Countermeasures

by Thomas Icom
"An ounce of prevention is worth a pound of cure." - Ben Franklin
With the recent crackdown on "computer hackers" and evidence that more busts
are on the way modem users in general have been quite concerned that by
exercising their rights they could have the S.S. knocking on their door
because they called a BB S.  This has prompted many telecomputists and
computer bulletin board systems to cease operations for fear of being raided.
With the recent raids at Steve Jackson Games and Jolnet perhaps these fears
are reasonable.  However, if you are committing no wrongdoings you still,
despite the KGB and Gestapo like actions of the Secret Service have the right
to exercise your freedom of information access via electronic media.
There are only three laws relating to the use of modems and BBS systems. The
first two are toll fraud and computer trespass.  Toll Fraud is the avoidance
of paying telephone company service charges.  Computer trespass is the
unauthorized access of a computer system.  When you call a public BBS, or a
private one you are a member of and pay for the call you are not committing
either of these crimes. While they may not like the fact that you have a
computer and modem, they can't touch you.  The other law is not particularly
computer related and goes under many different statues, but in all cases deals
with encouraging people to commit illegal acts.  This law applies to "illegal"
information on BBS systems.  
What is "illegal information"? Well any
information which has no educational or informational purpose that encourages
people to commit a crime.  When applied to BBS systems it only includes
calling card/long distance telephone service codes, credit cards, and computer
passwords /login sequences.  That's all.  Hacking and phreaking information
has an educational purpose in that it teaches people computer security, and
shows dangerous flaws in systems that could be used by someone for nefarious
purposes.  As long as no direct encouragement is given to exploit these flaws
the information is not illegal and is thus protected by the First Amendment:
freedom of speech.  If you are a BBS owner you can have all the hacking and
phreaking g-files and message bases on your system and they can't do a thing.
If they do, they open themselves up to a law suit.  The prime examples of this
are the Private Sector, OSUNY, and The Central Office BBSes.  Private Sector
was raided, but no charges were filed because there were no codes, passwords,
or credit cards on the BBS.  OSUNY and Central Office were online for years
and were the subject of many investigations, but no action was ever put forth
against these BBSes as n o illegal information was on them.  The precedent is
there.  In order to evoke First Amendment protection on your BBS or newsletter
display a clear statement that the information is for educational purposes
only, and that no illegal use is implied or suggested.
Now of course the Secret Service often violates these laws despite the fact
that in doing so they don't have a legal leg to stand on.  They do this on the
basis of a technique which has been used from the Middle Ages, down through
Nazi Germany, up to the various activities of the KGB in the Soviet Union:
Fear and Ignorance.  People who are ignorant of the law become afraid because
in being unaware of their rights they don't know what the government can and
more importantly can't do.  Due to fear and ignorance they can operate carte
blanche because they know the chance of reprisal by some irate citizen is very
low.  Also, once they raid someone they can gain intelligence on other modem
users/"hackers".  Once they have the info on the system, they can give it
back.  They accomplished what they set out to do.
Fortunately you can fight back, and your efforts will eventually be rewarded.
On many of the busts the S.S. has gotten burned, and it has been plainly shown
to them that they can't continue to operate this way.  However no modem user
has yet had the balls to sue those bastards.  With the current state of
affairs the charges get dropped due to various improper procedures, but no
specific precedent has been set to make them liable for their illegal
activities. Once they lose in a lawsuit brought against them by a modem user
they screwed over, we'll see some severe restructuring in that particular
branch of the Treasury Department.
The first stage in protecting yourself is to be aware of the laws and your
rights.  Knowledge is power, and they are well aware of that.  In light of
that they watch themselves when dealing with people who know their rights
because they know t hat those people will have them nailed to a wall if they
slip.  Know your rights and be adamant about them.
The second stage is that if you deal in anything even slightly controversial
take precautions to secure the info in your system.  Encryption is a definite
must, as well as any other tricks to hide data on your system and prevent
tampering.  When encrypting data stay away from DES.  While everyone say it's
the best system the NSA has not recertified it, and the fact that it was
developed for the government leads enough credence to the possibility of there
being a back-door in the algorithm.  About the best personal encryption system
I've seen out there is the Absolute Computer Security System scheme by
Consumertronics.  A good idea is to double encrypt the data with two different
algorithms.  From what was shown by the recent busts in Operation SunDevil the
technological expertise of the agents wasn't too high.  To quote Lloyd
Blankenship of Steve Jackson games, "They don't know what subdirectories are."
This means that any moderately sophisticated data hiding technique should
stump t hem.  I would expect though they should be getting better as time goes
on.  What I would do is use some of the tricks that computer viruses use when
hiding data.  Marking off used or "bad" sectors to put your data on, or
appending it to ordinary programs.  One of the best things you an do is put
your data on floppy disks, then store them in a container containing a large
electromagnet hooked up a tamper switch.  This way if they raid you just give
the box a good push an d everything's wiped.  For paper documents use a burn
box. This is a sturdy metal container with an incendiary mixture hooked up to
a tamper switch.  When they mess with it, everything is turned to ashes.  You
can store data "off-site" where their search warrant doesn't cover .  This can
be as simple as burying it in the backyard/under the shed or in a "friend's"
house.  Rig up special hidden access programs to your system, preferably in
ROM, so that if your data isn't accessed in a certain way it gets wiped. 
If you want to be real nasty, put some fake "incriminating" data on your system
for them to bite onto.  Good suggestions would be random phone numbers with an
extra 4 digits attached or random 16 digit numbers with fake names.  This way
it looks like they've found calling cards or credit cards.  Then if they are
stupid enough to take you to court, you can explain where you got them from.
Even if they aren't stupid enough to fall for that trick, you still have
wasted their time.  Another idea would be to make a fake database of fellow
hackers. This way they waste time tracking down all those false leads.  These
techniques would serve to make fools of these assholes.
Now if you do happen to get raided or put under surveillance there are a
number of things you can do.  If you see any "strange activity" outside your
house call the police.  If some "strange people" come on your property you can
warn them that it's private property and then have them arrested for
trespassing.  You can also go outside and start taking pictures or videotaping
them.  That pisses them off but they are generally loath to do anything
because you'll have evidence against them.  If they come over to ask you
questions politely refuse and tell them to talk to your lawyer.  If they
persist have them arrested for trespassing and harassment.  You should also
check their ID.  John Williams and I have often run into corporate and idependent goons who decide to visit you in some sort of attempt to intimidate
you.  If their ID looks fake or it's otherwise obvious that they're not real
law enforcement then have all the fun you want with them!  If you receive a
phone call, turn o n your tape recorder, refuse to answer any questions, an
give them the name and number of your lawyer.  The tape recorder is important
as you'll want evidence of the phone call if their manner of talking to you on
the phone opens them up to legal repercussions.  And always before you pick
up, state the date and time on the tape, and make sure they identify
themselves to you.
If government agents come with a warrant call your lawyer, and document
everything.  Actions they commit on the search warrant may screw them later,
but you'll need evidence.  Videotape them if it's feasible, and if you have a
friend in the press call him/her.  Above all invoke your right to remain
silent, and don't help them by opening your mouth.  With the recent rash of
Gestapo-style no-knock warrants a modem using friend of mine has started
keeping a .44 Magnum by the door.  His explanation is since he's not doing
anything illegal if someone comes crashing through the door he's going to
assume its a burglar or psychotic and protect his property and family until
the police come.  We of course don't recommend that you follow his example,
but the choice is yours.  After all a law abiding citizen has the right to
defend himself.
After the bust have your lawyer keep on them like a fly to manure.  According
to the law a search warrant is supposed to be for gathering evidence for an
indictment.  If no indictment is forthcoming (none should be if you're clean)
then demand your property be returned to you.  In any event you should always
file suit and seek legal charges against them.  Just the simple act of doing
that creates hassles for them.
Before I wrap this up, let me state that I have nothing against law
enforcement people.  Most of the police officers out there do a fine job, and
are good people.  However, the few rotten apples in this country's law
enforcement infrastructure do a lot to blacken the name of police officers
everywhere.  I am also amazed that with all the murderers, rapists, and child
molesters running around lose in this country, our police agencies are so
quick to jump to the whim of some whining, clueless , control-addicted
corporate bureaucrat; who's probably broken more laws than the worst hacker
ever could, and go after innocent telecomputists.  (Why wasn't Neal Bush
arrested?) I would tend to believe that child molesters should have a higher
hunt-down priority then kids with computers; however sometimes that doesn't
seem to be the case.
                                Driving Tips
Motor vehicles are probably the most common form of transportation used today.
Perhaps this is why most people involved in an operation get busted while
driving.  In New York &amp; many other states, your rights are nonexistent while
you're behind the wheel, and you can get pulled over and searched for any
reason.  So, to stay out of trouble and avoid any problems that might result
in getting pulled over, I've put together some guidelines that should help
keep you out of trouble while you're on the road.
1. Keep tabs on the local law enforcement agencies.  While most cops are more
   or less decent and won't bother you as long as your not driving
   recklessly, there are a few bad apples who will bother you for whatever
   reason.  Also, remember that you have no rights on the road.  You're fair
   game for any reason.  Get ahold of a mobile scanner and hide it behind your
   dashboard or in a seat.  Scanners are illegal to have in vehicles in some
   states and much frowned upon in others.  Run a remote speaker to a
   convenient but hidden spot with a hidden switch to turn it off.  This way
   they can't see anything that looks suspicious, and you can cut out the
   audio quick if you get stopped.  Also remember to program in secondary car-
   to-car and mobile to base frequencies.  This will give you an indication of
   law enforcement activity nearby you and allow you to take appropriate
   action should your plates get checked all of the sudden.
2. Drive at the proper speed.  By that I mean not too fast and not too slow.
   Not only can you get pulled over for speeding, but if you drive too slow,
   you'll get pulled over for being suspicious.
3. Know your geography.  Intimate knowledge of the roads in your area of
   operations is essential.  This way, you can take alternate routes if there
   is an obstruction down the road as well as know what roads not to take so
   you don't make an evasive turn into a dead-end street.
4. Stay off well-traveled roads whenever possible.  You're less likely to get
   stopped on a secondary road.
5. Drive something appropriate looking for your locale.  If you drive
   something too fancy or too beat-up you will attract more attention to
   yourself.
6. Keep anything attention getting out of sight.  If you get stopped, and
   nothing is visible, then there is less cause for them to search your
   vehicle.
7. Obey all the traffic laws.  This is common sense, but many people who were
   wanted criminals got nailed by a simple traffic infraction stop.
8.  If you get pulled over, be polite even you are insulted and harassed.
    Also, don't make any sudden moves.  Again, common sense, but some stupid
   people think that they have to mouth-off when they get pulled over and
   given a hard time. They're the ones who usually get busted.
