Approaching Zero - LightNovelsOnl.com
You're reading novel online at LightNovelsOnl.com. Please use the follow button to get notifications about your favorite novels and its latest chapters so you can come back anytime and won't miss anything.
But support for hackers was building--unwittingly aided by the FBI, the Secret Service's rival in the bureaucratic battle for responsibility for computer crime. On May 1, 1990, an FBI agent named Richard Baxter, Jr., drove to Pinedale, Wyoming, for a meeting with John Perry Barlow. The two men came from different worlds. Barlow was a bundle of idiosyncrasies and contradictions, the sort of man who seems to survive only in the American West: aged forty-two, a former rancher, the Lyricist for the Grate- ful Dead, and also the local Republican party county chairman he believed in the frontier, both the real one around Pinedale and the electronic one accessible through his computer. Barlow wasn't a hacker, but he was part of something called WELL--the Whole Earth Electronic Link, the embodiment of the sixties counterculture surviving in the 1990s on an electronic bulletin board based in Sausalito, California. His philosophy was a mix of sixties liberalism leavened by a rancher's rugged individualism; he was a Republican hippie with a computer.
Agent Baxter was a country boy who "didn't know a ROM chip from a vise grip," according to Barlow. He wanted to talk to Barlow about high-tech crime, although hackers were not his usual beat.
Baxter was investigating the theft of the operating system source code for the Macintosh computer. According to Baxter, it had been stolen by a group that was threatening to destroy the American company by releasing the code to East Asian manufacturers of Apple clones.
Briefed at length by his San Francisco office, Agent Baxter told Barlow that the FBI wanted to interview John Draper, the legendary Captain Crunch. Draper, the FBI believed, was a known member of the Hackers' Conference, an underground a.s.sociation with likely ties to those responsible for the theft. The FBI also believed that Draper was the chief executive of Autodesk, a software company with many top-secret government Star Wars contracts.
Jurisdiction for this particular investigation had fallen to the FBI, not the Secret Service. It was one of the oddities of U.S. Iaw enforcement that even when the responsibilities of the two agencies overlapped, their intelligence and resources were almost never pooled. And in this case, Barlow knew that the FBI agent's information was almost completely wrong.
Draper wasn't the chief executive of Autodesk, though he had worked there as a programmer at one time, and Autodesk was not a major Star Wars contractor, but a software developer. Also, the Hackers' Conference was not an underground a.s.sociation, but an annual gathering of the nation's brightest and most respected computer experts. As for the group that had supposedly stolen the Macintosh source code, Barlow presumed that the agent was referring to the self-styled nuPrometheus League, which had been circulating filched copies of the Macintosh code to annoy Apple. Opinion in the computer underground was that the code was probably picked up by kids who'd been dumpster diving. (The ethos at Apple had changed since 1979. Then it was a small company with roots in the hacker community; now a major corporation, it called in the FBI to chase down kids for dumpster diving.) The only thing that the FBI had gotten right, Barlow reckoned, was the address of Autodesk. So Barlow explained to Baxter what was really going on, spending most of the two-hour interview educating him about source codes. THINGS HAVE RATHER JUMPED THE GROOVE WHEN POTENTIAL SUSPECTS MUST EXPLAIN TO LAW ENFORCERS THE NATURE OF THEIR ALLEGED PERPETRATIONS, he said in his posting to the WELL about the incident.
Barlow's message produced an unexpected response. A number of other WELL-beings--the users' excruciatingly cute name for themselves--had also been interviewed by the FBI. They had all heard pretty much the same garbled story. Baxter had only been repeating the information contained in the agency's files.
The entire Bureau seemed to be working on erroneous data. It was enough to tweak the ideological hackles of any Republican hippie, particularly one who believed in the new frontier of the computer village.
So, a week later, when news of the Secret Service crackdown broke, Barlow decided to investigate, to ensure that officialdom wasn't looking at the hacker threat through a haze of ignorance. Barlow had been inundated by messages, up to a hundred a day, after his posting to the WELL. Most had expressed indignation at the FBI's ignorance, and worries about the treatment of hackers who had been picked up in the dragnet. Barlow also met with Mitch Kapor, another WELL-being and the coauthor of Lotus 1-2-3, a best-selling computer program. Kapor had been shrewd enough to sell his stake in Lotus at (or very near) the top. Among other things, his earnings enabled him to operate his own business jet, which he used to fly to Wyoming for the meeting.
Both Kapor and Barlow empathized with the raided hackers though neither would ever condone criminal or malicious activity of any kind. Their concern was about whether the Feds knew what they were doing or were merely being pulled along by uninformed hysteria about hacking.
Together, Barlow and Kapor agreed to set up the Electronic Frontier Foundation.
Its purpose was not necessarily to protect hackers, but to extend the protection of freedom of speech, freedom of the press, and freedom of expression to computer-based media: bulletin boards, electronic publis.h.i.+ng, computer conferencing, and so on. The foundation dedicated itself to six aims, all related to influencing future legislation so that the civil liberties of computer users, whether they were hackers or not, would not be ignored. It attracted the support of a number of affluent technocrats in the computer industry--including $150,000 from Steve Wozniak, one of the Apple founders. (Woz had remained faithful to the original ideals of Apple. He resigned his position at the company in the early 1980s when it became too "corporate" and busied himself promoting music festivals and teaching, among other things.) By the time the Foundation was established, the full force of the federal crackdown had already been felt. The New York hackers Acid Phreak, Phiber Optik, and the Scorpion had been raided; Craig Neidorf had been arrested; the Atlanta Three had been indicted; Loyd Blankens.h.i.+p (the Mentor) and Steve Jackson had been busted and their equipment confiscated; and the nationwide raids had rounded up LoD, MoD, and DPAC members, as well as an a.s.sortment of independent hackers.
The catalog of charges ranged from wire fraud to handling stolen property, from unauthorized possession of access devices to misappropriating source codes. There were also allegations of credit card fraud, bank fraud, and altering hospital computer records, and references to specific incidents: dropping computer bombs in telephone switches and stealing the E911 doc.u.ments. It had all of the makings of a nationwide conspiracy.
The first case the Foundation took on was in Chicago. a.s.sistant U.S. Attorney William Cook, who had earlier successfully prosecuted Kyrie--the "f.a.gin" of the stolen access code gang--and who had become something of an authority on computer crime, was now in charge of the case against PHRACK editor Craig Neidorf. Neidorf had been indicted for transporting the stolen E911 doc.u.ment across state lines. He finally came to trial in Chicago on July 23rd.
The prosecution's case was opened by Cook, who outlined the government claim of a conspiracy involving Neidorf and members of the Legion of Doom and a.s.serted that the E911 file was "a highly proprietary and sensitive doc.u.ment" valued at $79,449.
Four days later the case collapsed.
The defense demonstrated that the same E911 information was available from local bookstores and in libraries. Furthermore, by dialing a free 1-800 number, two publications could be obtained from Bellcore for $34 which contained even more detailed information. Neidorf's lawyers also argued that, far from being the serious and imminent threat represented by Bellcore, the file had been published in PHRACK nearly a year before the telephone company bothered to do anything about it. Neidorf was cleared of all charges, but though he was helped by the foundation, he was still left with some $100,000 in legal costs.
The E911 file, however, was to come up once again.
On November 16, the Atlanta Three pleaded guilty to a number of charges variously described as computer fraud, wire fraud, access code fraud, and interstate transportation of stolen property--the latter referring to the E911 doc.u.ment.
Because the three agreed to guilty pleas the charges were reduced, but as a result no defense could be mounted. In the sen- tencing memorandum, the prosecution said that Robert Riggs (the Prophet) had stolen the E911 file "containing the program for the emergency 911 dialling system," adding that "any damage to that very sensitive system could result in a dangerous breakdown in police, fire and ambulance services." The file's value, the prosecution added, was $24,639.05--the 5 cents presumably included to indicate that the figure had been very accurately determined. The memo also stated that the three had gained free telephone service and access to BellSouth computers.
The Electronic Frontier Foundation was enraged. Although the plea bargaining precluded a formal defense, the Foundation said the claims about the E911 file were "clearly false. Defense witnesses ... were prepared to testify that the E911 doc.u.ment was not a [computer] program, that it could not be used to disrupt 911 service, and the same information could be ordered from BellSouth at a cost of less than $20." The foundation also noted that the prosecution had begun its memorandum by detailing the planting of computer bombs. "Only after going to some length describing these allegations does the prosecution state, in pa.s.sing, that the defendants were not implicated in these crimes [Foundation italics]."
Despite the protests, Robert Riggs (the Prophet) was sentenced to twenty-one months and his two colleagues--Adam Grant (the Urvile) and Frank Dearden (the Leftist)--received fourteen months each. They also had to make rest.i.tutional payments of $233,000 for the value of the "access devices" found in their possession. The access devices were the IDs and pa.s.swords that they had collected from BellSouth during their various raids.
There was no question that the Atlanta Three were hackers who had, without doubt, broken into BellSouth. But the valuation of the "access devices"-- computer codes, telephone card numbers--was highly questionable. As the foundation asked, how can a value be a.s.sessed when no loss can be demonstrated? But in the new climate engendered by the crackdown, everything a.s.sociated with hacking was suspect. Every self-proclaimed hacker acquired a Secret Service dossier, irrespective of his activities; every hacker with a handle qualified for a bust; every busted hacker was suspected of belonging to the Legion of Doom; and the mere mention of the word Cyberpunk seemed enough to bring down the full force of the law.
Under the circ.u.mstances, Steve Jackson had drawn a full house. Not only did he employ a known hacker--Loyd Blankens.h.i.+p, who had a handle and was even a member of the LoD--he was also engaged in producing a "hacker handbook" called Cyberpunk.
During the raid on Steve Jackson Games, the Secret Service had confiscated much of the company's computer equipment, without which equipment the company could barely function. It took months, and the a.s.sistance of a foundation-supplied lawyer, before the Feds returned the equipment--some of it, according to Steve, damaged, with valuable data missing.
The Secret Service kept the equipment as potential evidence for a "crime" that was never committed. For, while GURPS Cyberpunk does contain information on dumpster diving and social engineering, it is ultimately a game. It is no more a "handbook on hacking" than, say, this book is. (The game was finally published later that year, without causing any noticeable increase in hacking crimes.) Even though no charges were filed against Steve, his business suffered while the Secret Service held his computer systems. His turnover was down and half of his staff was laid off. He estimates his losses for the period at over $300,000. With the help of the foundation, he has since filed a civil suit against the Secret Service and two of its agents, a.s.sistant U.S. Attorney William Cook, and a Bellcore security manager.
At the time of writing, Loyd Blankens.h.i.+p (the Mentor) has not been charged with anything either, although he still has not received his computer equipment back. Given his background in the LoD, it is not thought likely that he ever will. As a known hacker, he is not pressing the Secret Service too hard; instead, said a friend, he's "Lying low."
The Electronic Frontier Foundation couldn't help everyone. Phiber Optik was sentenced to a period of thirty-five hours of community service for a relatively minor hacking offense. Even worse, he suffered the shame of being thrown out of the Legion of Doom--though that had nothing to do with his arrest. His crime, in the LoD's eyes, was that he and Acid Phreak (a non-Legionnaire) had demonstrated their hacking skills for a magazine article published in Esquire in December 1990. Although both he and Acid Phreak had kept their ident.i.ties secret even using phony handles--the other Legionnaires felt that the young hacker was on "an ego trip," a charge confirmed for them when he appeared on a number of television shows. Phiber Optik, the other Legionnaires decided, had too high a profile for the Legion.
Not being in LoD didn't stop him from hacking. He joined the MoD instead--but then he was busted along with four other MoD members: Outlaw, Corrupt, Renegade Hacker, and the Wing. These arrests were devastating to the gang, princ.i.p.ally because their equipment was confiscated. (The MoD accused the Legion of turning them in as a last reprisal in the hacker wars, but this seems unlikely.) In July '92 a federal grand jury indicted Outlaw, Corrupt, Phiber Optik, Acid Phreak, and Scorpion for breaking into telco and credit agency computers, and for stealing data.
Given all the effort, this was a modest payoff--hardly justification for a ma.s.sive crackdown. Even the Operation Sundevil busts of May 8th, which the foundation called a use of "force and terror which would have been more appropriate to the apprehension of urban guerrillas than barely postp.u.b.escent computer nerds," have yielded remarkably few indictments. Gail Thackeray, an attorney in Phoenix dealing with the aftermath of the Sundevil busts, notes that "80 percent of those arrested were adults [over eighteen years old]"-- hardly postp.u.b.escents. She says that more indictments are still being prepared, and that the delay was caused by the sheer weight of evidence: more than twenty thousand diskettes have been examined, which has taken the authorities over twelve months.
But perhaps indictments were never the point. Sundevil was a search-and-seizure operation; the quarantined computers and diskettes will be held until the material can be a.n.a.lyzed. Only at that point will the indictments, if any, be handed down, and the authorities are in no rush. While the computers are in their possession, the Cyberpunks are out of action.
As for the Phoenix Project, it, too, was probably a false alarm. The vaunted rebirth of hacking, which convinced the Secret Service that there was a nationwide conspiracy, may not have been what it seemed. After all, the Project's organizers had only exhorted hackers to welcome the new age "with the use of every legal means available." A sympathetic interpretation of the Phoe- nix Project would suggest that older hackers were simply counseling others not to break the law. It was a timely warning: the Computer Fraud and Misuse Act had entered the statute books two years previously, and some jail sentences had already been handed out. Hacking was no longer being viewed tolerantly, and the Phoenix Project's organizers expected a crackdown by the authorities. They got that right at least.
However, there was yet another hacker swept up in the Secret Service busts, who, unlike the others, was unquestionably hacking for profit. In mid-June 1989 BellSouth had begun investigating two relatively minor incidents on one of its switches in Florida. In the first incident, on June 16th, an intruder had hacked into the switch and rerouted calls for the city offices of Miramar, Florida, to a long-distance information number. On the next day the same hacker (or so it was a.s.sumed) had also rerouted calls intended for the Delray Beach probation office. This time the hacker demonstrated an impish sense of humor: callers to the probation office instead found themselves connected to a Dial-a-p.o.r.n service in New York State.
As a result of the two incidents, BellSouth had stepped up the monitoring of its switches. On June 21st, security agents were told that the monitors had detected a hacker loose in one of its computers.
The carrier put a trace on the call, following it back through a series of loops around the country. The hacker had tried to disguise his entry point into the system by first dialing into his local exchange, jumping to a connected switch on another network, then skipping from there to yet another network, and so on. Each time a loop was made through a network, it had to be traced to the entry switch. But the precautions must have given the hacker a false sense of security, because he stayed in the system too long, allowing the trace to be followed all the way through, from network to network, right back to a phone number in Indiana.
BellSouth pa.s.sed the number they had traced on to Bellcore, which began monitoring all outgoing and incoming calls. The telephone company agents had discovered a hard-core hacker: they watched as their target looped calls around the country, from system to system; they recorded him breaking into a credit agency computer in Delaware belonging to CSA; and they listened as he had money wired to Paducah, Kentucky, on a credit card number.
Their target, of course, was Fry Guy, the fifteen-year-old Indiana hacker who had spent months perfecting his credit card scam.
With evidence that the young hacker was committing fraud, the telco agents turned the details over to the Secret Service, which included him on the Atlanta Three's DNR request. The inclusion was mostly a matter of convenience, but the agents had noted a geographic coincidence that intrigued them: Fry Guy lived in Indiana, as did the recipient of the anonymous telephone call warning of the computer bombs in the switches; Fry Guy also knew his way around BellSouth, where one of the bombs had been planted--indeed, other hackers regarded it as his "sphere of influence."
In mid-July the Secret Service recorded Fry Guy charging $500 to a stolen credit card number. With that piece of evidence (previous telco monitors had not been court-approved and therefore could not be used as evidence), the Secret Service was also able to include Fry Guy in the Atlanta Three search warrant.
The house in Elmwood, Indiana, was raided the same day the three addresses in Atlanta were busted. Fry Guy awoke from his summer-long haze to find that he was suspected of the two Florida incidents, the anonymous telephone call to Indiana Bell's security manager, planting the computer bombs, and credit card fraud.
Hackers are often victims of their own hype. The LoD was the princ.i.p.al target of the crackdown because it promoted itself as the biggest and meanest gang in Cybers.p.a.ce--and because the authorities believed them.
The computer underworld is a hall of mirrors. Reality becomes bent, the truth shrunken. The authorities who organized Operation Sundevil and its related investigations believed they were dealing with a nationwide conspiracy involving $50 million in telecommunications fraud alone. And that, they said, was only the tip of the iceberg.
What they got in the end, notwithstanding the Atlanta Three's guilty pleas, were some relatively minor convictions. After the barrage of criticism from John Perry Barlow's Electronic Frontier Foundation, the investigators began to pull back. The Phoenix officials, such as Gail Thackeray, are now keen to distance both themselves and Operation Sundevil from the other antihacker actions that year. The wilder suggestions--that the AT&T incident had been caused by Acid Phreak; that hackers were looting banks; that hospital records were being altered, and patients put at risk--have been dropped. The word conspiracy is used less and less, and the computer bombs, the specific catalyst for the whole crackdown, have been quietly forgotten. No one has been officially charged with planting the bombs, and it is unlikely that anyone ever will be. Everyone in the underworld's hall of mirrors claims to know who did it, but they all finger different people.
As for Fry Guy, he denies any responsibility for the bombs: "They're just pointless destruction. I can't understand why anyone would do it. I'm not malicious or destructive: I only do things for gain."
That was Fry Guy's downfall: he operated for gain. When he was raided, the Secret Service found more than a hundred "access devices" in his possession-- credit card numbers and telephone calling cards. He could never be charged with planting the bombs, and no one was able to pin the Florida incidents on him, but he was caught red-handed on the credit card fraud. Following his arrest, it was estimated that his little scam had netted him $6,000 that year. He is now on probation, his equipment confiscated, but if you ask him why he hacked, he still sighs: "It's the greatest thing in the world."
New technology requires new approaches. The reactions of the authorities to the computer underworld show a dependence on old ideas. Hacking becomes "breaking and entering"; role-playing games become "conspiracies"; exploration becomes "espionage." The dated terms obliterate the difference between the "bad" hackers and the "good" hackers.
And there is a difference. Society might tolerate some activities of the computer underground. Hackers are mostly explorers exercising intellectual curiosity. Undoubtedly, they will break into computers, sometimes causing ancillary damage or taking up system time, and they probably will exploit the telecom systems to do so. But their intent, for the most part, is not malicious.
On the other hand, the black arts of virus writing or hacking to steal money are unjustifiable. Virus writers are electronic vandals; hackers who rob are high-tech thieves.
The difference between the good and the bad is often blurred. The distinction is one of motive: the malicious and the criminal should be viewed differently from the merely clever or curious.
Someday it may be possible to get a clearer picture of what the activities of the computer underground actually cost industry and telecom companies. Present estimates vary so widely as to be worthless. Figures seem to be plucked from the air: it is utterly impossible to verify whether the true cost in the United States is around $550 million each year (the Computerworld estimate), or whether total losses could actually amount to as much as $5 billion (as was estimated at a security conference in 1991). These exaggerations are compounded by the hackers themselves--who are only too willing to embellish their accomplishments. With both sides expounding fanciful stories and ever wilder claims, truth is lost in the telling.
What is ironic is that the activities of the hackers are leading to a situation they would decry. Security managers have a clear responsibility to protect their sites from electronic intrusion. As hackers become bolder, security is becoming tightened, threatening the very "freedom of information" that hacking, in its benign form, is said to promote.
Hackers are an engaging bunch, even the "bad" ones: bright, curious, technically gifted, pa.s.sionate, p.r.o.ne to harmless boasting, and more than a little obsessed. They are usually creative, probing, and impatient with rules and restrictions. In character, they closely resemble the first-generation hackers.
Computing has always gained from the activities of those who look beyond what is there, to think of what there might be. The final irony for the computer industry is that the hackers who are being shut out today will be the programmers, managers, and even security experts of tomorrow.