Screamer:Argie Hacker

David Kennedy (76702.3557@compuserve.com)
01 Apr 96 02:02:50 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Cannady: "Intrusion Detection Questionnaire"
Previous message: Byron COLLIE: "Re: Neural networks in IDS"

Courtesy of United Press International and CompuServe's Executive News Service

        U.S. uses first computer system wiretap

 UPI Financial  29/3/96 13:27

 By MICHAEL KIRKLAND
 >>    WASHINGTON, March 29 (UPI) -- U.S. officials used an unprecedented
 court-ordered wiretap of a computer network to charge a young Argentine
 man with breaking into Harvard, U.S. Navy and NASA computers, the
 Justice Department said Friday.
   At a news conference at the Justice Department, U.S. Attorney Donald
 Stern of Boston called the operation "cybersleuthing." <<

 o    Other systems penetrated, Univ Mass, Cal Tech, Northeastern and systems
in Mexico, Korea, Taiwan, Brazil and Chile.

 >>    "The search procedure was specifically designed to let another
 computer do the complex searches in a way that provided privacy
 protection for the innocent users of the network," Reno said. <<

 o    The investigators used a program called I-Watch for Intruder Watch run
on a government computer located at Harvard.  The program searched the net for
the targeted criminal among 16,000 university users.

 [DMK:  A search for info on this program revealed I-watch may be a product
from Ipswitch, Inc. of Lexington MA.]

 >>    I-Watch was able to "identify certain names that were unique to the
intruder," Heymann said, as well as locations and accounts -- his
 "computer habits."
   Because the search was conducted by I-Watch, the communications of
 the legitimate users were never seen by human eyes. I-Watch was left
 undisturbed in its work through November and December until it had
 narrowed down the thousands of possibilities to one unauthorized
 computer cracker, Julio Cesar Ardita, 21, of Buenos Aires, officials
 said. <<

 o    Ardita's home was raided on 28 Dec and his PC and modem seized.  He
remains free because the charges against him are not among those when the
US-Argentina extradition treaty applies.

 o    Charged with:  "possession of unauthorized devices" (illegal use of
passwords), (18 USC 1029) unlawful interception of electronic communications
(18 USC 2511) and "destructive activity in connection with computers." (18 USC
1030) [DMK: citations mine, not UPI's]

 >>  The information he accessed is considered "confidential," Stern
 said, but "did not include national security information." <<

 [DMK:  "C2 in 92!"]

 >>   Ardita's alleged cracking was first detected last August when the
 Naval Command Control and Ocean Surveillance Center in San Diego
 detected a computer intruder, officials said. <<

 ...

 >>    The Naval Criminal Investigative Service did an analysis of the
 intruder's "computer habits," including signature programs used to
 intercept passwords. <<

 ...

 >>    Eventually, an intruder who called himself "griton" -- Spanish for
"screamer" -- was detected using four computer systems in Bueons Aires
 to crack the Harvard computer, and the illegal accessing of the other
 sites was discovered. <<

 Dave Kennedy [US Army MP][CISSP] Volunteer SysOp Natl. Computer Security
Assoc Forum on Compuserve
 Retiring:  Will secure computers for food.

Next message: Jim Cannady: "Intrusion Detection Questionnaire"
Previous message: Byron COLLIE: "Re: Neural networks in IDS"