Return to Books That Stack

Netcom Announcement Regarding the Arrest of Kevin Mitnick


Newsgroups: netcom.announce,netcom.general,netcom.netcruiser.announce,netcom.netcruiser.announce
From: CEO Bob Rieger <>
Subject: Letter from NETCOM CEO Bob Rieger to customers
Message-ID: <>
Followup-To: netcom.general,netcom.netcruiser.general
Organization: NETCOM On-line Communication Services, Inc.
X-Newsreader: TIN [version 1.2 PL1]
Date: Fri, 17 Feb 1995 07:27:19 GMT
Lines: 105
Xref: netcom.announce:201 netcom.general:50516 netcom.netcruiser.announce:11

- A Letter from CEO Bob Rieger to Our Customers -
I know many of you are interested in NETCOM's involvement with the arrest
of Kevin Mitnick, and how this may impact you, if at all, as a NETCOM
subscriber.  First, let me supply a chronology of events:

1. In a routine security check, NETCOM discovered a misappropriated file.
As a result, we began an investigation to trace what appeared to be a
security breach.

2. At about the same time, the WELL (a small Sausalito-based on-line
provider) was investigating an account with an unexpectedly large amount
of disk usage. In the course of this investigation, they discovered
suspicious material which included items believed illicitly obtained from
well-known network security expert Tsutomu Shimomura's computer.
Mr. Shimomura performed network monitoring at the WELL, and determined that
the account was being accessed from a number of sites, including NETCOM.

3. The WELL contacted NETCOM for assistance in tracking the source of the
security breach.

4. A day or two later, the FBI contacted NETCOM and requested NETCOM's
active involvement in the broadening investigation of the suspicious
activities at the WELL.

5. NETCOM caucused with representatives of the WELL, the FBI, the U.S.
Attorney's Office, Mr. Shimomura, and Julia Menapace (an independent
computer consultant and associate of Mr. Shimomura).

6. Following the conversation, it was decided that the best vantage point
for further tracking of these activities was NETCOM's Network Operations

7. NETCOM operations staff joined their efforts with Mr. Shimomura and
his associates to trace the suspect intrusions to a particular telephone
modem in NETCOM's Raleigh, N.C. site.

8. At that point, the U.S. Justice Department subpoenaed the local
telephone carrier for records of dial-ins at specific times to this
modem. It became apparent that the telephone company's switch equipment
had been compromised, so that these records could not be obtained.
However, the Justice Department found another method for making a match.

9. With this information, the Justice Department knew the approximate
location of the originating call.

10. Mr. Shimomura flew to Raleigh and used cellular tracking equipment to
locate the apartment building the calls were coming from. Eventually, the
calls were traced to an individual apartment, and Mr. Mitnick was arrested.
I hope this detailed recounting helps explain the necessity for silence
and discretion on NETCOM's part while the investigation was ongoing.
Similarly, we need to be appropriately discrete during the
continuing investigation of Mr. Mitnick's alleged illegal activities.
While respecting these legitimate restraints, we will provide
as much information as possible on a timely basis to you. (As an aside,
you may have noticed that I recently promoted Mr. Kael Loftus to the
position of Customer Liaison.  Mr. Loftus has already proven very
helpful in facilitating communication between our customers and NETCOM.)
There has been some concern expressed about the security of NETCOM
customers' credit card numbers. While this incident may have involved the
duplication of some credit card numbers, this would apply only to UNIX
shell accounts. NETCOM has always made system security its top priority,
but every UNIX system has loopholes that can potentially be exploited by
an expert cracker. However, to provide additional security for our UNIX
accounts, we have further isolated these customers' billing information,
including credit card data. This is why the "ccupdate" feature for the
UNIX shell accounts has been disabled, and why the "quota" program
currently says,"Your account balance is temporarily unavailable." These
features will be reinstated when we are able to do so in a secure fashion.
As a practical matter, at this time we have absolutely no indication that
any of our UNIX shell customers' credit card numbers have been used

Naturally, we encourage all customers to check their credit card billing
statements carefully. If there is any hint of inappropriate billing, this
should be brought to the immediate attention of the credit card issuer
for reversal of those charges.
The incident did not involve NetCruiser accounts, which make up the vast
majority of NETCOM accounts. Fortunately, the security firewalls built-in
to NetCruiser's system architecture makes such a compromise far more

The big story in all of this is that the Internet is maturing into an
extraordinarily efficient means of communication that millions of people
use and depend on daily. NETCOM will do everything in its power to help
assure the security of our network. We will spend the money and employ
the technology, but deterrence is our real goal.
Common thieves should know that NETCOM will be ever vigilant in seeking
their identification and prosecution.
Kael Loftus, Customer Liaison        NETCOM On-line Communications, Inc.               24-hour Tech Support: 408-983-5970

Return to TAKEDOWN
Return to Books that Stack
Return to NoobowSystems Lab. Home

Nov. 27, 2000 Page Created.
Aug. 17, 2002 Reformatted.