The Hacker Crackdown Part 18

proclaimed them to have "Everything You Expect From a Leader," were pathetic.

When rumor about LoD's mastery of Georgia's switching network got around to BellSouth through Bellcore and telco security scuttleb.u.t.t, they at first refused to believe it. If you paid serious attention to every rumor out and about these hacker kids, you would hear all kinds of wacko saucer-nut nonsense: that the National Security Agency monitored all American phone calls, that the CIA and DEA tracked traffic on bulletin-boards with word-a.n.a.lysis programs, that the Condor could start World War III from a payphone.

If there were hackers into BellSouth switching-stations, then how come nothing had happened? Nothing had been hurt. BellSouth's machines weren't cras.h.i.+ng. BellSouth wasn't suffering especially badly from fraud.

BellSouth's customers weren't complaining. BellSouth was headquartered in Atlanta, ambitious metropolis of the new high-tech Sunbelt; and BellSouth was upgrading its network by leaps and bounds, digitizing the works left right and center. They could hardly be considered sluggish or naive. BellSouth's technical expertise was second to none, thank you kindly. But then came the Florida business.

On June 13, 1989, callers to the Palm Beach County Probation Department, in Delray Beach, Florida, found themselves involved in a remarkable discussion with a phone-s.e.x worker named "Tina" in New York State.

Somehow, ANY call to this probation office near Miami was instantly and magically transported across state lines, at no extra charge to the user, to a p.o.r.nographic phone-s.e.x hotline hundreds of miles away!

This practical joke may seem utterly hilarious at first hearing, and indeed there was a good deal of chuckling about it in phone phreak circles, including the Autumn 1989 issue of 2600.

But for Southern Bell (the division of the BellSouth RBOC supplying local service for Florida, Georgia, North Carolina and South Carolina), this was a smoking gun. For the first time ever, a computer intruder had broken into a BellSouth central office switching station and re-programmed it!

Or so BellSouth thought in June 1989. Actually, LoD members had been frolicking harmlessly in BellSouth switches since September 1987.

The stunt of June 13--call-forwarding a number through manipulation of a switching station--was child's play for hackers as accomplished as the Georgia wing of LoD. Switching calls interstate sounded like a big deal, but it took only four lines of code to accomplish this.

An easy, yet more discreet, stunt, would be to call-forward another number to your own house. If you were careful and considerate, and changed the software back later, then not a soul would know.

Except you. And whoever you had bragged to about it.

As for BellSouth, what they didn't know wouldn't hurt them.

Except now somebody had blown the whole thing wide open, and BellSouth knew.

A now alerted and considerably paranoid BellSouth began searching switches right and left for signs of impropriety, in that hot summer of 1989.

No fewer than forty-two BellSouth employees were put on 12-hour s.h.i.+fts, twenty-four hours a day, for two solid months, poring over records and monitoring computers for any sign of phony access. These forty-two overworked experts were known as BellSouth's "Intrusion Task Force."

What the investigators found astounded them. Proprietary telco databases had been manipulated: phone numbers had been created out of thin air, with no users' names and no addresses. And perhaps worst of all, no charges and no records of use. The new digital ReMOB (Remote Observation) diagnostic feature had been extensively tampered with--hackers had learned to reprogram ReMOB software, so that they could listen in on any switch-routed call at their leisure! They were using telco property to SPY!

The electrifying news went out throughout law enforcement in 1989.

It had never really occurred to anyone at BellSouth that their prized and brand-new digital switching-stations could be RE-PROGRAMMED.

People seemed utterly amazed that anyone could have the nerve.

Of course these switching stations were "computers," and everybody knew hackers liked to "break into computers:" but telephone people's computers were DIFFERENT from normal people's computers.

The exact reason WHY these computers were "different" was rather ill-defined. It certainly wasn't the extent of their security.

The security on these BellSouth computers was lousy; the AIMSX computers, for instance, didn't even have pa.s.swords. But there was no question that BellSouth strongly FELT that their computers were very different indeed.

And if there were some criminals out there who had not gotten that message, BellSouth was determined to see that message taught.

After all, a 5ESS switching station was no mere bookkeeping system for some local chain of florists. Public service depended on these stations.

Public SAFETY depended on these stations.

And hackers, lurking in there call-forwarding or ReMobbing, could spy on anybody in the local area! They could spy on telco officials!

They could spy on police stations! They could spy on local offices of the Secret Service. . . .

In 1989, electronic cops and hacker-trackers began using scrambler-phones and secured lines. It only made sense. There was no telling who was into those systems. Whoever they were, they sounded scary. This was some new level of antisocial daring. Could be West German hackers, in the pay of the KGB. That too had seemed a weird and farfetched notion, until Clifford Stoll had poked and prodded a sluggish Was.h.i.+ngton law-enforcement bureaucracy into investigating a computer intrusion that turned out to be exactly that--HACKERS, IN THE PAY OF THE KGB!

Stoll, the systems manager for an Internet lab in Berkeley California, had ended up on the front page of the New Nork Times, proclaimed a national hero in the first true story of international computer espionage.

Stoll's counterspy efforts, which he related in a bestselling book, The Cuckoo's Egg, in 1989, had established the credibility of 'hacking'

as a possible threat to national security. The United States Secret Service doesn't mess around when it suspects a possible action by a foreign intelligence apparat.

The Secret Service scrambler-phones and secured lines put a tremendous kink in law enforcement's ability to operate freely; to get the word out, cooperate, prevent misunderstandings.

Nevertheless, 1989 scarcely seemed the time for half-measures.

If the police and Secret Service themselves were not operationally secure, then how could they reasonably demand measures of security from private enterprise? At least, the inconvenience made people aware of the seriousness of the threat.

If there was a final spur needed to get the police off the dime, it came in the realization that the emergency 911 system was vulnerable.

The 911 system has its own specialized software, but it is run on the same digital switching systems as the rest of the telephone network.

911 is not physically different from normal telephony. But it is certainly culturally different, because this is the area of telephonic cybers.p.a.ce reserved for the police and emergency services.

Your average policeman may not know much about hackers or phone-phreaks.

Computer people are weird; even computer COPS are rather weird; the stuff they do is hard to figure out. But a threat to the 911 system is anything but an abstract threat. If the 911 system goes, people can die.

Imagine being in a car-wreck, staggering to a phone-booth, punching 911 and hearing "Tina" pick up the phone-s.e.x line somewhere in New York! The situation's no longer comical, somehow.

And was it possible? No question. Hackers had attacked 911 systems before. Phreaks can max-out 911 systems just by siccing a bunch of computer-modems on them in tandem, dialling them over and over until they clog. That's very crude and low-tech, but it's still a serious business.

The time had come for action. It was time to take stern measures with the underground. It was time to start picking up the dropped threads, the loose edges, the bits of braggadocio here and there; it was time to get on the stick and start putting serious casework together. Hackers weren't "invisible." They THOUGHT they were invisible; but the truth was, they had just been tolerated too long.

Under sustained police attention in the summer of '89, the digital underground began to unravel as never before.

The first big break in the case came very early on: July 1989, the following month. The perpetrator of the "Tina" switch was caught, and confessed. His name was "Fry Guy," a 16-year-old in Indiana.

Fry Guy had been a very wicked young man.

Fry Guy had earned his handle from a stunt involving French fries.

Fry Guy had filched the log-in of a local MacDonald's manager and had logged-on to the MacDonald's mainframe on the Sprint Telenet system. Posing as the manager, Fry Guy had altered MacDonald's records, and given some teenage hamburger-flipping friends of his, generous raises. He had not been caught.

Emboldened by success, Fry Guy moved on to credit-card abuse.

Fry Guy was quite an accomplished talker; with a gift for "social engineering." If you can do "social engineering"

--fast-talk, fake-outs, impersonation, conning, scamming-- then card abuse comes easy. (Getting away with it in the long run is another question).

Fry Guy had run across "Urvile" of the Legion of Doom on the ALTOS Chat board in Bonn, Germany. ALTOS Chat was a sophisticated board, accessible through globe-spanning computer networks like BITnet, Tymnet, and Telenet.

ALTOS was much frequented by members of Germany's Chaos Computer Club. Two Chaos hackers who hung out on ALTOS, "Jaeger" and "Pengo," had been the central villains of Clifford Stoll's Cuckoo's Egg case: consorting in East Berlin with a spymaster from the KGB, and breaking into American computers for hire, through the Internet.

When LoD members learned the story of Jaeger's depredations from Stoll's book, they were rather less than impressed, technically speaking. On LoD's own favorite board of the moment, "Black Ice," LoD members bragged that they themselves could have done all the Chaos break-ins in a week flat! Nevertheless, LoD were grudgingly impressed by the Chaos rep, the sheer hairy-eyed daring of hash-smoking anarchist hackers who had rubbed shoulders with the fearsome big-boys of international Communist espionage. LoD members sometimes traded bits of knowledge with friendly German hackers on ALTOS--phone numbers for vulnerable VAX/VMS computers in Georgia, for instance.

Dutch and British phone phreaks, and the Australian clique of "Phoenix," "Nom," and "Electron," were ALTOS regulars, too.

In underground circles, to hang out on ALTOS was considered the sign of an elite dude, a sophisticated hacker of the international digital jet-set.

Fry Guy quickly learned how to raid information from credit-card consumer-reporting agencies. He had over a hundred stolen credit-card numbers in his notebooks, and upwards of a thousand swiped long-distance access codes. He knew how to get onto Altos, and how to talk the talk of the underground convincingly. He now wheedled knowledge of switching-station tricks from Urvile on the ALTOS system.

Combining these two forms of knowledge enabled Fry Guy to bootstrap his way up to a new form of wire-fraud. First, he'd snitched credit card numbers from credit-company computers. The data he copied included names, addresses and phone numbers of the random card-holders.

Then Fry Guy, impersonating a card-holder, called up Western Union and asked for a cash advance on "his" credit card. Western Union, as a security guarantee, would call the customer back, at home, to verify the transaction.

But, just as he had switched the Florida probation office to "Tina"

in New York, Fry Guy switched the card-holder's number to a local pay-phone.

There he would lurk in wait, muddying his trail by routing and re-routing the call, through switches as far away as Canada. When the call came through, he would boldly "social-engineer," or con, the Western Union people, pretending to be the legitimate card-holder. Since he'd answered the proper phone number, the deception was not very hard. Western Union's money was then s.h.i.+pped to a confederate of Fry Guy's in his home town in Indiana.

Fry Guy and his cohort, using LoD techniques, stole six thousand dollars from Western Union between December 1988 and July 1989. They also dabbled in ordering delivery of stolen goods through card-fraud. Fry Guy was intoxicated with success. The sixteen-year-old fantasized wildly to hacker rivals, boasting that he'd used rip-off money to hire himself a big limousine, and had driven out-of-state with a groupie from his favorite heavy-metal band, Motley Crue.

Armed with knowledge, power, and a gratifying stream of free money, Fry Guy now took it upon himself to call local representatives of Indiana Bell security, to brag, boast, strut, and utter tormenting warnings that his powerful friends in the notorious Legion of Doom could crash the national telephone network.

Fry Guy even named a date for the scheme: the Fourth of July, a national holiday.

This egregious example of the begging-for-arrest syndrome was shortly followed by Fry Guy's arrest. After the Indiana telephone company figured out who he was, the Secret Service had DNRs--Dialed Number Recorders-- installed on his home phone lines. These devices are not taps, and can't record the substance of phone calls, but they do record the phone numbers of all calls going in and out. Tracing these numbers showed Fry Guy's long-distance code fraud, his extensive ties to pirate bulletin boards, and numerous personal calls to his LoD friends in Atlanta. By July 11, 1989, Prophet, Urvile and Leftist also had Secret Service DNR "pen registers" installed on their own lines.