service needs to ensure the integrity of the evidence at each of these locations from remote access tampering, alteration, or destruction, this "blocking out" order is required. 4. This action by Illinois Bell Telephone will only "block out" incoming calls and the telephones will at all times be capable of making "outgoing" calls. Thus, the telephone lines will at all times be available for emergency outgoing calls. 5. It is reasonably believed by the United States Secret Service, based on experience and their investigation in this case, that the requested action will be of substantial assistance in forwarding this criminal investigation. 6. The All Writs Act, 28 U.S.C. 1651, provides as follows: The Supreme Court and all courts established by the Act of Congress may issue all writs necessary and appropriate in aid of their respective jurisdictions and agreeable to the uses and principles of law. 7. A Federal Court has power to issue "such commands under the All Writs Act as may be necessary or appropriate to effectuate and prevent the frustration of orders it has previously issued in the exercise of its jurisdiction...." UNITED STATES v. NEW YORK TELEPHONE CO., 434 U.S. 159, 172 (1977). WHEREFORE, on the basis of the allegations contained in this Application, applicant requests this Court to enter an order for "blocking out" of income telephone and/or data calls at the above described telephone numbers. It is further requested that Illinois Bell Telephone Company may be ordered to make no disclosure of the existence of this Application and Order until further order of this Court since - 2 - disclosure of this request to the individual or individuals whose telephone lines are affected would threaten or impede this computer investigation. Respectfully submitted, IRA H. RAPHAELSON United States Attorney By: (signed) COLLEEN D. COUGHLIN Assistant United States Attorney - 3 - **************************************************** {transcriber's note:} Following is the APPLICATION AND AFFADAVIT FOR SEIZURE WARRANT, Case number 90-M-187, dated May 7, 1990. Affiant: Barbara Golden, Special Agent, U.S. Secret Service Location: United State District Court, Northern District of Illinois Judicial Officer: Magistrate James T. Balog The warrant alleges violations under Title 18, USC, Sections 1343, 1030, 1029, 1962, 1963, and 371. ******************************************* --------------(Begin Barbara Golden's Affidavit)----------------- State of Illinois ) ) SS County of Cook ) AFFIDAVIT 1. I, Barbara Golden, am a Special Agent of the United States Secret Service and have been so employed for the past fourteen years; the past three years as a Special Agent. I am present assigned to the Computer Fraud Section of the United States Secret Service in Chicago. I am submitting this affidavit in support of the search warrants for the residence of Bruce Xxxxxxxxxxx xxxx North Lawndale, Chicago, Illinois (including the detached garage behind the house) and his business address at xxxx North Clybourn, Chicago, Illinois. 2. This affidavit is based upon my investigation and information provided to me by Special Agent G. Kirt Lawson of the United States Secret Service in Phoenix, Arizona and by other agents of the United States Secret Service. I have also received information from Sergeant Abigail Abrahams of the Illinois State Police. 3. Additionally, I have received technical information and investigative assistance from Roland Kwasny of Illinois Bell Telephone Corporate Security. VIOLATIONS INVOLVED 4. This warrant is requested to recover unauthorized and illegally used access codes posted on the RIPCO BBS by computer hackers and to develop evidence of their illegal use of those codes in violation of federal criminal laws, including: - 1 - a. 18 USC 2314 which provides federal criminal sanctions against individuals who knowingly and intentionally transport stolen property or property contained by fraud, valued at $5,000.00 or more, in interstate commerce. b. 18 USC 1030(a)(6) provides federal criminal sanctions against individuals who, knowingly and with intent to defraud, traffic in interstate commerce any information through which a computer may be accessed without authorization in interstate commerce. c. Other federal violations involved in this case may include Wire Fraud (18 U.S.C. 1343), Access Device Fraud (U.S.C. 1029) and other violations listed and described on page 15, 16, and 17 of the attached affidavit of Special Agent Lawson. LAWSON AFFIDAVIT 5. The attached affidavit of Special Agent Kirt Lawson is incorporated herein in its entirety and is attached as Attachment 1. Lawson's affidavit is based upon a two year undercover investigation of the United States Secret Service involving an undercover bulletin board located in Phoenix, Arizona. Essentially, Lawson's affidavit and my investigation establish probably cause to believe: a. Bruce Xxxxxxxxxxx, using the computer hacker handle "Dr. Ripco", has been operating the RIPCO BBS in Chicago since approximately December 10, 1983. - 2 - b. During the time period named in the Lawson affidavit unauthorized access codes were posted on the RIPCO BBS by various computer hackers. c. The access codes posted on the RIPCO BBS have been determined by Special Agent Lawson to be valid access codes which are being used without authorization of the true authorized user of the access codes. Moreover, in many cases the access codes have been reported stolen by the true authorized user(s). d. Special Agent Lawson's investigation has further determined that the access codes posted on the RIPCO BBS are not concealed from the system administrator of the BBS and could be seen by the system administrator during an examination of the BBS. 6. I have personally worked with S.A. Lawson on computer crime investigations and known him to be a reliable agent of the Secret Service and an expert in the field of telecommunication investigations. 7. I personally received the attached affidavit on May 1, 1990 and have verified with S.A. Lawson that it is in fact his affidavit and have verified with S.A. Lawson that it is in fact his affidavit and that it accurately reflects his investigation. I have verified information with respect to his investigation with Special Agent Lawson as recently as May 7, 1990. - 3 - UPDATED PROBABLE CAUSE 8. On May 1, 1990, I personally observed that the surveillance cameras described on pages 32 and 33 of Lawson's affidavit still appear to be in operation. (The antennas and surveillance cameras located at the Clybourn address are reflected in the photographs attached as Attachment 2.) 9. On May 4, 19900, I personally updated the status of the telephone lines at the Clybourn address with Roland Kwasny of Illinois Bell Telephone. Kwasny advised me that those telephones continue to be in active service at this time. ITEMS TO BE SEIZED 10. On pages 36 to 39 of his affidavit S.A. Lawson describes the items to be seized at the search locations. Locations to be Searched 11. The complete description of the business location to be searched on Clybourn Street is contained on page 30 of S.A. Lawson's affidavit. (Photographs of that location are in Attachment 2.) I have personally observed the resident to be searched on Lawndale on May 1, 1990. The photographs attached to this affidavit as Attachment 3 truly and accurately show the residence known as xxxx North Lawndale, Chicago, Illinois, as of May 1, 1990. - 4 - EXAMINATION OF COMPUTER RECORDS 13. Request is made herein to search and seize the above described computer and computer data and to read the information contained in and on the computer and computer data. 14. The following attachments are incorporated herein by reference: Attachment 1 - Affidavit of S.A. Lawson (39 pages): Attachment 2 - Photographs of the Clybourn address (2 pages); Attachment 3 - Photographs of the Lawndale address (1 page). (signature) Special Agent Barbara Golden United States Secret Service Sworn and Subscribed to before me this 7th day of May, 1990. (signature) James T. Balog UNITED STATES MAGISTRATE - 5 - ** (End Barbara Golden's Affidavit) ** ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ** (Begin G. Kirt Lawson's affidavit) ** ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ State of Arizona ) ) SS County of Maricopa ) AFFIDAVIT 1. Your affiant G. Kirt Lawson has been a Special Agent of the U.S. Secret service for eighteen years and in the course of his employment has investigated over 100 cases involving credit card fraud, theft, computer- related crime, and other offenses. I have training from the Secret Service in the investigation of computer fraud, have attended six or more seminars on investigative procedures from AT&T and the Secret Service, and have lectured on computer crime for the IEEE (an international professional group of electrical engineers) and Bellcore (the research / security organization owned by the regional Bell operating companies.) Within the last year, I have assisted the Arizona Attorney General's office with the execution of three computer-crime search warrants, and the Austin, Texas field office of the Secret Service with the execution of another computer-related search warrant. Over the last two years, I have assisted numerous state, local, and federal law enforcement agents in half a dozen U.S. cities by providing information and technical assistance which has led to the execution of over a dozen search warrants in computer crime cases nationwide. - 1 - SOURCES OF INFORMATION 2. Your affiant has also received technical information and investigative assistance from the following experts in the field of telecommunication fraud and computer crime: a. R.E. "Sandy" Sandquist,, Regional Security Manager, U.S. Sprint Communications Company, who has been so employed since 1987, and was previously employed by General Telephone (GTE) as a special agent, technical investigations since 1983. He has investigated cases of communications fraud involving computer hackers, computer bulletin board systems (see Definitions section below), and the abuse of voice mail message computers, involving over 100 systems. He has assisted law enforcement search teams in the execution of search warrants, and has trained many state, local and federal agents in the investigation of computer and communications crime. b. Stephen R. Purdy, Special Agent, U.S. Secret Service, currently the Assistant to the Special Agent In Charge of Fraud Division of the Computer Diagnostic Lab in Washington, D.C. He is a member of the Federal Computer Investigations Committee, and is currently its Co-Chair. He has helped to design training programs in computer crime and telecommunications fraud investigations for the Federal Law Enforcement Training Center in Glynco, Georgia. He also developed and instructs in the Secret Service's training program in computer fraud investigations. - 2 - c. George Mehnert has been a Special Agent with the Arizona Attorney General's office for more than twelve years; for the last three years, he has been responsible for special projects including the investigation of computer crime. He has taken courses relating to computer hardware and software programs from various industry sources and a local college, and has worked with computer hardware and software, including communications equipment and analysis tools, in investigative matters for more than six years. Mehnert has instructed numerous state and local law enforcement agencies in the methodology of executing search warrants involving computers, and in the investigation of computer crimes. He recently published of article on this subject in a law enforcement periodical. In the past two years, Mehnert has been involved in thirty warrant searches relating to the seizure of computer of communications-related evidence. d. In addition to the above, affiant has also received technical assistance and information from the following communication industry sources: Steve Matthews, Telenet; Leila Stewart, MCI; Sue Welch, MCI; Toni Ames, U.S. West; Connie Bullock, ComSystems (a long-distance carrier); Karen Torres, MidAmerican Communications Company; Richard Petiollo and Richard Kopacz, AT&T; Hank Kluepfel and David Bauer, Bellcore (a research/security company owned by the Bell Regional Operating Companies); Marty Locker, International Telephone and Telegraph (ITT), and credit industry sources: Valerie Larrison, American Express; MaryAnn Birkinshaw, TRW: Michelle Mason, CBI (TRW and CBI are national card bureaus). - 3 - DEFINITIONS AND EXPLANATIONS 3. Computer hackers: individuals involved in the unauthorized intrusion into computer systems by various means. They commonly identify themselves by aliases of "hacker handles" when communicating by voice or electronically with other hackers. Because they normally communicate through electronic bulletin board systems in several states, and because they often conduct their hacking activities against victims at many locations outside their local calling area, computer hackers typically use long-distance carrier customer authorization codes without the permission of the individuals or corporations to which they are assigned, in order to achieve "free" long distance telecommunications (over standard voice lines, or over data-communications services). Search warrants executed in hacker cases routinely produce evidence of theft of communications services, and often product of possession, use, and/or distribution of credit cards as well. 4. Electronic Bulletin Board System (BBS): an electronic bulletin board is a computer operated as a medium of electronic communications between computer users at different locations. Users access the BBS by telephone from distant locations (often their residences), using their own computers and communication devices (modems). Typical functions of a BBS include (1) providing storage for a software library; (2) allowing users to "download" (copy to their own computers) various files or software programs; (3) allowing users to - 4 - exchange and store messages by "electronic mail"; and (4) publishing of text files and tutorials, which contain information or instructions on various subjects of interest to the users. Although many BBS's are operated as commercial services to the public (large services such as Compuserve and The Source may offer many more functions than those listed above), thousands of BBS's are privately operated by individuals who run them from their residences, or by special-interest clubs. It is common for a BBS to have several sections or "conferences" on the system, to which a particular level of access is required: many users might have access to lower-level sections, while only some users would be permitted to access the highest-level sections (many sysops --defined below-- "voice validate" a prospective user, using a telephone call to screen users and determine whether they are law enforcement, adults, or other undesirables). This is particularly true of BBS's whose members are involved in some form of criminal activity. Many "underground" or criminal bulletin boards contain subsections through which the users regularly exchange stolen customer authorization codes, credit card numbers, and information on techniques or methods for the commission of such crimes as computer fraud and abuse, access device fraud and wire fraud. 5. System operator/system administrator (sysop): the person(s) charged with the responsibility for operating a particular computer bulletin board system (usually the owner of - 5 - the computer who lives in the residence where the BBS is operating). In order to perform their necessary supervisory and maintenance functions, sysops who run or own the BBS give themselves the highest level of access, or privileges, available on a system. In the case of a bulletin board sysop, these functions typically include deciding whether or not to to give access or type of privileges to allow to different users, and the ability to read the entire content stored on the BBS (including "private mail" -- see electronic mail, below.) Sysops control the BBS, can remove contents, add and delete users, change the programming, alter the communications parameters, and perform a number of administrative and maintenance tasks associated with operation of the BBS. 6. Electronic mail (E-mail): electronic mail is a means of communication among computer users, and is one of the features normally found on a BBS. Each user on a criminal BBS has a distinct identifier, with a computer hacker's "username" or "login" often identical to his hacker handle (handles tend toward the theatrical, I.e. Prophet of Doom, DungeonMaster, Ax Murderer, etc.) and a unique confidential password; each user may also be assigned a user number by the system. Users may send "public" mail by leaving a message in a section of the system where all who call in may read the message and respond. They may also send "private mail" by sending a message limited to a particular individual or group. - 6 - In this instance, other users would not be able to read the private message. (Except, of course for the sysop, as explained above.) 7. Chat: unlike electronic mail, which consists of messages and responses entered and stored for later review, the "chat" communication on a BBS consists of simultaneous interactive communication between the sysop and a user, or between two or more users -- the computer equivalent of a conference call. A more sophisticated BBS may have more than one telephone line connected to the system, so that two or more users can "talk" to each other though the BBS from their own computer systems at one time. 8. Voice Mail System (VMS): a voice mail system is an electronic messaging computer which acts as an answering service. These systems are generally either (1) operated for hire to the public by commercial communications companies, often in combination with cellular telephone or paging services, or (2) by corporations for the convenience of employees and customers. In either case, the subscriber or employee is assigned an individual "mailbox" on the system which is capable of performing several functions. Among these functions are receiving and storing messages from callers, sending messages to other boxes on the system, and sending messages to a pre-selected group of boxes. These functions are performed by pushing the appropriate numerical commands on a telephone keypad for the desired function. - 7 - 9. While voice mail systems vary among manufacturers, in general, a caller dials either a local area code and number, or an "800" number to access the system. Generally, the caller hears a corporate greeting identifying the system and listing instructions for leaving a message and other options. To leave a message, the caller enters a "mailbox number," a series of digits (often identical to the assigned owner's telephone extension), on his own telephone keypad. The caller then hears whatever greeting the mailbox owner has chosen to leave. Again, the caller can usually exercise several options, one of which is to dictate an oral message after a tone. 10. In this respect, the voice mail system operates much like a telephone answering machine. Rather than being recorded on audio tape, however, the message is stored in digitized form by the computer system. When the message is retrieved, the computer plays it back as sound understandable by the human ear. The entire VMS is actually a computer system accessible through telephone lines; the messages are stored on large-capacity computer disks. 11. A caller needs to known only the extension or mailbox number in order to leave a message for the employee or subscriber. In order to retrieve the messages or delete them from the system, however, the person to whom the box is assigned must have both the box number and a confidential password: the password ensures privacy of the communications, by acting as a "key" to "unlock" the box and reveal its contents. Anyone - 8 - calling the telephone number of the mailbox hears the owner's greeting -- only the content of messages left for the owner is protected by the password or security code. The person to whom the box is assigned may also have the ability to change his password, thereby preventing access to the box contents by anyone who may have learned his password. 12. Private Branch Exchange (PBX): a private branch exchange is a device which operates as a telephone switching system to provide internal communications between telephone facilities located on the owner's premises as well as communications between the company and other private or public networks. By dialing the specific telephone number of a PBX equipped with a remote access feature and entering a numeric password or code on a telephone keypad or by means of a computer modem, the caller can obtain a dial tone, enabling the caller to place long distance calls at the expense of the company operating the PBX. 13. Phone phreak: phone phreaks, like computer hackers, are persons involved in the theft of long-distance services and other forms of abuse of communications technology, but they often do not have computer systems. Rather than communicating with each other through BBS's, they communicate with each other and, exchange stolen carrier customer authorization codes and credit cards, either directly or by means of stolen or "hacked" corporate voice mailboxes. Phone phreaks may also set up fraudulent conference calls for the - 9 - exchange of information. A phone phreak may operate a "codeline" (a method of disseminating unauthorized access devices) on a fraudulently obtained voice mailbox, receiving messages containing stolen credit card numbers from his co-conspirators, and in turn "broadcasting" them to those he shares this information with during the greeting (box owner's message to callers), which can be heard by anyone dialing the mailbox number. Phone phreaks and computer hackers sometimes share information by means of the conference calls and codelines. Like computer hackers, phone phreaks also identify themselves by "handles" or aliases. BACKGROUND OF THE INVESTIGATION 14. Over the past several years, the U.S. Secret Service has received and increasing number of complaints from long distance carriers, credit card companies, credit reporting bureaus, and other victims of crimes committed by computer hackers, phone phreaks, and computer bulletin board users and operators (see Definitions section), which have resulted in substantial financial losses and business disruption to the victims. Because the persons committing these crimes use aliases or "handles", mail drops under false names, and other means to disguise themselves, they have been extremely difficult to catch. They also conspire with many others to exchange information such as stolen long distance carrier authorization codes, credit card numbers, and technical information relating to the unauthorized invasion of computer systems and voice mail - 10 - messaging computers, often across state or national borders, making the investigation of a typical conspiracy extremely complex. Many of these persons are juveniles or young adults, associate electronically only with others they trust or who have "proven" themselves by committing crimes in order to gain the trust of the group, and use characteristic "hacker jargon." By storing and trading information through a network of BBS's, the hackers increase the number of individuals attacking or defrauding a particular victim, and therefore increase the financial loss suffered by the victim. 15. For all of the above reasons, the U.S. Secret Service established a computer crime investigation project in the Phoenix field office, utilizing an undercover computer bulletin board. The purpose of the undercover BBS was to provide a medium of communication for persons engaged in criminal offenses to exchange information with each other and with the sysop (CI 404-235) about their criminal activities. The bulletin board began operating on September 1, 1988 at 11:11 p.p., Mountain Standard Time, was located at 11459 No. 28th Drive, Apt. 2131, Phoenix, Arizona, and was accessed through telephone number (602) 789-9269. It was originally installed on a Commodore personal computer, but on January 13, 1989 was reconfigured to operate on an Amiga 2000 personal computer. 16. The system was operated by CI 404-235, a volunteer paid confidential informant to the U.S. Secret Service. CI 404-235 was facing no criminal charges. Over the past eighteen - 11 - months, information by CI 404-235 (see paragraph 16) has consistently proved to be accurate and reliable. The Arizona Attorney General's office executed six search warrants related to affiant's investigation in 1989 and 1990 (affiant participated in three of these). Evidence obtained in those searches corroborated information previously given to affiant or to George Mehnert, Special Agent of the Arizona Attorney General's office by CI 404-235. In over a dozen instances, CI 404-235's information was verified through other independent sources, or in interviews with suspects, or by means of a dialed number recorder (pen register). One arrest in New York has been made as a result of CI 404-235's warning of planned burglary which did occur at a NYNEX (New York regional Bell operating company) office. Throughout this investigation, CI 404-235 has documented the information provided to the affiant by means of computer printouts obtained from the undercover BBS and from suspect systems, and consensual tape recordings of voice conversations or voice-mail messages. 17. Because many of the criminal bulletin board systems require that a new person seeking access to the telephone code or credit card sections contribute stolen card information to demonstrate "good faith," when asked to do so, CI 404-235 has "posted," (left on the system in a message) Sprint, MidAmerican or ComSystems authorization codes given to affiant by investigators at these companies for that purpose. - 12 - EVIDENCE IN HACKER CASES 18. Computer hackers and persons operating or using computer bulletin board systems commonly keep records of their criminal activities on paper, in handwritten or printout form, and magnetically stored, on computer hard drives, diskettes, or backup tapes. They also commonly tape record communications such as voice mail messages containing telephone authorization codes and credit cards. On several occasions, affiant has interviewed George Mehnert, Special Agent, Arizona Attorney General's office and R.E. "Sandy" Sandquist, Security Manager, U.S. Sprint, about the types of evidence normally found in connection with computer/ communications crimes. Both have assisted more than 20 search teams in the execution of search warrants in such cases. Both Mehnert and Sandquist stated that because of the sheer volume of credit card numbers, telephone numbers and authorization codes, and computer passwords, and other information necessary to conduct this type of criminal activity, in almost every case, they have found a large volume of paper records and magnetically-stored evidence at scenes being searched. Because of the ease of storing large amounts of information on computer storage media such as diskettes, in a very small space, computer hackers and bulletin board users or operators keep the information they have collected for years, rather than discarding it. Mehnert stated that in virtually every communications/computer crime case he has investigated, the suspect was found to have records in his possession dating - 13 - back for years -- Mehnert stated that it is common in such cases to find records dating from 1985 and sometimes, even earlier. 19. Sandquist confirmed Mehnert's experience, stating that hackers and phone phreaks typically also keep a notebook listing the location of information especially important to them, for easy access. Mehnert has seized several of these "hacker notebooks" in computer/communications crime cases; they were usually found quite close to the computer system, or in the hacker's possession. Both Mehnert and Sandquist stated that it is common for a person involved in the theft of communications services (long distance voice or data calls, voice mail boxes, etc.) also to be involved in the distribution or use of stolen credit cards and/or numbers; hackers and phone phreaks often trade codes for credit cards, or the reverse. Both Mehnert and Sandquist stated that it is common to find credit card carbons at locations being searched for stolen telephone authorization codes. 20. Both Mehnert and Sandquist also stated other evidence commonly found in connection with these cases includes telephone lineman tools and handsets (used for invading telephone company pedestal or cross-boxes and networks, or for illegal interception of others' communications), tone generators (for placing fraudulent calls by electronically "fooling" the telephone network into interpreting the tones and legitimate electronic switching signals), computer systems (including central processing unit, monitor or screen, keyboard, modem for - 14 - computer communications, and printer), software programs and instruction manuals. Sysops of bulletin boards also commonly keep historical backup copies of the bulletin board contents or message traffic, in order to be able to restore the system in the event of a system crash, a power interruption or other accident. An important piece of evidence typically found in connection with a criminal bulletin board is the "user list" -- sysops normally keep such a list on the BBS, containing the real names and telephone numbers of users who communicate with each other only by "handles." The user list is a very substantial piece of evidence linking the co-conspirators to the distribution of telephone codes and credit cards through the BBS messages or electronic mail. 21. Mehnert and Sandquist stated that it is also common to find lists of voice mailboxes used by the suspect or his co-conspirators, along with telephone numbers and passwords to the voice mailboxes. Many suspects also carry pagers to alert them to incoming messages. CRIMINAL VIOLATIONS 22. Criminal violations may include, but are not limited to, the following crimes: 23. Wire fraud: 18 U.S.C. ~ 1343 prohibits the use of interstate wire communications as part of a scheme to defraud, which includes obtaining money or property (tangible or intangible) by a criminal or the loss of something of value by the victim. Investigation by your affiant has determined that - 15 - the actions of the computer hackers, phone phreaks and bulletin board operators detected in this investigation defrauded telephone companies whose customer authorization codes were exchanged through the BBS's) gained valuable property because their fraud scheme provided them with telephone customer authorization codes and other access devices which in turn could be used by them to obtain telephone services and property which would be charged to the victim companies. Their scheme also provided them with access to private branch exchange (PBX) numbers and codes which could be used to obtain telephone service which was charged to the victim companies. 24. Computer fraud and abuse: 18 U.S.C. ~ 1030 prohibits unauthorized access to a federal interest computer with intent to defraud. Intent to defraud has the same meaning as in the wire fraud statute above. A federal interest computer is defined as "one of two or more computers used in committing the offense, not all of which are located in the same state," as well as computers exclusively for the use of a financial institution or the United States Government, among others defined in the statute. This section also prohibits unauthorized access to financial records and information contained in consumer reporting agency files. 25. Access device fraud: 18 U.S.C. ~ 1029 prohibits the unauthorized possession of 15 or more unauthorized or counterfeit "access devices" with intent to defraud, and - 16 - trafficking in authorized access devices with an intent to defraud and an accompanying $1,000 profit to the violator or loss to the victim. These prohibitions also apply to members of a conspiracy to commit these offenses. Intent to defraud has the same meaning as in the wire fraud statute above. "Access devices" includes credit cards, long distance telephone authorization codes and calling card numbers, voice mail or computer passwords, and PINS (personal identification numbers). An "unauthorized access device" is any access device obtained with the intent to defraud, or is lost, stolen, expired, revoked, or cancelled. 26. Other offenses: other federal statutes violated in this case may include 18 U.S.C. ~ 1962 and 1963 which prohibit the commission of two or more acts of racketeering (including two or more acts in violation of 18 U.S.C. ~ 1343 and/or 1029), and permits forfeiture of the instrumentalities used or obtained in the execution of a crime; and 18 U.S.C. ~ 371, the federal conspiracy statute. PROBABLE CAUSE BULLETIN BOARD SYSTEM 312-528-5020 27. CI 404-235 has accessed a public electronic bulletin board at 312-528-5020 over three dozen times between 4/7/89 and 12/31/90. The most recent access was on 4/28/90. In the "Phone Phun" subsection of the BBS, CI 404-235 has regularly seen messages posted by users of the BBS, which contain long distance carrier customer - 17 - authorization codes, references to hacking, and to credit cards and credit bureaus. This affidavit is in support of a search warrant for two premises where evidence of the operation of the BBS is expected to be found. CI 404-235 provided to affiant copies of messages posted to the BBS, including the following: Numb 12 (54r4q9kl-12) Sub miscellaneous... From DON THOMPSON (#689) To all Date 03/17/89 03:55:00 PM o.k.: 1999: 322300 342059 366562 344129 549259 549296 492191 496362 422000 549659 28. In the above message, "1999" refers to the last four digits of the local access number assigned to Starnet, a long distance network owned by ITT Metromedia Communications. To use such codes, a caller dials the local access number, the customer authorization code, and the area code and number to be called. Marty Locker, ITT Security, verified that the local access number 950-1999 is Starnet's (Starnet's authorization codes and six digits long). Loss figures on the above are unknown. 29. On 3/20/89, user #452 "Blue Adept" replies to a previous message, as follows: - 18 - Numb 25 (54r4q9kl-25) Sub Reply to: Reply to: Legal expenses >From BLUE DEPT (#452) To all Date 03/20/89 08:42:00 AM 1999 is starnet. they've busted several people I know. they live to bust people. mainly with extraordinarily large fines. I've heard of them taking it to court though. first person they busted was the Diskmaster/Hansel. really cool guy. hacked em 300 times with the applecat and they busted him. he didn't "Hacked em 300 times" refers to the number of timers that "Diskmaster/Hansel" is supposed to have attempted to hack out a Starnet customer authorization code. "Applecat" is the name of a modem (computer communications device) and related software program which automates the code-hacking process. Numb 69 (54r4q9kl-69) Sub loop >From JOE FRIDAY (#120) To all Date 03/25/89 07:10:00 PM IF ANYONE HAS A LOOP FOR THE 404 AREACODE I WOULD APPR. IT VERY MUCH!! IF THERE ARE ANY REAL PHREAKS THAT STILL DO HACK ALOT LEAVE I THINCK YOU MIGHT BENEIFIT FROM IT. 18002370407-8010464006ACN- 8205109251- IF ANYONE STILL GETS INTO LMOSE LEAVE ME A MESSAGE.. 30. On 4/17/90 Mark Poms, Director of Security, Long Distance Service of Washington D.C., verified the following: 1) 1-800-237-0407 is his company's assigned 1-800-line number. Authorization code 8010464006 has suffered $6, 287.22 in fraud - 19 - losses, and 8205109251 has suffered $970.34 in fraud losses. 31. In the above message, "LOOP" refers to a telephone company "loop around test line". Hackers commonly exchange information on loops, in order to be able to communicate with each other without divulging their home telephone numbers. If two hackers agree to call a loop number at a certain time, they loop allows them to speak with each other -- neither hacker needs to know or to dial the other's telephone number. "LMOSE" refers to a type of computer system (LMOS) operated by Bell regional operating companies (local telephone companies). This computer system contains data such as subscriber records, and the LMOS system is solely for the use of telephone company employees for the purpose of maintaining telephone service. (Explanations provided by Bellcore computer security technical staff member David Bauer.) Numb 136 (56r5q9kl-136) Sub Suicide? >From THE RENEGADE CHEMIST (#340) To All Date 04/18/89 05:33:00 PM 9501001 074008 187438 057919 068671 056855 054168 071679 - 20 - 32. On 3/20/90 Karen Torres, MidAmerican Communications, a long distance carrier which a local access number of 950-1001 as valid MidAmerican customer authorization codes. She advised that all but the invalid code were terminated "due to hacking". 950-1001 074008 Valid code, no loss 187438 Valid code, no loss 057919 Invalid 068671 Valid code, no loss 056855 Valid code, no loss 054168 Valid code, no loss 071697 Valid code, no loss Numb 109 (53r3q0k2-109) Sub Reply to: Reply to: Reply to: Reply to: Reply to: John Anderson >From BRI PAPE (#22) To ALL... Date 06/28/89 05:31:00 AM ANOTHER valid code.. AND A DIVERTER... 215-471-0083..(REMAIN QUIET) 33. 950-0488 is the local access number for ITT Metromedia Communications, according to Marty Locker, ITT Security. Fraud, losses, if any, on this customer authorization code are unknown. 34. On 4/16/90, Kathy Mirandy, Director of Communications, Geriatrics and Medical Center Incorporated, - 21 - United Health Care Services, in Philadelphia, PA, verified that 1-215-471-0083 is her company's telephone number. She stated that between 12/28/88 nand 5/15/89, her company suffered a fraud loss of $81,912.26 on that number. In the above message, "diverter" refers to a common hacker/phone phreak term for a means of placing telephone calls through a telephone facility which belongs to someone else. The hacker "diverts" his call through the other facility, and if the outgoing "diverted" call is a long distance call, the owner of the facility is billed for the call as though it originated from the victim telephone facility. 35. On 7/3/89, CI 404-235 accessed the BBS and observed the following message, a copy of which was provided to the affiant: Numb 137 (56r3q0k2-137) Sub dib. >From POWER ASSIST (#524) To * Date 07/02/89 12:01:00 AM Divertors: 1800 543 7300 543 3300 I'm not sure if this is a 800 to 800 : 800 777 2233 36. On 4/18/90 Delores L. Early, Associate General Counsel of the Arbitron Company, Laurel, Maryland, verified that 1-800-543-7300 is listed to her company. She advised that her company suffered a direct fraud loss by October, 989 of $8,100 on that line, as well as additional expenses in for form of the installation of "an elaborate security procedure to prevent this - 22 - type of fraudulent use," and lost employee time in identifying and correcting the problem. "800 to 800" refers to whether the "divertor" posted in the above message can be used to call out to another 800 number. Numb 113 (53r6q0k2-113) Sub Codes >From BLUE STREAK (#178) To ALL Date 07/26/89 05:05:00 AM Here is a code: 1800-476-3636 388409+acn 950-0266 487005 8656321 6575775 oops first one is 4847 not 487 Blue Streak. Blee blee blee thats all pholks. 37. On 4/2/90. Dana Berry. Senior Investigator, Teleconnect (a division of Tele*Com USA, a long distance carrier), verified that 1-800- 476-3636 code 388409 is her company's authorization code and it has suffered a fraud loss of x176.21 {transcrib. note: portion of dollar figure (first digit) is illegible on copy of affidavit} 38. On 4/20/90, Christy Mulligan, ComSystems Security, whose company is assigned the local access number 950-0266, verified the following: - 23 - 1) 4847005 $2,548.75 loss due to fraud 2) 8656321 $2,000.00 loss due to fraud 3) 6575775 $ 753.61 loss due to fraud Numb 122 (57r3qlk2-122) Sub TRW >From NEMESIS TKK (#311) To Garth Date 09/30/89 04:01:00 AM I have no ideas about accessing TRW through any type of network, but,m you cal dial TRW directly (although you will probably want to code out..Even if format has changed or anything in the past 5 years.. its still db idpw first, ast, etc...So anyway, if you do know how to use it,you can get at it from that number. 39. In the above, "Nemesis" gives a telephone number in area code 602 (Arizona) for TRW. "Code out" refers to using a stolen customer authorization code ("if only to save yourself the fone bill") to call the TRW number. The format for getting in to the TRW computer that he gives Marianne Birkinshaw, TRW investigator advised that the telephone number posted in the message is "a legitimate telephone number into TRW's database". Numb 138 (57r4q2k2-138) Sub 5 >From Chris X (#134) To PEOPLE WHO HAVE OR HACK CODEZ Date 01/22/90 05:54:00 PM - 24 - Dear Anyone, I am in desperate need of a code. SOMEONE PLEASE Post a code with a dialup and the format the code must be entered. I will be ever so greatful. PLEASE HELP!!! Max Man - Chris X 40. In the above, user #134 asks for a code (customer authorization code), "dialup" (the local access or 800 number through which the code may be used), and the format (the order in which code, area code and number must be dialed in order to place a call on the particular network). Numb 146 Sub Here's your code beggar >From POWER ASSIST (#524) To beggars Date 01/23/90 12:40:00 AM 950-0266 6552513 1564844 probably die before you use it. -PA 41. On 4/19/90, John Elerick, ComSstems Security, verified that the codes posted with his company's local access number (950-0266) in the above message are valid; 6552513 has suffered $185.31 in fraud loss, and it" refers to the code -- customer authorization codes "die" when they are deactivated or cancelled by the carrier. - 25 - 42. On 1/26/90, CI 404-235 again accessed the BBS and observed the following message, a copy of which was provided to the affiant: Numb 147 (50r5q2k2-147) Sub ALL >From THE SILENCER (#269) To ALL Date 01/25/90 08:26:00 PM YO...UMM...WHO ASKED FOR CARDS? hahahahah that is pretty pathetic..god. If you want Credit Cards get your own. One step closer to safe carding....getting cc's off bbs's is the most disgusting thing I've ever heard...use TRW..use CBI...trash...steal...pickpocket....but dont get em off a bbs...jeez.. 0266 working:1593527 lets hope that this dies real fast so the REAL phreaks will be left alone by the leacherz...heheheh - Silencer 43. In the above message, "carding" is a common hacker/phone phreak term which refers to the fraudulent use of credit cards or credit card numbers to obtain merchandise which will be billed to the cardholder. "The Silencer" advises "all" users on the BBS to use TRW, or CBI (both national credit bureaus) or to "trash" (the practice of obtaining credit card numbers and related information from receipts or carbons discarded in trash -- sometimes also referred to as "dumpster diving"), steal or pickpocket, but not to get them (credit cards) from a bulletin board system. He then gives the a ComSystems code identified by the the last four digits (0266) of the ComSystems local access number. "Leacher" is a common hacker insult for those BBS - 26 - users who copy codes, credit cards, or software from a BBS but do not contribute their share. 44. On 4/13/90, John Elrick, ComSystems Security, verified that 1593527 is a valid customer authorization code which has suffered $27, 353.34 in fraud loss. 45. It should be noted that in message #138 above, dated 1/22/90, Chris X asked for codes. On 1/26/90 the following followup message was noted by CI 404-235: Numb 149 (50rq2k2-149) Sub Credit Card's for Codez >From Chris X (#134) To ALL Date 02/26/90 07:43:00 AM Okay, Tell ya what. I will exchange any amount of credit cards for a code or two. You name the credit limit you want on the credit card and I will get it for you. I do this cause i go to ganitorial work at night INSIDE the bank when no one is there..... heheheheheh 46. On 1/30/90, Zimmerman left a message on the BBS for CI 404-235, stating that he "will be ready to exchange your codez for cards. I have got 2 right now. 1 witch contains a $1500 credit limit and the other containing a $2200 credit limit. I will 'steal' some more when I go to the bank this weekend. Talk to ya tomorrow..." On 1/31/90 CI 404-235 gave Chris X Sprint Customer authorization code 25259681433275, provided to affiant by U.S. Sprint Regional Security Manager R.E. Sandquist for this purpose. On 3/18/90 in a computer-to-computer - 27 - conversation (not on the BBS), Chris X gave CI 404-235 a list of ten (10) credit card numbers with names, addresses, credit limits, and expiration dates. All of the credit cards appear to be issued in Illinois. Zimmerman told CI 404-235 that all of the cards "belong" to Consumers Co Op Credit Union. 47. On 4/28/90, CI 404-235 again accessed the BBS and provided printouts of messages which he observed on the BBS. In one, dated 3/27/90, "Scott Sxxxxx", user #160, offered to trade "virgin" credit cards (newly acquired and not yet used for fraudulent purposes) for AT&T cards (calling card numbers), PBX's (see Definition section above) or numbers that will call overseas. In a message dated 4/17/90, "SLI FOLKS", user #572, stated that he was calling from Edmonton, Canada, "using a stolen account on Datapac for this call" (Datapac is a data communications carrier). He tells "all" users that he has access to phone rooms for two apartment buildings "which gives me access to several hundred phone lines. new bpox that lets me get free LD on someone elses line frommy house. So I hope you guys can teach me some stuff." On 4/24/90, Chris X left another message to "anyone" offering to trade credit cards and codes for information on how to get "information on a non-published person. It can be found if you have a persons phone number and want a name and address or vice-versa." (He is referring to obtaining non-published subscriber information maintained by the telephone companies.) - 28 - 48. In attempting to located the BBS which operates on telephone number 312-528-5020, affiant has discovered several significant facts which appear to indicated that an attempt has been made to disguise the actual location of the BBS. These facts, and the sources for them, are detailed below. In summary, the BBS telephone line is listed to an address as one of its facilities, the BBS telephone line ends at an Illinois Bell junction box where an non-Illinois Bell (unauthorized) line leads from the BBS line to an apparent retail/office structure at another address. The BBS telephone bills are sent to a post office box opened in the corporate name, but the applicant, who is not listed as an officer of the corporation, described himself in a police report as "self-employed". A second, unlisted, telephone line, billed to the post office box applicant's home address, is installed at the retail/office structure where the non-Illinois bell (BBS) line also leads. 49. Illinois Bell telephone records show that the BBS telephone number 312-528-5020 is subscribed to by Mxxx Xxxxxx, Inc., xxxx West Belmont, xxxx xxx, Chicago, Illinois. The bills for this service are sent in the name of Mxxx Xxxxxx, Inc., at P.O. Box xxxx, Chicago, Illinois, 60618-0169. The BBS line was installed on December 1, 1982. 50. In April of 1989, Sgt. Abigail Abraham, Illinois State Police, conducted an investigation of the bulletin board - 29 - system at telephone number 312-528-5020. She checked directory assistance, and both white and yellow-page telephone directories: although she found several telephone numbers and address for Micro Repair, Inc., 312-528-5020 and xxxx West Belmont were not among them. She investigated the purported BBS site, and determined that xxxx West Belmont, xxxx xxx, Chicago, Illinois, does not exist. She reported that at xxxx W. Belmont, there is a structure which would incorporate the address of xxxx W. Belmont. Sgt. Abraham had a telephone company repairman check the physical junction pole: they discovered that the 312-528-5020 line ran from the phone via a non-Illinois Bell (unauthorized) connection to a building at xxxx N. Clybourn, Chicago, Illinois. This building appears to be a retail/office structure, at which, according to SA Conway, Secret Service Chicago field office, as of 4/16/90 "there is nothing to indicate that there are any businesses operating out of xxxx N. Clybourn, Chicago, Illinois." It is a one story section of a larger one-and-two story building which is "V" shaped, fronting on both Clybourn and Belmont Avenues. The third leg of the larger building (southeast side) fronts on a parking lot, with a fenced courtyard section off the parking lot. The xxxx address is approximately the last thirty feet at the south end of the Clybourn side of the building. - 30 - 51. Illinois Bell records show that a non-published telephone line is installed at xxxx N. Clybourn, which is 312-xxx-xxxx. Per Sgt. Abraham, the subscriber is Bruce Xxxxxxxxxxx, xxxx N. Lawndale, Chicago, Illinois and the bills are mailed to Fred Xxxxxxxxxxx at the same address. Telephone service for 312-xxx-xxxx was installed at xxxx N. Clybourn on January 1, 1982. 52. On April 26, 1989, Sgt. Abraham wrote down all of the vehicle license plates parked in the parking lot next to xxxx N. Clybourn and those parked immediately in front of it. PTxxxx, which was a 1987, four- door Ford, was registered to Bruce Xxxxxxxxxxx, xxxx N. Lawndale, Chicago, Illinois. 53. On 4/5/90, the Secret Service office in Chicago was notified by the Illinois Department of Revenue that there are not business licenses for xxxx N. Clybourn, Chicago, Illinois, nor are there any licenses issued to Bruce Xxxxxxxxxxx. 54. On 4/2/90 the Illinois Secretary of State, Corporation Division, advised that Martin and Wendy Gilmore are the only officers for Micro Repair listed on its Illinois Articles of Incorporation. 55. On 4/3/90, the Chicago Postal Inspector's Office informed the Secret Service office in Chicago that the billing address for telephone number 312-528-5020 (the BBS) is Post Office Box xxxx and is open in the name of Mxxx Xxxxxx. The name of the person who made the application for the post office box is Bruce Xxxxxxxxxxx, xxxx N. Lawndale, Chicago, Illinois, - 31 - telephone number 312-xxx-xxxx. Identification used to open the box was Illinois Driver's License exxx-xxxx-xxxx (per the Illinois Secretary of State this license is that of Bruce Xxxxxxxxxxx), and according to Sgt. Abraham, his license address is also xxxx N. Lawndale. 56. To the rear of the property where xxxx N. Clybourn is located, there is an antenna and a satellite dish. SA William P. Conway of the Chicago field office contacted the Coast Guard for assistance in determining the latitude and longitude of the satellite antenna. On 4/3/90, the Coast Guard Air Operations Duty Officer at the Glenview Naval Air Station, Chicago, Illinois, advised that the Belmont/Western/Clybourn intersection, Chicago, Illinois, has a latitude of 41 degrees, 56 minutes, 9 seconds north, and a longitude of 87 degrees, 41 minutes, 5 seconds west. With that information, SA Conway was able to obtain assistance from the Federal Communications Commission in determining the owner of the satellite antenna. Will Gray, of the Chicago FCC office, advised that the FCC license for the antenna (which is mounted on a tower located in the fenced courtyard section of the larger building of which xxxx N. Clybourn is a part) is registered to the American United Cab Company at xxxx N. Belmont. The satellite dish is affixed to the rear of xxxx N. Clybourn. Mounted on the tower are two closed circuit cameras. The first camera is located approximately 20 feet above the ground, the second camera is approximately 45 feet above the ground. - 32 - 57. Chicago Police Department General Offense Report #Mxxxxxx, dated 3/13/89, lists Bruce Xxxxxxxxxxx as the victim, with the address of occurrence listed as xxxx N. Clybourn, Chicago, Illinois. Xxxxxxxxxxx reported that his car window was broken by two subjects. Per this police report, Xxxxxxxxxxx states that he watched on a closed circuit security camera as the two subjects entered the parking lot adjacent to xxxx N. Clybourn, and broke his automobile window. Xxxxxxxxxxx told the officers that the cameras are used for parking lot security, due to "breakins". This incident took place at 2:30 PM. The report lists Xxxxxxxxxxx's residence address as xxxx N. Lawndale, Chicago, Illinois, his home phone number as 312-xxx-xxxx (that telephone number is listed to Fred Xxxxxxxxxxx at the xxxx N. Lawndale address, according to Sgt. Abraham), and his work phone number as 312-xxx-xxxx (the unlisted line billed to his residence). He stated that he is self-employed. 58. On 4/5/90, the Chicago Office of the Secret Service requested Rolonie Kwasny, Security Supervisor, Illinois Bell Telephone to verify that there are no other authorized or unauthorized telephone lines into xxxx N. Clybourn other than 312-528-5020 and 312-xxx-xxxx. 59. On 4/6/90, Kwansy notified the Chicago Office that early on that date the xxxx N. Clybourn address was checked. The larger building of which xxxx N. Clybourn is part, is serviced by 13 working phone lines through the box attached to the Belmont Side of the building, which also services the xxxx address. - 33 - 60. The only authorized phone line to the xxxx address is 312-xxx-xxxx (the number Bruce Xxxxxxxxxxx gave as his business number in the police report). The only other phone line (unauthorized) into the xxxx address is bulletin board number 312-528-5020, the line which leads from the junction box to the building. Kwasny advised that this type of hookup required no special knowledge. 61. Affiant has interviewed Sandquist, Mehnert, and CI 404-235, all of whom have operated electronic bulletin boards themselves. All three advised affiant that the sysop of a BBS must continuously perform a great many maintenance or "housekeeping" chores necessary to operation of the BBS. A sysop's maintenance functions include constantly making changes on the BBS, such as adding or removing users, raising or lowering users' level of access, removing files or programs uploaded to the BBS (added to the system by a user). If a user places a virus or logic bomb which could disrupt the functioning of the BBS, for example, on the sysop's computer, the sysop can remove it. 62. Since many BBS's (including this one) operate 24 hours a day, for the convenience of sysops, BBS software allows many of these functions to be performed from what is called "remote" locations, I.e., by the sysop using another computer, over the telephone line to the BBS. If the BBS is operating at a - 34 - business address, for example, the sysop can perform his maintenance functions at night or any other time from his residence or from any other location where he has a computer, modem, and telephone communication to the BBS. BBS users commonly communicate directly with the sysop on the BBS, either in "chat" mode or by leaving him electronic mail (see Definitions section, above). A BBS sysop is essentially "on call" during the entire time the BBS is in operation, to solve equipment/software problems or interruptions to the operation of the BBS, for the supervision of users, and to communicate with them. Operating a BBS is extremely time-consuming, according to Mehnert, Sandquist, and CI 404-235. 63. CI 404-235 advised affiant that, when he logs on to the BBS, he sees a screen in which the first two lines advised that connection has been made to the BBS, the third line lists the baud rates, or speeds, at which a user may communicate with the BBS, and the fourth line states "On line since 12/10/83". This indicates that approximately one year after the 312-528-5020 number was subscribed to by Bruce Xxxxxxxxxxx, the BBS began operating. As of 4/29/90, all attempts to locate any residence for Bruce Xxxxxxxxxxx other than that listed on his driver's license, auto registration, post office box application, and subscriber records for telephone number 312-xxx-xxxx, have been negative. Therefore, it appears that his residence address is xxxx N. Lawndale, Chicago, Illinois. - 35 - 64. The telephone bills for the unlisted line (312-xxx-xxxx) which is installed in the xxxx N. Clybourn building where the unauthorized BBS line (312-528-5020) leads, are mailed to the same address, xxxx N. Lawndale, Chicago, Illinois, to Fred Xxxxxxxxxxx. 65. If the sysop is accessing the BBS from his residence, it is likely that evidence of the sysop's identity and evidence relating to the operating of the BBS will be found on a computer system at the residence, or on diskettes, printouts, and other records at the residence. The telephone bills for unlisted number are also likely to be found at the residence, along with financial records such as cancelled checks or receipts, which will assist in identifying the individual who paid them. 66. At the xxxx N. Clybourn address, evidence of the connection of the BBS equipment to the 312-528-5020 telephone line, and evidence relating to the operation of the BBS, are expected to be found. Entry into the premises at this location, and physical inspection, are necessary in order to determine whether the 312-xxx-xxxx line is also connected to the BBS. 67. Based upon all of the foregoing, affiant believes that evidence of violations of 18 U.S.C. ~~ 1343, 1030, 1029, 1962, 1963, and 371, will be found at xxxx N. Lawndale, Chicago, Illinois, and at xxxx N. Clybourn, Illinois, such evidence consisting of: - 36 - 68. Electronic data processing and storage devices, computers and computer systems including central processing units; internal and peripheral storage devices such as fixed disks, floppy disk drives and diskettes, tape drives and tapes, optical storage devices or other memory storage devices; peripheral input/output devices such as keyboards, printers, video display monitors, optical readers, and related communications devices such as modems; together with system documentation, operating logs and documentation, software and instruction manuals. 69. Telephone equipment such as lineman's handsets, memory telephones, automatic dialers, programmable telephone dialing or signalling devices, electronic tone generating devices. 70. Records pertaining to ComSystems, ITT and other long distance companies' access numbers and customer authorization codes; credit card numbers; telephone numbers for computer bulletin boards, voice mail systems, and corporate computer systems; PBX codes and related telephone numbers; records and information related to the unauthorized access into computer systems or to the sale, sharing, or other distribution of long distance companies' access numbers and customer authorization codes, credit card numbers, including financial records, receipt of payments, worksheets, correspondence, memoranda, computer bulletin board downloads or messages, and other documentation. 71. Records pertaining to Mxxx Xxxxxx Inc., to Post - 37 - Office box number xxxx, telephone bills for 312-528-5020 and to 312-xxx-xxxx from 1982 to the present date, bank account records including statements and cancelled checks for Bruce Xxxxxxxxxxx from 1982 to the present date, business records relating to the occupancy of the xxxx N. Clybourn premises, including rent/mortgage payment receipts, rental or mortgage contracts, utility bills and proof of payment, and records pertaining to the purchase, ownership, and maintenance of the BBS computer system and software. 72. All of the above records, whether stored or on paper, on magnetic media such as tape, cassette, disk, diskette, or on memory storage devices such as optical disks, programmable instruments such as telephones, "electronic address books", programmable wristwatches, calculators, or any other storage media, together with the indicia of use, ownership, possession or control of all of the above property or records, including bills, letters, identification, personal effects, memoranda, and other documentation. 73. Since much of the above-described evidence is likely to be found in electronic form or machine-readable media which cannot be read or analyzed by affiant in its present form, - 38 - affiant requests authorization to seize, listen to, read, review, and maintain the above described property and records and to convert the above records to human-readable form as necessary. (Signature/G. Kirt Lawson) Affiant Subscribed and Sworn before me this 30th day of APRIL, 1990. (signature) Cynthaia M. Penumire {??illegible) Notary Public My Commission Expires (illegible) 9865e/ - 39 - ---end of documents-----  .