Courtesy of United Press International and CompuServe's Executive News Service U.S. uses first computer system wiretap UPI Financial 29/3/96 13:27 By MICHAEL KIRKLAND >> WASHINGTON, March 29 (UPI) -- U.S. officials used an unprecedented court-ordered wiretap of a computer network to charge a young Argentine man with breaking into Harvard, U.S. Navy and NASA computers, the Justice Department said Friday. At a news conference at the Justice Department, U.S. Attorney Donald Stern of Boston called the operation "cybersleuthing." << o Other systems penetrated, Univ Mass, Cal Tech, Northeastern and systems in Mexico, Korea, Taiwan, Brazil and Chile. >> "The search procedure was specifically designed to let another computer do the complex searches in a way that provided privacy protection for the innocent users of the network," Reno said. << o The investigators used a program called I-Watch for Intruder Watch run on a government computer located at Harvard. The program searched the net for the targeted criminal among 16,000 university users. [DMK: A search for info on this program revealed I-watch may be a product from Ipswitch, Inc. of Lexington MA.] >> I-Watch was able to "identify certain names that were unique to the intruder," Heymann said, as well as locations and accounts -- his "computer habits." Because the search was conducted by I-Watch, the communications of the legitimate users were never seen by human eyes. I-Watch was left undisturbed in its work through November and December until it had narrowed down the thousands of possibilities to one unauthorized computer cracker, Julio Cesar Ardita, 21, of Buenos Aires, officials said. << o Ardita's home was raided on 28 Dec and his PC and modem seized. He remains free because the charges against him are not among those when the US-Argentina extradition treaty applies. o Charged with: "possession of unauthorized devices" (illegal use of passwords), (18 USC 1029) unlawful interception of electronic communications (18 USC 2511) and "destructive activity in connection with computers." (18 USC 1030) [DMK: citations mine, not UPI's] >> The information he accessed is considered "confidential," Stern said, but "did not include national security information." << [DMK: "C2 in 92!"] >> Ardita's alleged cracking was first detected last August when the Naval Command Control and Ocean Surveillance Center in San Diego detected a computer intruder, officials said. << ... >> The Naval Criminal Investigative Service did an analysis of the intruder's "computer habits," including signature programs used to intercept passwords. << ... >> Eventually, an intruder who called himself "griton" -- Spanish for "screamer" -- was detected using four computer systems in Bueons Aires to crack the Harvard computer, and the illegal accessing of the other sites was discovered. << Dave Kennedy [US Army MP][CISSP] Volunteer SysOp Natl. Computer Security Assoc Forum on Compuserve Retiring: Will secure computers for food.