Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
switches in Florida. In the first incident, on June 16th, an intruder had
hacked into the switch and rerouted calls for the city offices of Miramar,
Florida, to a long-distance information number. On the next day the same hacker
(or so it was assumed) had also rerouted calls intended for the Delray Beach
probation office. This time the hacker demonstrated an impish sense of humor:
callers to the probation office instead found themselves connected to a
Dial-a-Porn service in New York State.
As a result of the two incidents, BellSouth had stepped up the monitoring of
its switches. On June 21st, security agents were told that the monitors had
detected a hacker loose in one of its computers.
The carrier put a trace on the call, following it back through a series of
loops around the country. The hacker had tried to disguise his entry point into
the system by first dialing into his local exchange, jumping to a connected
switch on another network, then skipping from there to yet another network, and
so on. Each time a loop was made through a network, it had to be traced to the
entry switch. But the precautions must have given the hacker a false sense of
security, because he stayed in the system too long, allowing the trace to be
followed all the way through, from network to network, right back to a phone
number in Indiana.
BellSouth passed the number they had traced on to Bellcore, which began
monitoring all outgoing and incoming calls. The telephone company agents had
discovered a hard-core hacker: they watched as their target looped calls around
the country, from system to system; they recorded him breaking into a credit
agency computer in Delaware belonging to CSA; and they listened as he had money
wired to Paducah, Kentucky, on a credit card number.
Their target, of course, was Fry Guy, the fifteen-year-old Indiana hacker who
had spent months perfecting his credit card scam.
With evidence that the young hacker was committing fraud, the telco agents
turned the details over to the Secret Service, which included him on the
Atlanta Three’s DNR request. The inclusion was mostly a matter of convenience,
but the agents had noted a geographic coincidence that intrigued them: Fry Guy
lived in Indiana, as did the recipient of the anonymous telephone call warning
of the computer bombs in the switches; Fry Guy also knew his way around
BellSouth, where one of the bombs had been planted—indeed, other hackers
regarded it as his “sphere of influence.”
In mid-July the Secret Service recorded Fry Guy charging $500 to a stolen
credit card number. With that piece of evidence (previous telco monitors had
not been court-approved and therefore could not be used as evidence), the
Secret Service was also able to include Fry Guy in the Atlanta Three search
warrant.
The house in Elmwood, Indiana, was raided the same day the three addresses in
Atlanta were busted. Fry Guy awoke from his summer-long haze to find that he
was suspected of the two Florida incidents, the anonymous telephone call to
Indiana Bell’s security manager, planting the computer bombs, and credit card
fraud.
Hackers are often victims of their own hype. The LoD was the principal target
of the crackdown because it promoted itself as the biggest and meanest gang in
Cyberspace—and because the authorities believed them.
The computer underworld is a hall of mirrors. Reality becomes bent, the truth
shrunken. The authorities who organized Operation Sundevil and its related
investigations believed they were dealing with a nationwide conspiracy
involving $50 million in telecommunications fraud alone. And that, they said,
was only the tip of the iceberg.
What they got in the end, notwithstanding the Atlanta Three’s guilty pleas,
were some relatively minor convictions. After the barrage of criticism from
John Perry Barlow’s Electronic Frontier Foundation, the investigators began to
pull back. The Phoenix officials, such as Gail Thackeray, are now keen to
distance both themselves and Operation Sundevil from the other antihacker
actions that year. The wilder suggestions—that the AT&T incident had been
caused by Acid Phreak; that hackers were looting banks; that hospital records
were being altered, and patients put at risk—have been dropped. The word
conspiracy is used less and less, and the computer bombs, the specific
catalyst for the whole crackdown, have been quietly forgotten. No one has been
officially charged with planting the bombs, and it is unlikely that anyone ever
will be. Everyone in the underworld’s hall of mirrors claims to know who did
it, but they all finger different people.
As for Fry Guy, he denies any responsibility for the bombs: “They’re just
pointless destruction. I can’t understand why anyone would do it. I’m not
malicious or destructive: I only do things for gain.”
That was Fry Guy’s downfall: he operated for gain. When he was raided, the
Secret Service found more than a hundred “access devices” in his possession—
credit card numbers and telephone calling cards. He could never be charged with
planting the bombs, and no one was able to pin the Florida incidents on him,
but he was caught red-handed on the credit card fraud. Following his arrest, it
was estimated that his little scam had netted him $6,000 that year. He is now
on probation, his equipment confiscated, but if you ask him why he hacked, he
still sighs: “It’s the greatest thing in the world.”
New technology requires new approaches. The reactions of the authorities to the
computer underworld show a dependence on old ideas. Hacking becomes “breaking
and entering”; role-playing games become “conspiracies”; exploration becomes
“espionage.” The dated terms obliterate the difference between the “bad”
hackers and the “good” hackers.
And there is a difference. Society might tolerate some activities of the
computer underground. Hackers are mostly explorers exercising intellectual
curiosity. Undoubtedly, they will break into computers, sometimes causing
ancillary damage or taking up system time, and they probably will exploit the
telecom systems to do so. But their intent, for the most part, is not
malicious.
On the other hand, the black arts of virus writing or hacking to steal money
are unjustifiable. Virus writers are electronic vandals; hackers who rob are
high-tech thieves.
The difference between the good and the bad is often blurred. The distinction
is one of motive: the malicious and the criminal should be viewed differently
from the merely clever or curious.
Someday it may be possible to get a clearer picture of what the activities of
the computer underground actually cost industry and telecom companies. Present
estimates vary so widely as to be worthless. Figures seem to be plucked from
the air: it is utterly impossible to verify whether the true cost in the United
States is around $550 million each year (the Computerworld estimate), or
whether total losses could actually amount to as much as $5 billion (as was
estimated at a security conference in 1991). These exaggerations are compounded
by the hackers themselves—who are only too willing to embellish their
accomplishments. With both sides expounding fanciful stories and ever wilder
claims, truth is lost in the telling.
What is ironic is that the activities of the hackers are leading to a situation
they would decry. Security managers have a clear responsibility to protect
their sites from electronic intrusion. As hackers become bolder, security is
becoming tightened, threatening the very “freedom of information” that hacking,
in its benign form, is said to promote.
Hackers are an engaging bunch, even the “bad” ones: bright, curious,
technically gifted, passionate, prone to harmless boasting, and more than a
little obsessed. They are usually creative, probing, and impatient with rules
and restrictions. In character, they closely resemble the first-generation
hackers.
Computing has always gained from the activities of those who look beyond what
is there, to think of what there might be. The final irony for the computer
industry is that the hackers who are being shut out today will be the
programmers, managers, and even security experts of tomorrow.
Comments (0)