SpamSuite.com

I've been watching Sierra Corporate Design, Inc., v. David Ritz, for a long time. You haven't seen it here because the documents are not kept online and are, therefore, not accessible. However, a decision has been reached in that case and the clerk of court in Fargo was kind enough to fax me a copy of the findings of fact, conclusions of law, and order for judgment.

In 12 pages of bad law, a North Dakota District Court judge has declared that using the "host" command with the "-l" option constitutes computer hacking. The "-l" option, which effects a DNS zone transfer, is only available to computers and maybe administrators, with the prior written consent of Major League Baseball. That means that pages mentioning the potential for use by non-administrators like this one should probably go away since it's teaching people how to "hack". And, of course, this also means that the manual pages on all Linux, *nix, and *BSD machines include hacking instructions thanks to the inclusion of a man page for host which mentions the -l option (such as this one or this one).

I have mentioned on my personal blog that Sierra is currently being sued by the RIAA for promoting copyright infringement. This document provides definitive proof that Sierra and the defendant in that copyright infringement case are the same.

David is also facing criminal charges in North Dakota related to this case. That means that it could soon be a criminal offense to use "host -l" in North Dakota. If you would like to contribute to David's legal defense fund, please go here.

UPDATE: Let's be clear on a couple of things here:

1. This is the trial court level for this civil case. There is no precedent set, except that others may try to use this logic in other trial courts. If anything criminalizes the use of "host -l" it will be the criminal trial, which is still pending.
2. I keep getting messages from people "wondering" if the judge was bribed. There is absolutely no evidence of this. At all.
3. Ultimately the issue here is that the judge got mad about some things touching a preliminary injunction that led to sanctions for contempt of court. This likely led her to find any testimony from the defense to be unreliable.
4. It is important to note also that the injunction was granted after the filing of the suit. This lawsuit, from beginning to end, is about the zone transfer, not the contempt sanctions.

I say what I say about the use of "host -l" because of Conclusion of Law #1: "behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law." That zone transfer was accomplished by the use of "host -l" (Finding of Fact #2). Notice that the "behavior in conducting" the zone transfer is the unauthorized action, not the republication of the information.

Also important to notice is that the zone file remained available for access using this command during at least some of the time of the republication. That means that the republication only gave out information that could be readily obtained by anyone else who knew how to run the exact same command. Given the level of administrator that would need to be involved to discuss a Usenet Death Penalty, that would have been pretty much everyone.

That said, at least one attorney has contacted me and made an analogy to giving car keys to a parking valet who then takes the car out for a joyride. So, read the decision and make up your own mind.

========================================================
IN DISTRICT COURT, COUNTY OF CASS, STATE OF NORTH DAKOTA

File No. 09-05-C-01660

Sierra Corporate Design, Inc.,
Plaintiff,

v.

David Ritz,
Defendant

FINDINGS OF FACT, CONCLUSIONS OF LAW AND ORDER FOR JUDGMENT

The above-captioned matter came on for trial before the undersigned Judge of District Count on October 23 through October 30. 2007. Based on the evidence presented at trial, the arguments of counsel, and this Court's prior ruling on partial summary judgment in favor of plaintiff Sierra Corporate Design ("Sierra"), the Court makes the following:

FINDINGS OF FACT

1. Sierra is as Internet service provider, offering Usenet access and web hosting to its customers. Sierra owned and operated several servers, including two DNS servers. It operated various Usenet access services including Newsfeeds.com, Usenet.com, Nuthinbutnews.com and others.

2. On February 27, 2005, David Ritz ("Ritz") connected to Sierra's DNS server. In the course of that connection, he issued a host -l command which requested a zone transfer from Sierra's DNS server. Sierra's server responded with a full zone transfer, providing Ritz with the network map showing all of Sierra's private domain names, private host names, and internal non-routable IP addresses.

-2-
3. At various other times, Ritz issued a variety of commands, including host -l, helo, and vrfy. The afore-mentioned commands are not commonly known to the average computer user.

4. Ritz frequently accomplished his access to Sierra's computers by concealing his identity via proxies and by accessing the servers via a Unix operating system and using a shell accounts, among other methods. He also disguised himself as a mail server.

5. In the late winter or spring of 2005, Ritz published the zone information he copied from Sierra's server in the form of a file he published by making it accessible to the Internet and which he named "zilla_queries" ("zilla queries file") That file contained the internal domain structure of Sierra.

6. Sierra's internal domain structure as copied by Ritz into the zilla queries file included private host names, private and non-routable IP addresses, and privately registered domain names. The non-mutable IP addresses were not directly accessible from the Internet and would not be known to Ritz had he not accomplished a zone transfer. The private host names could not be ascertained from any publicly available source and were only known to Ritz by virtue of the zone transfer.

7. Ritz, at all times material, acted intentionally and with the intent to gather as much DNS and other information as possible about Sierra and its principals, agents and related entities and persons. Ritz made the information he gathered available to several persons, including a competitor of Sierra, SuperNews and SuperNews accessed that information. Ritz has admitted that SuperNews personnel accessed the zilla queries file where it resided on his computer via http connection.

8. The intended purpose of a zone transfer is primarily one of redundancy. Zone
-3-
transfers are the means by which a primary authoritative domain name server copies the domain structure to a secondary authoritative domain name server for the purpose of redundancy. Generally, both of those servers pertain to the same domain. In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system.

9. The evidence presented at trial produced no treatises or authoritative sources to suggest that any other intended purpose exists for a zone transfer. The academic and technical resources put in evidence at trial uniformly indicate that zone transfers have no intended purposes beyond those mentioned above.

10. The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."

11. Ritz accessed Sierra's computer, copied and disclosed information found on that computer beginning at least with the February 27, 2005 access and continuing thereafter through the summer of 2005. Ritz made several access attempts which were also unsuccessful after April 1, 2005.

12. Publication of the zilla queries file containing information about Sierra including its internal domain structure created a grave security risk for Sierra. That information, in the
-4-
hands of outsiders with malicious intent. threatens the integrity of Sierra's computer system. Publication of that information also competitively injured Sierra since a competitor such as SuperNews can use the information to better evaluate and compete with Sierra.

13. Ritz has port scanned thousands of computed, including those of Sierra.

14. Ritz frequently attempted to access Sierra's computers from a variety of locations in case Sierra was blocking access from his known IP address. He also concealed the IP address of his point of origin in order to shield himself from blame or, as he put it, "taking the beat."

15. Ritz has participated in approximately eighteen UseNet death penalties ("UDP"). A UDP is an attempt to force a Usenet service provider to change its behavior by threatening to have peers cancel their relationships with the target of the UDP, canceling messages propagated from the target of the UDP and if that fails, to go to other providers to convince them to cease doing business with the target. Once he was armed with Sierra's internal domain structure and published that information. Ritz called for a UDP against Sierra.

16. Ritz has issued Internet mail bombs and undertaken efforts which resulted in disconnecting third parties from the Internet

17. Sierra incurred out-of-pocket costs, including consulting fees and the time spent by its oven personnel, of $2,930.00 in remapping and reconfiguring its internal domain structure and server. This is by no means a complete statement of the losses suffered by Sierra since it is difficult to put a dollar figure on the damage done to the integrity of Sierra's security. The potential for ongoing harm, however, continues.

18. Ritz was not an authoritative name server, a DNS server, nor any kind of computer at the time he accessed Sierra's computer. Ritz has never been an employee, agent, or network administrator for Sierra.

-5-
19.Sierra's computer is not public property. Sierra's computer is its private property, i.e. chattel.

20. When Ritz accessed Sierra's server, he interfered with Sierra's enjoyment in that chattel. By copying data during his access which he subsequently published, Ritz rendered the value of the network structure substantially less than it had been before publication.

21. The information which Ritz published was not public. Moreover, much of the information was not publicly accessible.

22. Without knowing the internal IP addresses specifically used by Sierra, there was noway for Ritz to determine all of the domain and host names used by Sierra through any other sort of lookup or publicly accessible database. While Ritz might be able to identify some domain names and host names if be knew the IP addresses assigned to them, he could not have ascertained both the IP address and the domain and private host names of many of Sierra's servers without having performed the zone transfer.

23. Ritz has hijacked computers, i.e. taken control without permission, of the computers of third parties such as Verizon. He admitted to hacking Verizon and further admitted to doing so without authorization.

24. Ritz has conducted port scans of Sierra's computers. Although Ritz denies having run any port scars on Sierra's computers, he admits to having run thousands of port scans on other computers that he suspected of being involved in spamming. In light of his testimony, at least at times, he has suspected Sierra of spamming, the Court finds that the direct and circumstantial evidence is sufficient for a finding that Ritz ran port scans on Sierra's computers. The circumstantial evidence relied upon includes the firewall access logs of Sierra, Ritz's habits, Ritz's doctored connection logs reflecting his port scans, and the scarcity of other persons who
-6-
used geeks.org, which was the source of the port scanning attempts on Sierra.

25. Ritz accessed the salver for Newsfeeds.com. and other Sierra computers such as the one hosting Travisreynolds.com and the Rover's Playhouse site, after this Court issued an injunction prohibiting such access on August 4, 2005. Ritz has not even denied such activity. Ritz's behavior in visiting those sites violated the injunction. Ritz did so knowingly.

26. While this Court previously excused Rite's violation of the injunction when he made a renamed copy of the zilla queries file publicly available via http access, the Court cannot overlook yet another violation of its Order. Ritz is a highly sophisticated computer operator and fully appreciated what be was doing when he accessed the Newsfeeds.com server and website which be knew was owned and operated by Sierra. Similarly, Ritz violated the injunction when be accessed the websites operated by Sierra on behalf of Rover's Playhouse and Travis Reynolds, the son of Jerry Reynolds.

27. Ritz has participated in approximately 18 Usenet Death Penalties. A UDP is a process by which a Usenet ISP can be pressured by canceling messages posted through its service and convincing other providers to de-peer with it.

28. Ritz denied having even discussed any UDPs of Newsfeeds.com and Siesta. His testimony to that effect was false. He called for a UDP of Newsfeeds.com and Sierra.

29. Ritz received information in this case which Sierra had designated Attorneys Eyes Only ("AEO") for purposes of this litigation when it produced that information to Ritz's counsel.

30. Ritz received offers of assistance from the SuperNews team in this litigation. Ritz's sworn denials of such offers of help were false.

31. Ritz falsely stated in his interrogatory answers that his only name on the Internet was David Ritz, when be actually went by names including "s lewini" and "BOFH" ("Bastard
-7-
Operator From Hell").

32. Ritz’s ongoing monitoring, tracking, and connection attempts with Sierra's computers is malicious. He admits to having ill will and malice towards Sierra and its principals. While Ritz maintains that the basis for his feelings are Suspicions of Spam activity by Sierra, those suspicions do not justify violations of the law nor trespass. Ritz's constant surveillance is sinister in nature and he continues to this day, to gather and maintain as much information as he can acquire on Sierra and its principals, including gathering information on the son of Sierra's owner. Historically, Ritz has published information including what he believed to be tax credit card number of Sierra's owner.

33. The Court finds by clear and convincing evidence that Ritz is guilty of actual malice. Sierra is entitled to an award of exemplary damages for the sake of example and by way of punishing Ritz.

34. The Court finds by clear and convincing evidence that $50,000.00 in exemplary damages is consistent with the principles and factors set forth under N.D.C.C. § 32-03.2-11(5). There is a reasonable relationship between this award and the harm likely to result from the Ritz's conduct as well as the harm that actually has occurred; the award is consistent with the degree of reprehensibility of Ritz's conduct and the duration of that conduct; and the award is consistent with Ritz's awareness of and concealment of the conduct.

CONCLUSIONS OF LAW

1. Ritz's behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law. The zone transfer conducted on February 27, 2005 was a violation of the stance. His successful and unsuccessful attempts to access Sierra's server in the months that followed were additional violations of the Computer
-8-
Crime Law. The zone transfers conducted and attempted by Ritz were far outside the intended use of zone transfers. Ritz was never given authorization or permission by Sierra for the zone transfers.

2. The Court need not determine whether a normal, single DNS query is authorized within the meaning of the statute. Even if there had been any authorization for a such a DNS query or lookup, Ritz exceeded that authorization in violation of the statute by conducting a zone transfer and attempting further access.

3. The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down. Any backer could allege that any form of access was authorized because he was able to penetrate the system, regardless of whether the commands utilized were well-formed.

4. Ritz violated the injunction of this Court when he accessed the newsfeeds.com website which he knew to be owned and operated by Sierra, after this Court enjoined him from visiting any Sierra website. He also violated that injunction by his repeated visits to the Rover's Playhouse websites and his visits to travisreynolds.com which he understood to be part of Sierra

5. Ritz is hereby held in contempt for violating the injunction of this Court. He is ordered to pay $10,000.00 as a penalty.

6. Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions.

7. Clear and convincing evidence shows that Ritz acted with actual malice when he
-9-
repeatedly access Sierra's computers without authorization. Sierra is entitled to an award of exemplary damages in the amount of $50,000.00. Clear and convincing evidence shows this amount is consistent with the principles and factors set forth under N.D.C.C. § 32-032-11(5).

8. Sierra has sustained actual damages in an amount of $2,930.00. Sierra has also suffered an ongoing security risk which cannot be accurately valued in money damages but which may continue to exist for years.

9. Sierra is entitled to recover reasonable attorneys' fees incurred in this action by statute.

10. Ritz trespassed Sierra's chattel by his intrusions into Sierra's computers.

11. Injunctive relief is warranted to prevent Ritz from causing Sierra further harm and to attempt to mitigate the injury caused by Ritz's unauthorized access, trespass to chattels and publication of information about Sierra taken from Sierra's computer.

ORDER FOR JUDGMENT

1. Judgment is GRANTED to Plaintiff on Count I of the Second Amended Complaint, under North Dakota's Computer Crime Law.

2. Judgment is GRANTED to Plaintiff on Count II of the Second Amended Complaint, for trespass to chattels.

3. Sierra is awarded actual damages of $2,930.00.

4. Sierra is awarded exemplary damages in the amount of $50,000.00.

5. Ritz shall pay $10,000.00 as a contempt sanction.

6. Sierra is awarded reasonable attorneys' fees incurred in this action. Sierra shall apply to this Court for a determination of the amount of those fees.
-10-
Said application shall be made within thirty (30) days. The fee application may be made on a confidential basis within the terms of the protective order issued in this case.

7. Sierra's request for a Permanent Injunction is GRANTED.

8. Defendant Ritz is hereby restrained and permanently enjoined from directly or indirectly accessing Sierra Corporate Design, Inc.'s computers, websites, servers, networks, programs, computer systems or data contained in Sierra Corporate Design, Inc.'s computers, computer system or computer network at any time. This includes but is not limited to, computers and websites operated under the names Newsfeeds.com, Usenet.com, Nuthinbutnews.com. Binaries.net and Newsgroups.com (hereinafter “Sierra’s companies”) or any other server Sierra makes accessible via the Internet.

9. Defendant Ritz is hereby restrained and permanently enjoined from requesting or securing DNS zone transfers or otherwise copying, directly or indirectly, any information on Sierra's computers, websites, servers, networks, programs, computer systems or data contained in Sierra's computers, computer system or computer network at any time. This injunction also applies to DNS lookups on hostnames of Sierra that it does not publish on any of its websites.

10. Defendant Ritz is hereby restrained and permanently enjoined from port scanning. IP scanning or any other type of network scanning on any of Sierra's computers or networks.

-11-
11. Defendant Ritz is hereby restrained and permanently enjoined from directly or indirectly publishing, disclosing, sharing or common caring any information about Sierra's computers, websites, servers, networks, programs, computer systems or data contained in Sierra's computers, computer systems, or computer network. This injunction includes, but is not limited to, Ritz directly or indirectly publishing information about Sierra on any website, via hypertext transfer protocol (HTTP), Usenet message boards. through any chat protocols such as IRC or AOL, blogs, or any other Internet based communications protocol, but does not include communication by other parties about Sierra's computers, websites, servers, networks, programs or computer systems as expressly authorized by Sierra.

12. Defendant Ritz is directed to immediately destroy any and all copies of Sierra's computers, websites, servers, network, or computer systems and any information about Sierra that are in their possession, whether such copies and information are in digital, electronic or physical form.

13. Defendant Ritz is further enjoined from directly or indirectly (including through third parties acting on Ritz's request or behalf) publishing the preliminary or final transcript of the proceedings in this case and any filing of that transcript shall be done under confidential seal unless Sierra expressly stipulates to the open filing of the transcript or excerpts thereof.

14. All materials designated as Attorneys Eyes Only or Confidential in this case shall continue to enjoy the protections of those designations as
-12-
outlined in this Court's order of September 28, 2005.

15. Plaintiff is awarded reasonable costs and disbursements.

/s/
Cynthia Rothe-Seeger, Judge of District Court

Attachment	Date	Size
Sierra.pdf	01/15/08 4:58 pm	2.32 MB