[ISN] Computer hackers led police to child pornography suspect

From: mea culpa (jerichoat_private)
Date: Tue Sep 22 1998 - 11:07:03 PDT

  • Next message: mea culpa: "[ISN] Canadian firms face more hacks"

    Forwarded From: Ken Williams <jkwilli2at_private>
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    The Morning Call, PA
    [http://www.mcall.com:80/news/top/1366.htm]
    
    Computer hackers led police to child pornography suspect
    
    The high-tech group maintains a low profile in its fight against 
    exploitation.
    
    September 22, 1998
    By SONIA CSENCSITS
    Of The Morning Call
    
        A Bethlehem man charged with posting child pornography on the Internet 
    was turned in by a computer hackers group that searches the World Wide 
    Web for exploitation of children and notifies authorities of what it 
    finds, court records show.
        William H. Prugh, 44, of 2175 Pinehurst Road was charged Friday with  
    15 counts of possessing and disseminating child pornography a week after 
    police used a search warrant to seize computer equipment and "numerous 
    depictions involving child pornography" from his home.
    
        Prugh admitted the pictures found on his computer files were his and 
    that he was aware that posting the photographs on an Internet news group 
    was illegal, says an affidavit of probable cause for Prugh's arrest.
    
        Efforts Monday to reach Prugh were unsuccessful. There was no answer at  
    his home phone, and a woman who answered the door at his home, a neatly kept 
    rancher, said he was not at home and asked a reporter to leave.
    
        But the affidavit details how the hackers' tip led to a 1-1/2-month  
    investigation that trailed the child pornography from the Internet site to  
    Prugh's home.
    
        The court papers say a member of Ethical Hackers Against Pedophilia 
    notified the state police Computer Crime Unit in Harrisburg when the group 
    found numerous child pornographic postings in news groups July 15-17.
    
        On its own Internet site, the group describes itself as a non profit  
    corporation that "actively seeks out and works to stop exploitation of  
    children on the Internet."
    
        Board member Dave Holland, in a phone interview from his home in Ohio,  
    said the group was started two years ago, primarily by a California man he  
    would identify only as "RSnake."
    
        The group started out using "various ways" to shut down child pornography 
    sites on its own. It started helping law enforcement agencies about a year ago, 
    with those agencies sometimes coming to the group for help.
    
        "Most city, county law enforcement agencies -- even some states -- they are  
    not equipped to handle computer crime," he said. "They don't have the training, 
    they don't have the equipment."
    
        The group embraces secrecy -- only a couple of members will reveal their 
    names -- because threats have been made against it, Holland said.  Asked who  
    has threatened the group, he said, "Just pedophiles in general who don't like 
    what we do."
    
        He would not reveal how many times the group has assisted law enforcement 
    authorities, saying, "We decided not to make a numbers game out of it."
    
        The affidavit in the Bethlehem case says Cpl. Brian E. Acken, supervisor of 
    the state police Computer Crime Unit in Harrisburg, asked the hackers to 
    download the 15 graphic depictions found in the news group, which was identified 
    by the words "pictures, erotica and pre-teen."
    
        The downloaded images included graphic depictions of "prepubescent children 
    in various poses and sexual acts," the affidavit says. They also included the 
    date and time of the posting and by whom the files were posted -- in this case, 
    by someone using the name "RAMM@intothewalls." 
    
        But more important to police, the downloaded files included a message 
    identification number, assigned as soon as the user's computer modem is connected 
    to the Internet, that identified each posting and the Internet provider access to 
    the news group.
    
        That 12-digit number, the Internet Protocol Address, led police to Prugh.
    
        With the number in hand, the affidavit says, state police investigators 
    contacted NuNet, a Bethlehem Internet service provider, and Bell Atlantic.
    
        On Aug. 17, Acken met with Trooper Christopher McBrairty of the state police 
    Bureau of Criminal Investigation unit, based in Philadelphia, to discuss the 
    information Acken had received from the hackers group.
    
        On Aug. 31, state police requested that NuNet provide access to logs, billing 
    accounts and a history of the "RAMM" file.
    
        The computer company identified Prugh, the affidavit says.
    
        A NuNet spokesman, who would not give his name, said the company cooperated 
    with the warrant and was able to provide the information through its sophisticated 
    systems.
    
        Further investigation revealed Prugh's computer had contacted the news group 
    July 14 and 15, the affidavit says.
    
        A total of 33 postings were made to the news group, including ones at 12:12 
    a.m. July 14, 10:58 p.m. July 16 and 9:41 p.m. July 31. There was none after July 31.
    
        NuNet's records showed that on July 14 and 31, there were 11 logons. Of those, 
    nine were made from the same number. No phone number was listed for the two other 
    calls, leading police to conclude the caller identification had been blocked.
    
        The July 31 call was from another number.
    
        On Sept. 8, state police learned both numbers were unlisted, and on Sept. 9, 
    armed with a court order, police went to Bell Atlantic and secured the name and 
    address for the two phone numbers. Both were from Prugh's home, the affidavit says.
    
        Police searched Prugh's home while he was away and found a basement computer 
    system that included the 15 files downloaded July 18, the affidavit says.
    
    Prugh arrived home and told police he had collected the items for about two years, 
    the affidavit says. He admitted to posting the 15 pictures in July and said he used 
    the RAMM designation, it says.
    
        Prugh told police he downloaded all the photographs in his files and was trying 
    to collect an entire specific series. Prugh advised police that all the pictures on 
    the E drive were his and that he was aware that posting the pictures is illegal.
    
        Police said the investigation is continuing but that no other arrests were 
    expected.
    
        Prugh was released on $20,000 bail on the provision that he have no contact with 
    non-familial children under 18.
    
    
    
    - -- 
    Ken Williams
    
    Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml
    E.H.A.P. Corporation  http://www.ehap.org/  ehapat_private infoat_private
    NCSU Comp Sci Dept    http://www.csc.ncsu.edu/ jkwilli2at_private
    PGP DSS/DH/RSA Keys   http://www.genocide2600.com/cgi-bin/finger?tattooman
    
    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 5.0i for non-commercial use
    Charset: noconv
    
    iQEVAwUBNgenIZDw1ZsNz1IXAQHu6QgAmafY+N5XJsg/X6sdGV8lOClDsjDqHZiV
    vtGhUSlOskxiQRq8TeA8YpWVSnj4+v0EmMBm/rnAEgcNG5AWc6U/O8xqVzMF37WZ
    FuABW1QeoF+QIx2aGbJxZbwdEFLXqo4riJjFi+74BLRdw+pqyPpSxcrrzwBfw5QI
    GpruPsh3CWbdZPgdV0f53TsQ4ID7Z7QtwZMPGxRUt8TaVfGaLLQQ8yGTmD1OiwCZ
    y0diYqCgI6s0RlgwfKxtuu11BnZ/ELNP/QI7iUrKiJRIL+XzS5SdljkEIBwCTtw6
    pVpRTp0ze2/+dgKYht6rrrcgI55ucx3CgBtv6Gquln9u0RnZBymj3g==
    =ei0C
    -----END PGP SIGNATURE-----
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:08 PDT