If a legal expert -would- like to clarify these points, please please do so
There is a general feeling that nobody knows what they can and can't be
prosecuted for. I would be pleased to listen (in confidence if required)
to anyone who can be of help
Unfortunately, unlike the US you may be liable for information you give out, so
you should be careful what you post to the group. See section 1 for info on
anonymous remailers and PGP.
Unauthorised computer access (or simply attempting it) is now illegal under the
computer misuse act (1990).
(See Coldfires Web Page for more info)
It has been mentioned that Criminal Justice Act and Public Order Act may include
legislation on possession of material explaining illegal acts. This will include
hacking text files. That is why this file doesn't tell you how to hack !
Telecom law is less specific, in general defrauding an phone company is
illegal, connecting un-approved devices to a BT network is 'unlawful' and
'prohibited'. I am unsure whether this includes sending tones from a hand-held
dial or personal-stereo. Using BT test codes may not be illegal, but is probably
in breach of your contact with them.
The following is ColdFires interpretation of the legalities of War-Dialling
All the following is my opinion, as I have no legal qualifications DO
NOT rely on it to be the case. Until wardialing is tested in court no
one will know for sure, now, who wants to be the test case :)
Quote from the Computer Misuse Act (1990) Section 1:
As most voicemail system can be classified as computer systems war-
dialling for VMB's with the intent of gaining unauthorized access to
the VMB system is illegal. The same applies to PBX's.
I believe, from my interpretation of the law, that war-dialling is
illegal under the Computer Misuse Act (1990). Of course to prosecute
you under this law it would have to be proven that you intended to
gain unauthorised access to a computer (note: computer is not defined
under the act).
Obviously this only applies to automated wardialing, dialling by hand
is not covered by this :)
Another comment that he made was on the use of system logs as evidence.
Log files make crap evidence, for a start they're easily forged, and
you're reliant upon computer generated evidence. What jury will
believe a computer over a human ?
At best log files are supporting evidence, in most cases they only
show logins, connections and other impersonal evidence, no log can say
*BEYOND REASONABLE DOUBT* that someone did something, if in doubt deny
everything, after all its the job of the prosecution to *PROVE* you
are guilty.
Things to check out are
The Computer Misuse Act (1990)
Another piece of sound advice came from the editor of Phrack Chris Goggans.
Don't hack on your own door step, prosecuting someone in another country is
such a problem its often not worth the effort.
London. Next to the VR machines in The Trocadero. Starts 7:00pm-7:45pm.
Bristol. The payphones near the Almshouse pub (part of the Galleries). Starts
6:45pm to 7:00 pm ) Pay phone numbers (+44 117) or (0117) 929-9011, 929-4437,
922-6897. Email an306079@anon.penet.fi for more info
I believe other meets also happen in SE London and either Glasgow or Edinburgh
hacknuk is a mailing list dedicated to organising meets for hackers in the North
of England. To subscribe send an email to maillist@madrab.demon.co.uk with the
subject line of SIGNON hacknuk. I believe these are intended to be official 2600
meets
Conference Lines
After the success of 'Access All Areas' conference this year it looks like at
least one more conference will be organised (possibly Leicester in early April?)
I have also been told AAA II is happening next year.
"It all stems from warez, warez d00dz 'traffic' warez (pirated software). The
practice of intentionally miss-spelling words and changing letters for numbers
etc come partly from the necessity to 'hide' files. So if someone (especially a
sysadm) decides to search the entire disk for a known software title, they
wouldn't be found"
...others claim its just sad kiddies who think it cool (or is that kewl :-) )
Nick Whitely specialized in ICL mainframes, he committed his first hack
around January 1988 breaking into an ICL at Queen Mary College, going
on to hack Hull, Nottingham, Bath and Belfast Universities, always
ICL's. He was raided on 6th July 1988, charged with Criminal Damage
and released on Bail. In 1990 he was tried for Criminal Damage and
cleared of criminal damage to computer hardware, but found guilty of
two charges of damaging disks. He was given 1 Year, 8 months
suspended and served 2 months. His appeal was dismissed.
Paul Bedworth, member of 8lgm, was arrested in June 1991 and has the
privilege of being the first person to be tried under the Computer
Misuse Act 1990. He was acquitted of all charges in March 1993 after
successfully proving his 'addiction' to hacking after a 15 day trial.
Bedworth when on to do a degree in artificial intelligence at Edinburgh
University. His handle was Wandii.
Neil Woods and Karl Strickland, were and still are the main members of
8lgm (8 legged grove machine). As far as I know they were arrested
around the same time as Paul Bedworth, June 1991. But didn't stand
trial till May 1993. They both (I think) pleaded guilty, and were
convicted for six months each. They were the first people to be jailed
under the Computer Misuse Act (1990). They publish the 8lgm security
advisories, and act as computer security consultants. Neil Woods is
certainly an active security consultant. Neil Woods was also known as pad
and Karl Strickland as Gandalf.
This is what 8lgm say about themselves :
"[8lgm] was created in early 1989 by several individuals with a common
interest in computer security. Up until 1991, [8lgm] members actively
used vulnerabilities to obtain access to many computer systems
world-wide. After this period, any results of research have been
reported and passed onto vendors."
See section 5 for details of the 8lgm WWW page
Eddie Singh was first arrested in (approx) 1988 for breaking into the
University of Surrey terminal rooms. He used the nickname Camelot and
was arrested very soon after the Computer Misuse Act came into operation
for hacking the Ritz video chain. There is a book about him: "Beating the
System(Hackers Phreakers and Electronic Spies)" by Owen Bowcott and Sally
Hamiliton.
The Old Bailey Phone Phreaks
[I'll put this in when I've verified the year !]
4.2 What is and isn't illegal ?
Im no legal expert, so this may be rubbish
1(1) A person is guilty of an offence if
a) he causes a computer to perform any function with intent to
secure access to any program or data held in a computer
b) the access he intends to secure is unauthorised
or
c) he knows at the time when he causes the computer to perform
the function that this is the case.
1(2) The intent a person has to commit an offence under this
section need not be directed at
a) any particular program or data
b) a program or data of any particular kind
or
c) a program or data held in any particular computer.
1(3) A person guilty of an offence under this section shall be
liable on summary conviction to imprisonment for a term not
exceeding six months or to a fine not exceeding level 5 on the
standard scale or both.
As you can see, causing a computer to perform any function with intent
to secure unauthorized access to a computer is illegal. If you are
wardialing to find carrier, and then intend to gain unauthorized
access, then war dialling IS illegal (In my opinion).
Telecommunications Act (1984)
Criminal Justice and Public Order Act (1994 ?)
4.3 What should I do to avoid getting caught ?
Basically don't break the law ! You can't be prosecuted for -knowing-
how to do things (can you ?), but if you do hack/phreak, follow this advice,
don't get greedy, don't use any dodgy number / account for too long, don't go
boasting to your mates (especially on alt.ph.uk), when phreaking, try to route
your call so you are harder to trace, never dial direct from your own home. When
hacking, again try to cover you tracks, the more accounts / nodes you use the
harder you are to trace.4.4 Where can I meet other hackers / phreaks
2600 meets are held on the first friday of the month all over the world. After
the initial meeting they generally move to a local pub/pizza hut/Phone Exchange
:).UK meets happen in -
[ Any more info anyone ]
Underground BBSs
... I'll let you find these yourselves :)4.5 What all this Kewl d00dz and 3l33t business ?
One explanation offered is ...4.6 Where can I get warez ?
Sunday markets seem to be doing a roaring trade in Blobby/Ghost/Playdoh/Tango
CDs, and asking where to get them on the alt.ph.uk probably wont get you a
sensible reply. Try hanging around on #warez on irc (and its many derivatives,
although I believe you need to know the name of someone already on to get an
invite) and alt.binaries.ibm-pc.warez. There are also many Warez BBSs in the UK/4.7 Are there any 'famous' UK Hackers/phreaks ?
Steve Gold and Robert Schifreen were the first hacker/phreaks to
become well known in the UK (other than those in the old Bailey trail
but that was long before). They were responsible for hacking prestel
in 1984 and gained notoriety for hacking the Prince Phillips mailbox
through gaining system manager status on the prestel system. They were
raided on 10th April 1985 and were charged with forgery, there being
no anti-hacking laws in the UK at that time. Found guilty Schifreen
was fined #750 and Gold #650, with #1,000 costs each. On appeal they
were acquitted of all charges :) Neither continue to hack and are now
freelance journalists. Robert Schifreen was also known as Hex and
Triludan the Warrior.
ISBN: 7475 0513 6 published by Bloomsbury Press, 1990