You may however, find yourself at the mercy of The Public Defenders Office. Usually they are worthless, occasionally you'll find one that will fight for you. Essentially it's a crap shoot. All I can say is if you don't like the one you have, fire them and hope you get appointed a better one. If you can scrape together $5000
for a sentencing (post conviction) specialist to work with your public defender I would highly recommend it.
This specialist will make certain the judge sees the whole picture and will argue in the most effective manner for a light or reasonable sentence. Do not rely on your public defender to thoroughly present your case.
Your sentencing hearing is going to flash by so fast you'll walk out of the court room dizzy. You and your defense team need to go into that hearing fully prepared, having already filed a sentencing memorand um.
The plea agreement you sign is going to affect you and your case well after you are sentenced. Plea
agreements can be tricky business and if you are not careful or are in a bad defense position (the case against you is strong), your agreement may g et the best of you. There are many issues in a plea to negotiate over. But essentially my advice would be to avoid signing away your right to appeal. Once you get to a real prison with real jailhouse lawyers you will find out how bad you got screwed. That issue notwithstanding, you are most likely going to want to appeal. This being the case you need to remember two things: bring all your appealable issues up at sentencing and file a notice of appeal within 10 days of your sentencing.
Snooze and loose.
I should however, mention that you can appeal some issues even though you signed away your rights to
appeal. For example, you can not sign away your right to appeal an illegal sentence. If the judge orders something that is not permissible by statute, you then have a constitutional right to appeal your sentence.
I will close this subpart with a prison joke. Q: How can you tell when your attorney is lying? A: You can see his lips moving.
D. CONSPIRACY
Whatever happened to getting off on a technicality? I'm sorry to say those days are gone, left only to the movies. The courts generally dismiss many arguments as "harmless error" or "the government acted in good faith". The most alarming trend, and surely the root of the prosecutions success, are the liberally worded conspiracy laws. Quite simply, if two or more people plan to do something illegal, then one of them does something in furtherance of the objective (even something legal), then it's a crime. Yes, it's true. In America it's illegal to simply talk about committing a crime. Paging Mr. Orwell. Hello?
Here's a hypothetical example to clarify this. Bill G. and Marc A. are hackers (can you imagine?) Bill and Marc are talking on the phone and unbeknownst to them the FBI is recording the call. They talk about
hacking into Apple's mainframe and erasing the prototype of the new Apple Web Browser. Later that day,
Marc does some legitimate research to find out what type of mainframe and operating system Apple uses.
The next morning, the Feds raid Marc's house and seize everything that has wires. Bill and Marc go to trial and spend millions to defend themselves. They are both found guilty of conspiracy to commit unauthorized access to a computer system.
E. SENTENCING
At this point it is u p to the probation department to prepare a report for the court. It is their responsibility to calculate the loss and identify any aggravating or mitigating circumstances. Apple Computer Corporation estimates that if Bill and M arc would have been successful it would have resulted in a loss of $2 million.
This is the figure the court will use. Based on this basic scenario our dynamic duo would receive roughly three-year sentences.
As I mentioned, sentencing is complex and many factors can decrease or in crease a sentence, usually the latter. Let's say that the FBI also found a file on Marc's computer with 50,000 unauthorized account numbers and passwords to The Microsoft Network. Even if the FBI does not charge him with this, it could be used to increase his sentence. Generally the government places a $200-per-account attempted loss on things of this
nature (i.e. credit card numbers and passwords = access devices). This makes for a $10 million loss. Coupled with the $2 million from Apple, Marc is going away for about nine years. Fortunately there is a Federal Prison not too far from Redmond, WA so Bill could come visit him.
Some of the other factors to be used in the calculation of a sentence might include the following: past criminal record, how big your role in the offense was, mental disabilities, whether or not you were on
probation at the time of the offense, if any weapons were used, if any threats were used, if your name is Kevin Mitnick (heh), if an elderly person was victimized, if you took advantage of your employment
position, if you are highly trained and used your special skill, if you cooperated with the authorities, if you show remorse, if you went to trial, etc.
These are just some of the many factors that could either increase or decrease a sentence. It would be
beyond the scope of this article to cover the U.S.S.G. in complete detail. I do feel that I have skipped over some significant issues. Neverthele ss, if you remember my two main points in addition to how the
conspiracy law works, you'll be a long way ahead in protecting yourself.
F. USE OF A SPECIAL SKILL
The only specific "sentencing enhancement" I would like to cover would be one that I am responsible for setting a precedent with. In U.S. v Petersen, 98 F.3d. 502, 9th Cir., the United States Court of Appeals held that some computer hackers may qualify for the special skill enhancement. What this generally means is a 6
to 24 month increase in a sentence. In my case it added eight months to my 33-month sentence bringin g it to 41 months. Essentially the court stated that since I used my "sophisticated" hacking skills towards a legitimate end as a computer security consultant, then the enhancement applies. It's ironic that if I were to have remained strictly a criminal hacker then I would have served less time.
The moral of the story is that the government will find ways to give you as much time as they want to. The U.S.S.G. came into effect in 1987 in an attempt to eliminate disparity in sentencing. Defendants with similar crimes and similar backgrounds would often receive different sentences. Unfortunately, this practice still continues. The U.S.S.G. are indeed a failure.
G. GETTING BAIL
In the past, the Feds might simply have executed their raid and then left without arresting you. Presently this method will be the exception rather than the rule and it is more likely that you will be taken into custody at the time of the raid. Chances are also good that you will not be released on bail. This is part of the
government's plan to break you down and win their case. If they can find any reason to deny you bail they will. In order to qualify for bail, you must meet the following criteri a:
- You must be a resident of the jurisdiction in which you were arrested.
- You must be gainfully employed or have family ties to the area.
- You cannot have a history of failure to appear or escape.
- You cannot be considered a danger or threat to the community.
In addition, your bail can be denied for the following reasons:
- Someone came forward and stated to the court that you said you would flee if released.
- Your sentence will be long if convicted.
- You have a prior criminal history.
- You have pending charges in another jurisdiction.
What results from all this "bail reform" is that only about 20% of persons arrested make bail. On top of that it takes 1-3 weeks to process your bail papers when property is involved in securing your bond.
Now you're in jail, more specifically you are either in an administrative holding facility or a county jail that has a contract with the Feds to hold their prisoners. Pray that you are in a large enough city to justify its own Federal Detention Center. County jails are typically the last place you would want to be.
H. STATE VS. FEDERAL CHARGES
In some cases you will be facing state charges with the possibility of the Feds "picking them up." You may even be able to nudge the Feds into indicting you. This is a tough d ecision. With the state you will do considerably less time, but will face a tougher crowd and conditions in prison. Granted Federal Prisons can be violent too, but generally as a non-violent white collar criminal you will eventually be placed into an environment with other low security inmates. More on this later.
Until you are sentenced, you will remain as a "pretrial inmate" in general population with other inmates.
Some of the other inmates will be predatorial but the Feds do not tolerate much nonsense. If someone acts up, they'll get thrown in the hole. If they continue to pose a threat to the inmate population, they will be left in segregation (the hole). Occasionally inmates that are at risk or that have been threatened will be placed in segregation. This isn't really to protect the inmate. It is to pr otect the prison from a lawsuit should the inmate get injured.
I. COOPERATING
Naturally when you are first arrested the suits will want to talk to you. First at your residence and, if you appear to be talkative, they will take you back to their offices for an extended chat and a cup of coffee. My advice at this point is tried and true and we've all heard it before: remain silent and ask to speak with an attorney. Regardless of what the situation is, or how you plan to proceed, there is nothing you can say that will help you. Nothing. Even if you know that you are going to cooperate, this is not the time.
This is obviously a controversial subject, but the fact of the matter is roughly 80% of all defendants
eventually confess and implicate others. This trend stems from the extremely long sentences the Feds are handing out these days. Not many people want to do 10 to 20 years to save their buddies' hides when they could be doing 3 to 5. This is a decision each individual needs to make. My only advice would be to save your close friends and family. Anyone else is fair game. In the prison system the blacks have a saying
"Getting down first." It's no secret that the first defendant in a conspiracy is usually going to get the best deal. I've even seen situations where the big fish turned in all his little fish and eceived 40% off his sentence.
Incidently, being debriefed or interrogated by the Feds can be an ordeal in itself. I would -highly-
reccommend reading up on interrogation techniques ahead of time. Once you know their methods it will be all quite transparent to you and the debriefing goes much more smoothly.
When you make a deal with the government you're making a deal with the devil himself. If you make any
mistakes they will renege on the deal and you'll get nothing. On some occasions the government will trick you into thinking they want you to cooperate when they are not really interested in anything you have to say. They just want you to plead guilty. When you sign the cooperation agreement there are no set
promises as to how much of a sentence reduction you will receive. That is to be decided after your
testimony, etc. and at the time of sentencing. It's entirely up to the judge. However, the prosecution makes the recommendation and the judge generally goes along with it. In fact, if the prosecution does not motion the court for your "downward departure" the courts' hands are tied and you get no break.
As you can see, cooperating is a tricky business. Most people, particularly those who have never spent a day in jail, will tell you not to cooperate. "Don't snitch." This is a noble stance to take. However, in some situations it is just plain stupid. Saving someone's ass who would easily do the same to you is a tough call.
It's something that needs careful consideration. Like I said, save your friends then do what you have to do to get out of prison and on with your life.
I'm happy to say that I was able to avoid involving my g ood friends and a former employer in the massive investigation that surrounded my case. It wasn't easy. I had to walk a fine line. Many of you probably know that I (Agent Steal) went to work for the FBI after I was arrested. I was responsible for teaching several agents about hacking and the culture. What many of you don't know is that I had close FBI ties prior to my arrest. I was involved in hacking for over 15 years and had worked as a comp uter security consultant. That is why I was given that opportunity. It is unlikely however, that we will see many more of these types of arrangements in the future. Our relationship ran afoul, mostly due to their passive negligence and lack of experience in dealing with hackers. The government in general now has their own resources, experience, and undercover agents within the community. They no longer need hackers to show them the ropes or the latest security hole.
Nevertheless, if you are in the position to tell the Feds something they don't know and help them build a case against someone, you may qualify for a sentence reduction. The typical range is 20% to 70%. Usually it's around 35% to 50%. Sometimes you may find yourself at the end of the prosecutorial food chain and the government will not let you cooperate. Kevin Mitnick would be a good example of this. Even if he wanted to roll over, I doubt it would get him much. He's just too big of a fish, too much media. My final advice in this matter is get the deal in writing before you start cooperating.
The Feds also like it when you "come clean" and accept responsibility. There is a provision in the Sentencing Guidelines, 3E1.1, that knocks a little bit of time off if you confess to your crime, plead guilty and show remorse. If you go to trial, typically you will not qualify for this "acceptance of responsibility" and your sentence will be longer.
J. STILL THINKING ABOUT TRIAL
Many hackers may remember the Craig Neidorf case over the famous 911 System Operation documents.
Craig won his case when it was discovered that the manual in question, that he had published in Phrack
magazine, was not proprietary as claimed but available publicly from AT&T. It was an egg in the face day for the Secret Service.
Don't be misled by this. The government learned a lot from this fiasco and even with the laudable support from the EFF, Craig narrowly thwarted off a conviction. Regardless, it was a trying experience (no pun
intended) for him and his attorneys. Th e point I'm trying to make is that it's tough to beat the Feds. They play dirty and will do just about anything, including lie, to win their case. If you want to really win you need to know how they build a case in the first place.
K. SEARCH AND SEIZURE
There is a document entitled "Federal Guidelines For Searching And Seizing Computers." It first came to my attention when it was published in the 12 -21-94 edition of the Criminal Law Reporter by the Bureau of
National Affairs (Cite as 56 CRL 2023 ) . It's an intriguing collection of tips, cases, mistakes and, in general, how to bust computer hackers. It's recommended reading.
Search and seizure is an ever evolving jurisprudence. What's not permissible today may, through some
convoluted Supreme Court logic, be permissible and legal tomorrow. Again, a complete treatment of this
subject is beyond the scope of this paper. But suffice it to say if a Federal agent wants to walk right into your bedroom and seize all of your computer equipment without a warrant he could do it by simply saying he had probable cause (PC). PC is anything that gives him an inkling to believe you we re committing a
crime. Police have been known to find PC to search a car when the trunk sat too low to the ground or the high beams were always on.
L. SURVEILLANCE AND WIRETAPS
Fortunately the Feds still have to show a little restraint when wielding their wiretaps. It requires a court order and they have to show that there is no other way to obtain the information they seek, a last resort if you will.
Wiretaps are also expensive to operate. They have to lease lines from the phone company, pay agents to
monitor it 24 hours a day and then transcribe it. If we are talking about a data tap, there are additional costs.
Expensive interception/translation equipment must be in place to negotiate the various modem speeds. Then the data has to be stored, deciphered, decompressed, formatted, protocoled, etc. It's a daunting task and usually reserved for only the highest profile cases. If the Feds can seize the data from any other so urce, like the service provider or victim, they will take that route. I don't know what they hate worse though, asking for outside help or wasting valuable internal resources.
The simplest method is to enlist the help of an informant who will testify "I saw him do it!," then obtain a search warrant to seize the evidence on your computer. Ba da boom, ba da busted.
Other devices include a pen register which is a device that logs every digit you dial on your phone and the length of the calls, both incoming and outgoing. The phone companies keep racks of them at their security departments. They can place one on your line within a day if they feel you are defrauding them. They don't need a court order, but the Feds do.
A trap, or trap and trace, is typically any method the phone company uses to log every number that calls a particular number. This can be done on the switching system level or via a billing database search. The Feds need a court order for this information too. However, I've heard stories of cooperative telco security
investigations passing the information along to an agent. Naturally that would be a "harmless error while acting in good faith." (legal humor)
I'd love to tell you more about FBI wiretaps but this is as far as I can go without pis sing them off. Everything I've told you thus far is public knowledge. So I think I'll stop here. If you really want to know more, catch Kevin Poulsen (Dark Dante ) at a cocktail party, buy him a Coke and he'll give you an earful. (hacker humor) In closing this subpart I will say that most electronic surveillance is backed up with at least part-time physical surveillance. The Feds are often good at following people around. They like late model mid-sized American cars, very stock, with no decals or bumper stickers. If you really want to know if you're under surveillance, buy an Opto-electronics Scout or Xplorer frequency counter. Hide it on your person, stick an ear plug in your ear (for the Xplorer) and take it everywhere you go. If you he ar people talking about you, or you continue to hear intermittent static (encrypted speech), you probably have a problem.
M. YOUR PRESENTENCE INVESTIGATION REPORT, PSI OR PSR
After you plead guilty you will be dragged from the quiet and comfort of your prison cell to meet with a probation officer. This has absolutely nothing to do with getting probation. Quite the contrary. The P.O. is empowered by the court to prepare a complete and, in theory, unbiased profile of the defendant. Everything from education, criminal history, psychological behavior, offense characteristics plus more will be included in this voluminous and painfully detailed report about your life. Every little dirty scrap of information that makes you look like a sociopathic, demon worshiping, loathsome criminal will be included in this report.
They'll put a few negative things in there as well.
My advice is simple. Be careful what you tell them. Have your attorney present and think about how what you say can be used against you. Here's an example:
P.O.: Tell me about your education and what you like to do in your spare time.
Mr. Steal: I am preparing to enroll in my final year of college. In my spare time I work for charity helping orphan children.
The PSR then reads "Mr. Steal has never completed his education and hangs around with little children in his spare time."
Get the picture?
J. PROCEEDING PRO SE
Pro Se or Pro Per is when a defendant represents himself. A famous lawyer once said "a man that represents himself has a fool for a client." Truer words were never spoken. However, I can't stress how important it is to fully understand the criminal justice system. Even if you have a great attorney it's good to be able to keep an eye on him or even help out. An educated c lient's help can be of enormous benefit to an attorney. They may think you're a pain in the ass but it's your life. Take a hold of it. Regardless, representing yourself is generally a mistake.
However, after your appeal, when your court appointed attorney runs out on you, or you have run out of
funds, you will be forced to handle matters yourself. At this point there are legal avenues, although quite bleak, for post-conviction relief.
But I digress. The best place to start in understanding the legal system lies in three inexpensive books. First the Federal Sentencing Guidelines ($14.00) and Federal Criminal Codes and Rules ($20.00) are available from West Publishing at 800-328-9 352. I consider possession of these books to be mandatory for any pretrial inmate. Second would be the Georgetown Law Journal, available from Georgetown University Bookstore in
Washington, DC. The book sells for around $40.00 but if you write them a letter and tell them you're a Pro Se litigant they will send it for free. And last but not least the definitive Pro Se authority, "The Prisoners Self Help Litigation Manual" $29.95 ISBN 0-379-20831-8. Or try http://www.oceanalaw.com/books/n148.htm O. EVIDENTIARY HEARING
If you disagree with some of the information presented in the presentence report (PSR) you may be entitled to a special hearing. This can be instrumental in lowering your sentence or correcting your PSR. One
important thing to know is that your PSR will follow you the whole time you are incarcerated. The Bureau of Prisons uses the PSR to decide how to handle you. This can affect your security level, your halfway house, your eligibility for the drug program (which gives you a year off your sentence) ,and your medical care. So make sure your PSR is accurate before you get sentenced!
P. GETTING YOUR PROPERTY BACK
In most cases it will be necessary to formally ask the court to have your property returned. They are not going to just call you up and say "Do you want this Sparc Station back or what?" No, they would just as soon keep it and not asking for it is as good as telling them they can have it.
You will need to file a 41(e) "Motion For Return Of Property." The courts' authority to keep your stuff is not always clear and will have to be taken on a case-by-case basis. They may not care and the judge will simply order that it be returned.
If you don't know how to write a motion, just send a formal letter to the judge asking for it back. Tell him you need it for your job. This should suffice, but there may be a filing fee.
Q. OUTSTANDING WARRANTS
If you have an outstanding warrant or charges pending in another jurisdiction you would be wise to deal with them as soon as possible -after- you are sentenced. If you follow the correct procedure chances are good the warrants will be dropped (quashed). In the worst case scenario, you will be transported to the appropriate jurisdiction, plead guilty and have your "time run concurrent." Typically in non-violent crimes you can serve several sentences all at the same time. Many Federal inmates have their state time run with their Federal time. In a nutshell: concurrent is good, consecutive bad.
This procedure is referred to as the Interstate Agreement On Detainers Act (IADA). You may also file a
"demand for speedy trial", with the appropriate court. This starts the meter running. If they don't extradite you within a certain period of time , the charges will have to be dropped. The "Inmates' Self-Help Litigation Manual" that I mentioned earlier covers this topic quite well.
R. ENCRYPTION
There are probably a few of you out there saying, "I triple DES encrypt my hard drive and 128 character RSA public key it for safety." Well, that's just great, but... the Feds can have a grand jury subpoena your passwords and if you don't give them up you may be charged with obstruction of justice. Of course who's to say otherwise if you forgot your password in all the excitement of getting arrested. I think I heard this once or twice before in a Senate Su b-committee hearing. "Senator, I have no recollection of the
aforementioned events at this time." But seriously, strong encryption is great. However, it would be foolish to rely on it. If the Feds have your computer and access to your encryption software itself, it is likely they could break it gi ven the motivation. If you understand the true art of code breaking you should understand this. People often overlook the fact that your password, the one you use to access your encryption
program, is typically le ss than 8 characters long. By attacking the access to your encryption program with a keyboard emulation sequencer your triple DES/128 bit RSA crypto is worthless. Just remember, encryption may not protect you.
S. LEGAL SUMMARY
Before I move on to the Life in Prison subpart, let me tell you what this all means. You're going to get busted, lose everything you own, not get out on bail, snitch on your enemies, get even more time than you expected and have to put up with a bu nch of idiots in prison. Sound fun? Keep hacking. And, if possible, work on those sensitive .gov sites. That way they can hang an espionage rap on you. That will carry about 12 to 18 years for a first time offender.
I know this may all sound a bit bleak, but the stakes for hac kers have gone up and you need to know what they are. Let's take a look at some recent sentences:
Agent Steal (me) 41 months
Kevin Poulsen 51 months
Minor Threat 70 months
Kevin Mitnick estimated 7-9 years
As you can see, the Feds are giving out some time now. If you are young, a first-time offender,
unsophisticated (like MOD), and were just looking around in some little company's database, you might get probation. But chances are that if that is all you were doing, you would have been passed over for
prosecution. As a rule, the Feds won't take the case unless $10,000 in damages are involved. The problem is who is to say what the loss is? The company can say whatever figure it likes and it would be t ough to
prove otherwise. They may decide to, for insurance purposes, blame some huge downtime expense on you. I can hear it now, "When we detected the intruder, we promptly took our system off-line. It took us two weeks to bring it up again for a loss in wasted manpower of $2 million." In some cases you might be better off just
using the company's payroll system to cut you a couple of $10,000 checks. That way the government has a firm loss figure. This would result in a much shorter sentence. I'm not advocating blatant criminal actions. I just think the sentencing guidelines definitely need some work.
PART II - FEDERAL PRISON
A. STATE v. FEDERAL
In most cases I would say that doing time in a Federal Prison is better than doing time in the state