HACKER WHACKER -- The Secret Service is conducting a coast-to-coastinvestigation into the unauthorized use of credit-card numbers andlong-distance dialing as well as illegal entry into computer systemsby hackers, according to sources. ... AP ...  Authorities fanned outwith search warrants in fourteen cities Tuesday in an investigation ofa large nationwide computer hacker operation.  Officials of the SecretService, U.S. Attorney's Office and Arizona Attorney General's officescheduled a news conference Wednesday to release details of theoperation.UPI, 5/8 ... A Long Island [NY] teen, caught up in [the investigation],dubbed Operation Sun Devil, has been charged ...  with computertampering and computer trespass.  State Police, who said [DanielBrennan, 17], was apparently trying to set up a surreptitiousmessaging system using the [computer system of a Massachusetts firm]and 800 numbers, raided his home Monday along with security officialsof AT&T. ... [A State Police official] said that in tracing phonecalls made by Brennan ... AT&T security people found that he wasregularly calling one of the prime targets of the Sun Devil probe, a... hacker who goes by the handle "Acid Phreak."  ... New YorkNewsday, p. 31.****************************************************************************>EXCERPTED From The Detroit News, Thursday, May 10, 1990, Section B, p.1:FEDS PULL PLUG ON HACKERSComputer-fraud raid hits two homes in MichiganBy Joel J. Smith, Detroit News Staff WriterSecret Service agents got a big surprise when they raided a Jackson-areahome as part of an investigation of a nationwide computer credit card andtelephone fraud scheme.  They found a manual that details how almostanybody can use a computer to steal.  It also describes how to avoiddetection by federal agents.  On Wednesday, James G. Huse, Jr., specialagent in charge of the Secret Service office in Detroit, said the manualwas discovered when his agents and Michigan State Police detectives brokeinto a home in Clark Lake, near Jackson, on Tuesday.  Agents, who alsoraided a home in Temperance, Mich., near the Ohio border, confiscatedthousands of dollars in computer equipment suspected of being used bycomputer buffs -- known as hackers -- in the scheme.The raids were part of a national computer fraud investigation calledOperation Sundevil in which 150 agents simultaneously executed 28 searchwarrants in 16 U.S. cities.  Forty-two computer systems and 23,000 computerdisks were seized across the country.  The nationwide network reportedlyhas bilked phone companies of $50 million.  Huse said the Secret Servicehas evidence that computers in both of the Michigan homes were used toobtain merchandise with illegally obtained credit card numbers.  He saidlong-distance telephone calls from the homes also were billed tounsuspecting third parties.There were no arrests, because it was not known exactly who was using thecomputers at the homes.  Huse also said there was no evidence that thesuspects were working together.  Rather, they probably were sharinginformation someone had put into a national computer "bulletin board".*****************************************************************************                "Computer Hacker Ring with a Bay Area Link"            (From: San Francisco Chronical, May 9, 1990: A-30)The Secret Service yesterday searched as many as 29 locations in 13 cities,including the family home of an 18-year-old San Jose State Universitystudent, in an investigation of alleged fraud by computer hackers, lawenforcement sources said.The 6 a.m. search on Balderstone Drive in San Jose sought computerequipment allegedly used to "deal in pirate software and electronic fraud,"San Jose police Seargeant Richard Saito said in a prepared statement.The nationwide investigation, code-named "Operation Sun Devil," concernsthe unauthorized use of credit card numbers and long-distance dialing codesas well as illegal entry into computer systems by hackers, said sources.Saito said the probe centered on the "Billionaire Boys Cub computerbulletin board" based in Phoenix. A press conference on the probe isscheduled today in Phoenix.The investigation in Phoenix is also focusing on incidents in whichcopmputer hackers allegedly changed computerized records at hospitals andpolice 911-emergency lines, according to one source.The San Jose suspect was identified as Frank Fazzio Jr., whom neighors saidwas a graduate of Pioneer High School and lives at home with his youngersister and parents. Neither he nor his family could be reached for comment."I've never thought him capable of that sort of thing," said one neighborin the block-long stret located in the Almaden Valley section of south SanJose.Warrants were obtained by the Secret Service to conduct the search in SanJose, as well as in Chicago; Cincinnati; Detroit; Los Angeles; Miami;Newark, N.J.; New York City; Pittsburgh; Richmond, Va.; Plano Texas; andSan Diego.Under new computer crime laws, the Secret Service has jurisdiction toinvestigate allegations of electronic fraud through the use of accessdevices such as credit card numbers and codes that long-distance companiesissue to indivdual callers.  Defendants convicted of unauthorized use ofsuch "access devaices" can be sentenced to 10 years in prison if theycommit fraud of more than $1,000.                               END         ************************************************* ====================================================================== From Marc Rotenberg of Computer Professionals for Social Responsibility Fri, Jun 15, '90      266 lines Here is a letter from the Director of the Secret Service to Don Edwards in response to questions raised by Edwards' Subcommittee. It is quite long as are the postings which follow it. [This letter follows from a FOIA request sent by CPSR to the FBI in  August, 1989]               ------------------------------------------                                         DEPARTMENT OF TREASURY                                         UNITED STATES SECRET SERVICE                                          WASHINGTON, DC 20223                                         APR 30 1990 The Honorable Don Edwards Chairman Subcommittee on Civil and Constitutional Rights Committee on the Judiciary House of Representatives Washington,  D.C.  20515 Dear Mr. Chairman: Thank you for your letter of April 3, 1990, concerning your committee's interest in computer fraud.  We welcome the opportunity to discuss this issue with your committee and I hope the following responses adequately answer your questions. Question 1: Please describe the  Secret Service's process for investigating computer related crimes under Title 18, United States Code, Section 1030 and any other related statutes. Response: The process by which the  Secret Service investigates computer related crimes is similar to the methods we use to investigate other types of criminal investigations.  Most of the investigative techniques are the  same; surveillances, record checks, witness and suspect interviews, etc.  the primary difference is we had to develop resources to assist in the collection and review of computer evidence. To provide  our agents with this expertise, the secret service developed a computer fraud investigation course which, as of this date, has trained approximately 150 agents in the proper methods for conducting a computer fraud investigation. Additionally, we established a computer  Diagnostics center, staffed  with computer professional, to review evidence on computer  systems. Referrals of computer related criminal investigations occur in much the same manner as any other case.  A victim sustains a loss and reports the crime, or, a computer related crime is discovered during the course of another investigation. In the investigations  we do select, it is not our intention to attempt to supplant local or state law enforcement.  We provide enforcement in those cases that are interstate or international in nature and for one reason or another are beyond the capability of state and local law enforcement agencies. When computer related crimes are referred by the various affected industries to the local field offices, the Special Agent in  Charge (SAIC) determines which cases will be investigated based on a variety of criteria.  Each SAIC must consider the economic impact of each case, the prosecutive guidelines of the United States Attorney, and the investigative resources available in the office to investigate the case . In response to the other portion of your question, the other primary statute we use to investigate computer related crimes is Title 18, United States  Code,  Section 1029 ( Access Device Fraud).  This service  has primary jurisdiction in those cases which are initiated outside a bank and do not involve organized crime, terrorism, or foreign counterintelligence (traditional responsibilities of the FBI). The term "access device" encompasses credit cards, debit cards, automatic teller machines (ATM) cards, personal identification numbers (PIN's) used to activate ATM machines, credit or debit card account numbers, long distance telephone access codes, computer passwords and logon sequences, and among other things the computer chips in cellular car phones which assign billing. Additionally, this Service has primary jurisdiction in cases involving electronic fund transfers by consumer (individuals) under Title 15, U. S. code, section 169n (Electronic Fund Transfer Act).  This could involve any scheme designed to defraud EFT systems used by the public, such as pay by phone systems, home banking, direct deposit, automatic payments, and violations concerning automatic teller machines.  If the violations can be construed to be a violation of the  banking laws by bank employee, the FBI would have primary jurisdiction. There are many other statutes which have been used to prosecute computer criminals but it is within the purview of the U.S. Attorney to determine which statute will be used to prosecute an individual. Question 2: Has the Secret  Service ever monitored any computer bulletin boards or networks?  Please describe  the procedures for initiating such monitoring, and list those computer bulletin boards or networks monitored by the Secret  Service since January 1988. Response: Yes, we have occasionally monitored computer bulletin boards. The monitoring occurred after we received complaints concerning criminal activity on a particular computer bulletin board.  The computer bulletin boards were monitored as part of an official investigation and in accordance with the directives of the Electronic Communications  Privacy  Act of 1986 (Title 18 USC 2510) The procedures used to monitor computer bulletin boards during an official investigation have involved either the use of an informant (under the direct supervision of the investigating agent)  or an agent operating in an undercover capacity.  In either case, the informant or agent had received authorization from the computer bulletin board's owner/operator to access the system. We do not keep records of the bulletin boards which we have monitored but can provide information concerning a particular board if we are given the name of the board. Question 3: Has the Secret Service or someone acting its direction ever opened an account on a computer bulletin board or network? Please describe the procedures for opening such an account and list those bulletin boards or networks on which such accounts have been opened since January 1988. Response: Yes, the U.S.  Secret Service has on many occasions, during the course of a criminal investigation, opened accounts on computer bulletin boards or networks. The procedure for opening an account involves asking the system administrator/operator for permission to access to the system.  Generally, the system administrator/operator will grant everyone immediate access to the computer bulletin board but only for lower level of the system.  The common "pirate" computer bulletin boards associated with most of computer crimes have many different level in their systems. The first level is generally available to the public and does not contain any information relation to criminal activity.  Only after a person has demonstrated unique computer skills, been referred by a known "hacker," or provided stolen long-distance telephone access codes or stolen credit card account information,  will the system administrator/operator permit a person to access the higher levels of the bulletin board system which contains the information on the criminal activity. As previously reported in our answer for Question 2, we do not keep records of the computer bulletin boards on which we have established accounts. Question 4: Has the Secret Service or someone acting under its direction ever created a computer bulletin board or network that was offered to the public?  Please describe any such bulletin board or networks. Response: