APPENDIX C APPENDIX C REFERENCES PRIMARY DATA (INTERVIEWS) 19JULY94 July 19, 1994. Interview with Federal Bureau of Investigation, Computer Crimes and Fraud Section, National Security Division. ASISJL94 July 25, 1994. Interview with ASIS Committee on Safeguarding Proprietary Information. DIA93 May 10, 1993. Position statement of the U.S. Government on electronic PSN intrusions. Based on December 3, 1990, briefing to NSTAC. DISAINT November 3, 1993. Interview DISA Center for Information System Security. OPEN SOURCE DATA 2600AU93 Autumn 1993. "An Overview of DSS1." 2600: The Hacker Quarterly. Volume 10. Number 3. 2600SP93 Spring 1993. "Letters to the Editor." 2600: The Hacker Quarterly. Volume 10. Number 1. 2600SP94 Spring 1994. "Blue Boxing - CCITT System #5." 2600: The Hacker Quarterly. Volume 11. Number 1. 2600SU91 Summer 1991. "More on the Class Struggle." 2600: The Hacker Quarterly. Volume 8. Number 2. 2600SU93 Summer 1993. "A Guide to the 5ESS." 2600: The Hacker Quarterly. Volume 10. Number 2. 2600WI92 Winter 1992-1993. "Telco News." 2600: The Hacker Quarterly. Volume 9. Number 4. 2600WI93 Winter 1993-1994. "News Roundup." 2600: The Hacker Quarterly. Volume 10. Number 4. 2600VID Autumn 1991. "The Hacker Video." 2600: The Hacker Quarterly. Volume 8. Number 3. 29APR92 David G. Major. August 1993. "Economic Intelligence and the Future of U.S. National Competitiveness," Presentation to the Annual Convention of the American Society for Industrial Security. AIRCAMP Shaw, K.C., Paul DiJulio, Mark Williams, and Bernard Kring. 1993. "Communications-Computer Systems: Critical Centers of Gravity." Air Campaign Course 1993 Research Projects, Maxwell AFB, AL: Air Command and Staff College. ALEXANDER91 Alexander, Michael. October 21, 1991. "Justice Unit Spurred on by Cross-border Hackers." Computerworld. AP4989 April 9, 1989. "Crackdown on Hackers Urged." Associated Press. AP51388 May 13, 1988. "Virus Hits UNIX at Bell Labs." Associated Press. ASSIST103 1991. "Security Alert for Novell Network Software." ASSIST Bulletin 91-3. BARLOW90 Barlow, John. 1990. "Crime and Puzzlement, Parts 1 and 2." Whole Earth Review and other computer underground publications. BASNET1 Sk8 The SkinHead (hacker alias). November 1989 (est.). "Basic Networking." BELLTRASH The Dragyn (hacker alias). 1989 (est.). "Bell Trashing." BOOTLEG6 June 1992. Reprint of "Cracking Down on Abuse." MCI World. BROOKS92 Ingram, Kenneth G., Director, Product Development, American Telephone & Telegraph. September 15, 1992. Letter to Representative Jack Brooks, Chairman, Subcommittee on Economic and Commercial Law, House Judiciary Committee, included in Committee on the Judiciary. The Threat of Foreign Economic Espionage to U.S. Corporations, U.S. House of Representatives, Washington, DC: USGPO, 1992. BRUNNER75 Brunner, John. 1975. The Shockwave Rider. New York: Ballantine. BRUNNSTEIN91 Brunnstein, Klaus. July 29, 1991. Computerworld. BULLIES Flanagan, William G. December 1992. "The Playground Bullies Are Learning How to Type." Forbes. CAPITAL92 Tichy, Roland. October, 1992. "Authentic, Topical, Inexpensive." Capital. CALLER Casual (hacker alias). February 1992. "ANI, Caller ID, and Dial-in Security." CC593A Rothfeder, Jeffrey. May 1993. "Holes in the Net." Corporate Computing. CC593B Quinn, Brian. May 1993. "Dialing for Dollars." Corporate Computing. CCW0593 May 17, 1993. "Telecommunications, Satellites Said To Be Targeted for Espionage by France." Common Carrier Week. CCSTF94 Common Channel Signaling Task Force. Final Report of the Common Channel Signaling (CCS) Task Force. January 31, 1994. CDUGD91 February 1991. Computer Down-Under-Ground Digest, Issue 1. CFCA91 Communications Fraud Control Association. 1991. Annual Fraud Estimates. CFCA193 Communications Fraud Control Association. December 1992 - January 1993. Communicator. CFSB791 Klopp, Charlotte. July 1991. Computer Fraud & Security Bulletin. CHENOWITH92 Chenowith, Richard. 1992. "Allpoints." Intercon Security, Ltd. CIA92 1992 (est.). Criminals Into Anarchy. Volume 1, Issue 1. COMPAUST May 4, 1984. "CIA Warns of Japan Threat." Computerworld Australia. COMPCONF91 November 21, 1991. "Prosecution & Defense." The Computer Conference Newsletter. COOK90 Cook, W.J. May 1990. "Uncovering the Mystery of Shadowhawk." Security Management. CORPCOMP Patrick Houston. May 1993. "Easy Prey: Corporate Data Is Vulnerable to Theft," Corporate Computing. COSMOS86 Sir William (hacker alias). 1986. "The 1986 COSMOS Files Part III: Service Order Input." CPP92 The Raven (hacker alias). 1992. "The Ultimate Cellular Phone Phreaking Manual, Parts 1 and 2." CRIMCOST Kay Russell. "Calculating the Cost of Computer Crime." Infosecurity News, Volume 3, Number 6. CSIS84 Panel on Crisis Management, CSIS Science and Technology Panel. 1984. America's Hidden Vulnerabilities. Washington, DC. CSJCHARN Scott Charney, "The Justice Department Responds to the Growing Threat of Computer Crime," Computer Security Journal, 3:2, Fall 1992, pp. 1-12. CSJFAL92 Goldis, Peter. Fall, 1992. "Hackers for Hire." Computer Security Journal. CSJSHERI Sherizen, Sanford. Fall 1992. "The Globalization of Computer Crime." Computer Security Journal. CSL0394 National Institute of Standards and Technology. March 1994. "Threats to Computer Systems: An Overview." CSL Bulletin. CSL1093 National Institute of Standards and Technology. October 1993. "People: An Important Asset in Computer Security." CSL Bulletin. CUD104 through CUD693 April 11, 1990, to October 27, 1994. Computer Underground Digest. Volume 1, Issue 4 through Volume 6, Issue 93. CW52592 Schwartz, Jeffrey. May 25, 1992. "Users Size Up Hacker Tracker." Communications Week. CYBERWAR Arquilla, John and David Ronfeldt. April-June 1993. "Cyberwar is Coming!" Comparative Strategy. DATAPRO August 1992. "Common Channel Signaling System Number 7." Datapro Information Services Group. DATA1093 October 1993. "Computer Security Issues: 1993 Survey," Reports on Information Security. Datapro Information Services Group. DEBATE McMullen, Barbara and John McMullen. March 18, 1991. " Hacker' Debate Heats Virus Conference." Newsbytes. DENNING90 Denning, Dorothy. 1990. "Concerning Hackers Who Break Into Computer Systems." DEC Systems Research Center. DFP1 through DFP4 January 1992 to May 1992. Digital Free Press. Volume 1 through Volume 4. DIA90 Young, Stanley and Michael Higgins. June 14, 1990. "Threat to the Public Switched Network." Presentation to the Defense Intelligence Agency. DIGITAL Phantasm (hacker alias). September 12, 1992. "Digital Underground." DISA1293 Defense Information Systems Agency. December 16, 1993. Planning Considerations for Defensive Information Warfare Informaiton Assurance. DM11091 October 1991. Digital Murder. Volume 1. DOA1193 Department of the Army. November 10, 1993. Army Command and Control Warfare (C2W) Concept Information Briefing. DUTCH Utrecht, Herbert Blankesteijn. June 8, 1991. "Dutch Phone Phreaks' Dial World for Free." New Scientist. EDWARDS92 Edwards, Dr. Jack. March 1992. Meeting of the Network Security Task Force. EFF402 December 1992. EFFector Online. Volume 4, Issue 2. EFFCT206 March 1992. EFFector Online. Volume 2, Issue 6. FAMSPY Early, Pete. Family of Spies: Inside the John Walker Spy Ring. New York: Bantam. FED0694 Brewin, Bob. June 20, 1994. "Senate Targets Intruders on Defense Systems." Federal Computer Week. Volume 8. Number 15. FINAL89 Kupperman, Robert W. and Jeff Kamen. 1989. Final Warning: Averting Disaster in a New Age of Terrorism. New York; Doubleday, pp. 46-48. FOR1092 Alster, Norm. October 26, 1992. "The Valley of Spies." Forbes. p. 200. FORINO Richelson, Jeffrey T. 1988. Foreign Intelligence Organizations. Cambridge, MA: Ballinger. FRAUDSEC Stusser, Daniel. "Securing Your Systems Against Fraud." Networking Management. Volume 10, Issue 6. FREEDMAN93 Freedman, Alan. 1993. Electronic Computer Glossary. Electronic publication. GCMJAN92 James Smith, "SSA Employees Accused of Selling Personal Data," Government Computer News, January 6, 1992. GE5 Hayduke, George. 1989. The Get Even Series. Port Townsend, WA: Loompanics Unlimited. GIBSON84 Gibson, William. 1984. Neuromancer. New York: Ace. GREEN92 Green, James Harry. 1992. The Business One Irwin Handbook of Telecommunications. 2nd ed. Homewood, Illinois: Business One Irwin. HACKDEA Bushaus, Dawn. December 1990. "DEA Falls Prey to Hackers; Theft of Services Could Amount to $2 Million." Communications Week. HACKGUIDE The Mentor (hacker alias). December 1988. A Novice's Guide to Hacking - 1989 Edition. HACKUNLM October 1989. Hackers Unlimited Magazine. Volume 1. Issue 1. HAFFNER91 Haffner, Katie and John Markoff. 1991. Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon and Schuster. HD07 Hacker Supreme (hacker alias). 1986. Hackers' Directory. Volume 7. HD12 Hacker Supreme (hacker alias). 1986. Hackers' Directory. Volume 12. IHA191 June 1991. International Hackers Association Newsletter. Volume 1. INDUSTRIAL1192 November 1992. "Competitive Intelligence; A Key to Marketplace Survival." Industrial Marketing. INFORM2 January 1992. Informatik. Issue 2. INGRAM92 Ingram, Kenneth G., Director, Product Development, American Telephone & Telegraph. May 7, 1992. Statement before the House Judiciary Committee, Hearing on the Threat of Foreign Espionage to U.S. Corporations. ISOC1293 December 1993. Internet Society Press Release. ISOC894 August 4, 1994. "Latest Internet Measurements Reveal Dramatic Growth in 1994." Internet Society Press Release. IVPC94 Kluepfel, Hank. March 31, 1994. "Toward a More Secure Telecommunications Infrastructure - Mitigating the Risks." Briefing to the International Virus Prevention & Information Security Conference. JROGR149 Jolly Roger (hacker alias). 1990 (est.). "A Short History of Phreaking." JSC294 Joint Security Commission. February 1994. Redefining Security. Washington, DC: USGPO. LANDRETH85 Landreth, Bill. 1985. Out of the Inner Circle: A Hacker's Guide to Computer Security. Belleview, Washington: Microsoft Press. LANMAG93 June 1993. "Glossary." LAN Magazine. Volume 8. Number 6. LESSON June 19, 1991. United States Senate, A lesson of the Gulf War: National Security Requires Computer Security. Subcommittee on Government Information and Regulation, Committee on Governmental Affairs, Washington, DC: USGPO. LEVY84 Levy, Steven. 1984. Hackers: Heroes of the Computer Revolution. Garden City, Long Island: Doubleday. LOD1 through LOD4 January 1, 1987 to May 20, 1990. Legion of Doom/Legion of Hackers: Technical Journal. Volume 1 through Volume 4. LODINDICT90 1990. U.S.A. vs. Robert Tiggs and Craig Neidorf. U.S. District Court, Northern District of Illinois, Eastern Division. No. 90, CR 70. Violations: Title 18, United States Code, Sections 1343 and 2314. LOL012 October 22, 1991. Legion of Lucifer - Phone Hackers United to Crash & Kill Newsletter. Volume 1. Issue 12. LOL020 August 29, 1991. Legion of Lucifer - Phone Hackers United to Crash & Kill Newsletter. Volume 1. Issue 20. LT42393 April 23, 1993. "Computer Hacker Accused of Unfairly Winning Prizes." Los Angeles Times. MAJOR93 Major, David G. August 1993. "Economic Intelligence and the Future of U.S. National Competitiveness," Presentation to the Annual Convention of the American Society for Industrial Security. MARTEN76 Marten, James. 1976. Telecommunications and the Computer. Englewood Cliffs, NJ: Prentice-Hall, Inc. MEYER89 Meyer, Gordon R. 1989. "The Social Organization of the Computer Underground." M.A. Thesis, Northern Illinois University, De Kalb. MEYERTHOMAS90 Meyer, Gordon R. and Jim Thomas. 1990. "The Baudy World of the Byte Bandit: A Postmodernist Interpretation of the Computer Underground." Department of Sociology, Northern Illinois University. MITNICK4 Kellner, Mark. January 2, 1989. "Hacker Is Jailed for Theft: Allegedly Steals DEC VMS Code." MIS Week. MTRASH Kid & Co. and The Shadow (hacker aliases). 1984. "More on Trashing." 2600: The Hacker Quarterly. NATPOL Executive Office of the President. July 5, 1990. National Policy for the Security of National Security Telecomunications and Information Systems. National Security Directive 42 (REDACTED COPY). NATSTRAT The White House. July 1994. A National Security Strategy of Engagement and Enlargement. Washington, DC: USGPO. NB12090 Woods, Wendy. January 20, 1990. "Three Indicted for Stealing Classified Data." Newsbytes. NCSA5692 National Computer Security Association. May/June 1992. NCSA News. NCS-M93 Manager, National Communications System. August 1993. "Status Report on the Security of the Public Switched Network: Report to the Chairman, Inter-Agency Working Group." NETFIRE1 Higgins, Mike. June 28, 1994. "Threats to DoD Unclassified Systems." Briefing to the Workshop on Network Firewalls for NS/EP Communications. NETFIRE2 Whitman, Mike. June 28, 1994. Briefing to the Workshop on Network Firewalls for NS/EP Communications. NEWTON93 Newton, Harry. 1993. Newton's Telecom Dictionary. Electronic publication. NFX001 June 1991. New Fone Express. Issue 1. NFX5 October 1991. New Fone Express. Issue 5. NFX61192 November 1991. New Fone Express. Issue 6. NIST1092 Bassham, Lawrence E. and W. Timothy Polk. October 1992. Threat Assessment of Malicious Code and Human Threats. NISTIR 4939, Computer Security Division, National Institute of Standards and Technology. NISTNEWS Henkel, John. March 19, 1993. "Response Group Formed to Handle International Computer and Network Security Problems." National Institute of Standards and Technology release. NONLETH Alexander, John B. Undated. Non-Lethal Defense: A Comprehensive Defense Strategy to Provide Commanders More Options Short of War. Los Alamos National Laboratory. NOSC594 Sciarini, Charles. May 1994. "The Insider Threat: Information Brokering in the 1990s." Presentation at the Fifth National Operations Security Conference. NPR993 Vice President Al Gore. September 1993. Creating a Government that Works Better & Costs Less: Reengineering Through Infomation Technology. Accompanying Report of the National Performance Review. NRC89 National Research Council. 1989. "Growing Vulnerability of the Public Switched Network: Implications for National Security Emergency Preparedness." NSA102 June 23, 1991. National Security Anarchists. Volume 1. Issue 2. NSA103 July 1, 1991. National Security Anarchists. Volume 1. Issue 3. NSSOG994 The Network Security Standards Oversight Group. September 1994. Network Security Standards for the Public Switched Network: Issues and Recommendations. NSTAC90 National Security Telecommunications Advisory Committee. 1990. "Proceedings of the Network Security Task Force." NSTAC92 National Security Telecommunications Advisory Committee. 1992. "Proceedings of the Network Security Task Force." NSTF90 November 1990. Network Security Task Force Report to NSTAC XII. NSTF92 June 1992. Network Security Task Force Report to NSTAC XIV. NW6192 Taff, Anita. June 1, 1992. "Bill Would Protect Government Agencies From Toll Fraud Charges." Network World. OPSEC Interagency OPSEC Support Staff. April 1991. Compendium of OPSEC Terms and Definitions. Greenbelt, MD: IOSS. OPSEC2 Patakos, Arion N. Fall 1993. "Counter-Competitor Intelligence: Keeping Company Secrets Secret." The OPSEC Journal. p. 39. OTA87 U.S Congress, Office of Technology Assessment. October 1987. Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information, OTA-CIT-310. Washington, DC: U.S. Government Printing Office. OUD1992 Office of the Undersecretary of Defense (Acquisition). 1992. The Militarily Critical Technologies List, Washington, DC: Department of Defense. PARKER83 Parker, Donn. 1983. Fighting Computer Crime. New York: Charles Scribner's Sons. PHANTSY10 November 1, 1992. Phantasy. Volume 3. Issue 10. PHANTSY11 November 6, 1992. Phantasy. Volume 3. Issue 11. PHELPS92 Phelps, Marshall C., Jr., Vice President for Commercial and Industry Relations, IBM. April 29, 1992. Statement before the House Judiciary Committee, Hearing on the Threat of Foreign Espionage to U.S. Corporations. PHRACK01 through PHRACK43 November 1985 to July 1993. PHRACK Magazine. Volume 1 through Volume 43. PHN02-04 1989 (est.). P/HUN Newsletter. Volume 2. Issue 4. PHUN88 September 30, 1988. P/HUN Newsletter. Volume 1. POST32391 Potts, Mark. March 23, 1991. "Hacker Pleads Guilty in AT&T Case." Washington Post. POWELL90 Powell, Dave. September 1990. "Network Abuse: Who's the Enemy?" Networking Management. QUARTERMAN90 Quarterman, John S. 1990. The Matrix: Computer Networks and Conferencing Systems Worldwide. Bedford, Massachusetts: Digital Press. R&ROP Fred Steinbeck (hacker alias). 1991 (est.). "Dealing with the Rate and Route Operator." RAYMOND91 Raymond, Eric. 1991. The New Hacker's Dictionary. London: The MIT Press. RSKS1364 July 14, 1992. RISKS Digest. Volume 13. Issue 64. ROSENTHL August 3, 1993. The Role of the United States Intelligence Community and U.S. Economic Competitiveness, Statement of Dr. Mark M. Rosenthal, Congressional Research Service, before the Senate Select Committee on Intelligence. RSKS1438 March 7, 1993. RISKS Digest. Volume 14. Issue 38. SANDZA84 Sandza, Richard. November 12, 1984. "Night of the Hackers." Newsweek. SASC694 Senate Armed Services Committee. June 1994. National Defense Authorization Act for Fiscal Year 1995. Washington DC: USGPO. SCHWEIZER93 Schweizer, Peter. 1993. Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets. New York: The Atlantic Monthly Press. SE30SNYB Littman, Jonathan. September 12, 1993. "The Last Hacker." Los Angeles Times. SECMAN1-93 January 1993. Security Management Magazine. SECTEC July 1, 1994. "Industry, Government Say Security Should Focus on Information." Security Technology News. SHERMAN85 Sherman, Kenneth. 1985. Data Communications: A User's Guide. Reston, Virginia: Reston Publishing Company, Inc. SJMN41391 Barnum, Alex. April 13, 1991. "Computer Fugitive Fits in: Man Eluded FBI With Low Profile." San Jose Mercury News. SJMN1092 Greve, Frank. October 21, 1992. "French Techno-Spies Bugging U.S. Industry." San Jose Mercury News. p. F1. SJMN52791 Barnum, Alex. May 27, 1991. "Hacker's Obsession Led Him to Jail." San Jose Mercury News. SOCENG89 Fallen Angel (hacker alias). September 1989. "Social Engineering: How to Get Information." SPOOFER91 Goodfellow, Geoffrey S., Robert N. Jesse, and Andrew H. Lamothe, Jr. 1991. "The Electronic Serial Number: A Cellular Sieve? Spoofer Can Defraud Users and Carriers." SRI93 SRI International. 1993. "Vulnerabilities of the PSN." STOLL89 Stoll, Clifford. 1989. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Doubleday. STOLL89-2 Stoll, Clifford. May 1988. "Stalking the Wily Hacker." Communications of the ACM. STOLL89-3 Stoll, Clifford. September 1987. "What Do You Feed a Trojan Horse?" Proceedings of the 10th National Computer Security Conference. SWEDISH90 1990. Annual Year Protocol of the Swedish Hackers Association. Volume 3. SWEDISH92 February 1992. Annual Year Protocol of the Swedish Hackers Association. Volume 4. SWORD Richelson, Jeffrey T. 1986. Sword and Shield: The Soviet Intelligence and Security Apparatus. New York: Ballinger. TAOTRASH The Phoenix Force (hacker group). 1988 (est.). "Art of Trashing." TD1190 November 1990. Telecom Digest Guide to Special Prefixes/Numbers. TD14-315 Waddell, Steve. July 11, 1994. "Re: NYTimes, err, FBI, Looking For Telco Hacker." Telecom Digest. Volume 14. Issue 315. TELTECHAN Minoli, Daniel. 1991. Telecommunications Technology Handbook. Norwood, Massachusetts: Artech House, Inc. THEFT Grata, Joe. August 29, 1993. "2 Teen 'Hackers' Held in Break-ins Troopers Seek 4 Other 'Computer Whizzes' in Equipment Thefts." Pittsburgh Post-Gazette. TIME0792 Nelan, Bruce W. July 5, 1993. "A New World for Spies," Time, pp. 28-31. TNS10 November 18, 1987. Tolmes News Service. Volume 10. TNSR394 February/March, 1994. "Thousands of Internet Users Compromised by Hackers and Information Thieves." Telecom & Network Security Review. Volume 2. Number 1. TRASHTECH Master of Reality (hacker alias). 1989 (est.). "Trashing Techniques." UKACT05 Gold, Steve. May 8, 1990. "UK Anti-Hacking Bill Goes Through to House of Lords." Newsbytes. UKACT07 Gold, Steve. July 5, 1990. "UK: Computer Misuse Bill Receives Royal Assent." Newsbytes. UMPOULSEN Episode featuring the case of Kevin Poulsen. New York: NBC television program, Unsolved Mysteries, May 1991. UNLISTED The Jolly Roger (hacker alias). 1990 (est.). "Unlisted Phone Numbers." USGPO92 Committee on the Judiciary. 1992. The Threat of Foreign Economic Espionage to U.S. Corporations, U.S. House of Representatives, Washington, DC: USGPO. USNWR August 15, 1994. "High-level Hacker." U.S. News and World Report. USRESEARCH USA Research. 1992. "1992 IPA Computer Virus and Hacker Study." UXU002 1991. Underground eXperts United. Volume 1. Issue 2 UXU033 1991. Underground eXperts United. File 33. UXU047192 January 1992. Underground eXperts United. Volume 47. WARAWAR Campen, Alan D. as quoted by Alvin and Heidi Toffler. 1993. War and Anti-War: Survival at the Dawn of the 21st Century. Boston: Little, Brown. WARREN Warren, Peter. June 19, 1989. "Technoterrorists: Growing Links Between Computer Technology and the Seedy Underworld of Terrorism, Organized Crime, and Spying." Computer Talk. WASHTEC Munro, Neil. August 25, 1994. "Hacker Attack Reveals Vulnerability of DOD War Plans." Washington Technology. WASTEC Munro, Neil. May 19, 1994. "South Korea Said to Eye U.S. Technnology." Washington Technology. WINTERMUTE1 Wintermute (hacker alias). February 1991. Unnamed article on Cyberpunk. WIRED994 September 1994. "Street Cred." Wired. Volume 2.09. WSJ082290 Wilke, John R. August 22, 1990. "Open Sesame: In the Arcane Culture of Computer Hackers, Few Doors Stay Closed." Wall Street Journal. WSJAUG92 "In House Hackers," The Wall Street Journal, August 27, 1992, p. A1. ZONE2 Black Death (hacker alias). 1991 (est.). "The Phreaking Articles - Volume 2."