The Hacker Crackdown: Law and Disorder on the Electronic Frontier - Bruce Sterling

Unlike the efforts of the Chicago Computer Fraud and Abuse Task Force, "Operation Sundevil" was not intended to combat "hacking" in the sense of computer intrusion or sophisticated raids on telco switching stations. Nor did it have anything to do with hacker misdeeds with AT&T's software, or with Southern Bell's proprietary documents.

Instead, "Operation Sundevil" was a crackdown on those traditional scourges of the digital underground: credit-card theft and telephone code abuse. The ambitious activities out of Chicago, and the somewhat lesser-known but vigorous anti-hacker actions of the New York State Police in 1990, were never a part of "Operation Sundevil" per se, which was based in Arizona.

Nevertheless, after the spectacular May 8 raids, the public, misled by police secrecy, hacker panic, and a puzzled national press-corps, conflated all aspects of the nationwide crackdown in 1990 under the blanket term "Operation Sundevil." "Sundevil" is still the best-known synonym for the crackdown of 1990. But the Arizona organizers of "Sundevil" did not really deserve this reputation—any more, for instance, than all hackers deserve a reputation as "hackers."

There was some justice in this confused perception, though. For one thing, the confusion was abetted by the Washington office of the Secret Service, who responded to Freedom of Information Act requests on "Operation Sundevil" by referring investigators to the publicly known cases of Knight Lightning and the Atlanta Three. And "Sundevil" was certainly the largest aspect of the Crackdown, the most deliberate and the best-organized. As a crackdown on electronic fraud, "Sundevil" lacked the frantic pace of the war on the Legion of Doom; on the contrary, Sundevil's targets were picked out with cool deliberation over an elaborate investigation lasting two full years.

And once again the targets were bulletin board systems.

Boards can be powerful aids to organized fraud. Underground boards carry lively, extensive, detailed, and often quite flagrant "discussions" of lawbreaking techniques and lawbreaking activities. "Discussing" crime in the abstract, or "discussing" the particulars of criminal cases, is not illegal—but there are stern state and federal laws against coldbloodedly conspiring in groups in order to commit crimes.

In the eyes of police, people who actively conspire to break the law are not regarded as "clubs," "debating salons," "users' groups," or "free speech advocates." Rather, such people tend to find themselves formally indicted by prosecutors as "gangs," "racketeers," "corrupt organizations" and "organized crime figures."

What's more, the illicit data contained on outlaw boards goes well beyond mere acts of speech and/or possible criminal conspiracy. As we have seen, it was common practice in the digital underground to post purloined telephone codes on boards, for any phreak or hacker who cared to abuse them. Is posting digital booty of this sort supposed to be protected by the First Amendment? Hardly—though the issue, like most issues in cyberspace, is not entirely resolved. Some theorists argue that to merely RECITE a number publicly is not illegal—only its USE is illegal. But anti-hacker police point out that magazines and newspapers (more traditional forms of free expression) never publish stolen telephone codes (even though this might well raise their circulation).

Stolen credit card numbers, being riskier and more valuable, were less often publicly posted on boards—but there is no question that some underground boards carried "carding" traffic, generally exchanged through private mail.

Underground boards also carried handy programs for "scanning" telephone codes and raiding credit card companies, as well as the usual obnoxious galaxy of pirated software, cracked passwords, blue-box schematics, intrusion manuals, anarchy files, porn files, and so forth.