LaMacchia Will Be Arraigned Friday


An article about the indictment and arraignment of LaMacchia, along with details on how MIT officials discovered the file-sharing network.


David M. LaMacchia '95, who was indicted last Thursday for conspiracy to commit wire fraud, will be arraigned this Friday at the U.S. District Courthouse in Boston, according to LaMacchia's lawyer Harvey Silverglate.

LaMacchia is charged with conspiracy to commit wire fraud, a crime which carries a maximum penalty of five years in prison and a $10,000 fine, according to Bill McMullin, special agent with the Federal Bureau of Investigation.

According to the indictment, LaMacchia used two workstations in the Student Center Athena cluster to "permit and facilitate, on an international scale, the illegal copying and distribution of copyrighted software." The machines were W20-575-75, which was designated "Cynosure I," and W20-575-76, named "Cynosure II."

The indictment alleges that LaMacchia "requested particular copyrighted software and cautioned against over-publication of the Internet site address in order to reduce the risk of detection by the 'net.cops' "

Philip G. Greenspun G, who worked with LaMacchia at the Artificial Intelligence Laboratory, has established a defense fund to assist with LaMacchia's legal expenses. He had raised $3,000 by yesterday afternoon.

System logs examined

According to James D. Bruce ScD '60, vice president for Information Systems, the servers were first detected around the beginning of the 1993 winter vacation.

After the servers were detected, IS began to monitor usage of the machines involved, Bruce said. It was likely that IS also used programs to determine the number of workstations which were involved, he said.

"Within IS, there is a lot of work that is done behind the scenes to detect untoward behavior. It is a form of preventative maintenance," Bruce said. "You want to find out the cause of the behavior, so you do a lot of monitoring."

From this monitoring, IS was able to identify LaMacchia as the individual responsible for the servers, Bruce said.

By examining system logs for the machines, IS was able to determine that the servers had been running since late November, Bruce said. According to the indictment, the servers were operational from Nov. 21, 1993 to Jan. 5, 1994.

LaMacchia operated the servers using the aliases "John Gaunt" and "GrimJack," the indictment said. The servers, which used the File Service Protocol (FSP), allowed users to both upload and download software.

FSP is a method of transferring files in measured increments, reducing the chances that the computational cost of running the server will interfere with normal use of the computer.

In addition, the indictment alleges that "users of the [servers] often hid their identities by using an Internet address located in Finland which afforded an anonymous forwarding service."

At one point, the indictment alleges, LaMacchia placed a file entitled "reqs.from.gaunt" onto one of the servers. In the file, a request was specifically made for Sim City 2000, Microsoft Excel 5.0, and Wordperfect 6.0.

A list obtained by The Tech showed that two of these programs, Excel and WordPerfect, were present on the server at one point along with nearly one hundred other programs, many of which were copyrighted.

Defense: inappropriate use of law

"Sadly, the United States Attorney General for Massachusetts, Daniel K. Stern, has chosen, in this case, to attempt to exert control over the use of the Internet and computer communication by an inappropriate use of criminal law," LaMacchia's lawyers said in their response to the indictment.

"In indicting David LaMacchia, a 20-year-old junior at MIT, the US Attorney and his staff are trying to brand a computer systems operator Š as a criminal for what other people place on, and take off a computer system that [he] creates and maintains but does not control," the attorneys said.

In the "Issues Primer," LaMacchia's counsel said, "David LaMacchia is not alleged in the indictment to have uploaded, downloaded, transmitted, or even used personally any copyrighted software on the [server] that he created and operated."

Though these allegations are not made in the indictment, both Bruce and McMullin said that evidence exists that LaMacchia did more than simply provide the servers for users. "He was putting software on the [server], plus other people who were calling in were putting up software," McMullin said.

"Lets just assume that there are reasons to believe that he was not just creating a locker," Bruce said.

"The investigation concerning LaMacchia is over," McMullin said. "If other facts came to light, they might create more investigations."

While many of the files contained in the indictment are signed by two individuals, GrimJack and Mongoose, no mention is made in the indictment of a second person being involved.

LaMacchia is the principle person being investigated, McMullin said.

"I don't know that there were ever any leads as to who Mongoose was," Bruce said.


Author: Eric Richard.

This article may be freely distributed electronically, provided it is distributed in its entirety and includes this notice, but may not be reprinted without the express written permission of The Tech. Write to for additional details.

  • Copyright 1994, 95, The Tech. All rights reserved. This story was published on April 12, 1994. Volume 114, Number 20. The story began on page 1 and jumped to page 17.