"'Hacker' Pleads Guilty in AT&T CASE: Sentence Urged for            Md. Man Among Stiffest Yet for Computer Crime"              By Mark Potts/Washington Post Staff WriterBALTIMORE, March 22--A computer "hacker" who was trying to help otherssteal electronic passwords guarding large corporate computer systemsaround the country today pleaded guilty to wire fraud in a continuinggovernment crackdown on computer crime.Federal prosecutors recommended that Leonard Rose Jr., 32, ofMiddletown, Md., be sent to prison for one year and one day, whichwould be one of the stiffest sentences imposed to date for computercrime. Sentencing is scheduled for May before U.S. District Judge J.Frederick Motz.Cases such as those of Rose and a Cornell University graduate studentwho was convicted last year of crippling a nationwide computer networkhave shown that the formerly innocent pastime of hacking haspotentially extreme economic ramifictions. Prosecutors, industryofficials and even some veteran hackers now question the once popularand widely accepted practice of breaking into computer systems andnetworks in search of information that can be shared with others."It's just like any other form of theft, except that it's more subtleand it's more sophisticated," said Geoffrey R. Garinther, theassistant U.S. attorney who prosecuted the Rose case.Rose--once part of a group of maverick hackers who called themselvesthe Legion of Doom--and his attorneys were not available for commentafter the guilty plea today. The single fraud count replaced afive-count indictment of the computer programmer that was issued lastMay after a raid on his home by Secret Service agents.According to prosecutors, Rose illegally obtained information thatwould permit him to secretly modify a widely used American Telephone &(See HACKER, A10, Col 1)Telegraph Co. Unix software program--the complex instructions thattell computers what to do. The two former AT&T software emplyees whoprovided these information "codes" have not yet been prosecuted.Rose altered the AT&T software by inserting a "Trojan horse" programthat would allow a hacker to secretly gain access to the computersystems usng the AT&T Unix softare and gather passwords used on thesystem. The passwords could then be distributed to other hackers,permitting them to use the system without the knowledge of itsrightful operators, prosecutors said.Rose's modifications made corporate purchasers of the $77,000 AT&TUnix program vulnerable to electronic break-ins and the theft of suchservices as toll-free 800 numbers and other computer-basedtelecommunications services.After changing the software, Rose sent it to three other computerhackers, including one in Chicago, where authorities learned of thescheme through a Secret Service computer crime investigation calledOperation Sun Devil. Officials  say they do not believe the hackersever broke into computer systems.At the same time he pleaded guilty here, Rose pleaded guilty to asimilar charge in Chicago; the sentences are to be servedconcurrently, and he will be eligible for parole after 10 months.Rose and his associates in the Legion of Doom, whose nickname wastaken from a gang of comic-book villains, used names like Acid PhreakTerminus--Rose's nickname--as their computer IDs. They connected theircomputers by telephone to corporate and government computer networks,outwitted security screens and passwords to sign onto the systems andrummaged through the information files they found, prosecutors said.Members of the group were constantly testing the boundaries of the"hacker ethic," a code of conduct dating back to the early 1960s thatoperates on the belief that computers and the information on themshould be free for everyone to share, and that such freedom wouldaccelerate the spread of computer technology, to society's benefit.Corporate and government computer information managers and many lawenforcement officials have a different view of the hackers.  To them,the hackers are committing theft and computer fraud.After the first federal law aimed at computer fraud was enacted in1986, the Secret Service began the Operation Sun Devil investigation,which has since swept up many members of the Legion of Doom, includingRose. The investigation has resulted in the arrest and prosecution ofseveral hackers and led to the confiscation of dozens of computers,thousands of computer disks and related items."We're authorized to enforce the computer fraud act, and we're doingit to the best of our ability," Garry Jenkins, assistant director ofinvestigations for the Secret Service, said last summer.  "We're notinterested in cases that are at the lowest threshold of violating thelaw...They have to be major criminal violations before we getinvolved."The Secret Service crackdown closely followed the prosecution of themost celebrated hacker case to date, that of Robert Tappan MorrisCornell Univesity computer science graduate student and son of acomputer sicentist at the Natonal Security Agency. Morris wasconvicted early last year of infecting a vast nationawide computernetwork in 1988 with a hugely disruptive computer "virus," or rogueinstructions. Although he could have gone to jail for five years, Mo$10,000, given three years probation and ordered to do 400 hours ofcommunity service work.Through Operation Sun Devil and the Morris case, law enforcementauthorities have begun to define the boundaries of computer law.Officials are grappling with how best to punish hackers and how todifferentiate between mere computer pranks and serious computerespionage."We're all trying to get a handle for what is appropriate behavior inthis new age, where we have computers and computer networks linkedtogether," said Lance Hoffman, a computer science professor at GeorgeWashington University."There clearly are a bunch of people feeling their way in variousrespects," said David R. Johnson, an attorney at Wilmer, Cutler &Pickering and an expert on computer law.  However, he said, "Thingsare getting a lot clearer. It used to be a reasonably respectableargument that people gaining unauthorized access to computer systemsand causing problems were just rambunctious youth." Now, however, thefeeling is that "operating in unauthorized computing spaces can be anantisocial act," he said.Although this view is increasingly shared by industry leaders, somesee the risk of the crackdown on hackers going to far. Among thoseconcerned is Mitch Kapor, the inventor of Lotus 1-2-3, thebest-selling computer "spreadsheet" program for carrying outmathematical and accounting analysis.  Kapor and several othercomputer pioneers last year contributed several hundred thousandsdollars to set up the Electron Freedom Foundation, a defense fund forcomputer hackers.EFF has funded much of Rose's defense and filed a friend-of-the-courtbrief protesting Rose's indictment.                          --end of article--From: The Washington Post, Tuesday March 26, 1991, Page A3.CORRECTION [to Saturday March 23, 1991 article]"Leonard Rose, Jr., the Maryland computer hacker who pleaded guiltylast week to two counts of wire fraud involving his illegal possessionof an American Telephone & Telegraph Co. computer program, was not amember of the "Legion of Doom" computer hacker group, as was reportedSaturday, and did not participate in the group's alleged activities ofbreaking into and rummaging through corporate and government computersystems."