Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 1 of 66� ORIGINAL
UNITED STATES DISTRICT COURT FICEDIIV [E NORTHERN DISTRICT GEORGIA u5.p,C , RKS~,, prFa E OF C IC ATLANTA DIVISION ~7/MA Y BLACKBOARD, INC ., 1 2 2003 LUTHER,, , .S, Plaintiff, Clerk BYe Pul ICl erk v . Civil Action File No .
BILLY HOFFMAN and VIRGIL GRIFFITH, I!e3-CV-1279 Defendants .
NOTICE OF REMOVAL
Defendants Billy Hoffman ("Hoffman") and Virgil Griffith
("Griffith") (collectively the "Defendants") file this Notice of
Removal and respectfully show the following grounds for removal
as specified by 28 U .S .C . § 1446 :
1 .
Blackboard, Inc . ("Blackboard") has filed suit against the
Defendants in the Superior Court of Dekalb County, which county
is within the Atlanta Division of this Court . This suit is
styled as above and numbered Civil Action No . 03CV4404-10 in
that Court . The suit asserts various causes of action arising
under the statutes of the United States . Blackboard is, upon
information and belief, a Delaware corporation with its
principal place of business in Washington, D .C . r'R~1~ RE~FI+~ C005211 IU t~S 1B( ---~-
1111 ?~ '= 71, Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 2 of 66�
z .
Defendant Hoffman is a Georgia resident . Defendant
Griffith is an Alabama resident . Neither Hoffman nor Griffith were ever a resident of Delaware or the District of Columbia or
Delaware .
3 .
The afore-mentioned civil action is a civil action over
which this Court has original jurisdiction under the "federal
question" provisions of 28 U .S .C . 1331 . Plaintiff's Complaint
includes causes of action arising under the Electronic
Communications Privacy Act (18 U .S .C . § 2701 et seq .), the
Computer Fraud and Abuse Act (18 U .S .C . § 1030, apparently
misidentified throughout Plaintiff's complaint as the federal
Consumer Fraud and Abuse Act), and the Lanham Act (18 U .S .C .
2320) . Moreover, although Plaintiff has not at this time
claimed monetary damages, the original jurisdiction of this
Court would also be proper under 28 U .S .C . 5 1332 insofar as
Plaintiff is not legally precluded from asserting money damages
(which it has not at the time) in excess of $75,000 .
2 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 3 of 66�
4 .
Defendants have attached at Exhibit A hereto copies of all pleadings and orders served upon them in this case .
5 .
Defendants have given written notice of the filing of this
Notice of Removal to the Plaintiff by notifying Plaintiff's attorneys of record, to wit, Charles T . Lester, Jr . and Gregory
S . Smith . Defendants have filed a written notice of filing of removal with the Clerk of the Superior Court of Dekalb County, a copy of which is attached at Exhibit B .
WHEREFORE, Defendants Hoffman and Griffith pray that this case be removed to the United States District Court for the
Northern District of Georgia, Atlanta Division .
Respectfully submitted this 12th day of 2003,
WELLBORN & BUTLER LLC
Paul F . Wellborn, III Georgia Bar No . 746720
1372 Peachtree St ., N .E ., Suite 204 Atlanta, GA 30309 Phone : (404) 815-9595 Fax : (404) 815-9957 Attorney for Defendants
3 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 4 of 66�
INDEX TO EXHIBITS
A . Pleadings Served On Defendants
1 . Complaint (1-37) 2 . Order and Amended Order Re : Special Server (38A and 38B) 3 . TRO (39-40) 4 . Consent Order Extending TRO (41-42) 5 . Notice Of Hearing (43) 6 . Defendants' Verified Answer (44 to end)
B . Notice Of Filing Of Removal (State Court) Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 5 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OF GEORGIA
BLACKBOARD INC., ) Civil Action File No.
Plaintiff, )
v. )
BILLY HOFFMAN and ) VIRGIL GRIFFITH, )
Defendants. )
VERIFIED COMPLAINT
Plaintiff Blackboard Inc. ("Blackboard"), through counsel, files this
Complaint for injunctive and declaratory judgment relief.
PARTIES AND BACKGROUND
1 . Plaintiff Blackboard is a Delaware corporation with its principal
place of business in Washington, D .C .
2 . Blackboard provides and sells hardware and software products,
including the Blackboard Transaction System, to various institutions, including
colleges and universities . The Blackboard Transaction System allows students
and other authorized users to electronically purchase products and services through on-line commerce. The Blackboard Transaction System also offers a more sophisticated door access module, a security system that can allow such institutions to electronically control access to certain buildings and other locations.
WO m9ao.i
EXHIBIT A.1 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 6 of 66�
3. Defendant Billy Hoffman is a student at the Georgia institute of
Technology who lives in the Atlanta, Georgia area. Mr. Hoffman runs a website
known as www.yak.net/acidus . While Mr. Hoffman's name does not specifically
appear on the www.yak.net/acidus website, the website itself acknowledges that
his previous postings on this website and articles written led a "Blackboard
Usergroup" to "figur(e] out I went to Tech." The website further recounts in the
first person Mr. Hoffman's experiences after being confronted in 2002 by Georgia
Tech police and Georgia Tech's Dean of Students, among others, about a 2001
hacking incident involving Blackboard . See Exhibit A
4 . Defendant Virgil Griffith is a student at the University of Alabama in
New College. Mr. Griffith runs a website known as www,romanpoet.org, which is
linked to Mr. Hoffman's www.yak.neUacidus website. Defendant Griffith plans to
join Mr. Hoffman in speaking and handing out materials at a conference at the
Radisson Hotel Atlanta Northlake, 4156 LaVista Road, in Atlanta, DeKalb
County, Georgia on April 11-13, 2003, all as set forth below.
SPECIFIC FACTUAL ALLEGATIONS
5. Mr. Hoffman openly acknowledges on his website that "I am a
hacker." His website then defends the process of hacking. See Exhibit B.
6. Mr. Hoffman's website also acknowledges that he previously broke into a switchbox, a MW/MHWMENC Wall Mount Enclosure, in a campus laundry, in order to examine an otherwise closed wiring system. As Mr. Hoffman's website notes, "I took a long thin knife, and put the tip in the groove of the screw, and used the length of the handle and torque it generates will turned to undo
WO »>aw.1 EXHIBIT A.2 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 7 of 66�
each of the 4 screws. Wanna see what was inside?" His we5site then shows
photographs of this uncovered wiring system, and attempts to explain how this
reader, data line and multiplexer fit together. See Exhibit C.
7. Mr. Hoffman wrote an article in the Spring 2002 issue of "2600: the
Hacker Quarterly." describing what he claimed were security flaws in the
Blackboard system, gleaned from his hacking. See Exhibit D.
8 . Mr. Hoffman's website notes that he was confronted by Georgia
Tech police, but he was not chastened by this warning. Rather, Mr. Hoffmari's
website notes, "The more I think about it the angrier I get . . . . Nothing about this
will be done until someone jacks a school for a few thousand." See Exhibit A.
9. Mr. Hoffman was also confronted by Georgia Tech's administration.
In an e-mail to Georgia Tech's Jim Pete, posted on his website, Mr. Hoffman
again notes how "I'm pretty pissed you've been blowing me off." He also noted
how his actions may facilitate further damage: "My article . . . will cause people to
be hacked." See Exhibit E.
10 . Despite being confronted by the police and the Georgia Tech administration, Mr. Hoffman, according to his website, continued to speak at certain conferences, where he "detailed the 3 types of man-in-the-middle- attacks." See Exhibit D. He posted on his website specs and technical details from ATU's old cached web pages, which he describes as "details Blackboard wished weren't floating around." See Exhibit F. Mr. Hoffman also accepted payment as a consultant for one of Blackboard's competitors . See Exhibit G .
WO 177940.1 3 EXHIBIT A.3 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 8 of 66�
11 . Mr. Hoffman's website recently has indicated .ha: he intends to
speak at another InterzOne II conference April 11-13, 2003, in Atlanta, DeKalb
County, Georgia. A copy of that conference's agenda, confirming that Mr.
Hoffman (using his website alias "Acidus") plus another co-panelist named
"Virgil,° are scheduled to speak at the conference on Saturday, April 12, 2003 at
7:00 p.m. See Exhibit H. "Virgil" is known to be Virgil Griffith, a student at the
University of Alabama in New College, whose website, www.romanpoet.org, is
linked to Mr. Hoffman's website.
12. Mr. Hoffman's website indicates that, at this conference in DeKalb
County, he plans to "expand on last years CampusWide discussion" :
"The signals to and from several Blackboard readers have been captured, as well as how data is stored on the cards. Using this knowledge Virgil and I have created a drop-in compatible reader, that will work with an existing RS485 network. Computer code to emulate any reader made as well as hardware specs to wire the readers and control circuits will be launched . .. . This will show no! only did we hack the system, but we hacked it so far we could build functional readers from scratch."
See Exhibit G (emphasis added).
13 . Mr. Hoffman's Website further states that he plans to "speak at
InterzOne, and release code to make a computer emulate any Blackboard reader, as well as the hardware designs . . . to make a drop in replacement for any Blackboard reader. If Blackboard wouldn't make their system more secure, or tell people how to secure it, 1W simply make compatible ones myself and glue them away." See Exhibit J (emphasis added). On the same website discussing such compatibility, Mr. Hoffman also includes Blackboard's logo. See
Exhibit I.
WO 177940.1 4 EXHIBIT A.4 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 9 of 66�
COUNT ONE
14 . The Electronic Communications Privacy Act, 18 U .S.C § 2701 et
seq. prohibits a person from "intentionally access[ing] without authorization a
facility through which an electronic information service is provided." /d. at §
2701(a)(1) .
15. In the instant case, Hoffman's website openly acknowledges that
he and Mr. Virgil "hacked" into Blackboard's system, and that "we hacked it so far
we could build functional readers from scratch.°
16. Hoffman's access into the Blackboard system, achieved through
admitted "hacking," was made without authorization .
17. Accordingly, Blackboard is entitled to temporary and permanent
injunctive relief, as set forth more fully below.
COUNTTWO
18. The Georgia Computer Systems Protection Act, O.C.G.A. § 16-9-
90 et seq., prevents a person from "[o]bstructing, interrupting, or in any way
interfering with the use of a computer program or data" and from "[a]itering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists." O.C.G.A. § i6-9-93(b)(2) 8 (3).
19. Here, Mr. Hoffman has stated an intention to facilitate the causing of a malfunction to the Blackboard computer network and/or computer program .
20. The Georgia Computer Systems Protection Act also makes it a criminal offense for any person to disclose "a number, code, password, or other
WO 177940.1 EXHIBIT A.5 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 10 of 66�
means ot access to a computer or computer network knowing that such
disclosure is without authority and which results in damages (including the fair
market value of any services used and victim expenditure) to the owner of the
computer or computer network in excess of $500 .00." Id. § 16-9-93(e).
21 . Here, Hoffman's website expressly indicates that he wilt be
revealing code that could facilitate access to a computer network. Defendant
Hoffman is without authority to disclose such code.
22 . Accordingly, Blackboard is entitled to temporary and permanent
injunctive relief, as set forth more fully below.
COUNT THREE
23. Under the Georgia Trade Secrets Act of 1990, O.C.G.A . § 10-1-
760, et seq., the actual or threatened misappropriation of trade secrets may be enjoined .
24. Defendant Hoffman has threatened to misappropriate, and to display publicly, information that falls within the definition of Blackboard trade secrets, as defined by Georgia law.
25. Accordingly, Blackboard is entitled to temporary and permanent injunctive relief, as set forth more fully below.
COUNT FOUR
26. Under the Lanham Act, 18 U.S.C. § 2320, Blackboard retains a legitimate trademark in its products.
27. Defendant Hoffman has threatened to produce and distribute substitute products that he claims are "compatible" with the Blackboard reader,
WO 177940.1 s EXHIBIT A.6 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 11 of 66�
explicitly or implicitly conveying an impression that the products may properly
connect to, and access, Blackboard trademarked products . Mr. Hoffman has
also included the Blackboard logo on his website that describes his supposedly
"compatible" products.
28 . The "drop-in" products Defendants are purporting to produce and
distribute are not authorized by Blackboard, and both their distribution, and the
impression Defendants are trying to Great that that the products may be properly
and legally attached to or accessible with Blackboard products, is false.
29 . Because Defendants' threatened actions violate the Lanham Act,
Blackboard is entitled to temporary and permanent injunctive relief, as set forth
more fully below.
COUNT FIVE
30. Under the Consumer Fraud and Abuse Act, 18 U.S .C . § 1030 et
seq., it is illegal for a person to intentionally access a computer without
authorization and obtain certain specified information.
31 . Similarly, the same Act makes it illegal for an individual to
knowingly cause the transmission of a program, information, code or command,
and intentionally cause damage, without authorization to a protected computer.
32. Similarly, the Act makes it illegal for an individual to intentionally
access a protected computer without authorization and cause damage, including
a threat to public health or safety.
33 . Defendants' actions have been without authorization, and constitute a violation of the Consumer Fraud and Abuse and Abuse Act.
WO 177940.1 7 EXHIBIT A.7 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 12 of 66�
34 . Blackboard is entitled to temporary and permanent injunctive relief,
as set forth more fully below.
NEED FOR TEMPORARY RESTRAINING ORDER
35 . Defendants' threatened actions, if true, would allow and encourage
an unknown number of unauthorized parties to access Blackboard's system.
Although Blackboard does not acknowledge that Defendants' representations
that they have developed an ability to produce a system compatible with
Blackboard's are true, the risk of harm here is too substantial to allow Defendants
to proceed unabated . Blackboard's Transaction System covers approximately
223 university systems nationwide, including electronic security systems, trust
accounts, debit cards, and many other electronic types of financial and physical
security. Defendants are essentially claiming that they have the ability to
facilitate massive fraud, security breaches, and other harms, threatening both the
physical and financial security of college students, and harming the universities,
their vendors and Blackboard itself. Without injunctive relief, Blackboard would
have no adequate remedy at law. It faces an imminent risk of irreparable harm.
PRAYER FOR RELIEF
36. The Court should grant a temporary restraining order, enjoining
Defendants Billy Hoffman and Virgil Griffith from:
a. revealing or discussing any signals to or from any Blackboard reader or any Blackboard transaction processing system, that may have been captured ;
b. revealing or discussing information about how any information is stored on any Blackboard card or reader, or on any Blackboard transaction processing system ;
WO »r9ao.i EXHIBIT A.8 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 13 of 66�
c. providing to others, or revealing or discussing any information relating to, any "drop-in compatible reader that will work with an existing RS-485 network' ;
d, releasing code to make a computer emulate any Blackboard reader or any Blackboard transaction processing system, as well as the hardware designs to make a drop in replacement for any Blackboard reader or any Blackboard transaction processing system; and
e. claiming any that either of them has any right, either explicitly or implicity, to provide products or services that can legitimately be used or interfaced with a Blackboard product.
37. This Court's temporary restraining order should also require that
Defendants Billy Heffman and Virgil Griffith remove Blackboard's logo from their
website, as well as any materials on their website that include any information set
forth above, and
38. This Court should thereafter establish hearing dates on Plaintiff s
request for both a preliminary and permanent injunction, and order that the
temporary relief set forth above be extended and made permanent.
WHEREFORE, Plaintiff requests that the Court temporarily and
permanently enjoin Defendants asset forth above.
Respecif miffed,
Ch r r, Jr. Georgia B o . 447200 Gregory S. Smith Georgia Bar No. 858375 Sut'ierland~As6i11 & Brennan LLP 999 .Peachitree 5t., N .E. Atlanta, Georgia 30309-3996 (404) 853-804Q Telephone 0404) 853-8806 Facsimile
Attorneys far Plaintiff
WO 177940.1 s EXHIBIT A.9 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 14 of 66�
c. providing to others, or revealing or discussing any information relating to, any "drop-in compatible reader that will work with an existing RS-485 network";
d . releasing code to make a computer emulate any Blackboard reader or any Blackboard transaction processing system, as well as the hardware designs to make a drop in replacement for any Blackboard reader or any Blackboard transaction processing system ; and
e. claiming any that either of them has any right, either explicitly or implicity, to provide products or services that can legitimately be used or interfaced with a Blackboard product.
37 . This Court's temporary restraining order should also require that
Defendants Billy Hoffman and Virgil Griffith remove Blackboard's logo from their
website, as well as any materials on their website that include any information set
forth above, and
38. This Court should thereafter establish hearing dates on Plaintiffs
request for both a preliminary and permanent injunction, and order that the temporary relief set forth above be extended and made permanent.
WHEREFORE, Plaintiff requests that the Court temporarily and permanently enjoin Defendants as set forth above.
Respectfully submitted,
Charles T. Lester, Jr. Georgia Bar No. 447200 Gregory S. Smith Georgia Bar No. 658375 Sutherland Asbill & Brennan LLP 999 Peachtree St., N.E . Atlanta, Georgia 30309-3996 (404) 853-8000 Telephone (404) 853-8806 Facsimile
Attorneys for Plaintiff
WO 177940.1 9 EXHIBIT A.10 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 15 of 66�
VERIFICATION
I Gregory S . Smith, counsel for Blackboard Inc., being duly sworn,
hereby verify that the factual statements set forth in the above-referenced
Verified Complaint are true and correct to the best of his knowledge and
belief.
GrQgd~.f~nhith
Sworn before me this 11 1h day of April, 2003.
rNotary Public
My commission expires: i~~y~~6
WO 177940.1 10 EXHIBIT A.11 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 16 of 66� Page 1 of 2
So I have created quite a stir from this article. It all started when I got a call from my Mom saying the GAT'EPCH Police had called for me. The Cop told me the Buzzcard office was conducting an audit of its system to see if anyone was using my info to compromise the system . I suggested to the cop that I could go talk to them in detail about my article, and help them fill in then holes. I walked over thinking that the Buzzcard folks might be upset, but they would see if anyone could help them do a better job it was me
Boy was I wrong. It was like walking into the lion's den. I basicly got reamed from 2 hours by those folks.
"Do you know what you did?" "Do you know that you embarrassed the university?" "I am in charge of training everyone in Georgia to use this system, do yon know how I look now?" "To show the world this happened under our noses, how dare you?" "You know Someone could read your article and then decide not to buy from Blackboard" "You didn't really get all that far, you couldn't have gotten very far, you didn't hack Blackboard" "You may cause us to lose out funding" "You can cost Blackboard money in sales" "You know we do a better job protecting the lines than most colleges do"
I have been yelled at because I showed the world that the system is weak. Where the HELL are the people yelling at Blackboard for the weak system? Hello Hello? anyone there? Did I embarrass Tech? Did I hurt peoples reputations? MAYBE THEY DESERVED TO BE HURT OR EMBARRASSED! After all, you did the bad job implementing the system. Not me. I said the emperor had no clothes and its easier for you to attack me than shame yourselves. "We do a better job than most." Thats like saying my boat as less holes than yours does. Yes every system has holes, but that doesn't mean you use that as an excuse not to try and fix things. But thats what was done. "Well every system has holes we can't fix them all, so we'll sit on our hands and maybe nobody will find them." "You could cost Blackboard money." Well, if Blackboard is sending you this system in a box with a little tag on it that says "Plug me in, turn me on, you are ready to go," and doesn't tell you how to properly install the system, the than deserve to have business go to a competitor. Hell, Diebold makes ATMs for gods sake. I bet they do a better job, they have to have some DES hardware units just lying around. If Blackboard doesn't tell its clients how to properly implement the system, than Blackboard deserves to lose potential client.
The more I think about it the angrier I get. I didn't write an article that said "Cross this wire with this wire to get free stuff." No I didn't. I wrote an article that had roughly the same amount of detail on how to do the exploits that a CERT advisory has. I wrote this article because I was interested in a system that no one seemed to know anything about I found it had holes, and I call Blackboard, and got Blown off: They didn't want to hear about it. So no I didn't go to tech. I wrote an article, to let everyone know the system has big time flaws, and that the company doesn't care. And you know what. Most universities don't care. They are going to say "Hmm, it will cost X dollars to run pipes, maybe X number of people we hack it, this isn't worth it." Nothing about this will be done until someone jacks a school for a few thousand. And that will happen folks. Believe me. As I have said to the cops, to the Buz.zcard office, and to the Dean's office : I'm really not that smart of a guy. At Tech their are people far smarter than I. And On a college campus with smart people who are poor, they might get ideas about ways to advance themselves a little.
Wake up people. the cat is out of the bag. If you can get to the RS-485 cables, the system is by the balls.
EXHIBIT A.12 . . . - ~ -'------L.Yl w n n nnnz . .. Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 17 of 66�Page 2 of 2
So all of you, Blackboard, GATECH, everyone: As the old saying goes: Stop your bitchin' and start a fixin', because despite all your yelling at me, the tide of my article still stands: CampusWide is Wide Open.
I would love to hear your comments. Acidus
EXHIBIT A.13 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 18 of 66� ` . ,r- k Page 1 of 1 "-, 8
I am a hacker, and you are afraid .
You must think hackers are evil demons who work in shadowy rooms. That they want to steal your money, kill your dog, and deflower your daughter. This is what CNN and John Markoff and every other place you turn for news tells you . Only it's not news anymore. Its Peter Jennings spoon-feeding opinions to you while your mouth smiles and your brain decays. What are Hackers? Hackers are your inventors, your creators, and your dreamers. Hackers are the people who are building your better tomorrow, and you hate them for it. You slap laws on them for it. You drag their name in the mud for it. You pass knee-jerk legislation making innovation a crime. Because we scare you. Because Technology scares you . Because you don't understand it. Because we do . Because some kid knows more about how to configure your network then your admins do. Because its easier to blame us than shame yourselves. Your very ignorance and your desire to stay blissfully ignorant causes half the problems. You let Windows store your passwords and banking information and you have no idea how they do it or how they protect it. And when a thief, not a hacker, but a thief steals that information, you blame anyone who likes to tinker with technology. Your mind is so trained by the media; you don't even stop to think to blame the thief who stole it, or to blame Microsoft for not properly protecting your information. Instead you want our heads on a pike in your hall .
I am a hacker, and you are afraid, and that makes you more dangerous than I ever could be .
Jan 9, 2003 [email protected] .edu -->
EXHIBIT A.14 filnclmanifrctn html 4/10/2003 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 19 of 66� Pictures C Page 1 of 2 EX k, l~;+- Pictures
You ever wonder what was inside a MW/MHWMENC Wall Mount Enclosure? Well I did, so I
See those 4 screws. Well guess what, they are flat head screws. So I took a long thin knife, and put the tip in the groove of the screw, and used the length of the handle and the torque it cienerates will turned to undo each of the 4 screws. Wanna see what was inside?
All that stuff are the Laundry Multiplexers talked about in the cached AT&T pages. The Black wire on the bottom right is the power cable. All the cables going out the top left corner are the data lines. The multiplexer is how the reader addresses all the laundry machines. So there is RS-485 line from the Network Processor (NP) that comes to the Laundry Reader on the wall . Out of the laundry reader comes several data lines that go to this multipfexer, which runs a single line data line (all the stuff in the top left) to the back of each machine
Oh course these data lines are inside nice protective metal tubing . Here is what it looks like.
EXHIBIT A.15 4/10/2003 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 20 of 66� Pictures Page 2 of 2
This is a weird angle, but the white thing along the bottom of the screen is a washing machine . You can see The flexable metal covering which the wire is inside of attached to the back of the washing machine with a metal flange. !n this picture, you can clearly see on the side of the flange, one of the 2 flat head screws that hold the metal flange together.
EXHIBIT A.16 . . 1 , 1 ~ .~----- L~, dnnnnnz Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 21 of 66� Page 1 of 2 6;f b Acidus
Acidus@resnet .gatech.edu
Mission Statement
To work for a small to medium research and development firm specializing in creating new computer hardware and writing the software to drive it
Education
High School- Graduated Walton High School (Marietta GA), Class of 1999 with a 3.33 GPA
College- Currently enrolled at Georgia Institute of Technology, studying Computer Engineering . Some Bright spots include taking a simplified MIPS core and implementing 5 stage pipeline with hazard control. Used VHDL and simulated it on a FPGA.
Job Skills
Hardware- Extensive Knowledge of x86 architecture(XTs - Athlons). ISA, MCA, PCI, AGP. Installed multi-node 100BaseT networks in 2 residential houses. Many interfacing projects with 8051 s, ISA bus interfacing, as well as controlling things through serial and parallel ports.
Software- Expert in Installing, maintaining and upgrading Windows 3.x/9x/ME/XP. Functional knowledge of Unix and most derivatives (Linux, BSD, Solaris), Functional knowledge of NT line (WFW 3 .x; NT 3.5, 4.x; 2000). Working knowledge of Oracle, Photoshop, MS Office.
Known Languages- Working knowledge of C, C++, Lex, Yacc, Java, Visual Basic, MII'S Assembler, VBScript, VHDL, H1ML, ASP, SQL, Basic. Some: 8051 Assembler, z80 Assembler, x86 assembler, Perl, Unix shell scripting, Pascal, Scheme and Lisp.
Conference Speeches
IntenOne (Sept 02, Atlanta GA) - Spoke about the Blackboard's CawpusWide system, with an overview, detailed 3 types of man-in-the-middle-attacks, and discussed bow to securely implement system.
IntenOne (Sept 02, Atlanta GA) - Spoke about SpectersoR's Specter program, with a history of the program, how it works, and live reverse engineering of data files of Specter. Distributed SpecterInspector, a custom made tool that changes these data files.
Phreaknic 6 (Nov 02, Nashville, TN) - Spoke about the Blackboard's CampusWide system, with an overview, detailed 3 types of man-in-the-middle-attacks, and discussed how to securely implement system.
Published Papers
EXHIBIT A.17
A '1n rnnn Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 22 of 66� Page 2 of 2
Deconstructing a Fortres - Article published in Fall 2001 issue of 2600: The Hacker Quarterly. Discusses flaws in Fortres 101 encryption, as well as leading techniques, and ways .o properly secure the software.
CampusWide Wide Open -Published Spring 2002 issue of 2600: the Hacker Quarterly. Details B1ackBoard's Transaction Systems infrastructure, and its inherit flaws, exploits to the system, and discusses ways to securely implement the system
NCR ATMs : Aurum Ex Machina - Published Summer 2002 issue of 2600: The Hacker Quarterly. Details how ATMs is really standard PC, and vulnerable to viruses, and key loggers, Yet ATMs have no defense against these. Discusses secure repercussions of this setup.
Job Experience, References, Other Personal Data
(Given by request only)
EXHIBIT A.18
11 u1 1,__tninnrt_____ninnr_~ .__a-__t L .-1 A 11 A Innnn Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 23 of 66�Page 1 of I
Date : Tue, 30 Jul 2002 22 :38 :93 -Q400 (EDT) From: Acidus
Jim,
So you don't return my calls or emails . I'm hurt, but hey thats life . I know several folks on the BB user group, and have been getting rather regualr updates, and I must say, I am very- dissappointed in the results . I wrote this article to make you guys FIX things, and that just isn't happening . The general feel of the group is I'm full of it, as is my article . I hoped that I could correct the 2 mistakes in my article (about the GUI and cloning cards), and in that letter stress that the system is still open . Regardless of how much you and the AUX services Guy yelled at me doesn't change the fact that the system is open .
The fact is your user group is blind . Last time I checked they think their is some pending legal action against me, and that the system is flawless . and "If you operate the BB System, then you understand that it is very secure and impossible to infiltrate and perform any of the items described within the article ."
Bullshit . And if you are half as smart as I think you are you know thats bullshit . Physcial security needs to be greatly increased to protect extrenal devices like vending/coke/whatnot . And short of a major rewrite of ROM code, the readers could be spoofed . Hell you admited- to me that a Value transfer station could be fooled to telling the database that more money was on a card than had been deposited .
So this letter other than letting you know I'm pretty pissed you've been blowing me off has a purposes . My article just like a CERT advisory will cause people to be hacked . However just like a CERT advisory, only the admins who don't protect themselves will get hacked . 2'm sorry that the user group feels like there are no worries, but their are . I'm sorry you have canceled appointments hours before they take place and don't return my calls . You are depriving me the chance to tell them the flaws I made, but at the same time stress the problems that do exist . Thats wrong Jim, becuase you sat their in that office and told me their were things I was right about, and things I was wrong about . Someone is going to hack the systems someday . Maybe not yours, but someone is going to buy some textbooks on a card with $ thats doesn't exist and turn them into cash . So before that happens, do the world a favor and set the user group right .
Thanks for giving. me a fun story to tell at parties,
EXHIBIT A.19 tvt 4/10/200 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 24 of 66� AT&T CampusWide, Blackboard Transaction System, Who Cares what they call it. Page 1 of 1
AT&T B-&* YNW.OICIm0YdG01I1
The Big List
. CampusWide - Wide Open . This is the that started it all. Published in 2600 Spring 2003. Mostly background and infrastructure information, and an overview of the flaws of the system. Georgia Tech's Office of Information Technology (01T) ran an audit of GT's system and confirmed the exploits described in my article do indeed work. Their are some mistakes in the article, naming some of the history of the Campuswide system is missing some parts, and that VTSes can't be tricked into giving you a clone of a card . I suggest starting here . CampusWide - Openview and Exploits (Power Pointy The Slide Show for my speech at InterzOne, with lots of pictures and great deatails about the 3 types of exploits (Reader to device Man-in-the-middling, Reader to Server Man-in- the-middling, and Card based). . My Response So what happens when you write an internationally published paper about an Institute's gross neglict of student security, and include an email address at that school? Oh my . Timeline of Events - A nifty timeline covering my research, how Tech reacted, and conferences I spoke at. . Letter to Jim Pete - A nasty email to Buzzcard Center as to why they won't return my emails, and why they covered up the results of OIT's investigation.
. FAQ - this is my FAQ that I get asked after people read the article . Cached Web Pages These are the old cached ATT webpages, full of Technical details Blackboard wished weren't floating around . . Pictures Some fun pictures of what the wires look like from read to device, and how poorly they are protected. . Email me If I did cover something and you want to know, or you think you have some information of CampusWide you want to tell me, email me
Homepa4e
EXHIBIT A.20 file://G :\Tech%20Heaw%20Industries7 files\index.htrnl 4/10/2003 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 25 of 66�Page 1 of 1 G-
2-26-2004 I have been hired as a consultant for Nuvision Networks, and they have paid my accommodations to attend the Annual NACCU conference in New Orleans Next week. I can't wait to finally meet the Blackboard Reps in person over some drinks!
2-25-2003 Moving Data From GT Server to yak, changing layout, adding tons more, so bare with me.
I'll be speaking at InterzOne II this April 11-13 in Atlanta . I will be speaking on 2 topics.
. The first will be a co-panel with Virgil and will expand on last years CampusWide discussion . The signals to and from several BIackBoard readers have been captured, as well as how data is stored on the cards. Using this knowledge Virgil and I have created a drop-in compatible reader, that will work with an existing RS-485 network. Computer code to emulate any reader made as well as hardware specs to wire the readers and control circuits will be launched. I showed in Spring of 2002 how easy these systems were to Man-in- the-Middle, and was discredited by Georgia Tech, to protect their credentials. This will show not only did we hack the system, but we hacked it so far we could build functional readers from scratch. . The 2nd Panel is all about the number 1 spy software out there: Spector, by Spectorsoft. I will detail its capabilities, built in stealth features, as well as detection and removal. In addition I will give detailed specs on the data files Spector uses to store the captured screen shots and key logs. I have successfully reverse engineered these data files, and have written code to allow you to not only view the compressed contents of the files, overwrite these data files with your own containing any screen shots or key logs you want! dhtml
EXHIBIT A.21 4/10!2003 , . Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 26 of 66� ~. .: ~fNmOne II Page 1 of 2 i" ~ V~1A 1
Radisson Hotel Northlake - Atlanta, Georgia Hotel rates same as pre-registration -- reserve your room today! Click for more information .
GhetCoHackers' RootFu Monday is the last day to register for f3ootELL semi-final; at Interzone I Register by midnight to reserve your place now!
Con Schedule Posted Find out when-drL1_rLh_e-re our speakers, workshops, and panels will be
First Code Warrior Scenario Posted Check out the ~SLGQdS Warript,assianm eni and get a head start on n weekend's contest!
Are you ready for Knowledge Assimilation?
InterzOne Ix
Once again, We bring YOU eye opening Information!
We believe, as Aristotle wrote, that all human beings desire to squire knowledge, and, through universal, easily accessible education, We m< possible for everyone who so desires it to gain that knowledge.
While the past demands respect, the Future commands attention!
InterzOne II
EXHIBIT A.22 l,~tn"/%~nin~r infnrr(lno rnm/ 411 nnnm . .. intpaUneCase 11 .: .i1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 27 of 66�Page 2 of 2
Any persons knowledgeable with technology and computers, and those desiring such knowledge. Come gain a new knowledge or share what y know,
InterzOne II This year, We will be bringing you even more cutting edge info concern the freedom of the Internet, Civil Liberties, Privacy Issues, and other information to enlighten you!
0 2003 InterzOne, All Rights Reserved [ webmaster j
Site Design by Fragment4
EXHIBIT A.23 httn~/lwww interzOne .cnm/ 4/10/70!14 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 28 of 66� 1.:. interzOne II : speakers .:./ Page 1 of 2
Be sure to check out the new Son £cho-dulQ for speaker times and locations .
Acidus - Ghosfbusting SpectorSoft " James Dean Abaddon - Wireless Hacking George. Campbell - Spy Toys V1rus - Lockpicklng and Forensics ; A Real World Case Lux / WebGirls Overrode - Linux Gaming Pete Wellborn 7.R. "Bob" Dobbs - Internal Combustion Linux Hack-Sec-Klahn Church of the Sub-Genius - Will host a devival Friday night, but the Con will not !et you attend Anion Roger Rattle Deetus - Memestreams timbal) - Coding Don'ts Randal L. Schwartz - Learning Perl David McOwen - Georgia legal system experiences . Specwhore - Tesla rolls )aeon Spence - Dirty CMOS Tricks, or My Rootkit is Better Than Your Rootkit " Mike 4ockhart - Do5 : Denial of Security " Don Becker - Supercomputing Lo" - Trials and Tribulations . of Internet Radio . John Young - 18uttons (your entrance badge) Addus/Virgil - Campuswide System Vulnerabilities Update Robin Cutshaw - Amateur Radio, Computers, and the Internet
EXHIBIT A.24
A/11 MI1A'7 1. :. in*,rzUneCase 1s : speakers1:03-cv-01279-CC .:J Document 1 Filed 05/12/2003 Page 29 of 66�Page 2 of 2
Pete Wellborn - OMCA, RLAA and other legal stuff
Mot to come. ..
p 2003 IrttcrzOne, At! Rights Reserved [ webmaster 3
Site Design by F2gmenM
EXHIBIT A.ZS l.a~.." lJnn~nv inforr/~nP rn7I1/nVPTYS/STE`dkCI'S/ 4/1112003 \. : . inwravneCase ii : con1:03-cv-01279-CC scneduie. : .i Document 1 Filed 05/12/2003 Page 30 of 66�Page l of 3
wn~wuwrrwwf
Friday Event 11:00 am Set up for RkgLEu Contestants
12:00 noon Doors Open to the Public
12:00 noon - Midnight Root Fu Round One Begins
6:00 pm Opening Ceremony JonnyX
8:00 spy Toys pm George Campbell RI/IA, stuff 9 :00 pm OMGy and other legal Pete Wellborn
SD:00 lBUtMns (your entrance badge) pm John Young
All Night Friday Night Entertainment - "Drew Uka a Fed I
All Night Open D7 Booth
All Night Instal/FesY
Saturday Event
All Day Insta/IFest
11:00 am - 1 :00 Amateur Radio, Computers, and the Internet pm Robin Cut!ihaw GhostbusHng Spector5olt 11:00 am Acidus 12 - :OOnoon .Fu Midnight Rout Lockpiddrip 12 ;00 noon YlruS Coding 101 1 :00 pm - 3:00 pm Adaddon / Timball Forensics : A Real World Case 1 :00 pm V1ru5
EXHIBIT A.26 httn://www.interzOne.com/information/con schedule/ 4/11/2003 \:: . interzOneJICase : 1:03-cv-01279-CCcon schedule. :./ Document 1 Filed 05/12/2003 Page 31 of 66�Page 2 of 3
unux 1 :00 pm Gaming Coding Overrode F"!ng Sh+ up on 2;D0 pm Really Wireless Anton Roger
2;D0 pm reaching "Learning Perl^ Randal Schwartz Dirty CM0.S Tricks, or My Rootkit is better than Yo 3:00 pm RooCdt Jason Silence Nemrshesma 3:00 pm Dews Hacking 102 3 :00 pm - 5:00 pm AdadCon
4 DoS% Denial of Security :00 pm Mike Lockhart
4:00 pm viell V1rv5
5:00 pm Supel{ompuHny Don Backer Enlightenment, Llnur Desktop, Programming, and 6: W pm Mandrake
6 :00 pm Wireless Nacklnp Adaddon PacketMonkey Release 6 :00 pm (packet lrljectlan tool) cynOn Trials and Tribulations of Internet Radio 7 :00 pm Loxo CampuswlAe System Vulnerabilities Update 7:00 pm AUdus / Vlrgil
8 :00 pm TBA lames Dean RANTI 8:00 pm Rattle
9:00 pm WebCam Girls Iyx Tesla Call (outdoors demo) 10:30 pm Specwhore
All Day Lan Gaming
All Night Open D] Booth
Sunday Event Georgia Legal System Experiences 12;00 noon David McOwen
1 :00 pm Managing the Client Engagement (Now to Get Po Alice Doesn't Work Here Anymore 2 :00 pm Decius
10:00 am - 2 :00 Root Fu pm
All Day until 3:00 pm L an Gaming
4:00 pm Awards Ceremony
0 2003 InteaOne . All Rights Reserved
EXHIBIT AZ7 1,~+.." ~1..~.nv i.,tr"(1nP nnm/information con schedule/ 4/11/2003 \.:. intgrzOneCase II : 1:03-cv-01279-CCcon schedule. : ./ Document 1 Filed 05/12/2003 Page 32 of 66�Page 3 of 3
[ webmaster ]
Site Design by Epgment4
EXHIBIT A.28 http://www.interzOne.com/information/con schedule/ d/t t /1nnz -- ,. Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 33 of 66�Page 1 of 1
EXHIBIT A.29 file."//Ci."1Tech%20Heaw~/")llinrinctrircd Ales\tnr 6tm1 All A Mlll19 - AT&T CampusWide,Case 1:03-cv-01279-CC Blackboard Transaction Document System, 1 Who Filed Cares 05/12/2003 what they call Page it. 34 of 66�Page 1 of 1
~wra~amaraeem
The Big List
CamausWide - Wide Open . This is the that started it all. Published in 2600 Spring 2003 . Mostly background and infrastructure information, and an overview of the flaws of the system. Georgia Tech's Office of Information Technology (01T) ran an audit of GT's system and confirmed the exploits described in my article do indeed work: Their are some mistakes in the article, naming some of the history of the Campuswide system is missing some parts, and that VTSes can't be tricked into giving you a clone of a card. I suggest starting here . CampusWide - Openview and Exploits (Power Point). The Slide Show for my speech at InterzOne, with lots of. pictures and great deatails about the 3 types of exploits (Reader to device Man-in-the-middling, Reader to Server Man-in- the-middling, and Card based). . My Response So what happens when you write an internationally published paper about an Institute's gross neglict of student security, and include an email address at that school? Oh my . Timeline of Events - A nifty timeline covering my research, how Tech reacted, and conferences I spoke at. . Letter to Jim Pete - A nasty email to Buzzcard Center as to why they won't return my emails, and why they covered up the results of OITs investigation .
. FAQ - this is my FAQ that I get asked after people read the article . Cached Web Pages These are the old cached ATT webpages, full of Technical details Blackboard wished weren't floating around . . Pictures Some fun pictures of what the wires look like from read to device, and how poorly they are protected. . Email me If I did cover something and you want to know, or you think you have some information of CampusWide you want to tell me, email me
Homepa4e
EXHIBIT A.30 4/10/2003 < - Case 1:03-cv-01279-CC ~.- Document 1 Filed 05/12/2003 Page 35 of 66�Page i of z
Spring 2001 - I got interested in the Buzzcard network on Campus . Based on the AT&T Internet and soon found out about the system . Lots of Web research done, and fieldwo between the device and the reader . Locked Cabinet with Multiplexes was opened and ph insides . Determined which wires to cross to make doors open, laundry machines get cr
Summer 2001 - Continued exploring the system, called the company (now Blackboard), a Jim Resinq .
Fall 2001 - With Publishing of my Fortres article, increased last minute field resea notes . Called Blackboard again to tell them all the flaws I found, was blown off .
Spring 2002 - Wrote Article, and was published in Spring 2002 issue of 2600 .
6/2002 - Blackboard learned of my article . The Blackboard Oserqroup tried to track m figuring out I went to Tech, saw my web page and was very upset . Concerns about how was are posted by schools around the country to the list-serve . GT tells the list-se into it and they would reply again soon .
GT Police asks to speak to me to determine if crime was committed . GT Police never f indeed 2 am told there is no long an investigation . Huzzcard Office conducts interna I go to Huzzcard office unsolicited to try and assist them in securing their system . see me . Office of Information Technology (OIT) on campus starts a test of the Huzzca any of the attacks described in article are valid .
Buzzcard office asks that I remove picture of inside of the locked cabinet from my w hosted on GT machines), which I did . Huzzcard center asks me to remove AT&T cached p refuse to do . (Its not theirs, if AT&T wants it down, they can ask me) .
Huzzcard office reluctant to talk with my about my article, since they don't want to accurate I was . They do confirm the VTS could be hacked and money can be added to an describe . However parts of my article (namely how to clone a card through the VTS), incorrect . They ask if I would write a letter for the list-serve that explains what as long as my letter will be unedited, and I get to also stress what parts are accur what they need to secure . Suzzcard office agrees but continues to cancel my meetings return phone calls . I am contacted by several colleges that are on the list-serve . T all along been posting that they have interviewed me, that my article is totally fal statements as "As any experienced administrator should know, these security holes ar colleges are concerned Tech is not being truthful, and want to talk to me . Z see tha stringing me along, and cease my attempts to contact them, or help them fix their pa
OIT concludes their investigation, and confirm that everything in my article is corr clone a card . Tech does not post these results to the list-sere .
Dean of Students is involved, and is checking to see if, while no laws were broken, policy.
9/27/2002 - InterzOne conference in Atlanta Georgia . Far more detailed than my antic types of ways to crack the system (Reader to Device, Reader to Server, and Card base tremendous . Con Organizers so impressed they offer me another spot the next day to d talk about any other projects I'm working on . Very primitive talk about Spector give
11/1/2002 - Phreaknic 6 conference in Nashville Tennessee . Same presentation, very I response . Start Petition of GT students to have an 3rd party audit of Huzzcard syste
12/2002 -I get to interview the Head of Security for OIT for a paper I am writing fo He tells me that OIT tested my article and my attacks do work (especially between re says there simply isn't money in the budget to fix the problems, though he wishes he why wouldn't Tech tell other colleges that my article is accurate he tells me "off embarrassed a lot of people, and they are all struggling to save face ."
EXHIBIT A.31 httD://www.yak.neVacidus/campuswide/timelinecrlfbct 4/10/2003 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 36 of 66� Page 2 of 2
Winter 2002/2003 - More research done, not at Tech into the system . Focusing on how servers, what's on t3ag stripes, and how to interface to them .
April 11, 2003 - Will speak at InterzOne, and release code to make a computer emulat reader, as well as the hardware designs (IE RS-985, maq stripe)to make it a drop in Blackboard Reader . If Blackboard wouldn't make their system more secure, or tell peo secure it, 2'11 simply make compatible ones myself and give them away .
EXHIBIT A.32 1r " .-" A/1 l1M/l/1I Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 37 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OF GEORGIA
BLACKBOARD INC., ) Civil Action File No.
Plaintiff, )
v. )
BILLY HOFFMAN and ) VIRGIL GRIFFITH, )
Defendants. )
ORDER
For good cause shown,
IT IS HEREBY ORDERED that Defendants Billy Hoffman and Virgil Griffith are hereby temporarily enjoined from :
1 . revealing or discussing any signals to or from any Blackboard reader or any Blackboard transaction processing system, that may have been captured;
2. revealing or discussing information about how any information is stored on any Blackboard card or reader, or on any Blackboard transaction processing system;
3 . providing to others, or revealing or discussing any information relating to, any "drop-in compatible reader that will work with an existing RS-485 network" ;
4. releasing code to make a computer emulate any Blackboard reader or any Blackboard transaction processing system, as well as the hardware designs to make a drop in replacement for any Blackboard reader or any Blackboard transaction processing system ; and
5. claiming any that either of them has any right, either explicitly or implicity, to provide products or services that can legitimately be used or interfaced with a Blackboard product, and
WO i7so1z.1 EXHIBIT A.33 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 38 of 66�
IT IS FURTHER ORDERED that Defendants Billy Hoffman and Virgil Griffith shall remove Blackboard's logo from their website, as well as any materials on their website that include any information set forth above, and
IT IS FURTHER ORDERED that the temporary restraining order shall remain in effect until a hearing is held on Plaintiffs motion for a preliminary injunction, which shall be held on April , 2003.
This day of April, 2003 .
Judge Superior Court of DeKalb County
WO 178012.1 2 EXHIBIT A.34 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 39 of 66� 12/;~B/2802 11:30 605-978-8882 GREGORY BAKER PAGE 02
DECLARATION OF GREG BAKER
1 . My name is Greg Baker. I am more than 21 years old and a citizen of the
United States and am competent in all respects to give this Declaration.
2. I am the Vice President of Product Development at Blackboard Inc.
(`Blackboard'. I am familiar with the products end services offered by Blackboard, and
knowledgeable about the proprietary nature of Blackboard's products and services, as
well as Blackboard's trade secrets.
3 . The Blackboard Transaction System consists of both hardware end
computer software is the field of electronic access for controlling admittance to a facility
and authorizing access to products and services, and hardware and computer software in
the field of debit tend control systems for processing electronic transactions, namely debit
card authorization and transaction settlement Blackboard holds a registered federal
trademark on the Blackboard Transaction System, [note : confirm this], which consists of
substantial proprietary information, as well as trade secrets
4. Based on my review of the information provided to me from the website
www.yak.nedacidus (hereinafter "the website"), it is apparent to me that the owner of the
website has illegally hacked into the Blackboard system and/or tapped into wines that
convey information to and from the Blackboard Transaction System. The website itself
shows photographs of a laundry connector box that was illegally opened, and describes
the wiring inside. The website also openly describes hacking that the website's owner
performed on the Blackboard Transaction System.
S. Based on the information contained on the website, the author of the
website extracted information about how data is formatted and processed for transactions
wo irnzo.1
EXHIBIT A.35 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 40 of 66� 12%16/2882 11 :38 605-978-0882 GREGORY BAKER PAGE 03
in the Blackboard Transaction System, as well as the signals or handshakes that the
Blackboard Transaction System uses to know that the reader attached to a physical
hardware device (such as a vending machine) is operational and accepting transactions .
These formatting and processing details are akin to command and control codes, which
are necessary for the Blackboard Transaction System to operate.
6. The website's author also suggests that he has emulated the transaction
software on the Blackboard Transaction System in order to create card readers. Although
he designates the drop-in items he will be offering as "readers," the website owner's
description of the properties of the substitute touts he intends to offer suggests that these
substitute units ate actually transaction processing units.
7. I do not believe that the website's author, or anyone else, can emulate the
transaction processing unit software in the manner claimed. Nevertheless, the website's
author claims that he can, and also indicates that he will be distributing, a product which
could then be affixed to the Blackboard Transaction System - which could then be used
to process fraudulent transactions.
8. The information that the website owner claims he obtained by tapping the
lines and/or breaking into wiring facilities also consists of Blackboard trade secrets.
9. The manner in which Blackboard's data is formatted and processed is
protected by copyright. The transaction processing units that the hacks claims he has
created were not authorized by Blackboard, and would represent unauthorized derivative
works.
la. Although the website's author does not specifically indicate where the
new transaction processing units that he plans to offer would be installed, any such
WO mvzo.i
EXHIBIT A.36 11278,/2RR_2 " Case11 1:03-cv-01279-CC30 605_978_0-032 Document 1 GREGUZY Filed 05/12/2003BAKER Page 41 of 66�PAGE 04
installation would not be authorized by Blackboard, and would also represent illegal
hacking.
11 . Any claim or assertion that the Blackboard Transaction System can be
modified or emulated in this fashion, which the website owner implicitly claims can be
done effectively or legitimately, is also incorrect. Blackboard has not authorize the
website owner or anyone else to develop or license a "drop-in" product that can be
utilized in this manner, and has pot authorized any such product to be given away.
I declare under penalty of pequry under the laws of the United States of America
that the foregoing is true and correct to the best of my knowledge, information and belief.
Greg Baker . Z1441
WO i7mo.i
EXHIBIT A.37 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 42 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OF GEORGIA
BLACKBOARD INC., Civil Action File No. Plaintiff, / to be filed April 14, 2003 at 8 :30 la.m. 1 ! ,~ U/VV
v.
BILLY HOFFMAN and VIRGIL GRIFFITH,
Defendants
ORDER APPOINTING SPECIAL SERVER OF PROCESS
The foregoing emergency motion for Temporary Restraining Order in the above-captioned matter having been presented to the Court this day, and the Court having signed an emergency Temporary Restraining Order against the above-named Defendants this day, and it appearing that the DeKalb County Sheriffs office is not available on a weekend to serve this Temporary Restraining order upon the Defendants, therefore the Court will appoint a Special Process Server to effectuate said service.
The Court therefore appoints Margaret Levens, American Expediting Company, whom the Court is informed meets the qualifications required of a Special Process Server in O.C.G .A. Section 9-1 1-4(c), and said Process Server is directed by the Court to serve the above-referenced Temporary Restraining Order against the above-named Defendants .
IT IS SO ORDERED.
This 12`° day of April, 2003.
_ Superior Court of DeKalb Coi ty
,LC . ~u
Ewr1s1r A .If-n Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 43 of 66�
IN THE SUPERIOR COURT OF DEKAI.B COUNTY STATE OF GEORGIA
BLACKBOARD, INC.,
PLAINTIFF, CIVIL ACTION FILE NO.
v. 03-CV-4404-10
BILLY HOFFMAN and VIRGIL GRIFFITH,
DEFENDANTS.
.AMENDED ORDER APPOINTING SPECIAL SERVER OF PROCESS
This Court issued an Order on Saturday, April 12, 2003, filed with the Court on April 14, 2003, which appoints Margaret Levens of American Expediting Company to serve as special server of process in the above-styled matter. The Order appointed Ms. Levens to serve the Defendants with the Temporary Restraining Order signed by the Court on April 12, 2003. It was always the intention of the Court that the process server should effectuate service upon the Defendants of the Plaintiff s Complaint simultaneously with the service of the Temporary Restraining Order. Therefore, Margaret Levens is appointed to serve the Plaintiff's Complaint as well as all other pending pleadings. IT 1S SO ORDERED. This _~T~day of April, 2003, nunc pro tunc to April 12, 2.
v~ oANNE WORKMAN, JUDGE DEKALB COUNTY SUPERIOR COURT STONE MOUNTAIN JUDICIAL CIRCUIT
Copy to: Charles T. Lester, Jr. Billy Hoffrnan Virgil Griffith
EXHIBIT A38. 9 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 44 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OF GEORGIA
BLACKBOARD INC ., Civil Action File No.
Plaintiff, fv G~-~~lz~. QTYv~Q.1 ~-~ Zv~3 v.
BILLY HOFFMAN and VIRGIL GRIFFITH,
Defendants .
ORDER
For good cause shown,
17 IS HEREBY ORDERED that Defendants Billy Hoffman and Virgil Griffith are hereby temporarily enjoined from :
1 . revealing or discussing any signals to or from any Blackboard reader or any Blackboard transaction processing system, that may have been captured ;
2 . revealing or discussing information about how any information is stored on any Blackboard card or reader, or on any Blackboard transaction processing system ;
3, providing to others, or revealing or discussing any information relating to, any "drop-in compatible reader that will work with an existing RS-485 network";
4 . releasing code to make a computer emulate any Blackboard reader or any Blackboard transaction processing system, as well as the hardware designs to make a drop in replacement for any Blackboard reader or any Blackboard transaction processing system ; and
5 . claiming any that either of them has any right, either explicitly or implicity, to provide products or services that can legitimately be used or interfaced with a Blackboard product, and
wo .7soiaI EXHIBIT A.39 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 45 of 66�
IT IS FURTHER ORDERED that Defendants Billy Hoffman and Virgil Griffith shall remove Blackboard's logo from their website, as well as any materials on their website that include any information set forth above, and
IT IS FURTHER ORDERED that the temporary restraining order shall remain in effect until a hearing is held on Plaintiffs motion for a,prelimipary injunction, which shall be held on April ~, 2003. (,1~
This I01)~ day of April, 2003. `
Judge Super'qr Cou of DeKalb C unty ,
"IV ~X `
~ cam, Cu~n-~~ 909 3c~A6 C~v Caw
WO 178012 .1 2 EXHIBIT A.40 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 46 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY
STATE OF GEORGIA N P om BLACKBOARD, INC. m= ):, CD 'ao ~ 1 r~1 9 s Plaintiff, Q7N o~ ~ d v. Civil Action File No 03C%04-W <.z 0 BILLY HOFFIv1AN and VIIZGIL Co Dc N GRIFFITH,
Defendants.
CONSENT ORDER REGARDING EXTENDING DURATION OF TEMPORARY RESTRAINING ORDER
Upon motion of Defendants Billy Hoffinan and Virgil Griffith, and with the consent of Blackboard Inc.,
IT IS HEREBY ORDERED that the preliminary injunction bearing previously set for 9:00 a.m. on April 16, 2003 is hereby continued and shall be rescheduled to occur on or immediately prior to May 30, 2003 . The expiration date of this Court's April 12, 2003
Order granting a temporary injunction ("the Order") shall be extended to and through the latter of: (a) May 30, 2003, or (b) any later date that this Court specifies by modifying that Order upon motion by any party. During said extended period, the Order shall remain in full force and effect. During the extended period, Defendants shall conduct themselves in accordance with the Order and shall not knowingly or intentionally assist any third party in disseminating information covered by the Order, or in retaliating against Blackboard or its clients by electronically bombarding any server of Blackboard, its clients or its agents.
The parties further stipulate and agree that this Consent Order shall in no way constitute or be deemed a waiver of any party's rights in this action, all of which are
WO 178672 .1 EXHIBIT A.41 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 47 of 66�
expressly reserved. Among other such rights, Plaintiff retains the right to file an action
for contempt against Defendants for any previous failure to comply with the Order, and
the Defendants, among oilier rights and defenses, retain the defense of improper venue,
the defense of lack of personal jurisdiction, and/or the right to seek removal to federal
court of the above-styled action, pursuant to 28 U.S .C. §§ 1441, et seq.
Stipulated and agreed this 15th day of April, 2003 .
WELL ORN & BUTLER, LC
Paul F. Wellborn, Ed Georgia Bar No. 746720
1372 Peachtree St., N.E., Suite 204 Atlanta, GA 30309 Phone: (404) 815-9595 Fax: (404) 815-9957 Attorney for Defendants
SUTHERLAND ASBII .L & BRENNAN, LLP ~S~e a~ Charles T. Lester, Jr. Georgia Bar. No. 447200 Gregory S . Smith Georgia Bar No. 658375 999 Peachtree St. NE Atlanta, GA 30309-3996 Phone : (404) 853-8000 Fax: (404) 853-8806 Attorneys for Plaintiff
ORDER
IT IS SO ORDERED THIS ~~'I'DAY OF APRIL, 2003.
Jud uperiorCourt of Dekalb County
James H. Weeks Senior Judge WO 178672 .1 State of Georgliy EXHIBIT A.42 By Desi,na!f::n Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 48 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY STATE OE GEORGIA
BLACKBOARD, INC.,
PLAIIYTIFF(S), CIVIL ACTION NUMBER V S 03C V 4404-10
BILLY HOFFMAIY, & VIRGIL GRIFFITH,
DEFENDANT(S) .
NOTICE OF HEARING
PLEASE TAKE NOTICE THAT THE PRELIMINARY INJUNCTION INTHE ABOV E STYLED
CASE HAS BEEN SCHEDULED FOR THE CIVIL NON-JURY CALENDAR, MAY 30, 2003 AT 9:00
A .M. BEFORE JUDGE ANNE WORKMAN IN ROOM 309 OF THE CALLAWAY BUILDING [N THE
DEKALE3 COUNTY COURTHOUSE COMPLEX LOCATED AT 120 WEST TRINITY PLACE,
DECATUR, GEORGIA 30030.
IF YOU HAVE ANY QUESTIONS CONCERNING THIS MATTER, PLEASE CONTACT JUDGE
WORKMAN'S CALENDAR CLERK, GWENDOLYN JONES WEST.
THIS "T" DAY OF APRIL, 2003 .
GWENDO N JONES WEST CALENDAR CLERK FOR JUDGE ANNE WORKMAN (404) 371-2489
COPY TO : PAUL WELLBORN, III., ESQ. 1372 PEACHTREE S ., N.E., STE. 204 ATLANTA, GA 30309 EXHIBIT A.43 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 49 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY
STATE OF GEORGIA
BLACKBOARD, INC.,
Plaintiff, v. Civil Action File No . 03CV4404-10
BILLY HOFFMAN and VII2GIL GRIFFITH,
Defendants .
VERIFIED ANSWER
Defendants Billy Hof&nan ("Hoffrnani') and Virgil Griffith ("Griffith")
(collectively, the "Defendants"), with full reservation of their right to remove this matter to the United States District Court for the Northern District of Georgia and of their jurisdiction-related and other affirmative defenses, file this Answer to the Complaint of
Plaintiff Blackboard, Inc. ("Plaintiff' or "Blackboard") and show as follows:
FIRST DEFENSE
This Court lacks personal jurisdiction over Griffith.
SECOND DEFENSE
Venue is improper as to Griffith.
THIRD DEFENSE
Plaintiff's Complaint fails to state a claim upon which relief may be granted.
FOURTH DEFENSE
Plaintiff s Complaint is barred by the first amendment to the United States
Constitution .
FIFTH DEFENSE
Plaintiff's Complaint is barred by the doctrine of truth.
A-9Y Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 50 of 66�
SIXTH DEFENSE
No act, omission, or statement by the Defendants, or either of them, caused or contributed to the injuries or damages for which Plaintiff seeks recovery.
SEVENTH DEFENSE
At all relevant times, each Answering Defendant acted reasonably, in good faith, with the appropriate skill, prudence, and diligence, and in a commercially reasonable manner.
EIGHTH DEFENSE
Plaintiffs Complaint is barred in whole or in part by the equitable doctrine of estoppel.
NINTH DEFENSE
Plaintiffs Complaint was not properly verified, insofar as the purported verification was executed by Plaintiff's attorney, rather than anyone with first hand information regarding the facts alleged therein and insofar as the accompanying declaration of Greg Baker was not notarized or authenticated.
TENTH DEFENSE
Defendants incorporate herein the Defenses set forth above and respond as follows to the individually-numbered paragraphs of Plaintiffs Complaint:
1 .
Responding to the allegations of Paragraph 1 of Plaintiff's Complaint, the
Defendants lack information or knowledge sufficient to form a belief as to the truth of the allegations contained therein and can therefore neither admit nor deny same .
A-NS Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 51 of 66�
z.
Responding to the allegations of Paragraph 2 of Plaintiff's Complaint, the
Defendants lack information or knowledge sufficient to form a belief as to the truth of the
allegations that the Blackboard System involves "online commerce" and/or that the door
access module is "sophisticated" and can therefore neither admit nor deny same. The
Defendants admit the remaining allegations of Paragraph 2.
3.
Responding to the allegations of Paragraph 3 of Plaintiff's Complaint, the
Defendants deny that the "2001 incident" discussed therein was properly characterized as
"hacking," at least to the extent that said term is used throughout Plaintiffs Complaint to connote conduct that is criminal or harmful. Defendants also deny that Hoffman's conversations with Georgia Tech administration and police were properly characterized as "confront[ations]." The Defendants admit the remaining allegations of Paragraph 3, including the allegation that Exhibit A is a true and correct print-out of material that was contained on Hoffrnan's web site, which has since been removed from the Internet.
4.
Responding to the allegations of Paragraph 4 of Plaintiffs Complaint, the
Defendants admit that Griffith's web site and Hoffman's web site were hyperlinked, but deny that the sites are "linked" to the extent that said term is used to mean a relationship other than a hyperlink. The Defendants admit the remaining allegations of Paragraph 4.
5.
Responding to the allegations of Paragraph 5 of Plaintiff's Complaint, the
Defendants show that the meaning ascribed to "hacker" in Plaintiff's Complaint (i.e., one who wrongfully or criminally accesses a protected computer system, thereby causing
A-Y& Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 52 of 66�
harm) differs from the actual meaning of that term as used on Hoffman's web site and by others in the technology community. The Defendants show that Hoffrnan's essay and web site content speak for themselves and accordingly deny the allegations of Paragraph
5 to the extent that said allegations are inconsistent with the content thereof. The
Defendants admit that Exhibit B is a true and correct print-out of the referenced essay, which at one time appeared on Hoffinan's web site.
6.
Responding to the allegations of Paragraph 6 of Plaintiff's Complaint, the
Defendants deny that Hoffrnan "broke into" a switchbox . The Defendants show that
Hoffman's written account speaks for itself and deny the allegations of Paragraph 6 to the extent that said allegations are inconsistent with the content thereof The Defendants admit the allegations contained in the last sentence of Paragraph 6, including the allegation that Exhibit C is a true and correct print-out of the referenced written account by Hoffman. Defendants show that HofFman's web site is inactive and no longer contains content.
7.
Responding to the allegations of Paragraph 7 of Plaintiff's Complaint, the
Defendants show that the meaning ascribed to "hacker" in Plaintiffs Complaint i.e., one who wrongfully or criminally accesses a protected computer system, thereby causing harm) differs from the actual meaning of that term as used in the technology community.
The Defendants accordingly deny the allegations of Paragraph 7 to the extent that
Plaintiff s use of "hacking" erroneously implies these wrongful or illegal elements. The
Defendants also deny that Hoffinan's "hacking" was the sole or primary source of the information set forth in the referenced article. The Defendants admit the remaining
A-Y? Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 53 of 66�
allegations of Paragraph 7 and admit that Exhibit D is a true and correct copy of material that did at one time appear on Hotfman's web site.
8.
Responding to the allegations of Paragraph 8, the Defendants show that
Hoffrnan's web site notes speak for themselves and accordingly admit Plaintiffs allegations to the extent that they are consistent with the web site notes and deny the allegations to the extent that they are not consistent with said notes. The Defendants admit that Hoffrnan discussed the his investigation of the Blackboard system with
Georgia Tech Police Department, but denies that said conversation was properly characterized as a "warning" and denies that he should have been "chastened" by that meeting, insofar as the latter term implies a predicate act deserving of punishment or contrition. The Defendants admit that Exhibit A is a true and correct print-out of material that was contained on Hoffrnan's now-inactive web site.
9 .
Responding to the allegations of Paragraph 9, the Defendants admit that Hoffrnan discussed his investigation of the Blackboard system with administration at Georgia Tech and show that Hoffrnan's referenced mail speaks for itself The Defendants accordingly admit Plaintiff's allegations to the extent they are consistent with said e-mail and deny the allegations to the extent that are not consistent with the e-mail . The
Defendants admit that Exhibit E is a true and correct print-out of an e-mail from Hoffrnan to Georgia Tech administration, which was at one time reproduced on Hoffman's now- inactive web site.
{1-48 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 54 of 66�
10.
Responding to the allegations of Paragraph 10, the Defendants admit that
Hoffman continued to speak" at certain conferences detailing the security flaws of the referenced Blackboard system and that his presentations included explanation of the system's vulnerability to middle-man attack. The Defendants also admit that Hoffman reproduced on his web site certain information that was already publicly-available due to its posting on AT&T's web site. The Defendants admit that Hoffrnan accepted payment as a consultant for one of Blackboard's competitors. The Defendants admit that Exhibit
F is a true and correct print-out of text that was contained at Hoffrnan's now-inactive web site . The Defendants deny that Hoffrnan was forbidden by the Georgia Tech Police or
Georgia Tech Administration to speak about his investigation of the Blackboard system.
The Defendants deny the remaining allegations of Paragraph 10.
11 .
Defendants admit that Griffith's web site and Hoffman's web site were hyperlinked, but deny that the sites were "linked" to the extent that said term is used to mean a relationship other than the hyperlink. The Defendants admit the remaining allegations of Paragraph 11 . The Defendants admit that Exhibit H is a true and correct print-out of material that was contained on Hoffinan's now-inactive web site.
12.
Responding to the allegations of Paragraph 12, the Defendants show that
Hoffman's web site notes speak for themselves and accordingly admit Plaintiffs allegations to the extent they are consistent with the web site notes and deny the allegations to the extent that they are not consistent with said notes. The Defendants show that the majority of the quoted language was conditional in context and did not
a-+1 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 55 of 66�
actually reference any specific intent to commit the hypothetical acts described therein.
Moreover, the Defendants did not commit or even begin those future acts referenced in the cited passage. The Defendants admit that Exhibit G is a true and correct print-out of material that was contained on Hoffrnan's now-inactive web site.
13.
Responding to the allegations of Paragraph 13, the Defendants show that
Hoffrnan's web site notes speak for themselves and accordingly admit Plaintiffs allegations to the extent they are consistent with the web site notes and deny the allegations to the extent that they are not consistent with said notes. The Defendants deny that Hoffrnan actually intended to manufacture and give away compatible systems or readers and instead affirmatively show that Hoffman was using conditional, hyperbolic language to illustrate the vulnerability of the insecure Blackboard system . The
Defendants admit that Exhibit J is a true and correct print-out of material that was contained on Hoffman's now-inactive web site.
14.
Denied as stated. By way of further response to Paragraph 14 of Plaintiffs
Complaint, the Defendants show that the Electronic Communications Privacy Act
("ECPA") speaks for itself and accordingly deny Plaintiff s characterization of the content of that statute to the extent it is incomplete or inconsistent with the complete provisions of the ECPA and the construing case law.
15 .
Responding to the allegations of Paragraph 15 of Plaintiff's Complaint, the
Defendants show that the meaning ascribed to "hacker" in Plaintiffs Complaint i .e., one who wrongfully or criminally accesses a protected computer system, thereby causing
A -s`o Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 56 of 66�
harm) differs from the actual meaning of that term as used in the technology community.
The Defendants accordingly deny the allegations of Paragraph 15 to the extent that
Plaintiff s use of "hacking" erroneously implies these wrongful or illegal elements. The
Defendants further show that Hoffrnan's web site notes speak for themselves and accordingly admit Plaintiff s allegations to the extent they are consistent with the web site notes and deny the allegations to the extent they are not consistent with said notes.
16 .
Denied.
17.
Denied.
18 .
Denied as stated. By way of further response to Paragraph 18 of Plaintiffs
Complaint, the Defendants show that the Georgia Computer Systems Protection Act
("GCSPA") speaks for itself and accordingly deny Plaintiff's characterization of the content of that statute to the extent it is incomplete or inconsistent with the complete provisions of the GCSPA and the construing case law.
19.
Denied.
20.
Denied as stated. By way of further response to Paragraph 20 of Plaintiffs
Complaint, the Defendants show that the Georgia Computer Systems Protection Act
("GCSPA") speaks for itself and accordingly deny Plaintiffs characterization of the content of that statute to the extent it is incomplete or inconsistent with the complete provisions of the GCSPA and the construing case law.
q-rl Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 57 of 66�
21 .
Denied.
22.
Denied.
23 .
Denied as stated. By way of further response to Paragraph 23 of Plaintiff s
Complaint, the Defendants show that the Georgia Trade Secrets Act ("GTSA") speaks for itself and accordingly deny Plaintiffs characterization of the content of that statute to the extent it is incomplete or inconsistent with the complete provisions of the GTSA and the construing case law .
24.
Denied.
25 .
Denied.
26.
Responding to the allegations of Paragraph 26 of Plaintiffs Complaint, the
Defendants lack information or knowledge sufficient to form a belief as to the truth of the allegations contained therein and can therefore neither admit nor deny same.
27 .
Denied.
28.
Denied.
29.
Denied.
9 fl SZ Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 58 of 66�
30.
Denied .
31 .
Denied.
32.
Denied.
33 .
Denied.
34.
Denied.
35.
Denied.
36.
Denied.
37.
Denied.
38.
Denied.
39.
Responding to the unnumbered ad damnum clause immediately following
Paragraph 38 of Plaintiff s Complaint, the Defendants deny that Plaintiff is entitled to the relief it requests.
A'S.? 10 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 59 of 66�
ELEVENTH DEFENSE
Any allegations of Plaintiffs Complaint not expressly admitted above are hereby denied.
WHEREFORE, the Defendants pray for judgment as follows:
(a) That judgment be entered on Plaintiffs Complaint in favor of the
Defendants and that Plaintiff take nothing (either in the form of legal or
equitable relied by way of that Complaint;
(b) That the Defendants be awarded their costs of suit ;
(c) That the Defendants be awarded their reasonable attorneys' fees; and
(d) That this Court grant such other and further relief as it deems just and
proper.
This 12th day of May, 2003 .
WELLBORN & BUTLER, LLC
Paul F. Wellborn, III Georgia Bar No. 746720
1372 Peachtree St., N.E., Suite 204 Atlanta, GA 30309 Phone: (404) 815-9595 Fax : (404) 815-9957 Attorney for Defendants
A3Y 11 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 60 of 66�
VERIFICATION
Under penalty of perjury, I represent and aver on this 12th
day of May, 2003, that the facts set forth in the preceding
Verified Answer offered on behalf of myself and Virgil Griffith
are true and correct to the best of my belief and knowledge, and
hereby verify that complaint .
E
AUG N~ 15 __ 2008
Swum and subscribed R~'i'11111 before i 12th da OMay, 03
otary P is My miss n e res: ~ I1 S
A-sJ- Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 61 of 66�
VERIFICATION
Under penalty of perjury, I represent and aver on this 12th day of May, 2003, that the facts set forth in the preceding
Verified Answer are true and correct to the best of my belief and knowledge, and hereby verify that answer
E
*'w AUG aul IS . : F . Wellborn III -f';q,_ 2006
Sworn and subscribed P' before his 12th day of may 0
tary P is p t I h M rtvnissi expires: u ~S V ~O
0 .916 Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 62 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY
STATE OF GEORGIA
BLACKBOARD, INC .,
Plaintiff, v. Civil Action File No. 03CV4404-10
BILLY HOFFMAN and VIItGIL GRIFFITH,
Defendants.
CERTIFICATE OF SERVICE
This is to certify that I have this 12th day of May, 2003 served a copy of the foregoing Answer upon the below-listed counsel by placing a copy of same in a properly addressed envelope with sufficient first-class postage affixed with the United States
Postal Service for delivery to:
Charles T. Lester, Jr. Gregory S. Smith SUTHERLAND ASBILL & BRENNAN, LLP 999 Peachtree St. NE Atlanta, GA 30309-3996
This 12th day of May, 2003 .
BUTLER, LLC
;7 Pa . Wellborn, III Georgia Bar No. 746720
1372 Peachtree St., N.E., Suite 204 Atlanta, GA 30309 Phone: (404) 815-9595 Fax : (404) 815-9957 Attorney for Defendants
12 p -s~ Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 63 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY
STATE OF GEORGIA
BLACKBOARD, INC.,
Plaintiff, v. Civil Action File No. 03CV4404-10
BILLY HOFF1v1AN and VIRGIL GRIFFITH,
Defendants .
NOTICE OF FILING OF REMOVAL
TO: Charles T. Lester, Jr. Gregory S . Smith SUTHERLAND ASBILL & BRENNAN, LLP 999 Peachtree St. NE Atlanta, GA 30309-3996
Please take notice that Billy Hoffrnan and Virgil Griffith, defendants in the above-styled action, have this 12th day of May, 2003 filed their Notice Of Removal, a copy of which is attached hereto at Exhibit A in the Office of the Clerk of the United States District Court for the
Northern District of Georgia, Atlanta Division.
WELLBORN & BUTLER, LLC ----6 PaulOi4 F. Wellborn, III 2 Georgia Bar No. 746720 1372 Peachtree St., N.E., Suite 204 Atlanta, GA 30309 Phone: (404) 815-9595 Fax : (404) 815-9957 Attorney for Defendants
g- I Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 64 of 66�
IN THE SUPERIOR COURT OF DEKALB COUNTY
STATE OF GEORGIA
BLACKBOARD, INC.,
Plaintiff, v. Civil Action File No. 03CV4404-10
BILLY HOFFIvtAN and VII2GIL GRIFFITH,
Defendants.
CERTIFICATE OF SERVICE
This is to certify that I have this 12th day of May, 2003 served a copy of the foregoing
NOTICE OF FILING OF REMOVAL upon the below-listed counsel by placing a copy of same in a properly addressed envelope with sufficient first-class postage affixed with the United
States Postal Service for delivery to :
Charles T. Lester, Jr. Gregory S . Smith SUTHERLAND ASBILL & BRENNAN, LLP 999 Peachtree St. NE Atlanta, GA 30309-3996
WELLBORN & BUTLER, LLC
Paul F. Wellborn, III Georgia Bar No. 746720
1372 Peachtree St., N.E., Suite 204 Atlanta, GA 30309 Phone: (404) 815-9595 Fax : (404) 815-9957 Attorney for Defendants
9-Z Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 65 of 66�
UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION
BLACKBOARD, INC .,
Plaintiff,
v . Civil Action File No .
BILLY HOFFMAN and VIRGIL GRIFFITH,
Defendants .
RULE 7 .1 CERTIFICATE OF COMPLIANCE WITH LOCAL RULE 5 .1
This is to certify that the foregoing NOTICE OF REMOVAL was
prepared using 12 point Courier New font and accordingly
complies with Local Rule 5 .1 . This certificate is given in
compliance with Local Rule 7 .1(D) .
This 12th day of May, 2003 .
WELLBORN & BUTLER, LLC
Paul F . Wellborn, III Georgia Bar No . 746720
1372 Peachtree St ., N .E ., Suite 204 Atlanta, GA 30309 Phone : (404) 815-9595 Fax : (404) 815-9957 Attorney for Defendants Case 1:03-cv-01279-CC Document 1 Filed 05/12/2003 Page 66 of 66�
UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION
BLACKBOARD, INC .,
Plaintiff, v . Civil Action File No .
BILLY HOFFMAN and VIRGIL GRIFFITH,
Defendants .
CERTIFICATE OF SERVICE
This is to certify that I have this 12th day of May, 2003 served a copy of the foregoing NOTICE OF REMOVAL upon the below-listed counsel by placing a copy of same in a properly addressed envelope with sufficient first-class postage affixed with the United States Postal Service for delivery to :
Charles T . Lester, Jr . Gregory S . Smith SUTHERLAND ASBILL & BRENNAN, LLP 999 Peachtree St . NE Atlanta, GA 30309-3996
WELLBORN & BUTLER, LLC
Paul F . Wellborn, III Georgia Bar No . 746720
1372 Peachtree St ., N .E ., Suite 204 Atlanta, GA 30309 Phone : (404) 815-5595 Fax : (404) 815-9957 Attorney for Defendants Case 1:03-cv-01279-CC Document 2 Filed 05/28/2003 Page 1 of 3� c Fig"-:,I _ . ~iCc U.°._ IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION 2$ iuu7 ~v NAY BLACKBOARD INC.
Plaintiff, duty Clerk Civil Action File No. 1 :03-CV-1279 (CC)' v.
BILLY HOFFMAN and VIRGIL On Removal from the Superior GRIFFITH, Court of DeKalb County. Georgia
Defendants.
CONSENT ORDER REGARDING EXTENDING DURATION OF TEMPORARY RESTRAINING ORDER
Upon the consent of Plaintiff Blackboard Inc. and Defendants Silly Hoffman and
Virgil Griffith, and for good cause shown,
IT IS HEREBY ORDERED that the expiration date of the April 12, 2003 Order granting a temporary injunction ("the Order"), previously entered in this case and also extended once by the Hon. Ann Workman, Judge of the Superior Court of Dekalb
County, Georgia, prior to this case's removal to federal court, is hereby extended further, to and through the latter of (a) June 29, 2003, or (b) any later date that this Court specifies by modifying that Order upon motion by any party. During said extended period, the
Order shall remain in full force and effect . During the extended period, Defendants shall conduct themselves in accordance with the Order and shall not knowingly or intentionally assist any third party in disseminating information covered by the Order, or in retaliating against Blackboard or its clients by electronically bombarding any server of Blackboard, its clients or its agents.
WO 194755 .1 Case 1:03-cv-01279-CC Document 2 Filed 05/28/2003 Page 2 of 3� E
With the consent of the parties, this Court also hereby orders that the time within
which the parties would otherwise he obliged to file mandatory disclosures and a joint
scheduling statement under the Federal Rules of Civil Procedure, and/or under this
Court's local rules, are hereby also extended for a period of an additional 30 days.
The parties stipulate and agree that this Consent Order shall in no way constitute
or be deemed a waiver of any party "s rights in this action, all of which are expressly
reserved, except as expressly set forth above. Among other such reserved rights, Plaintiff
retains the right to file an action for contempt against Defendants for any previous failure
to comply with the Order, and to challenge and file a motion to remand in connection
with the removal petition filed by the Defendants in this action. The Defendants, among
other reserved rights and defenses, retain the defense of improper venue, and the defense
of lack of personal jurisdiction, to the extent that such rights were not waived by
Defendants' petition removing this action to this Court .
This ~day of May, 2003 .
eble Claren e Co er United States District Judge
Stipulated and Agreed to by:
SUTHERLAND ASBILL & BRENNAN. LLP
C 1e stet, Jr. Georgia Bar. No. 447200 Gregory S . Smith Georgia Bar No. 65837 999 Peachtree St. NE Atlanta, GA 30309-3996 Phone : (404) 853-5000 Fax : (404) 353-8806 Attorneys for Plaintiff
WO 194755 .1 Case 1:03-cv-01279-CC Document 2 Filed 05/28/2003 Page 3 of 3�
WELLBORN & BUTLER, LLC
Paul~ F. Wellborn, /Z//~,/~ III Georgia Bar No . 746720 1372 Peachtree St., N.E., Suite 204 Atlanta, GA 30309 Phone: (404) 815-9>95 Fax: (404) 815-9957 Attorney for Defendants
WO 194755 .1