Operation Sundevil was a 1990 nationwide United States Secret Service crackdown on "illegal computer hacking activities." It involved raids in approximately fifteen different cities and resulted in three arrests and the confiscation of computers, the contents of electronic bulletin board systems (BBSes), and floppy disks. It was revealed in a press release on May 9, 1990. The arrests and subsequent court cases resulted in the creation of the Electronic Frontier Foundation. The operation is now seen as largely a public-relations stunt. Operation Sundevil has also been viewed as one of the preliminary attacks on the Legion of Doom and similar hacking groups. The raid on Steve Jackson Games, which led to the court case Steve Jackson Games, Inc. v. United States Secret Service, is often attributed to Operation Sundevil, but the Electronic Frontier Foundation states that it is unrelated and cites this attribution as a media error.
Prior to 1990, people who manipulated telecommunication systems, known as phreakers, were generally not prosecuted within the United States. The majority of phreakers used software to obtain calling card numbers and built simple tone devices in order to make free telephone calls. A small elite, highly technical segment of phreakers were more interested in information about the inner workings of the telecommunication system than in making free phone calls. Phone companies complained of financial losses from phreaking activities. The switch from analog to digital equipment began to expose more of the inner workings of telephone companies as hackers began to explore the inner workings, switches and trunks. Due to a lack of laws and expertise on the part of American law enforcement, few cases against hackers were prosecuted until Operation Sundevil.
However, starting in 1989, the US Secret Service (USSS), which had been given authority from Congress to deal with access device fraud as an extension of wire fraud investigations under Title 18 (§ 1029), began to investigate. Over the course of the 18-month-long investigation, the USSS gathered alleged evidence of rampant credit card and calling card fraud over state lines.
Operation Sundevil allowed multiple federal law enforcement agencies, particularly the Secret Service and the FBI, to gain valuable expertise on fighting this new form of criminal activity as well as expanding the agencies' budgets. New laws were created to allow federal prosecutors to charge individuals accused of phreaking, hacking, wire, and credit card fraud. Evidence gained from Operation Sundevil allowed law enforcement to convince the United States Congress of the need for additional funding, training, and overall expansion.
Along with the Chicago Task Force and the Arizona Organized Crime and Racketeering Bureau, the operation involved raids in Austin, Plano, Cincinnati, Detroit, Los Angeles, Miami, New York, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, San Francisco, and Seattle. The raids were centered in Arizona, where the press conference occurred.
Raids generally took place in middle-class suburbs and targeted credit card thieves and telephone abusers. They were carried out by local police, with the aid of over 150 Secret Service agents, FBI and CIA. Twenty-seven search warrants, resulting in three arrests, were issued and executed on May 7 and 8, 1990. Police also took around 42 computers and approximately 25 BBSes, including some of the most infamous and elite hacking BBSs in the world at that time, such as Cloud Nine. This was the largest crackdown on electronic bulletin boards in world history. Finally, about 23,000 floppy disks were also seized. These held a variety of data, including software, Phreaking and Hacking tools, tens of thousands of Credit card details, and a plethora of illegal copyrighted material. The three people arrested were "Tony the Trashman," "Dr. Ripco," and "Electra."
Other parts of the operation targeted the underground ezine Phrack, which had published the contents of a proprietary text file copied from BellSouth computers and containing information about the E911 emergency response system, although this was later made null in a court case in which it was proven that the same information about the E911 system was also provided to the public through a mail-order catalog.
In a press release on May 9, 1990, officials from the federal government and the Arizona state government revealed that the Secret Service was involved in the investigation. The Assistant Director of the US Secret Service, Garry M. Jenkins, commented in a press release that, "the Secret Service is sending a clear message to those computer hackers who have decided to violate the laws of this nation in the mistaken belief that they can successfully avoid detection by hiding behind the relative anonymity of their computer terminals."
Two public-access computer systems were shut down in the days following the operation: an AT&T Unix system in Dallas, Texassdf and a Jolnet system in Lockport, Illinois. Neither has been linked to the operation, however. An AT&T spokesman claimed the shutdown was a result of an internal investigation and was not related to the operation.
In response to the arrests, the Electronic Frontier Foundation was founded by Mitchell Kapor, the founder of Lotus Development Corporation, and John Perry Barlow, an author. The foundation hired lawyers to represent the hackers in two of the cases arising from Operation Sundevil.
Operation Sundevil was the most publicized action by the federal government against hackers. In part due to this, it has been seen as a public-relations stunt and a message to hackers. While it did little overall damage to the hacking community in the long run, it did stop the illicit hacking activities of many of the best hackers in the world for a short period of time, which is why it has been lauded as a tactical success due to the surprise and damage it caused to the communities in comparison to the long wars waged against the Legion of Doom. However, it has also been criticized as a failure due to several unsuccessful prosecutions, and a number of raids not even leading to arrest.
- Clapes, Anthony Lawrence (1993). Softwars : the legal battles for control of the global software industry. Westport, Conn.: Quorum Books. ISBN 0-89930-597-0.
- "The Top Ten Media Errors About the SJ Games Raid". Steve Jackson Games. 1994-10-12. Retrieved 2009-03-08.
- Garmon, Jay (2006-02-28). "Geek Trivia: Gaming the (legal) system". TechRepublic. Archived from the original on 2012-07-10. Retrieved 2009-03-09.
- Sterling, Bruce (1994). "Part Three: Law and Order". The Hacker Crackdown: Law And Disorder On The Electronic Frontier. New York: Bantam Books. ISBN 0-553-56370-X. Retrieved 2009-03-08.
- Sterling, Bruce (1994). "Part Two: The Digital Underground". The Hacker Crackdown: Law And Disorder On The Electronic Frontier. New York: Bantam Books. ISBN 0-553-56370-X. Retrieved 2009-03-08.
- McMullen, Barbara E.; John F. McMullen (May 10, 1990). "News conference reveals nationwide hacker investigation". Newsbytes.
- Sterling, Bruce. "Gurps' Labour Lost". Electronic Frontier Foundation. Archived from the original on 2017-02-06. Retrieved 2009-03-08.
- "Three arrested in nationwide sting against computer hackers". Data Channels. Phillips Publishing Inc. May 16, 1990.
- "Steve Jackson Games v. Secret Service Case Archive". Electronic Frontier Foundation. Archived from the original on 2008-04-11. Retrieved 2009-03-08.
- Charles, Dan (1990-07-21). "Crackdown on hackers 'may violate civil rights'". New Scientist. Retrieved 2009-03-08.
- Esquibel, Bruce (1994-10-08). ""Operation Sundevil" is finally over for Dr. Ripco". Electronic Frontier Foundation. Archived from the original on 2011-08-10. Retrieved 2009-03-08.