Note:This note was found in Phrack 26 (, the hacker on-line computer magazine. Even though the article was written in 1989, the proceedings mentioned here remain pretty much the same now as they were then. It has been edited by Thomas Jerry Scott for use in his Computer Security Classes.

Hacker Legal Activities Table of Contents

  1. The Preface to This Document

  2. How Your Hack Got Found Out

  3. The Initial Steps The Telco Takes to Gather Evidence

  4. Initial Law Enforcement Activities and a Search Warrant

  5. The Prosecutors Step Into the Action

  6. Bringing the Telco Hacker to Jail

  7. The OMNIBUS Hearing -- First Chance at a Plea

  8. The Pre-Trial Activities and Juror Selection

  9. Activities at the Hacker's Trial

  10. The Hacker's Appeal Opportunities and Sentencing

  11. Some Simple Conclusions

  12. Return to the Main Menu

An Unbiased Look Into The Ways Of Criminal Proceedings
After You Get Caught
The Disk Jockey -- From Phrack, 26, November, 1989

Return to the Beginning of This Document


Through this file, I hope to explain what legal action is followed during an investigation of toll fraud. All of the contained information is based upon actual factual information, and although it differs slightly from state to state, the majority of it is applicable anywhere. There seems to be a lot of misconception as to the actual legal happenings during and after an investigation, so hopefully this will answer some of the too often unasked questions.

Return to the Beginning of This Document


In our particular story, the whole investigation is tipped off from a phone call by someone to the U.S. Sprint security office. The volume of calls of "hackers" calling in on other "hackers" is incredible. It is amazing how when one user is mad at another and seeks some "revenge" of sorts, he calls a security office and advises them that they know of a person who is illegally using said company's long distance services. Usually the person will talk to either a regular customer service representative, or someone from the security office. Typically they will merely say "Hey, a guy named 'Joe' is using your codes that he hacks, and his home phone number is 312-xxx-xxxx."

Return to the Beginning of This Document

Initial Steps The Telco Takes

Next our security person has to decide if this may indeed be a somewhat legitimate call. If all seems fairly reasonable, they will start their own in-house investigation. This could mean just doing a CN/A on the phone number in question to see who the phone is registered under, and check to see if this person is a legitimate subscriber to their system.

A call is placed to the person in question's home telco office. Usually they will talk to someone in the security office, or a person whom would carry such a capacity in the area of security. They will usually coordinate an effort to put some type of DNR (Dialed Number Recorder) on the subscriber's telephone line, which will record on an adding machine type of paper all data pertaining to: Numbers dialed, DTMF or pulse modes, any occurrence of 2600hz, codes and other digits dialed, incoming calls including number of rings before answer, time the line was picked up and hung up, etc.

This DNR may sit on the subscriber's phone line from merely a few weeks, to several months.

At some point either the U.S. Sprint security representative or the telco security person will decide that enough time has passed, and that an analysis of the DNR tape is due. The Sprint official may visit the telco site and go over the tapes in person, or they may be sent from the telco to the Sprint office.

After going over the tapes and finding dialups and codes that were used that may possibly be used illegally, Sprint will find the actual owners of the codes in question and verify that the codes were indeed used without any knowledge or permission of the legitimate owner. They will also put together an estimate of "damages," which can include cost of dialup port access, cost of investigation, as well as the actual toll charges incurred from the usage.

Return to the Beginning of This Document

Bringing in Law Enforcement

The Sprint security representative and the local telco security person will then go to the local police, usually either state or whatever has the real power in that area. They will present the case to the detective or other investigator, display all findings, and provided that the case findings seem pretty plausible, a search warrant will be composed.

After the warrant is fully written out (sometimes it is merely a short fill-in-the-blank form) the three people investigating the case (the police detective, the local telco security representative, and the Sprint security investigator) will go in front of a judge and under oath state the evidence and findings that they have as to date contained in a document called a "discovery" which justify the need for a search warrant. Assuming that the findings seem conclusive, the judge will sign the warrant and it will then be active for the time specified on the warrant. Usually they are valid for 24 hours a day, due to the circumstances that more than likely calls were being made at all hours of the day and night.

On some agreed date, all the above parties will show up at the suspect's house and execute the search warrant and more than likely collect all the phone and computer equipment and bring it to the state police post for further investigation.

All information and evidence as well as all the reports will then be forwarded to the prosecutor's office to determine what, if any, charges are going to be pursued.

Return to the Beginning of This Document

A Prosecutor Steps In

Once charges are finalized through the prosecutor, another discovery document is made, listing all the charges and how those charges were derived. It is then brought in front of the judge again and if approved, warrants will be issued for the individual(s) listed.

The warrants are usually served by sending over one of the local officers to the suspect's house, and he will knock, introduce himself and ask for the individual, and then present the warrant to the individual and take them in to the station.

Return to the Beginning of This Document

Processing the "Criminal"

The individual will be processed, which usually means being photographed and fingerprinted twice (once for the FBI and once for the state records), and then is put into either a holding cell or regular jail.

Sometimes the bond is already set before the individual is arrested, but sometimes it is not. If not, it will be at the arraignment.

Within 72 hours, the suspect must be arraigned. The arraignment is a time when the formal charges are read to the suspect in front of the judge, bail is set if it has not been already, and the suspect may pick if he wants a jury trial or a trial by judge. This, of course, assumes that the suspect is going to plead not guilty, which is the best thing to do in most cases of somewhat major capacity. Further court dates are also set at this time. If the suspect is unable to afford to retain an attorney, the court will assign a court appointed lawyer at this time.

After the arraignment, the suspect is either allowed to post bail, or is returned to the jail to await the next court date. His next court date, which is the omnibus, is usually slated for about a month away.

If the set bail seems unreasonably high, your attorney can file for a "bond reduction." You will go in front of the judge and your lawyer will argue as to why your bond should be reduced, and how you have a stable life and responsibilities and would not try to skip bail. The prosecutor will argue as to why your bail should not be dropped.

Return to the Beginning of This Document

The Omnibus Hearing

At the omnibus hearing, also known as a "fact-finding" hearing (or in some states, this is known as the "preliminary hearing."--Ed.) the suspect is again brought in front of a judge, along with his own attorney, and the prosecuting attorney.

At this time the state (meaning the prosecutor) will reveal evidence against the suspect, and the judge will decide if the evidence is enough to hold the suspect in jail or to continue the case to trial. Nearly always there is enough, as warrants would not be issued if there was not, since the state could be opening themselves up to a false arrest suit if they were wrong. From here a "pre-trial" date is slated, again usually about a month down the road.

Return to the Beginning of This Document

The Pre-Trial Hearing and Jury Selection Procedures

The pre-trial is the last chance for the suspect to change his mind and enter a guilty plea, or to continue to trial. It is also the last point in which the prosecutor will offer the suspect any type of plea-bargain, meaning that the suspect enters a guilty plea in exchange for an agreed upon set of reduced charges or sentencing. Assuming the suspect still wishes to enter a plea of "not-guilty," the date for jury selection will be slated.

During the jury selection, your lawyer and you as well as the prosecutor will get to meet as many prospective jury members as you wish, and you can each ask them questions and either accept or reject them based on if you think that they would be fair towards you. This eliminates most possibilities of any jury members that are biases before they every sit down to hear your case. After the prosecutor and your attorney agree on the members, your trial date is set, usually about a week later.

Return to the Beginning of This Document

The Trial Proceedings

At trial, the prosecutor will present the case to the jury, starting with questioning detectives and investigators on how the case was first discovered and how things lead to you, and in each instance, your attorney will be able to "cross-examine" each witness and ask questions of their own, hopefully making the jury questionable as to the validity of everything that is said.

After that, your attorney is allowed to call witnesses and the prosecutor will be allowed to ask questions as well. By rights you do not have to go to the stand if you do not want to, as you have the right to not incriminate yourself.

After all is said and done, the prosecutor will get to state his "closing arguments," a basic summary of all that was presented and why you should be considered guilty, and your lawyer will give his arguments to the jury, as to why you should not be judged guilty.

The jury will go into deliberation, which can last a few minutes, or several days. They must all vote and decide if you should be judged guilty or not guilty. After the deliberation, court is called back in and the jury will announce the results.

Return to the Beginning of This Document

Appeals and Sentencing

If it is decided that you are guilty, you normally have about 10 days to file an appeal, which would have your case sent to a higher court. Otherwise your date for sentencing will be set, again usually about a month away.

At the sentencing, your lawyer will argue why you should be let off easy, and the prosecutor will argue why you should be given a hard sentence. The judge will come to a decision based on the arguments and then make a decision on your sentence. You will then be released to the agency that you are assigned to, be it the probation department, the prison system, or the county jail.

Return to the Beginning of This Document

Conclusions and Other Advice

I hope this file gives you a more clear view on what happens in the legal system, in future files I hope to discuss the actual dos and don'ts of the legal system and advise as to what tricks of the trade are used by legal authorities.

Return to the Beginning of This Document