[Prev][Next][Index][Thread]
Schwartz case: police reports
I sent these to the FORS mail list, but they seem to be lost in the
black hole that is the teleport mail server. Since the FAQ is being
blasted to the world, I thought that these reports should make it out
as well. Note that the reports were enterred as evidence in the trial,
and to my knowledge, not substantially challeged.
There are two reports, one from Detective P. Lazenby and one from Detective
J. Lilley of the Washington County Sheriff's office.
I'll note that neither reports is a classic example of good grammar, spelling
or even word choice (some are quite funny, imo), but I have reproduced them
as they were written.
--mark
-------------------------------------------
Report of Detective P. Lazenby.
NARRATIVE:
On 11/01/93, writer assisted Sr. Deputy Lilley in the preparation of a
search warrant in regards to Randal Schwartz who had been illegally
bypassing computer systems and using a password cracking program to
obtain passwords to a computer system within Intel.
On 11/01/93, writer and other members of the Special Investigations
Unit served a search warrant at 12290 SW Butner Road, the residence of
Randal Schwartz. Detective Lilley execute the warrant and advised both
the Schwartz brothers of their Miranda rights. Writer made contact
with Randal Schwartz in the back bedroom where Detective Lilley was
interviewing him. Writer introduce myself to Randal Schwartz and we
talked about the incident Randal admitted to writer that he had been
using the crack program to get passwords and had obtained what he
thought was ten to twelve passwords. He advised that they were on the
"SNOOPY" program at Intel in a subdirectory "PLAY" under "STUFF.TAR".
Writer then asked Randal if he felt he was doing anything wrong.
Randal told writer that he was in fact violating Intel policy and he
also thought that he could be criminally prosecuted for these
incidents. I advised Randal that this was still under investigation
but under Oregon law, it could possibly be a misdemeanor or felony and
that if had used the phone lines to transfer any of the information out
of state, there could be federal crimes. I asked Randal if he
understood this and he said that he did. I asked Randal if he was
still willing to cooperate with us and he said that he was.
I asked Randall when he first got caught doing this and how he had done
it. Randal advised that he first had the "GATE" program on the "MINK"
computer a while back and he was caught and confronted by supervisors.
Randal said he stopped using "MINK" and that he switched over "GATE" to
"HERMES" and was doing that but "HERMES" was too slow so he went back
to "MINK" again. He was caught again on "MINK" so he switched "GATE"
over to "BRILLIG".
Randal advised that he was using "MERLIN" as his login on those
systems. I asked Randal why he was using the "CRACK" program to obtain
passwords and asked if he realized that these passwords would access
the SSD system. Randal advised that he did realize this and that he
was obtaining the passwords because he wanted to get his E-mail
quicker. I asked Randal if he ever logged in on SSD using any of the
passwords. Randal said first that he only logged in and logged out one
time and later, changed it to two or three times. I asked Randal if he
ever copied anything or looked at anything and he said that he did
not.
I passed this information on to Intel personnel and they checked the
machine under "STUFF.TAR" and found that there were at least forty to
fifty passwords that had been compromised and obtained by Randal. I
went back and confronted Randal with this because he had told me that
there were only ten to twelve. Randal then said, "I don't remember how
many exactly because I was just sticking them under the "STUFF.TAR" and
not really using them."
I asked Randal why he would need forty to fifty passwords and he said,
"I needed them in case they caught me doing it and knew they would shut
me down so the more passwords I had, the longer I could continue doing
what I wanted to do." Randal advised that he had the capability to do
it and he knew he could do it. I asked Randal if this was wrong and in
violation of Intel policy and Randal said, "Yes it is, but I knew I
could do it anyway." Randal said that he wanted to do it because he
wanted to be efficient in getting his E-mail very fast and he felt was
important and when they shut him down, he wanted to continue doing what
he was doing and since he had the capability to do it and knew he could
do it, he did it without permission.
Randal then told me that about one or two years ago, he was a SYS
administrator at Intel with SSD and that he would run the "CRACK"
program back then. Randal advised that this was a tool used to keep
passwords honest. Randal said that if you can break it with "CRACK",
bad guys can too. I then told Randal that if he knew this, and it was
a security measure back then, why was he doing it without authorization
now. Randal advised that he knew it was totally wrong and would get in
trouble if caught doing it. I then asked Randal if he remembered using
"CRACK" to enter any other systems to obtain passwords. Randal advised
that he used "CRACK" on the "ORILEY" system which is his publishers
back east and he obtained a password from them. I asked Randal how he
did this and he said he put "ORILEY" on "SNOOPY", used "CRACK" on it
and obtained the password. He said he did it just because he was
curious to see if "ORILEY" had any security. Randal advised that he
only got one password. I asked him if he ever used that password to go
into the "ORILEY" system and he said no. I asked Randal if he used it
anywhere else and he said that he used it on "TECHBOOK". Randal
advised that this is a bulletin board type system and that he used
"CRACK" on that system to obtain their passwords. Randal advised that
he did get a password and that he wrote to James D. at "TECHBOOK" and
advised him that he had done this as a way of making him aware of his
weak security.
I asked Randal if he remembered any of the passwords that he used to
log into SSD and Randal advised me that he remembers using the RonB
password to log into SSD and then to get out. Randal advised that he
never looked at anything, just went in and right out. Randal also
advised writer that at one time, he let Ed Bunch, a SYS administrator
at Intel know he had obtained SSD passwords. Randal was very vague
about how this had occurred and when asked what Mr. Bunch's reply was,
he advised, "No response, I don't think he really heard me".
Detect Lilley interviewed Randal Schwartz more extensively. Refer to
his report for more details.
---------------------------------------------
Report of Detective J. Lilley
NARRATIVE:
On 11/01/93 at 11:40 a.m., I met with the above mentioned Intel
employees at the Intel building where I was advised of their discovery
that one of their contract employees, Randal Schwartz, had been
illegally bypassing access gates to systems and illegally utilizing
password cracking programs to crack passwords to computer systems.
(Refer to attached report by Mark Morrissey for details).
On 11/01/93 at 6:35 p.m., myself and the above named individuals served
a search warrant at 12290 SW Butner Road at the residence of Randal
Schwartz. At the time of service, I read the search warrant in it's
entirety to Mr. Schwartz and his brother, immediately followed by
reading them their Miranda rights to which they both acknowledged
understanding. While the other Washington County Officers conducted
the search warrant, I conducted an interview with Randal Schwartz
regarding his activities at Intel and I was variously assisted in the
technical aspects of the interview by Mr. Cower, Mr. Stites, and Mr.
Pierce.
Initially, Mr. Schwartz admitted to me that he had in fact bypassed
access gates to Intel systems, explaining that the did this in order to
be able to receive "E-mail" messages at his work station in Intel.
While Mr. Schwartz admitted that he knew what he was doing was both
against department policy and, to use his words, "technically illegal",
he stated that his only intent was to make it more convenient for him
to correspond through computer mail at his work station rather than
having to wait until he got back home.
I then asked him about his use of the password cracking program "CRACK"
to break passwords that would allow him to access files in Intel
computer systems referred to as "BRILLIG" and Intel Supercomputer's
Systems Division (SSD). Mr. Schwartz freely admitted to me that he
had in fact employed the "CRACK" program to access passwords for both
"BRILLIG" and SSD but told me that his only reason for doing so was to
test both security systems that should have prevented anyone from using
the crack type program to access passwords.
I then began to go into these matters with Mr. Schwartz. As a result
of questions by me, along with information volunteered to me by Mr.
Schwartz, I learned the following from Mr. Schwartz.
Schwartz stated that he had been accessing Intel's "MINK" system by a
method known as "backdooring" until about April of 1993. Again, he
stated that this was in order to enable him to receive electronic mail
at his work station at Intel but at this point, Schwartz admitted to me
that while conducting this backdooring, he knew it was against Intel
policy and could possibly be considered a criminal act. Mr. Schwartz
admitted to me that he was confronted by Mark Morrissey and an Intel
employee by the name of Dirk Brandewie and advised that what he was
doing was not permitted and that he was to reinstall the appropriate
gates to the "MINK" system to prevent outside access, Mr. Schwartz
told me that he in fact did do that and that for a while, he attempted
to use another system known as "HERMES" but found that the Hermes
system was too slow for his needs and so he then wrote a new program,
different from the first, that enabled him to re-access "MINK" in order
to receive electronic mail. Mr. Schwartz admitted to me that he was
confronted again by Mr. Morrissey and Mr. Brandewie (about July of
1993) at which time, he was once again told that this activity was not
permitted and that he was to cease doing it.
Mr. Schwartz then went into some detail as to his activities regarding
access the "BRILLIG" system and the SSD system and the using of the
Intel "SNOOPY" system to speed up the accessing "CRACK" program to
obtain passwords to allow him access to the systems. At this point,
Mr. Schwartz readily acknowledged that not only was this activity
against Intel policy but there was no doubt in his mind that he could
also be found criminally liable for this activity. However, Mr.
Schwartz was very adamant that his only purpose in conducting these
exercises was to try and find out how hardened these two systems were
against attempts to crack their password codes using "CRACK"
programming or similar. Mr. Schwartz did acknowledge however that
another reason he was attempting to crack a "BRILLIG" password was that
his contract with the "BRILLIG" system was soon due to end and he
wished to ensure that he would continue to have password access to the
"BRILLIG" system after his contract ended and his personal password
revoked.
In response to our questions, Mr. Schwartz was adamant that at not time
did he ever actually access files using any of the cracked passwords
that he had obtained using the "CRACK" program. However, on further
questioning, Mr. Schwartz did admit to me that about three years ago,
while working at "I-WARP" (and Intel subsidiary) that he had, in fact
access files in the I-WARP system through a process known as "ROOT" and
that at that time, he had taken the further step of actually viewing
information from files he had accessed. He admitted to me that when he
had done that he had known at the time that what he was doing was both
against Intel policy and also illegal. However, again, Mr. Schwartz
denied that during his accessing of "BRILLIG" and SSD, he had never at
any time either viewed the contents of any file that he had accessed,
not had he made any copies of any kind of any of those files.
Through conversation with Mr. Schwartz, I learned from him that he had
worked for Tektronix between the years of 1978 and 1983 and that at one
point (he believed somewhere around 1981) he had actually been
suspended at Tektronix for engaging in similar activities. He also
went on to admit that he worked for a company called Tandem between the
years of 1986 and 1987 and that as an April Fools joke on one of those
years, he had also illegally cracked password and accessed files in
Tandem's systems. He stated that as a result of this activity, he was
actually "technically terminated" for about two hours. Mr. Schwartz
stated however that he was immediately reinstated by a supervisor who
took the point of view that in fact what Mr. Schwartz had been doing
was actually part of his job description which was testing security
systems within computer systems for Tandem. Mr. Schwartz stated that
in fact, at that point in time, he was writing a book about security
systems and that he was doing this in part as research for his book.
During the course of our conversation, Mr. Schwartz made mention of the
fact that on occasion, he had entertained private fantasies of engaging
in computer espionage but explained that they were merely idle
daydreaming and that it was not something that he had given any serious
consideration to. We began to explore this avenue in greater depth and
during further discussion, Mr. Schwartz admitted to me that in the
course of his espionage fantasy, he had given thoughts to such matters
as what type of information would be the most valuable to competitors,
what people or organizations would be most interested in this
information who would provide the greatest reward. On urging from me,
he admitted that he suspected that the Cray Organization would probably
be the biggest competitor who would be the most interested, and pay the
most for, any intelligence that he obtained from Intel systems.
Mr. Schwartz at first was very vague in his answers as to what
information he would obtain and where he would obtain it, etc.
However, on further discussions with me, he became more specific about
the types of information, how he would access it, and who he would take
it to. At one point, I asked Mr. Schwartz if he had ever taken any
active steps in carrying out this fantasy and his response to me was,
"I never to any steps externally to carry out this fantasy". I then
asked him if that meant that he had possibly contacted somebody within
the Intel cooperation regarding this fantasy at which point he stated,
"No, no, I meant externally beyond the tips of my fingers, outside my
mind."
Mr. Schwartz also discussed with the Intel personnel in the interview
with me more technical aspects of his activities within Intel and
outside companies that he had contracts with. These statements were
better understood and assessed by the Intel personnel. Refer to their
reports on those aspects of our interviews.
At 9:00 p.m., we concluded our interviews and the service of the search
warrant of Mr. Schwartz's residence and cleared to return to the
Washington County Sheriff's Office.
On 11/02/93, I served a search warrant at Mr. Schwartz's business
address at Stone Hedge Consulting Services, 4470 SW Hall St. #107,
Beaverton, Oregon, finding that address was merely a private PO Box
service and that Box 107 was a mailbox for Mr. Schwartz. On service of
the search warrant at that location, I learned that there was only
routing mail in Mr. Schwartz's box and did not see or find anything
that was covered by the search warrant issued.
It should also be noted that on 11/01/93, while serving the search
warrant at Mr. Schwartz's residence, Intel personnel at our direction,
shut down Mr. Shcwartz's work station at Intel in order to maintain
evidentiary integrity of that work station.
On 11/02/93 at 10:00 a.m., I gave Intel personnel the service copy of
the search warrant, authorizing the search of Mr. Shcwartz's work
station on Intel property.
Investigation ongoing. No further action taken to this date.