The Hacker Crackdown Part 17

Legion of Doom began on the ruins of an earlier phreak group, The Knights of Shadow. Later, LoD was to subsume the personnel of the hacker group "Tribunal of Knowledge." People came and went constantly in LoD; groups split up or formed offshoots.

Early on, the LoD phreaks befriended a few computer-intrusion enthusiasts, who became the a.s.sociated "Legion of Hackers."

Then the two groups conflated into the "Legion of Doom/Hackers,"

or LoD/H. When the original "hacker" wing, Messrs. "Compu-Phreak"

and "p.h.u.c.ked Agent 04," found other matters to occupy their time, the extra "/H" slowly atrophied out of the name; but by this time the phreak wing, Messrs. Lex Luthor, "Blue Archer," "Gary Seven,"

"Kerrang Khan," "Master of Impact," "Silver Spy," "The Marauder,"

and "The Videosmith," had picked up a plethora of intrusion expertise and had become a force to be reckoned with.

LoD members seemed to have an instinctive understanding that the way to real power in the underground lay through covert publicity. LoD were flagrant. Not only was it one of the earliest groups, but the members took pains to widely distribute their illicit knowledge. Some LoD members, like "The Mentor," were close to evangelical about it.

Legion of Doom Technical Journal began to show up on boards throughout the underground.

LoD Technical Journal was named in cruel parody of the ancient and honored AT&T Technical Journal.

The material in these two publications was quite similar-- much of it, adopted from public journals and discussions in the telco community. And yet, the predatory att.i.tude of LoD made even its most innocuous data seem deeply sinister; an outrage; a clear and present danger.

To see why this should be, let's consider the following (invented) paragraphs, as a kind of thought experiment.

(A) "W. Fred Brown, AT&T Vice President for Advanced Technical Development, testified May 8 at a Was.h.i.+ngton hearing of the National Telecommunications and Information Administration (NTIA), regarding Bellcore's GARDEN project. GARDEN (Generalized Automatic Remote Distributed Electronic Network) is a telephone-switch programming tool that makes it possible to develop new telecom services, including hold-on-hold and customized message transfers, from any keypad terminal, within seconds. The GARDEN prototype combines centrex lines with a minicomputer using UNIX operating system software."

(B) "Crimson Flash 512 of the Centrex Mobsters reports: D00dz, you wouldn't believe this GARDEN bulls.h.i.+t Bellcore's just come up with! Now you don't even need a lousy Commodore to reprogram a switch--just log on to GARDEN as a technician, and you can reprogram switches right off the keypad in any public phone booth! You can give yourself hold-on-hold and customized message transfers, and best of all, the thing is run off (notoriously insecure) centrex lines using--get this--standard UNIX software! Ha ha ha ha!"

Message (A), couched in typical techno-bureaucratese, appears tedious and almost unreadable. (A) scarcely seems threatening or menacing. Message (B), on the other hand, is a dreadful thing, prima facie evidence of a dire conspiracy, definitely not the kind of thing you want your teenager reading.

The INFORMATION, however, is identical. It is PUBLIC information, presented before the federal government in an open hearing. It is not "secret." It is not "proprietary."

It is not even "confidential." On the contrary, the development of advanced software systems is a matter of great public pride to Bellcore.

However, when Bellcore publicly announces a project of this kind, it expects a certain att.i.tude from the public--something along the lines of GOSH WOW, YOU GUYS ARE GREAT, KEEP THAT UP, WHATEVER IT IS-- certainly not cruel mimickry, one-upmans.h.i.+p and outrageous speculations about possible security holes.

Now put yourself in the place of a policeman confronted by an outraged parent, or telco official, with a copy of Version (B).

This well-meaning citizen, to his horror, has discovered a local bulletin-board carrying outrageous stuff like (B), which his son is examining with a deep and unhealthy interest.

If (B) were printed in a book or magazine, you, as an American law enforcement officer, would know that it would take a h.e.l.l of a lot of trouble to do anything about it; but it doesn't take technical genius to recognize that if there's a computer in your area harboring stuff like (B), there's going to be trouble.

In fact, if you ask around, any computer-literate cop will tell you straight out that boards with stuff like (B) are the SOURCE of trouble. And the WORST source of trouble on boards are the ringleaders inventing and spreading stuff like (B).

If it weren't for these jokers, there wouldn't BE any trouble.

And Legion of Doom were on boards like n.o.body else.

Plovernet. The Legion of Doom Board. The Farmers of Doom Board.

Metal Shop. OSUNY. Blottoland. Private Sector. Atlantis.

Digital Logic. h.e.l.l Phrozen Over.

LoD members also ran their own boards. "Silver Spy" started his own board, "Catch-22," considered one of the heaviest around.

So did "Mentor," with his "Phoenix Project." When they didn't run boards themselves, they showed up on other people's boards, to brag, boast, and strut. And where they themselves didn't go, their philes went, carrying evil knowledge and an even more evil att.i.tude.

As early as 1986, the police were under the vague impression that EVERYONE in the underground was Legion of Doom.

LoD was never that large--considerably smaller than either "Metal Communications" or "The Administration," for instance-- but LoD got tremendous press. Especially in Phrack, which at times read like an LoD fan magazine; and Phrack was everywhere, especially in the offices of telco security.

You couldn't GET busted as a phone phreak, a hacker, or even a lousy codes kid or warez dood, without the cops asking if you were LoD.

This was a difficult charge to deny, as LoD never distributed members.h.i.+p badges or laminated ID cards.

If they had, they would likely have died out quickly, for turnover in their members.h.i.+p was considerable.

LoD was less a high-tech street-gang than an ongoing state-of-mind. LoD was the Gang That Refused to Die.

By 1990, LoD had RULED for ten years, and it seemed WEIRD to police that they were continually busting people who were only sixteen years old. All these teenage small-timers were pleading the tiresome hacker litany of "just curious, no criminal intent." Somewhere at the center of this conspiracy there had to be some serious adult masterminds, not this seemingly endless supply of myopic suburban white kids with high SATs and funny haircuts.

There was no question that most any American hacker arrested would "know" LoD. They knew the handles of contributors to LoD Tech Journal, and were likely to have learned their craft through LoD boards and LoD activism.

But they'd never met anyone from LoD. Even some of the rotating cadre who were actually and formally "in LoD"

knew one another only by board-mail and pseudonyms.

This was a highly unconventional profile for a criminal conspiracy.

Computer networking, and the rapid evolution of the digital underground, made the situation very diffuse and confusing.

Furthermore, a big reputation in the digital underground did not coincide with one's willingness to commit "crimes."

Instead, reputation was based on cleverness and technical mastery.

As a result, it often seemed that the HEAVIER the hackers were, the LESS likely they were to have committed any kind of common, easily prosecutable crime. There were some hackers who could really steal.

And there were hackers who could really hack. But the two groups didn't seem to overlap much, if at all. For instance, most people in the underground looked up to "Emmanuel Goldstein" of 2600 as a hacker demiG.o.d.

But Goldstein's publis.h.i.+ng activities were entirely legal-- Goldstein just printed dodgy stuff and talked about politics, he didn't even hack. When you came right down to it, Goldstein spent half his time complaining that computer security WASN'T STRONG ENOUGH and ought to be drastically improved across the board!

Truly heavy-duty hackers, those with serious technical skills who had earned the respect of the underground, never stole money or abused credit cards. Sometimes they might abuse phone-codes-- but often, they seemed to get all the free phone-time they wanted without leaving a trace of any kind.

The best hackers, the most powerful and technically accomplished, were not professional fraudsters. They raided computers habitually, but wouldn't alter anything, or damage anything. They didn't even steal computer equipment--most had day-jobs messing with hardware, and could get all the cheap secondhand equipment they wanted.

The hottest hackers, unlike the teenage wannabes, weren't sn.o.bs about fancy or expensive hardware. Their machines tended to be raw second-hand digital hot-rods full of custom add-ons that they'd cobbled together out of chickenwire, memory chips and spit.

Some were adults, computer software writers and consultants by trade, and making quite good livings at it. Some of them ACTUALLY WORKED FOR THE PHONE COMPANY--and for those, the "hackers" actually found under the skirts of Ma Bell, there would be little mercy in 1990.

It has long been an article of faith in the underground that the "best" hackers never get caught.

They're far too smart, supposedly. They never get caught because they never boast, brag, or strut. These demiG.o.ds may read underground boards (with a condescending smile), but they never say anything there. The "best" hackers, according to legend, are adult computer professionals, such as mainframe system administrators, who already know the ins and outs of their particular brand of security.

Even the "best" hacker can't break in to just any computer at random: the knowledge of security holes is too specialized, varying widely with different software and hardware. But if people are employed to run, say, a UNIX mainframe or a VAX/VMS machine, then they tend to learn security from the inside out. Armed with this knowledge, they can look into most anybody else's UNIX or VMS without much trouble or risk, if they want to.

And, according to hacker legend, of course they want to, so of course they do. They just don't make a big deal of what they've done. So n.o.body ever finds out.

It is also an article of faith in the underground that professional telco people "phreak" like crazed weasels.

OF COURSE they spy on Madonna's phone calls--I mean, WOULDN'T YOU? Of course they give themselves free long- distance--why the h.e.l.l should THEY pay, they're running the whole shebang!

It has, as a third matter, long been an article of faith that any hacker caught can escape serious punishment if he confesses HOW HE DID IT. Hackers seem to believe that governmental agencies and large corporations are blundering about in cybers.p.a.ce like eyeless jellyfish or cave salamanders. They feel that these large but pathetically stupid organizations will proffer up genuine grat.i.tude, and perhaps even a security post and a big salary, to the hot-shot intruder who will deign to reveal to them the supreme genius of his modus operandi.

In the case of longtime LoD member "Control-C,"

this actually happened, more or less. Control-C had led Michigan Bell a merry chase, and when captured in 1987, he turned out to be a bright and apparently physically harmless young fanatic, fascinated by phones. There was no chance in h.e.l.l that Control-C would actually repay the enormous and largely theoretical sums in long-distance service that he had acc.u.mulated from Michigan Bell.

He could always be indicted for fraud or computer-intrusion, but there seemed little real point in this--he hadn't physically damaged any computer. He'd just plead guilty, and he'd likely get the usual slap-on-the-wrist, and in the meantime it would be a big ha.s.sle for Michigan Bell just to bring up the case. But if kept on the payroll, he might at least keep his fellow hackers at bay.

There were uses for him. For instance, a contrite Control-C was featured on Michigan Bell internal posters, sternly warning employees to shred their trash.

He'd always gotten most of his best inside info from "tras.h.i.+ng"--raiding telco dumpsters, for useful data indiscreetly thrown away. He signed these posters, too.

Control-C had become something like a Michigan Bell mascot.

And in fact, Control-C DID keep other hackers at bay.

Little hackers were quite scared of Control-C and his heavy-duty Legion of Doom friends. And big hackers WERE his friends and didn't want to screw up his cushy situation.

No matter what one might say of LoD, they did stick together.

When "Wasp," an apparently genuinely malicious New York hacker, began cras.h.i.+ng Bellcore machines, Control-C received swift volunteer help from "the Mentor" and the Georgia LoD wing made up of "The Prophet," "Urvile," and "Leftist." Using Mentor's Phoenix Project board to coordinate, the Doomsters helped telco security to trap Wasp, by luring him into a machine with a tap and line-trace installed. Wasp lost. LoD won! And my, did they brag.

Urvile, Prophet and Leftist were well-qualified for this activity, probably more so even than the quite accomplished Control-C.

The Georgia boys knew all about phone switching-stations.

Though relative johnny-come-latelies in the Legion of Doom, they were considered some of LoD's heaviest guys, into the hairiest systems around. They had the good fortune to live in or near Atlanta, home of the sleepy and apparently tolerant BellSouth RBOC.

As RBOC security went, BellSouth were "cake." US West (of Arizona, the Rockies and the Pacific Northwest) were tough and aggressive, probably the heaviest RBOC around. Pacific Bell, California's PacBell, were sleek, high-tech, and longtime veterans of the LA phone-phreak wars.

NYNEX had the misfortune to run the New York City area, and were warily prepared for most anything. Even Michigan Bell, a division of the Ameritech RBOC, at least had the elementary sense to hire their own hacker as a useful scarecrow. But BellSouth, even though their corporate P.R.