Operation Sundevil was a 1990 nation-wide United States Secret Service crackdown on "illegal computer hacking activities." It involved raids in approximately fifteen different cities and resulted in three arrests and the confiscation of computers, the contents of electronic bulletin board systems (BBSes), and floppy disks. It was revealed in a press release on May 9, 1990. The arrests and subsequent court cases resulted in the creation of the Electronic Frontier Foundation. The operation is now seen as largely a public-relations stunt. Operation Sundevil has also been viewed as one of the preliminary attacks on the Legion of Doom and similar hacking groups.[1] The raid on Steve Jackson Games, which led to the court case Steve Jackson Games, Inc. v. United States Secret Service, is often attributed to Operation Sundevil, but the Electronic Frontier Foundation states that it is unrelated and cites this attribution as a media error.[2][3]
The name comes from the Sundevil football stadium of Arizona State University, near the local Secret Service headquarters from where the investigation and raids were coordinated.[4]
Contents |
Prior to 1990, people who manipulated telecommunication systems, known as phreakers, were generally not prosecuted within the United States. The majority of phreakers used software to obtain calling card numbers and built simple tone devices in order to make free telephone calls. A small elite, and highly technical segment of phreakers were more interested in information about the inner workings of the telecomunication system than in making free phone calls. Phone companies complained of financial losses from phreaking activities.[5] The switch from analog to digital equipment began to expose more of the inner workings of telephone companies as hackers began to explore the inner workings, switches and trunks. Due to a lack of laws and expertise on the part of American law enforcement, few cases against hackers were prosecuted until Operation Sundevil.[4]
However, starting in 1989, the US Secret Service (USS), which had been given authority from Congress to deal with access device fraud as an extension of wire fraud investigations under Title 18 (ยง 1029), began to investigate. Over the course of the 18 month long investigation, the USS gathered alleged evidence of rampant credit card and calling card fraud over state lines.[6]
Operation Sundevil allowed multiple Federal law enforcement agencies, particularly the Secret Service and the FBI, to gain valuable expertise on fighting this new form of criminal activity as well as expanding the agencies' budgets. A number of new laws were created to give federal prosecutors the necessary tools to bring up charges against individuals accused of phreaking, hacking, wire, and credit card fraud. The computer bulletin boards (BBSes) which were targeted by Operation Sundevil, provided law enforcement with considerable evidence to convince the US Congress of the need for additional funding, training and overall expansion of Federal law enforcement. Operation Sundevil was also a reminder to both criminals, curious teenagers, and state law enforcement agencies that the US Government does not tolerate criminal activity, and is more than capable of keeping up with the latest criminal trends and unmasking suspects hiding behind anonymous bulletin board handles. Law enforcement ensured that the general public became aware that hacking, carding, and phreaking were illegal and prosecutable offenses.[4]
Along with the Chicago Task Force and the Arizona Organized Crime and Racketeering Bureau, the operation involved raids in Austin, Plano, Cincinnati, Detroit, Los Angeles, Miami, New York, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, and San Francisco. The raids were centered in Arizona, where the press conference occurred.[6]
Raids generally took place in middle-class suburbs and targeted credit card thieves and telephone abusers.[7] They were carried out by local police, with the aid of over 150 Secret Service agents.[4] Twenty-seven search warrants, resulting in three arrests, were issued and executed on May 7 and 8, 1990.[8] Police also took around 42 computers and approximately 25 BBSes, making it the largest crackdown on electronic bulletin boards in world history. Finally, about 23,000 floppy disks were also seized. These held a variety of data, including software and other pirated material. The three people arrested were "Tony the Trashman," "Dr. Ripco," and "Electra."[4]
Other parts of the operation targeted the underground ezine Phrack, which had published the contents of a proprietary text file copied from Bell South computers and containing information about the E911 emergency response system, although this was later made null in a court case in which it was proven that the same information about the E911 system was also provided to the public through a mail-order catalog.[5]
In a press release on May 9, 1990, officials from the federal government and the Arizona state government revealed that the Secret Service was involved in the investigation. The Assistant Director of the US Secret Service, Garry M. Jenkins, commented in a press release that, "the Secret Service is sending a clear message to those computer hackers who have decided to violate the laws of this nation in the mistaken belief that they can successfully avoid detection by hiding behind the relative anonymity of their computer terminals."[5]
Two public-access computer systems were shut down in the days following the operation: an AT&T Unix system and a Jolnet system in Lockport, Illinois. Neither has been linked to the operation, however. An AT&T spokesman claimed the shutdown was a result of an internal investigation and was not related to the operation.[8]
In response to the arrests, a group called the Electronic Frontier Foundation was founded by Mitchell Kapor, the founder of Lotus Development Corporation, and John Perry Barlow, an author.[9] The foundation hired lawyers to represent the hackers in two of the cases arising from Operation Sundevil.[10]
Operation Sundevil was the most publicized action by the federal government against hackers.[4] In part due to this, it has been seen as a public-relations stunt and a message to hackers. While it did little overall damage to the hacking community, managing to take down only a small fraction of the BBSes operating at the time, it has been lauded as a tactical success due to the surprise and damage it caused to the communities in comparison to the long wars waged against the Legion of Doom.[4] However, it has also been criticized as a failure due to several unsuccessful prosecutions.[11]