Kuji Media Corporation Ltd.

04/04/98 THE SCHOOLBOY SPY.

By Jonathan Ungoed-Thomas

The Americans called him their No 1 enemy, but he was only 16. Jonathan Ungoed-Thomas reveals one of the strangest stories of the cyber-age. On the evening of April 15, 1994, six American special agents sat in a concrete basement at a secret air force base patiently waiting for an attack. Their unseen and unknown enemy had for weeks been rampaging across the Pentagon network of computers, cracking security codes and downloading secret files.

Defence officials feared the infiltrator was a foreign agent. They were monitoring his movements in a desperate effort to trace him to his lair. He had first been spotted by a systems manager at the Rome Laboratory at the Griffiss air base in New York state, the premier command and control research facility in the United States. He had breached the security system and was using assumed computer identities from the air base to attack other sites, including Nasa, Wright-Patterson air force base – which monitors UFO sightings – and Hanscom air force base in Massachusetts. He was also planting “sniffer files” to pick up every password used in the system. This was a new type of warfare, a “cyber attack” at the heart of the most powerful military machine on earth. But the American military had been preparing for “cyber war” and it had a new breed of agent ready to fight back against the infiltrator. Computer specialists from the Air Force Office of Special Investigations (AFOSI) and the Air Force Information Warfare Centre in San Antonio, Texas, were dispatched to Rome Laboratory to catch the attacker.

By the end of the second week of their attempt to outwit him, their windowless basement room was a mess of food wrappers, sleeping bags and empty Coca-Cola cans. Sitting among the debris, the American cyber agents saw a silent alarm throb on one of the many terminals packed into the 30ft by 30ft room. Datastream Cowboy, as he called himself, was online again. They carefully tracked him on a computer screen as he used the access code of a high-ranking Pentagon employee to sign on. This gave him the power to delete files, copy secret information and even crash the system. As he sifted through battlefield simulation data, artificial intelligence files and reports on Gulf war weaponry, the agents worked frantically at their terminals, trying yet again to establish who he was and where he had come from. It was futile. Datastream Cowboy always bounced around the world before launching an attack and it was impossible even to establish in which country he was sitting.

Suddenly he left the Pentagon system. The agents rapidly checked the computer address of his new target and were chilled by the result: he was trying to get access to a nuclear facility somewhere in Korea. The shocked agents saw a terrible crisis coming. The United States was embroiled in tense negotiations with North Korea about its suspected nuclear weapons programme. The Clinton administration was publicly split between a faction that wanted to punish the Stalinist regime in Pyongyang for attempting to develop a nuclear bomb and State Department diplomats who insisted on a gentler approach.

If the paranoid North Koreans detected a computer attack on their nuclear facility from an American air base – because Datastream Cowboy had assumed an American military identity by routeing his assault through the Griffiss computer – they would be bound to believe that the hawks had won and this was an act of war. Senior defence officials were hurriedly briefed as the agents attempted to establish the exact location in Korea of the computer that Datastream Cowboy was trying to crack.

After several tense hours, they had their answer. His target was in South Korea, not North. The security alert was over, but the damage meted out by Datastream Cowboy was not. In the space of a few weeks he had caused more harm than the KGB, in the view of the American military, and was the “No 1 threat to US security”.

What made Datastream Cowboy so dangerous, in the view of the Americans, was that he was not alone; he was working with a more sophisticated hacker who used the “handle” of Kuji. The agents repeatedly watched Datastream Cowboy unsuccessfully attack a military site and retreat for an e-mail briefing from Kuji. He would then return and successfully hack into the site. Both Datastream Cowboy and Kuji were untraceable. They were weaving a path through computer systems in South Africa, Mexico and Europe before launching their attacks. Over 26 days, Datastream Cowboy and Kuji broke into the Rome Laboratory more than 150 times. Kuji was also monitored attempting an assault on the computers at Nato headquarters near Brussels. It was only three years after the final collapse of Soviet communism, but there was already a strong fear within the American government that the United States had become vulnerable to a new military threat: electronic and computer warfare.

Both America’s superpower military arsenal and its huge civilian economy had become reliant on microchips and in the words of Jamie Gorelick, a deputy attorney-general: “Some day we will wake up to find that the electronic equivalent of Pearl Harbor has crippled our computer networks and caused more chaos than a well placed nuclear strike. We do not want to wait for that wake-up call.”

What made the American military so vulnerable was that the Internet – the computer communications system that had been developed by Pentagon scientists as a tool for survival after nuclear war – was opening up in 1994 to anyone in the world who had access to a cheap and powerful personal computer.

The Internet automatically brought hackers to the very gates of the Pentagon’s most secret files – and it could not be policed, as it had been deliberately set up without controls to ensure ease of access for nuclear survivors.

According to official American figures, the Pentagon’s military computers are now suffering cyber attacks at the rate of 250,000 a year and it is retaliating with a $3.6bn programme of computer protection to key systems. THE attacks by Datastream Cowboy and Kuji were the opening shots in this barrage, and the Pentagon generals insisted that they had to be found and put out of action. It would have been relatively simple to shut them out of the Pentagon network, but they would survive to attack again – and their identities and the information they had already stolen would have remained unknown. The American cyber agents were ordered to continue chasing them through the electronic maze.

But how? They used a process called “fingering” in which they tried to detect every computer that Datastream Cowboy had used as stepping stones before attacking them. A computer on the Internet gives its own address in the first few bytes of any communication and the agents tried to trace Datastream Cowboy’s path backwards. The process can often be hit and miss because of the vast amount of traffic on the Internet and the hacker’s path was simply too long and circuitous to follow to its end. The agents almost gave up hope. Then old-fashioned police work was brought to bear. In the cyber age, where do hackers hang out? On the Internet, of course. They “chat” with each other through their screens.

The agents had informants who cruised the Internet and one of these made the breakthrough. He found that Datastream Cowboy hung out at Cyberspace, an Internet “service provider” based in Seattle. Moreover, he was a particularly chatty individual who was eager to engage other hackers in e-mail conversation. Naive, too. Before long, the informant had established that Datastream Cowboy lived in the United Kingdom. He even gave out his home telephone number.

Jubilant, a senior AFOSI agent contacted the computer crime unit in Scotland Yard for assistance. Datastream Cowboy’s number was traced to a house in a cul-de-sac in Colindale, part of the anonymous north London suburbs. In cold war days it would have been a classic address for a spy’s hideaway.

Telephone line checks revealed that the hacker was first dialling into Bogota, the Colombian capital, and then using a free phone line from there to hack his way into the sensitive military sites.

American agents flew to London and staked out the address with British police officers. Detectives were cautious, however, about making an immediate arrest because they wanted Datastream Cowboy to be online when they entered the house, so that he would be caught in the act.

At 8pm on May 12, 1994, four unmarked cars were parked outside the Colindale house. Inside one of them, a detective’s mobile phone rang. An agent from the Rome Laboratory was on the other end: Datastream Cowboy was online. Officers made a second call to British Telecom in Milton Keynes and established that a free phone call was being made to South America. Posing as a courier, one of the officers knocked on the door. As it was opened by a middle-aged man, eight policemen silently appeared and swept into the house. The officers quietly searched the downstairs and first floor. Then, creeping up the stairs to a loft-room, they saw a teenager hunched in his chair tapping frantically away on the keyboard of his ?700 PC World computer. They had found Datastream Cowboy.

One of the detectives walked up silently behind the young suspect and gently removed his hands from the computer. For 16-year-old Richard Pryce, a music student, it was the shock of his life. He looked at the policemen as they prepared to arrest him and collapsed on the floor in tears.

“They thought they were going to find a super-criminal and they just found me, a teenager playing around on his computer,” says Pryce now. “My mother had noticed people sitting outside our house for a few days beforehand, but I didn’t think much of it. I never thought I would get caught and it was very disturbing when I did.

“It had just been a game or a challenge from which I had got a real buzz. It was unbelievable because the computers were so easy to hack, like painting by numbers.”

Pryce, who was then a pupil at The Purcell School in Harrow, Middlesex, was arrested at his home but released on police bail the same evening. Five stolen files, including a battle simulation program, were discovered on the hard disk of his computer. Another stolen file, which dealt with artificial intelligence and the American Air Order of Battle, was too large to fit on to his desktop computer. So he had placed it in his own storage space at an Internet service provider that he used in New York, accessing it with a personal password.

During the subsequent police interviews, one pressing question remained unanswered: who was Kuji? Pryce claimed he had only talked with his hacking mentor on the Internet and did not know where he lived. American investigators regarded Kuji as a far more sophisticated hacker than Datastream. He would only stay on a telephone for a short time, not long enough to be traced successfully. “Kuji assisted and mentored Datastream and in return received from Datastream stolen information…Nobody knows what Kuji did with this information or why it was being collected,” agents reported.

Mark Morris, who was then a detective sergeant with Scotland Yard’s computer crime unit, was one of the investigating officers on the case. “It was awesome that Pryce, who was just one teenager with a computer, could cause so much havoc, but the greater worry in the US was about Kuji,” says Morris. “The fear was that he could be a spy working for a hostile foreign power. The job was then to find him.”

Pryce did give detectives one telephone number, but it was a red herring: a school library in Surrey. During the next two years of compiling evidence in Britain and America in the case against Pryce, British detectives and American agents failed to turn up any evidence that might lead to Kuji. Their break finally came in June 1996 when the computer crime unit decided to sift once again through the mass of information on the hard disk of Pryce’s computer.

Morris took on the job. “I was at home with my laptop and went through every bit of that hard disk, which was a huge task.” It took him three weeks. If all the files had been printed out they would have filled 40 filing cabinets.

At last he found what he wanted. “At the bottom of a file in the DOS directory I saw the name Kuji. Next to the name was a telephone number. Pryce might not have even known it was on his system because he downloaded so much information.”

For American agents hoping to catch a superspy, Kuji’s telephone number was a grave disappointment. He was based in Cardiff. A team of officers drove up to his address, a terraced house, and finally discovered Kuji’s identity. He was 21-year-old Mathew Bevan, a soft-spoken computer worker with a fascination for science fiction. His bedroom wall was covered with posters from The X Files and one of his consuming interests was the Roswell incident, the alleged crash of a UFO near Roswell, New Mexico, in July 1947. He was arrested on June 21, 1996, at the offices of Admiral Insurance where he worked.

“I would never have been caught if it wasn’t for Pryce and even then they took two years to find me,” Bevan says now. “And the only reason Pryce got caught was that he gave his number to a secret service informant.” Bevan, the son of a police officer, said he had not even been alarmed when Datastream Cowboy disappeared from the Internet. “Everyone was joking with me on the e-mail that he must have been arrested, but I didn’t believe it. It wasn’t until a year later that a friend phoned me and said: ‘Have you seen the papers? They think you’re a spy’.”

However, Bevan became confident that he had escaped detection and was stunned when he was arrested. “I was told to go and check the managing director’s computer. I went in and there were seven or eight of them in suits and I was arrested.” He was charged the next day with two counts of conspiracy under the Criminal Law Act 1997. He was later charged with three offences under the Computer Misuse Act 1990.

Pryce had been charged in June 1995, about 13 months after his arrest, with 12 offences under Section 1 of the Computer Misuse Act 1990. He was also charged with conspiracy three days before Bevan’s arrest. At the culmination of one of the biggest ever international computer crime investigations and after a massive security scare in the United States, law enforcers were left with a meagre and faintly embarrassing prize: two young hackers who in their spare time, from the comfort of their bedrooms, had penetrated what should have been the most secure defence network in the world. To rub salt into the wounds, their credentials were hardly impressive. Pryce had scraped a D grade in computer studies at A-level and Bevan had dropped out of an HND course in computer science.

Pryce’s father, Nick, who restores musical instruments, said: “They said Richard was a No 1 security threat and I think that was just rubbish. They had overreacted and when they found out it was just a teenager, they still wanted to try to make an example of him. I never knew what he was doing at the time; I just thought he was in his bedroom playing on his computer. When I found out, I never thought he had done anything particularly wrong and neither did our friends. He just showed how bad security was on those computers.”

But how did two rather ordinary young men manage to penetrate the Pentagon computer system and spark such a massive security alert? Both were bright and articulate, but there was nothing in their backgrounds to suggest a computer wizardry that would outwit the American military. Their success was based on a mixture of persistence and good luck, which was abetted by crude security mistakes in the Pentagon computer system. Pryce had had a musical upbringing with his two sisters, Sally and Katie, and had a passion for playing the double bass. He was bought his computer when he was 15 to help him in his studies. He would spend his spare time linked up to a bulletin board on the Internet, where computer users traded information and chatted. It was here that he got his first introduction to hacking.

“I used to get software off the bulletin boards and from one of them I got a ‘bluebox’, which could recreate the various frequencies to get free phonecalls,” he said. “I would phone South America and this software would make noises which would make the operator think I had hung up. I could then make calls anywhere in the world for free.”

Now 20 and in his third year at the Royal College of Music in London, Pryce said: “I would get on to the Internet and there would be hackers’ forums where I learnt the techniques and picked up the software I needed. You also get text files explaining what you can do to different types of computer. “It was just a game, a challenge. I was amazed at how good I got at it. It escalated very quickly from being able to hack a low-profile computer like a university to being able to hack a military system. The name Datastream Cowboy just came to me in a flash of inspiration.”

The attack on Rome Laboratory, his greatest success, relied on a ferret called Carmen. Pryce easily gained low-level security access to the Rome computer using a default guest password. Once inside the system, he retrieved the password file and downloaded it on to his computer. He then set up a program to bombard the password file with 50,000 words a second. “I just left the computer running overnight until it cracked it,” he explained.

If all the air force officers with access to the computer had followed orders and used passwords with a mixture of numerals and letters, his attack would have been foiled; but luck was on his side.

Morris, who has since left Scotland Yard’s computer crime unit and now works in London for Computer Forensic Investigations, a private company, revealed: “He managed to crack the file because a lieutenant in the USAF had used the password Carmen. It was the name of his pet ferret. Once Pryce had got that, he was free to roam the system. There was information there that was deemed classified and highly confidential and he was able to see it.”

Once he was in the system, Pryce kept getting access to higher levels in his aim to become a “root user”, which gives the hacker total control of the computer with the power to shut out other users and command the entire system.

“I was interested in Rome Labs because I knew they developed stuff for the military. I just wanted to find out what they were doing. I read that UFO material was being kept at Wright Patterson base and I thought it would also be a laugh to get in there. I also hacked into a Nasa site,” he said. “Rome Labs was my main project. I got the programming code for an artificial intelligence project. I downloaded files so I could view them at leisure at home.

“I know there was a big fuss when I tried to hack into a computer in Korea, but there was nothing sinister about it. I just fancied having a go at a different sort of computer and I happened to be on the Rome Laboratory computer. I just tapped in the address for the Korean research computer, but I didn’t hack into it. It never went further than that.” During an intensive three months of hacking, Pryce sent e- mails at least twice a week to the fellow hacker he knew as Kuji, without knowing his real name was Mathew Bevan.

Bevan, who is now 23, was more of a loner than Pryce and would spend up to 30 hours without a break on his computer. He claims the fraternity of hackers gave him the friendship that he had failed to find during his childhood. “I was bullied at school and I found my little community and interaction through my computer,” he said. “The hackers would all egg each other on. There wasn’t anything malicious about it. If there was, I could have downed as many computer systems as I wanted. I was just really looking for anything about UFOs. It was like war games; I just couldn’t believe what we could get into. I wasn’t tutoring Pryce, but the Americans made out I was because they thought I was some kind of east European masterspy.” Pryce agrees: “We embarrassed them by showing how lax their security was and that’s why they made out we had been a huge security threat. I’m now amazed by what I did, but I wasn’t surprised at the time. It was just my hobby. Some people watched television for six hours a day, I hacked computers.”

The first time Pryce and Bevan met in person was in July 1996 when they appeared at Bow Street magistrates court jointly charged with conspiracy and offences under the Computer Misuse Act. “He was at the back of the court when I went in and his mother said: ‘You’d better say hello’, which he did. We didn’t even have a chat,” said Bevan.

Conspiracy charges against both Pryce and Bevan were later dropped, but in March last year Pryce was fined ?1,200 after admitting 12 offences under the Computer Misuse Act. His lawyers said in mitigation that there had been some exaggeration when the Senate armed services committee had been told in 1996 that the Datastream Cowboy had caused more harm than the KGB and was the “No 1 threat to US security”. The remaining charges against Bevan were dropped in November after the Crown Prosecution Service decided it was not in the public interest to pursue the case.

Nevertheless, the case of Datastream Cowboy and Kuji remains one of the most notorious in American cyber history. The two young men are living this down in different ways. Pryce’s computer was confiscated, to his initial dismay. “After I had my computer taken away it was quite difficult because I had been doing it every night for a year,” he said. “If they hadn’t caught me, I would have carried on.” Now he thinks hacking was a waste of time and insists he will never do it again. He does not even own a computer any more.

Bevan, however, has put his notoriety to good use: he is now employed testing the computer security of private companies.Targeting the Pentagon United States defence computers have for years been one of the most covetedtargets for hacking addicts inspired by the film War Games, which showed a boy cracking an American defence network and nearly starting the third world war.

One of the pioneers of this craze was Kevin Mitnick, who repeatedly hacked into Pentagon computers in the mid-1980s. He was jailed in 1989 but continued his exploits on his release and was arrested again after a two-year hunt by the FBI. The number of cyber attacks on the Pentagon is estimated by Washington officials as 250,000 annually, but the incidents the public hears about are only the few where hackers get caught. In 1996 six Danes who hacked into Pentagon computers were given sentences of up to three months. The same year, special agents tracked down three teenage hackers in Croatia who had also succeeded in penetrating Pentagon computers.

They were never identified or charged, however, as there is no law against computer hacking in Croatia. Last month there was a spectacular example of the hackers’ work when American defence officials revealed that the Pentagon computer network had been subjected to a relentless two-month attack. CIA agents were reportedly anxious that the hackers might be the agents of Saddam Hussein.

FBI agents blamed a secret convention of hackers believed to be held in New York. A few days ago, the real culprit gave himself up. Ehud Tenenbaum, an Israeli teenager who dubbed himself The Analyser, had worked with two young hackers in California. Under house arrest in Tel Aviv, he said the attacks were not malicious. He had concentrated on American government sites because he hated organisations. “Chaos, I think it is a nice idea,” he said.

(c) Times Newspapers Ltd, 1998.

SUNDAY TIMES 29/03/98

Infowar.Com & Interpact, Inc. WebWarrior@Infowar.Com

Submit articles to: infowar@infowar.com
Voice: 813.393.6600 Fax: 813.393.6361

Last modified: Sun, 03 Jan 1999 00:04:46 GMT

“The cream of US military intelligence last week had their bungled attempt to prosecute a bedroom hacker thrown out by a British court,” screamed the lead of a November 28, 1997 piece in the United Kingdom newspaper, The Guardian.

[Source: Lucie Morris, Security Risk Claim Computer Ace Cleared, *PA News*,21 Nov 1997; PGN Abstracting]

[DMK: Two of the best publications regarding the Rome Air Force Base
hack-ins are the GAO Report available online through
http://www.gao.gov/reports.htm under title [AIMD-96-92] Information
Security: Computer Attacks at Department of Defense Pose Increasing Risks
and the Fall 96 Computer Security Institute’s journal, both articles written
in whole or in part by Jim Christy, the Air Force investigator involved.
Mixed messages. Is the interpretation to be, if you hack, you’ll get off?

Or if you hack some other country’s computers, you won’t be prosecuted
because it costs too much? Of if your partner in crime gets off with just a
fine, prosecutors won’t spend a lot of money going after you?
So Bevan *may* have hacked into computers worldwide. But he has no
convictions. How long until he’s peddling his skills as a computer security
expert, or even on a “Tiger Team” or penetration testing group?]

Dave Kennedy [CISSP] Director of Research, National Computer Security Assoc.

INFORMATION SECURITY:

The Implications of Cyberwar for National Security and Business

by Zachary Selden

November 1996

In the Summer of 2003, Iran?s armed forces are closing in on Saudi Arabia in a bid to control Middle Eastern oil production. The U.S. gathers its allies and prepares to repel Iran, but finds itself virtually paralyzed as invisible and untraceable computer assailants shut down power grids, cause trains to collide, disrupt financial transactions and close down telephone systems. The Second Gulf War has become the First Cyberwar.

This not the opening chapter of Tom Clancy?s latest novel- it is the basis of an recent Pentagon exercise. US government officials are increasingly concerned about the national security implications of cyberwar and cyber-terrorism. In earlier forms of warfare, railroad junctions and communication systems were bombed to confound the enemy?s ability to transport equipment and transmit commands. Today, they can be rendered just as inoperable by a modem-equipped PC.

The terms information warfare, cyberwar and information security have become media buzzwords. But what is information warfare and what are the realistic threats to U.S. national security? Information warfare (IW) can encompass everything from electronic jamming to psychological operations. The focus here, however, is defense against the deliberate exploitation of information systems? inherent vulnerabilities in a manner that affects national security. The reality of information warfare is that all systems are vulnerable. As states grow more dependent on information systems, vulnerabilities will increase.

These weaknesses are compounded by the fact that U.S. military and civilian information systems are intimately linked. Railroads, for example, are controlled by relatively penetrable civilian systems, and much of the military?s unclassified message traffic travels on the internet. In cyberwar, civilian information systems can be as critical as military systems, and any effort to built a truly secure national information system will require close cooperation between American business and government.

As war becomes more information intensive, the need for such cooperation grows. The Gulf War taught us that strong information management skills can translate into battlefield success. But, information technology shares one characteristic with older military technology: defensive countermeasures are both simpler and cheaper.

Cyberwar requires a small capital investment to achieve tremendous results. The necessary computer equipment is easily obtained and is becoming less expensive every day. A team of computer mercenaries could be hired for less than the cost of one fighter aircraft. Information warfare can also be carried out remotely. A state or terrorist organization could easily disperse its operatives around the world making it difficult to pinpoint any attack and retaliate. The bottom line is that information warfare is cheap, effective and well within the reach of almost any state or well-endowed terrorist organization. The potential for the Davids of the world to fling a well placed rock against the Goliaths may actually be greater in the information age than in the industrial age.

Information system vulnerabilities can also be exploited to fund terrorist activities. In the 1970s and 1980s, terrorists turned to hijackings and kidnappings to raise funds. With billions of dollars in electronic transit every day, cyberspace may provide a funding source that is both less risky and more profitable than conventional means of raising funds.

The vulnerabilities of military information systems are obviously an area of paramount concern. Most of the more than 250,000 attacks on military information systems each year fail, but a few successes can cause widespread damage. For example, in 1994, Air Force computer security experts discovered that their classified network at the Rome (New York) Laboratories had been breached. A subsequent investigation revealed that the hackers had gained complete access to all Rome Labs networks, and had breached other classified sites, like the South Korean Atomic Research Institute, through access to the Rome Labs system. This latter problem illustrates one of the most serious problems of network security: once a hacker has found a valid ID and logon, he can transfer to other sites that might be better defended. The security of an information system is only as good as its weakest link.

Identifying the intruders was virtually impossible because they skillfully manipulated the phone system and ran their connection through multiple locations from New York to Latvia. While the intruders? computer codenames? Datastream and Kuji? were discovered, their identities remained secret until an informant revealed an e-mail conversation with a British hacker who bragged about his exploits in Rome Labs and left his phone number with the informant. A tap was put on the line and he was subsequently arrested. Datastream turned out to be a sixteen year-old armed with nothing more than a 486sx PC. Had he been a bit more mature, like his colleague Kuji who remains at large, he most likely would still be breaking into military sites at will.

National security planners face difficult questions: How many other Datastreams are out there, who will employ them and to what ends? If one teenager with fairly unsophisticated equipment can penetrate supposedly secure systems, consider the damage that ten or twenty equally skilled individuals could do in the employ of a rogue state or terrorist organization. The PC may soon be one of the most dangerous components in the terrorist?s arsenal.

If military sites can be compromised, civilian networks are even easier to crack. Financial institutions are reluctant to reveal information systems intrusions for fear of sparking a panic, but such incidents appear to be relatively common. In 1994, for example, Citibank lost $400,000 to a group of Russian hackers, who were attempting to steal millions. A survey of computer security companies by the Senate Subcommittee on Investigations revealed that their corporate clients in the United States had lost $400 million last year alone.1 It is impossible to estimate the additional loses in comparative advantage due to computer industrial espionage.

Without a serious effort to strengthen and coordinate security measures, American business stands to lose hundreds of millions every year, and the U.S. military effectiveness could be compromised. Incidents like the Rome Labs penetration have created a consensus in favor of action. While support for coordination information security programs is strong, this consensus breaks down when one moves to the level of specific recommendations.

To date, no clear government strategy for information security exists. A host of government agencies and informal public-private groups have been convened to discuss this problem, but actual results are minimal. One senior intelligence official compares the state of coordination to “a toddler soccer game where everyone just runs around trying to kick the ball somewhere.”2

Efforts to comprehensively protect the entire information infrastructure will face strong opposition from private industry actors who are reluctant to encourage government intrusion. As Richard Wilhelm, Vice President Gore?s security advisor puts it, private companies “are not begging for more government meddling.”3 The present battle over encryption? which pits civil liberties advocates and law enforcement officials who hope to “tap” information networks?is simply the tip of the iceberg. In today?s rapidly changing technological environment, the prospects for extensive government-industry cooperation remain limited. The lack of cooperation between industry and government on this issue is reflected in the President?s Commission on National Infrastructure Protection. While ostensibly a forum to bring together industry and government to coordinate the security of the nation?s information networks, some industry representatives claim that they have been relegated to minor positions in what has become a high-level bureaucrats club. The Commission is expected to release its report next year, but if industry is as isolated as some of its representatives believe, it will not be a comprehensive plan.

Clearly, there is some movement toward a plan to protect the national information infrastructure, but it has yet to move past the theoretical stages. As the global leader in technology and information systems, the United States is particularly vulnerable to cyberwar or cyber-terrorism. The requisite skill and technology to wreak havoc via computer already exists: it is only a question of time before a state or terrorist organization decides to wage cyberwar against the United States. Coping with this emerging threat will require cooperation between the American business community and Government to devise means of protecting both civilian and military information systems.

The information technology revolution spawned both tremendous promise and new threats. At the moment, however, the means of coping with the potential threat is barely in formation. While the recent attempts to secure the national information infrastructure appear to be a good start, they may ultimately prove to be a case of too little, too late.

1 U.S. Senate Permanent Subcommittee on Investigations, Staff Statement for Hearing on Security in Cyberspace. June 5 1996, p.41.

2 ibid, p.26

3 “IW Study May Guide U.S. Policy,” Defense News, March 10, 1996: 3.

Source: Business Executives for National Security; http://www.bens.org/ pubs/Cyber.html

Infowar.Com & Interpact, Inc. WebWarrior@Infowar.Com

Submit articles to: infowar@infowar.com
Voice: 813.393.6600 Fax: 813.393.6361
Last modified: Sun, 03 Jan 1999 00:05:58 GMT

Cyber Terrorism – American Banker
Mon, Sep 08 1997

Thanksgiving dinner last November. William Marlow is just pushing back from the family table when the phone rings. One of his clients, an unnamed Midwestern financial institution, thinks it’s under cyber- attack. For Marlow, the next few days are all long, filled with pizza.

Marlow is a svp at McLean, VA-based Science Applications International Corp. (SCI), which operates a computer security team headed by Marlow and Dr. Mark Rasch, formerly U.S. Attorney for Computer Crime at the Department of Justice. The team has 47 bank clients worldwide, including, they say, three of the nation’s largest.

When the call came, the computer security team assembled in their war room in McLean, established a secure link with their client’s network, and began systematically securing the client’s computer operations while metaphorically patrolling the walls, looking for anything from a simple mistake that might have accidentally set off the alarms, to a sophisticated timing attack, designed to distract the firewall while intruders slip into the system. “What the client was afraid of was that a Trojan horse had been introduced,” says Marlow. A Trojan horse is a program that enters the computer network disguised as a harmless message, then opens a so- called “back door” for the attackers. “While we were doing that, we received a message from two individuals that was an extortion demandowe’re talking significant dollars, enough to alter our fee structure,” says Marlow.

The Federal Bureau of Investigation (FBI) was brought in by the client, and the two teams, working together, tracked down the perpetrators. Marlow and his team built a chain of custody of evidence for the prosecution under Rasch’s supervision, while the FBI pounded the pavement, locating and arresting the criminals, who are reportedly awaiting trial.

At press time, the FBI said it needed more specific information before it could comment on Marlow’s experience.

Marlow’s client got off easy. Last year, The Times of London a publication not known for its sensational has reported that several London financial institutions had paid up to $400 million to fend off extortionists who used logic bombs (software programs that cause systematic errors) to demonstrate their ability to destroy those institution’s global operations. At least one of the attacks sent the proceeds to Russia, according to The Times story, which ran on the front page of its June 2, 1996 edition. Other journalists have confirmed the report, although officials steadfastly deny it. Both these incidents were probably more a matter of cyber- gangsterism than anything elseojust a new way to hold up banks. But in today’s strange new world, they could as easily have been perpetrated for kicks by a kid in Cedar Rapids, for money by a former programmer from the Soviet Ministry of Defense working for the Russian Mafiya, or, more dangerously, by a politically motivated terrorist trained by the CIA in Afghanistan, working in the Sudan with financing from a Saudi billionaire and intending to harm America by attacking its lifeblood.

Every Country for Itself?

And therein lies the rub: Once a bank is under cyber attack, it doesn’t much matter whether the enemy wants your money or your life; the lines between mere criminality and political action are blurred by the anonymity of the attack. And since in cyberspace national boundaries aren’t even lines on a map, computer attacks don’t always yield to tidy legalistic solutions, even if the computer that launched the attack can be traced and happens to be in a nation with laws against themoby no means a universal condition. Monaco, for instance, has no laws covering computer crime.

The result for America’s banks is a sort of medieval world in which anything can happen, law is nonexistent, and everyone needs strongholds and armed escorts when traveling from one world to the other. And because the world is filled with persons who consider America’s role as the citadel of democratic capitalism, and the exemplar of modern scientific civilization to be fundamental attacks on their way of life, a cyber attack on one bank could as easily be a first step in a plan to crash the international payments system as an attempted robbery.

And examples of cyber terrorismoor at least how vulnerable we are to themodo exist, though no official will admit to a cyber terrorist attack on a U.S. bank.

In 1994, for instance, according to 1996 Congressional testimony, two hackers named Datastream Cowboy and Kuji crashed the computer systems at Rome Air Force Base in Rome, NY, for 18 days. Rome AFB works on very sensitive defense projects; according to the testimony, not only were sensitive files stolen, but successful attacks were launched from the Rome computers to NASA’s Goddard Space Flight Center, Wright- Patterson AFB, and defense contractors around the country.

Datastream Cowboy was eventually arrested in England and convicted there of telecommunications theft. Kuji is still at large; no one knows what happened to the stolen data.

The same testimony disclosed not only that the Defense Information Systems Agency’s internal testing successfully penetrates Defense Department systems 65 percent of the time, but also that it estimates Defense systems are attacked about 250,000 times a year. It doesn’t take much to see that if a Defense Department computer system can be penetrated, so can a bank’s.

This is no secret to Admiral J. Mike McConnell, a Booz, Allen & Hamilton partner who recently retired as director of the once super- secret National Security Agency. “Banks talk about their systems as though (they have) no external connections,” he says. “What most people don’t appreciate today is that most banks today, when they are communicating, are traveling on the public switch networkothe phone system structure. When people say they’re using the Internet, all they really mean is that they’re riding around on the public switch network. That induces a certain amount of vulnerability.”

Downloading Attack Tools

Banks will tell you they have “leased lines” between their branches, he says. “But they don’t really have a physical lineothey have a restoral priority; it means they’ll get service, but they don’t know whether it’ll go through New Orleans or Chicago. So the point is, that opens you to potential vulnerabilities.

“Now you can encrypt that message, and it will be more difficult to interfere with anything; and a bank can have certain kinds of defensesofirewalls and whatnotobut once you understand and appreciate them, there are ways to attack them. Nothing is 100 percent guaranteed impenetrable. In my experience, when you are testing something to see if there is a vulnerability, you most always find a vulnerability.”

Added to that, says McConnell, is that on the Internet, all the attack tools can be downloaded; there is a “tremendous, richly robust hacker group that shares all these techniques” used for system penetrations, while readily available Silicon Graphics workstations make very capable platforms for cyber attacks.

Today, with all our networking, the vulnerability does not end with the transmission (of data), McConnell cautions. “It’s gone from worrying about data in motion to also worrying about data at rest,” because much information is stored on hard drives. “That’s where the vulnerability is,” he says.

Luckily, bankers are a paranoid lotosafes and vaults were more or less invented for themoand banking systems are on the whole among the most secure around. This was well demonstrated during the recent “war game” simulations conducted in June and July by McConnell in his McLean, VA, offices for the President’s Commission for Critical Infrastructure Protection (PCCIP).

Global Ops Riskier

After two and a half days simulating escalating problems that began as apparently unconnected events and eventually manifested themselves as a full-scale cyber attack on the United States in which truck bombs were exploding at airports, the water supply was compromised, and attempts were made to penetrate FedWire and CHIPs, only the banking and nuclear power systems were left intactoevery other critical infrastructure had been forced to request government help. Among those with poor marks: law enforcement and intelligence, which didn’t share information.

The PCCIP was created last year by President Clinton to address the fact that most of the computer networks in this country are interrelated and vulnerable to cyber attack both by terrorists, who may or may not be state-sponsored, as well as attacks by state- sponsored groups.

This vulnerability is only magnified, say PCCIP officials, by the fact that corporate outsourcing has created concentrations of services in a few hands, disruptions of which could create significant vulnerabilities within whole industries, including financial services. And modern business models built around the Internet only worsen those problems. “You’re looking at an emerging business model in an emerging (global) economy that is very different from the old one, where you had manufacturing on the bottom floor and management on the top floor,” says Peter Daly, a PCCIP commissioner and U.S. Treasury official. “Now you’ve got a CEO in Baltimore, his manufacturing is in China, his software is written in India, his telemarketing is in Irelandothe Internet enables that, and that’s what we’re focusing on. The infrastructure is the carrier of commerce now, and there are important new kinds of risks there.”

It was stimuli like these, say officials at the General Accounting Office (GAO), that led it this year to begin testing the financial system for potential weaknesses. The testing is occurring now; first it will try to penetrate banks, and then it will try to penetrate FedWire. The effort is being conducted out of the GAO’s San Francisco office.

At the level at which the PCCIP is working, say officials, the worry is less about computer attacks on individual banks than it is about attacks on major computer centers that support the nation’s financial infrastructureothe problem being that at a certain level, the two are virtually identical and that a simple truck bomb, like those exploded at the World Trade Center or in Oklahoma City, could cause significant damage to, say, the New York Stock Exchange or Brussels-based Society for Worldwide Interbank Financial Telecommunication (S.W.I.F.T)., while taking down the telecommunications system with logic bombs would obviously affect the financial system along with the rest of the country.

How to Fight Attacks

But there are also high-tech attacks to worry about. Some attacks, like exploding a microwave or flux generator bomb outside the Richmond Federal Reserve, potentially taking down FedWire by destroying its computer system, require substantial resources and are impractical; both sorts of bombs are very large and would have to be delivered by truck, requiring the same sort of industrial base needed to build nuclear weapons. A flux generator bomb is capable of throwing an enormous magnetic field around a building, crashing all the systems within.

But there are lower tech attacks that even small banks need to worry about, since they could be used in smaller-scale extortion. A HERF, or high energy radio frequency, gun, for instance, is a small, futuristic device that sends an energy “spike” through a metal system, frying it.

These devices, which police forces are considering issuing to some of their personnel as a means of stopping escaping vehicles, are basically ray guns, right out of Buck Rogers. The technology, which is nowhere near as sophisticated as a flux generator bomb, could easily move from law enforcement to the criminal and terrorist population as it becomes more widespread. Tazers, readily available today, can also be used to attack and disrupt computer networks.

But these, at least, are not tough to defend against, according to a paper written by Carlo Kopp, an Australian computer scientist. Since a HERF or Tazer attack made against a LAN is an electrical attack in which a power spike does the damage, he says, simply replacing the copper- based LAN with fiber-optic cable provides a practical defense. More advanced measures advocated by Kopp start with isolating the computer power system from the main power supply with an old-fashioned motor- generator power isolator, and go as far as building the sort of copper- mesh “Faraday Cage,” sometimes put around a clean computer room, around an entire building.

Cost of Protection

But there’s a price to be paid for upping the security ante, says an official at Washington, D.C.-based American Bankers Association, who requested anonymity. “(A determined group) can always kidnap somebody’s family and make them do what they want, so I’m not sure how far you want to go” he says. “The thing you’ve got to remember is that these days, you’ve got guys carrying bombs with toggle switches instead of timers.” Toggle switches are manual triggering devices used by suicide bombers.

“Low probability events are things banks have to deal with when they’re catastrophic, and when they can be reasonably managed,” he continues. “The thing is, we’ve got tremendous measures in place already, and the only other things (we could do) is to do full-field investigations (of employees) so not only do we know who our guys are, but that the government knows who our guys are, so they’d be more willing to tell our guys what’s going on.”

That cooperation could become far-reaching. Because the implications of cyber attack are transnational, and the interpenetration of terrorism and plain criminality has become so complete, many are calling for international police efforts. “We’re totally behind the eight-ball, and everybody’s stymied by this brick wall called national sovereignty, which the bad guys laugh about,” says Arnaud de Borchgrave, who was Newsweek’s chief foreign correspondent for 30 years, and who now heads the Center for Strategic and International Studies, based in Washington. “Any thinking person knows that the traditional prerogatives of national sovereignty have not only been overtaken by the information revolution, but that things like logic bombs and worms are the new arsenal in a new geopolitical calculus that enables the non-states, and even individuals, to take on a superpower. That’s the sort of world we’re living in, and our leaders don’t want to face up to it.

“You need laws that enable you to operate beyond (national) borders,” he adds. “Right now, if the Pentagon is attacked, they don’t have the right to retaliate, even when they know the source of attack. We’re a long way from an international SWAT team or teams, which is what I’m thinking about.”

As things stand, meanwhile, most large banks have either contracted with companies like SAI, or maintain their own computer security teams, generally denying to the public that they face any real dangers and, it’s widely assumed, leaving their own computer security crises unreported. This is exactly the wrong way to handle it, says Senator John Kerry, of Massachusetts. Senator Kerry’s recently published book, The New War: The Web of Crime that Threatens America’s Security, highlights the increasing incidents of money laundering facilitated, in part, by computer- savvy criminals. “It goes to their overall attitude to the whole thing,” he says. “You have to put this thing out there; people have to know and understand it. The longer they’re quiet and the longer these guys can operate without a sense of public outrage and concern, the harder it’s going to be to marshal the forces to change the situation.”

Making Attacks Public

“They’ll need government help to fight these incursions from the Net,” he says. “But acting on their own can’t be adequate. You can do certain things, but if you keep this thing covert, you’ll never summon the kind of clout you need to have a legitimate cure.

“That legitimate cure will involve some kind of understanding about how you’re dealing with encryption, with how you’re dealing with secrecy, of how privacy rights and access rights are going to exist, and of course law enforcement’s rights with respect to all this,” Kerry says. “It’ll have to be a cooperative effort, and will involve some public law.”

INTERNET POSES GREATER RISK

Serious cyber attacks on banks are still not common: SAI estimates they see only about five serious attempts on banks in any year. But a 1994 study by the RAND Corporation points out that as a simple matter of statistics, the danger of attacks on institutions of all sorts, including financial institutions, is bound to grow in tandem with the spread of computer use and the growth of the Internet.

Statistics on computer incidents reported to CERT, a computer security information clearing house and research facility located at Pittsburgh’s Carnegie-Mellon University and financed by the Defense Advanced Research Projects Agency (DARPA), grew about ten-fold between 1990 and 1996. An apparent leveling off of reported incidents since 1994, says a spokesman, is more probably due to a multiplying of places to report such incidents than a slackening in hacker activity. An incident can affect one computer or, on a LAN, 1,000. CERT began life in 1988 as DARPA’s computer emergency response team.

And a 1997 study by San Francisco’s Computer Security Institute, conducted in association with the FBI, says that the 249 organizations who replied to their survey reported losses totaling $100,119,555. System penetration, fraud, sabotage, theft of proprietary information and virus attacks accounted for $65,623,700. Financial services companies, including banks, accounted for 18.77 percent of responses.

CSI officials say the average loss to financial fraud was $957,384, while losses to system penetration averaged $132,250. In comparison, losses from Internet abuse by employees totaled about $1 million.

HISTORY-INDUCED TERROR

Ironically, it was our triumph in the Cold War that set the stage for our present problems. The United States won the Cold War. But Russia was not occupied.

This historic anomaly loosened control over both the former KGB and its clients in the world of terror. The result is less actual terroroviolent attacks on civilians by trained, politically motivated peopleobut more trained people left to shift for themselves. “The collapse of the Soviet Union has obviously let loose a tremendous amount of human capital and talent that has a lot of abilities that would normally be used for legitimate business purposes or purposes of the State, but now does not have an outlet,” says Francis Fukuyama, noted author of The End of History. “A lot of that is going to come out in illegitimate activities, including things like cyber terrorism.”

And in any event, Russia today is only partly what Americans think of as a nation, says Ambassador L. Paul Bremer, managing director at New York’s Kissinger & Associates and former Roving Ambassador for Counterterrorism in the second Reagan Administration. “It’s a bit of a combination of both,” he says. “It is in a sense a country in that you’ve got 145 million people who mostly speak the same language, who have all grown up under a central rule from Moscow, who use a common currency, and who are more or less defended by a common army. But there is a lot of warlordism; you do have governors and other satraps out there who have a lot of authority. I don’t think the last chapter is written yet; it could go either way in Russia.”

(Copyright American Banker Inc. – Bond Buyer 1997)

_____via IntellX_____

Copyright 1997, American Banker. All rights reserved. Republication and redistribution of American Banker content is expressly prohibited without the prior written consent of American Banker. American Banker shall not be liable for errors or delays in the content, or for any actions taken in reliance thereon.

Infowar.Com & Interpact, Inc. WebWarrior@Infowar.Com

Submit articles to: infowar@infowar.com
Voice: 813.393.6600 Fax: 813.393.6361
Last modified: Sun, 03 Jan 1999 00:05:20 GMT

This is the mystery figure at the centre of a remarkable court case.

Cardiff computer student Matthew James Bevan appeared before Bow Street magistrates in London on Friday accused of hacking into the top secrets computer systems of NATO, NASA and the United States Air Force.

Military beefing up its hacker defenses
Computerworld

Why can’t the world’s most powerful military keep Internet hackers out of its computer systems?

Experts say part of the answer is that no system connected to the Internet is 100% secure, even at the Pentagon. And hackers just love to pesterbig institutions such as the military.

O1 Apr 97 HACKER PAYS THE PIPER: AGE (MELBORNE) Reuter Textline

Music student RICHARD PRYCE, was only 16 when he first appeared at Bow Street Magistrates Court in London in 1994, charged with hacking into the US Air Force computer system using the PC in his bedroom. Last week his case was finally concluded. He pleaded guilty to 12 charges under Britain’s Computer Misuse Act, 1990, and was fined 1200 (Dollars A2400).

Reuter Textline
Copyright (C) Reuters Limited 1980-1997

HACKER FINED FOR UNAUTHORISED ACCESS

LOVELL WHITE DURRANT recently represented Richard Pryce at Bow Street Magistrates Court, UK charged with 12 offences of gaining unauthorised access to computer systems. Pryce was sixteen years old when in 1994 he hacked into computer systems in the USA, including those of the US Air Force. Pryce pleaded guilty in respect of the 12 offences and Lovell White Durrant made a plea in mitigation which stressed that Pryce had since been punished by substantial disruption to his career, was of good character and had only acted through curiosity and had not exploited the vulnerabilities of the computer systems. Pryce was fined GBP1,200.

Copyright: 1997 M2 Communications, Ltd., All Rights Reserved.

HACKER FINED FOR UNAUTHORISED ACCESS., Telecomworldwire, 03-25-1997.

LOVELL WHITE DURRANT: Richard Pryce fined GBP 1,200 for offences under the computer misuse act 1990

Mr Bartle, a magistrate at Bow Street Magistrates Court, today accepted Richard Pryce’s plea of guilty
in respect of 12 offences of gaining unauthorised access to computer systems under the Computer Misuse Act 1990 when, aged 16, he “hacked” into computer systems in the United States of America, including those of the US Air Force, from a personal computer installed at his home. Following a plea in mitigation which stressed that Richard had been motivated by the curiosity of a teenager, had since been punished by substantial disruption to his career over a three year period and was of good character, the magistrate fined him GBP 1,200. Mr Pryce was represented by international law firm Lovell White Durrant.

The charges against Richard Pryce Richard was arrested at his parents’ home on 12 May
1994, when he was 16, by members of the Computer Crime Unit of New Scotland Yard, who were executing a search warrant. He had been traced by the US authorities to England after an informant provided them with a copy of an on-line conversation which had occurred several months earlier in which Richard disclosed that he was 16, from England and interested in US military systems. He had also provided the informant with his home telephone number. Following his arrest, Richard was released the same day on police bail. On 7 June 1995 – some 13 months after his original arrest, by which time he was in the middle of his A-level exams – he was charged at Holborn police station with 12 offences under Section 1(1) of the Computer Misuse Act 1990.

Three of these charges were later dropped and three more inserted in their place. On 19 June 1996 Richard was charged with two offences of conspiracy to commit an offence under Sections 1 and 3 of the same Act – charges which were withdrawn on 14 March 1997 after an abuse of process application was commenced by the defence. Despite implying that they would charge him with other offences under Section 3, the Prosecution eventually decided to proceed solely in respect of the revised set of 12 offences under Section 1(1).

The plea in mitigation The Defendant’s legal team stressed three points in the plea in mitigation made on his behalf.

First, Richard was not motivated by malice or by a desire for financial gain, and did not erase or alter
data on the computer systems or disclose any sensitive information.

His actions were motivated by the curiosity of a bright 16 year old who was not a sophisticated
computer user; he exploited vulnerabilities of the computer systems using information and methods to
gain access to insecure systems which were widely known and available.

Second, instead of being charged in a juvenile court, where he would have been dealt with speedily and with little publicity, Richard had suffered very public disruption to his career over a period of three
years. He had been punished severely already, through the repeated hearings and frequent alteration of the charges against him, extensive media and public interest in him and the case, and confiscation of equipment and material being used for his A-level studies.

Third, he had received excellent character references, had no previous convictions and had co-
operated with the police throughout.

The sentence After hearing the evidence, Mr Bartle accepted Richard’s plea of guilty. He rejected the option of a custodial sentence, on the grounds that it would be excessive in the light of the offences committed. He also rejected the option of a Community Service Order, on the grounds that it would have interfered unfairly with his music studies. Instead, the magistrate opted for a fine, at GBP 1,200 set at a level which takes account of Richard’s financial circumstances as a student (notably the fact that he receives a means-tested local authority grant). He also ordered him to pay GBP 250 towards costs.

Mr Pryce was represented in Court by Mr Martin Hicks, lead by Mr Geoffrey Robertson QC. Mr Geoffrey
Robertson, QC said: “The sentence handed down in this case should not be
misconstrued or interpreted in a way that suggests that the Courts do not take “hacking”, and its
effect, very seriously indeed. The particular combination of circumstances – the age of the
defendant, the delays in the prosecution process and the co-operation given by Richard – all contributed to the sentence which, in the circumstance, is just and fair. However, it should also be said that the case against Richard has been blown out of all proportion by the police, politicians (particularly in the United States) and the media, for reasons which have nothing to do with the facts of the case.

We are pleased that the magistrate saw reason and accepted our plea in mitigation. Richard has already paid heavily for what was, in effect, a schoolboy prank. It was not his fault that security systems in the computing and defense industries left something to be desired.

Mrs Pryce, Richard’s mother, said: On behalf of my son and the family as a whole, I would just like to say that we are relieved this is all over and very much hope that Richard will now be allowed to get on with his studies at the Royal College of Music. He has had a very tough time for nearly three years – despite accepting his guilt for the offences with which he was finally charged and his willingness to co-operate with the police – and would now like to put it all behind him.

NOTES FOR EDITORS

Richard Pryce
Richard Charles Vaughan Pryce was born on 26 May 1977. He lives with his parents, Nick and Alison, and his two sisters, Sally (aged 17) and Katie (aged 15) in Kingsbury, North London. His father and mother run their own business restoring musical instruments.

In September 1995, Richard started his studies at the Royal College of Music, where he has been awarded a scholarship following auditions at the Royal College.

He is an accomplished double bass player: he was the youngest member of the Brittan Pears orchestra and has toured in the UK and Europe with other orchestras.

At the time the offences were committed, Richard was
a pupil at Purcell School, Harrow in Middlesex. He
took his A-levels in 1995 (receiving an A in music
and a D in computer science).

The Computer Misuse Act 1990
Under Section 1 of the Computer Misuse Act 1990, it
is a criminal offence to cause a computer to perform
any function with a view to securing unauthorised
access, knowing at the time that that is the case.
The maximum sentence for an adult on conviction is
six months imprisonment or a fine not exceeding GBP
5,000 or both.

Under Section 3 of the Computer Misuse Act 1990, it
is a criminal offence to do any act which causes
unauthorised modification of the contents of a
computer with intent to impair its operation, prevent
or hinder access to a program or data, or to impair
the operation of a program or the reliability of any
data. Where the matter is dealt with in the
Magistrates’ Court, the maximum sentence for an adult
on conviction is six months imprisonment or a fine
not exceeding GBP 5,000 or both. Where the matter is
tried on indictment in the Crown Court, the maximum
sentence for an adult on conviction is five years
imprisonment or a fine (unlimited) or both

CONTACT: Fenella Gentleman, marketing communications
manager, Lovell White Durrant
Tel: +44 (0)171 236 0066
e-mail: fenella.gentleman@lovellwhitedurrant.com
WWW: http://www.lovellwhitedurrant.com

*M2 COMMUNICATIONS DISCLAIMS ALL LIABILITY FOR
INFORMATION PROVIDED WITHIN M2 PRESSWIRE. DATA
SUPPLIED BY NAMED PARTY/PARTIES.*

Copyright ? 1997 M2 Communications, Ltd., All Rights Reserved.

LOVELL WHITE DURRANT: Richard Pryce fined GBP 1,200 for offences under the computer misuse act 1990., M2 PressWIRE, 03-24-1997.

View Previous Article View Article Index View Next Article