Date: Sat, 1 Mar 2003 14:55:24 -0500 (EST) From: anonymous@domain.com To: kgerein@thejournal.canwest.com Subject: "Wreaking havoc on the Net will bring down wrath of the law" Keith Gerein, I don't know where to start. I've never read a technology article filled with such mis-information in my life. This e-mail isn't meant to offend, but when you write articles on subjects such as computer crimes, you should probably consider doing research and communicating with people who have real knowledge on these technical subjects. "Computer and Internet crime is a growing global problem, he said, noting that the proceeds from Internet fraud around the world in 2001 amounted to more than $1 billion Cdn. Since then, it has likely gone up." - On the contrary, according to Fraud.org: 'The amount of money consumers are losing to Internet fraud is increasing. Losses overall are $6,152,070, up from $3,387,530 in 2000.' 'The average loss per person rose from $427 in 2000 to $518 in 2001.' (Proof: http://www.fraud.org/internet/2001stats.htm) -- "Bilodeau said his interest in high-tech crime was piqued when he heard about a case in the United States. A teen in Massachusetts who wanted free long distance calls decided to tap into the phone switch box at the end of his block. In the process, he knocked out power to an entire grid, including the system that controlled the runway lights at the local airport." - Again no references to this ever even happening. If someone claimed this happened, it was an outright lie. The teen in Massachusetts who was trying to get free telephone calls was likely doing what the hacker (more specifically the 'phreaking') community calls "Beige Boxing". Where they take a regular telephone handset, strip the wires and attach alligator clips to the red and green wires. By hooking this device to a telecom TNI box, it is possible to use the phone services of a resident or business for toll-fraud purposes. If you talk to a switchman with Telus, they'll tell you that taking out power to the grid through the beige-boxing method is completely impossible. For one, power grid's are not even connected to the phone switches, and neither are systems that control runway lights at local airports. These systems are completely separate and are not even controlled by telecomm- unications switching equipment such as DMS-100's, GTD 3/5's, EAX's that Telus, and the companies in the states such as Verizon Bell, Qwest, and Sprint use. Incumbent Local Exchange Carriers and Competitive Local Exchange Carriers around the world have never had such systems in place where a phone switch is connected to critical infrastructure such as airports and power grids. Even in areas of the world where countries still use old Crossbar and Step-By-Step switching, beige boxing a TNI Box will give the same results; free telephone calls, nothing more. -- "Bilodeau, 37, said he's been involved with computer technology since grade school but has had little formal training. He's done some work for Microsoft and has written technology articles for The Journal, mostly video game reviews. As a prosecutor he's spent the last 11 years working in Edmonton, including two years at the Court of Appeal." - Somebody with so little formal security training and experience now has the ability to prosecute people for cyber-crimes - this really doesn't fit well in my stomach. Perhaps what Mr.Bilodeau should do is visit SANS.org and register for a formal information security course, or two, or three before taking on the task as an Internet Crime Czar. Because if all Steve Bilodeau has for is experience is writing some video game reviews for the Edmonton Journal, non-cyber crime related court work, and unknown work with Microsoft, then what he has on his nicely shined resume isn't what I feel qualifies him to take on the tasks of finding criminals on the Internet. By coordinating with law-enforcement, security experts, and good intentioned hackers, tracking down online criminal activity on the 'net can be done with efficiency and integrity. Regards, Anonymous Hero From: "Gerein, Keith (Edm Journal)"To: anonymous@domain.com> Subject: RE: "Wreaking havoc on the Net will bring down wrath of the law" Date: Mon, 3 Mar 2003 10:56:04 -0700 X-Mailer: Internet Mail Service (5.5.2653.19) Anonymous, thanks for your note. My article was intended to be a profile of the new prosecutor and not technical expose on the world of computer crime. That's probably a worthwhile subject for an article, but it wasn't what I set out to do. As for Mr. Bilodeau's qualifications, I can't really comment. Alberta Justice felt strongly enough to hire him. I don't think he ever claimed to be a technical guru. His job title is prosecutor, meaning his primary area of expertise is the law surrounding computer crimes. As for the statistic quoted in the story, I got that from Mr. Bilodeau. There are likely several reputable organizations that have tried to measure the gross value of Internet fraud. I'm not sure why you think fraud.org's numbers are better than anyone else's. Perhaps I'll look into this a little further. Anyway, if you truly believe the figure quoted in the story is wrong, and if you believe the tale about the Massachusetts kid is false, then I suggest you also take these things up with Mr. Bilodeau. He works in the Special Prosecutions Branch for Alberta Justice. Hopefully you can track him down that way. Date: Mon, 3 Mar 2003 22:19:47 -0500 (EST) From: anonymous@domain.com To: kgerein@thejournal.canwest.com Subject: RE: "Wreaking havoc on the Net will bring down wrath of the law" I don't think it matters whether your intention was to profile a new prosecutor or not, because any real journalist would certainly try and do some research into a subject that they know nothing about. I suppose I should of remembered that mass media is a money and deadline driven industry where facts are irrelevant. Sensationalizing is what really sells newspapers, right Keith? Geez, this is worse than the garbage that the Edmonton Sun's Shane Holladay publishes. How embarrassing. By taking Steve Bilodeau's statements as 100% fact, you've shown that you're nothing more than a broadcaster who lacks any real journalistic integrity. If you were a real journalist you would have done your homework and actually discovered that many (if not all) of Mr.Bilodeu's statements are inaccurate. If you don't think that the numbers fraud.org indicated were accurate, then perhaps this whitepaper by the National White Collar Crime Centre and the Federal Bureau of Investigation will be more to your liking: http://www1.ifccfbi.gov/strategy/IFCC_2001_AnnualReport.pdf You see with a little bit of research on a popular search engine such as Google, you'll see that even though the numbers on Internet fraud are often times different, they do not even come close to the one billion dollars that Steve claimed. Talk about blowing numbers out of proportion! And of course the TALE of the Massachusetts kid is false. I plan on contacting Steve Bilodeau personally to discuss where he got this so-called information, or if he did like a lot of people in his (and your) profession and simply made that all up. If you wish to contact Telus's Network Operations Centre directly, you're welcome to do that to verify if using a handset on a TNI box may cause the power to an entire grid to be knocked out including systems that control the runway lights at airports. Hit the 'ol 0 button on your touch tone phone. Don't worry, it won't cause you to launch a nuke against Iraq. ;-) Anonymous Hero