Forwarded From: Ken Williams <jkwilli2at_private> -----BEGIN PGP SIGNED MESSAGE----- The Morning Call, PA [http://www.mcall.com:80/news/top/1366.htm] Computer hackers led police to child pornography suspect The high-tech group maintains a low profile in its fight against exploitation. September 22, 1998 By SONIA CSENCSITS Of The Morning Call A Bethlehem man charged with posting child pornography on the Internet was turned in by a computer hackers group that searches the World Wide Web for exploitation of children and notifies authorities of what it finds, court records show. William H. Prugh, 44, of 2175 Pinehurst Road was charged Friday with 15 counts of possessing and disseminating child pornography a week after police used a search warrant to seize computer equipment and "numerous depictions involving child pornography" from his home. Prugh admitted the pictures found on his computer files were his and that he was aware that posting the photographs on an Internet news group was illegal, says an affidavit of probable cause for Prugh's arrest. Efforts Monday to reach Prugh were unsuccessful. There was no answer at his home phone, and a woman who answered the door at his home, a neatly kept rancher, said he was not at home and asked a reporter to leave. But the affidavit details how the hackers' tip led to a 1-1/2-month investigation that trailed the child pornography from the Internet site to Prugh's home. The court papers say a member of Ethical Hackers Against Pedophilia notified the state police Computer Crime Unit in Harrisburg when the group found numerous child pornographic postings in news groups July 15-17. On its own Internet site, the group describes itself as a non profit corporation that "actively seeks out and works to stop exploitation of children on the Internet." Board member Dave Holland, in a phone interview from his home in Ohio, said the group was started two years ago, primarily by a California man he would identify only as "RSnake." The group started out using "various ways" to shut down child pornography sites on its own. It started helping law enforcement agencies about a year ago, with those agencies sometimes coming to the group for help. "Most city, county law enforcement agencies -- even some states -- they are not equipped to handle computer crime," he said. "They don't have the training, they don't have the equipment." The group embraces secrecy -- only a couple of members will reveal their names -- because threats have been made against it, Holland said. Asked who has threatened the group, he said, "Just pedophiles in general who don't like what we do." He would not reveal how many times the group has assisted law enforcement authorities, saying, "We decided not to make a numbers game out of it." The affidavit in the Bethlehem case says Cpl. Brian E. Acken, supervisor of the state police Computer Crime Unit in Harrisburg, asked the hackers to download the 15 graphic depictions found in the news group, which was identified by the words "pictures, erotica and pre-teen." The downloaded images included graphic depictions of "prepubescent children in various poses and sexual acts," the affidavit says. They also included the date and time of the posting and by whom the files were posted -- in this case, by someone using the name "RAMM@intothewalls." But more important to police, the downloaded files included a message identification number, assigned as soon as the user's computer modem is connected to the Internet, that identified each posting and the Internet provider access to the news group. That 12-digit number, the Internet Protocol Address, led police to Prugh. With the number in hand, the affidavit says, state police investigators contacted NuNet, a Bethlehem Internet service provider, and Bell Atlantic. On Aug. 17, Acken met with Trooper Christopher McBrairty of the state police Bureau of Criminal Investigation unit, based in Philadelphia, to discuss the information Acken had received from the hackers group. On Aug. 31, state police requested that NuNet provide access to logs, billing accounts and a history of the "RAMM" file. The computer company identified Prugh, the affidavit says. A NuNet spokesman, who would not give his name, said the company cooperated with the warrant and was able to provide the information through its sophisticated systems. Further investigation revealed Prugh's computer had contacted the news group July 14 and 15, the affidavit says. A total of 33 postings were made to the news group, including ones at 12:12 a.m. July 14, 10:58 p.m. July 16 and 9:41 p.m. July 31. There was none after July 31. NuNet's records showed that on July 14 and 31, there were 11 logons. Of those, nine were made from the same number. No phone number was listed for the two other calls, leading police to conclude the caller identification had been blocked. The July 31 call was from another number. On Sept. 8, state police learned both numbers were unlisted, and on Sept. 9, armed with a court order, police went to Bell Atlantic and secured the name and address for the two phone numbers. Both were from Prugh's home, the affidavit says. Police searched Prugh's home while he was away and found a basement computer system that included the 15 files downloaded July 18, the affidavit says. Prugh arrived home and told police he had collected the items for about two years, the affidavit says. He admitted to posting the 15 pictures in July and said he used the RAMM designation, it says. Prugh told police he downloaded all the photographs in his files and was trying to collect an entire specific series. Prugh advised police that all the pictures on the E drive were his and that he was aware that posting the pictures is illegal. Police said the investigation is continuing but that no other arrests were expected. Prugh was released on $20,000 bail on the provision that he have no contact with non-familial children under 18. - -- Ken Williams Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml E.H.A.P. Corporation http://www.ehap.org/ ehapat_private infoat_private NCSU Comp Sci Dept http://www.csc.ncsu.edu/ jkwilli2at_private PGP DSS/DH/RSA Keys http://www.genocide2600.com/cgi-bin/finger?tattooman -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQEVAwUBNgenIZDw1ZsNz1IXAQHu6QgAmafY+N5XJsg/X6sdGV8lOClDsjDqHZiV vtGhUSlOskxiQRq8TeA8YpWVSnj4+v0EmMBm/rnAEgcNG5AWc6U/O8xqVzMF37WZ FuABW1QeoF+QIx2aGbJxZbwdEFLXqo4riJjFi+74BLRdw+pqyPpSxcrrzwBfw5QI GpruPsh3CWbdZPgdV0f53TsQ4ID7Z7QtwZMPGxRUt8TaVfGaLLQQ8yGTmD1OiwCZ y0diYqCgI6s0RlgwfKxtuu11BnZ/ELNP/QI7iUrKiJRIL+XzS5SdljkEIBwCTtw6 pVpRTp0ze2/+dgKYht6rrrcgI55ucx3CgBtv6Gquln9u0RnZBymj3g== =ei0C -----END PGP SIGNATURE----- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:08 PDT