Why `The Legion Of Doom' Has Little Fear Of The FedsMark Lewyn and Evan I. Schwartz
It was billed as the largest-ever crackdown on computer crime. Last May, 150 gun-toting Secret Service agents raided suspected computer desperados in 14 states for evidence of high-tech chicanery. The feds carted off dozens of computers and thousands of diskettes, leaving behind a bunch of dazed computer nerds. The hacker bust, the government trumpeted, "should convey a message to any computer enthusiast whose interests exceed the ethical use of computers."
But "Operation Sundevil" has turned out to be a bust of another sort. Nearly a year after the crackdown, the probe has produced just one indictment. And a prosecutor involved in the investigation, who didn't want to be quoted by name, says chances are "extremely high" that most of the cases will be dropped--as quietly as possible. It's the latest in a series of setbacks for the government's highly publicized drive against computer crime (table). The fate of these cases is sending a message to computer enthusiasts that's quite different from what the government intended: It's much harder to nail hackers for electronic mayhem than prosecutors ever imagined.
VAST RECORDS. Although the obstacles vary from case to case, there are some common threads. Computer crimes often span the country, calling for tricky coordination of far-flung law-enforcement agencies. Moreover, cops must be careful not to infringe personal freedoms in an area of the law that has yet to be clearly defined. Computer law is so murky that Harvard University law professor Laurence H. Tribe even has proposed a Constitutional amendment to clear it up. "New technologies should lead us to look more closely at just what values the Constitution seeks to preserve," he says.
Another complication is that computer records are so vast that digging up evidence for successful prosecutions is enormously time-consuming. Consider Operation Sundevil, named after the mascot of Arizona State University, where the case began. The target of the investigation was a loose, nationwide network of hackers known as the Legion of Doom. The feds suspected the Doomsters of trading stolen credit-card numbers and long-distance phone cards and exchanging information on how to break into corporate computers around the country. The raid netted 23,000 disks. "The magnitude overwhelmed us," concedes Dale P. Boll, deputy director of the Secret Service's Fraud Div.
Perhaps the biggest enforcement problem is that gumshoes trained to nab drug runners are woefully unprepared for their high-tech task. Jerome R. Dalton, American Telephone & Telegraph Co.'s corporate security manager, is convinced that the feds simply can't convict computer criminals on their own. He points to Leonard Rose Jr., a computer consultant who pleaded guilty on Mar. 22 to wire-fraud charges in Chicago and Baltimore. Prosecutors said he sent illegal copies of a $77,000 AT&T computer-operating system known as Unix to hackers around the country after modifying it so it could be used to invade corporate and government systems.
PLUGGING GAPS. Dalton contends that without AT&T's help, the government wouldn't have had a case. It was AT&T--not the feds--that verified that Rose wasn't a licensed Unix user and that the program had been modified to make breaking into computer systems easier. "Computer literacy in law enforcement isn't what it should be," says Dorothy Denning, who chairs Georgetown University's computer-science department.
The government admits its investigations are hampered by a lack of expertise and funds to pursue the vast new area of potential abuse. But the authorities are trying to plug some of the gaps. In January, the Justice Dept. formed a computer-crime task force to coordinate prosecutions with state and foreign governments. States such as Florida and California have set up similar groups. "We're getting a more coherent law-enforcement approach now," says Gail Thackeray, a special deputy county attorney in Maricopa County, Ariz., and a key player in Operation Sundevil.
Despite all the "abort" and "error" messages, the government has notched some successes. Rose's plea bargain, for instance, calls for a one-year jail sentence, by far the stiffest to date. That time behind bars for Rose sends yet another message to hackers: The government will mete out tough discipline to those computer crooks it does convict. But it has little choice if its crackdown is to be taken seriously. The hackers the feds are snaring in their electronic net are few and far between.