The Hacker Crackdown
Page 13
This approach might seem a bit dubious, to someone not acquainted with the gritty realities of prosecutorial work. But prosecutors don't put people in jail for crimes they have committed; they put people in jail for crimes they have committed *that can be proved in court.* Chicago federal police put Al Capone in prison for income-tax fraud. Chicago is a big town, with a rough- and-ready bare-knuckle tradition on both sides of the law. Fry Guy had broken the case wide open and alerted telco security to the scope of the problem. But Fry Guy's crimes would not put the Atlanta Three behind bars -- much less the wacko underground journalists of *Phrack.* So on July 22, 1989, the same day that Fry Guy was raided in Indiana, the Secret Service descended upon the Atlanta Three. This was likely inevitable. By the summer of 1989, law enforcement were closing in on the Atlanta Three from at least six directions at once. First, there were the leads from Fry Guy, which had led to the DNR registers being installed on the lines of the Atlanta Three. The DNR evidence alone would have finished them off, sooner or later.
But second, the Atlanta lads were already well-known to Control-C and his telco security sponsors. LoD's contacts with telco security had made them overconfident and even more boastful than usual; they felt that they had powerful friends in high places, and that they were being openly tolerated by telco security. But BellSouth's Intrusion Task Force were hot on the trail of LoD and sparing no effort or expense.
The Atlanta Three had also been identified by name and listed on the extensive anti-hacker files maintained, and retailed for pay, by private security operative John Maxfield of Detroit. Maxfield, who had extensive ties to telco security and many informants in the underground, was a bete noire of the *Phrack* crowd, and the dislike was mutual.
The Atlanta Three themselves had written articles for *Phrack.* This boastful act could not possibly escape telco and law enforcement attention.
"Knightmare," a high-school age hacker from Arizona, was a close friend and disciple of Atlanta LoD, but he had been nabbed by the formidable Arizona Organized Crime and Racketeering Unit. Knightmare was on some of LoD's favorite boards -- "Black Ice" in particular -- and was privy to their secrets. And to have Gail Thackeray, the Assistant Attorney General of Arizona, on one's trail was a dreadful peril for any hacker. And perhaps worst of all, Prophet had committed a major blunder by passing an illicitly copied BellSouth computer-file to Knight Lightning, who had published it in *Phrack.* This, as we will see, was an act of dire consequence for almost everyone concerned.
On July 22, 1989, the Secret Service showed up at the Leftist's house, where he lived with his parents. A massive squad of some twenty officers surrounded the building: Secret Service, federal marshals, local police, possibly BellSouth telco security; it was hard to tell in the crush. Leftist's dad, at work in his basement office, first noticed a muscular stranger in plain clothes crashing through the back yard with a drawn pistol. As more strangers poured into the house, Leftist's dad naturally assumed there was an armed robbery in progress.
Like most hacker parents, Leftist's mom and dad had only the vaguest notions of what their son had been up to all this time. Leftist had a day-job repairing computer hardware. His obsession with computers seemed a bit odd, but harmless enough, and likely to produce a well- paying career. The sudden, overwhelming raid left Leftist's parents traumatized.
The Leftist himself had been out after work with his co-workers, surrounding a couple of pitchers of margaritas. As he came trucking on tequila-numbed feet up the pavement, toting a bag full of floppy-disks, he noticed a large number of unmarked cars parked in his driveway. All the cars sported tiny microwave antennas.
The Secret Service had knocked the front door off its hinges, almost flattening his Mom. Inside, Leftist was greeted by Special Agent James Cool of the US Secret Service, Atlanta office. Leftist was flabbergasted. He'd never met a Secret Service agent before. He could not imagine that he'd ever done anything worthy of federal attention. He'd always figured that if his activities became intolerable, one of his contacts in telco security would give him a private phone-call and tell him to knock it off. But now Leftist was pat-searched for weapons by grim professionals, and his bag of floppies was quickly seized. He and his parents were all shepherded into separate rooms and grilled at length as a score of officers scoured their home for anything electronic. Leftist was horrified as his treasured IBM AT personal computer with its forty-meg hard disk, and his recently purchased 80386 IBM-clone with a whopping hundred-meg hard disk, both went swiftly out the door in Secret Service custody. They also seized all his disks, all his notebooks, and a tremendous booty in dogeared telco documents that Leftist had snitched out of trash dumpsters.
Leftist figured the whole thing for a big misunderstanding. He'd never been into *military* computers. He wasn't a *spy* or a *Communist.* He was just a good ol' Georgia hacker, and now he just wanted all these people out of the house. But it seemed they wouldn't go until he made some kind of statement. And so, he levelled with them.
And that, Leftist said later from his federal prison camp in Talladega, Alabama, was a big mistake.
The Atlanta area was unique, in that it had three members of the Legion of Doom who actually occupied more or less the same physical locality. Unlike the rest of LoD, who tended to associate by phone and computer, Atlanta LoD actually *were* "tightly knit." It was no real surprise that the Secret Service agents apprehending Urvile at the computer-labs at Georgia Tech, would discover Prophet with him as well.
Urvile, a 21-year-old Georgia Tech student in polymer chemistry, posed quite a puzzling case for law enforcement. Urvile -- also known as "Necron 99," as well as other handles, for he tended to change his cover-alias about once a month -- was both an accomplished hacker and a fanatic simulation-gamer. Simulation games are an unusual hobby; but then hackers are unusual people, and their favorite pastimes tend to be somewhat out of the ordinary. The best-known American simulation game is probably "Dungeons & Dragons," a multi-player parlor entertainment played with paper, maps, pencils, statistical tables and a variety of oddly-shaped dice. Players pretend to be heroic characters exploring a wholly-invented fantasy world. The fantasy worlds of simulation gaming are commonly pseudo-medieval, involving swords and sorcery -- spell- casting wizards, knights in armor, unicorns and dragons, demons and goblins.
Urvile and his fellow gamers preferred their fantasies highly technological. They made use of a game known as "G.U.R.P.S.," the "Generic Universal Role Playing System," published by a company called Steve Jackson Games (SJG).
"G.U.R.P.S." served as a framework for creating a wide variety of artificial fantasy worlds. Steve Jackson Games published a smorgasboard of books, full of detailed information and gaming hints, which were used to flesh-out many different fantastic backgrounds for the basic GURPS framework. Urvile made extensive use of two SJG books called *GURPS High-Tech* and *GURPS Special Ops.* In the artificial fantasy-world of *GURPS Special Ops,* players entered a modern fantasy of intrigue and international espionage. On beginning the game, players started small and powerless, perhaps as minor-league CIA agents or penny-ante arms dealers. But as players persisted through a series of game sessions (game sessions generally lasted for hours, over long, elaborate campaigns that might be pursued for months on end) then they would achieve new skills, new knowledge, new power. They would acquire and hone new abilities, such as marksmanship, karate, wiretapping, or Watergate burglary. They could also win various kinds of imaginary booty, like Berettas, or martini shakers, or fast cars with ejection seats and machine-guns under the headlights.
As might be imagined from the complexity of these games, Urvile's gaming notes were very detailed and extensive. Urvile was a "dungeon-master," inventing scenarios for his fellow gamers, giant simulated adventure-puzzles for his friends to unravel. Urvile's game notes covered dozens of pages with all sorts of exotic lunacy, all about ninja raids on Libya and break-ins on encrypted Red Chinese supercomputers. His notes were written on scrap-paper and kept in loos
e-leaf binders.
The handiest scrap paper around Urvile's college digs were the many pounds of BellSouth printouts and documents that he had snitched out of telco dumpsters. His notes were written on the back of misappropriated telco property. Worse yet, the gaming notes were chaotically interspersed with Urvile's hand-scrawled records involving *actual computer intrusions* that he had committed. Not only was it next to impossible to tell Urvile's fantasy game-notes from cyberspace "reality," but Urvile himself barely made this distinction. It's no exaggeration to say that to Urvile it was *all* a game. Urvile was very bright, highly imaginative, and quite careless of other people's notions of propriety. His connection to "reality" was not something to which he paid a great deal of attention. Hacking was a game for Urvile. It was an amusement he was carrying out, it was something he was doing for fun. And Urvile was an obsessive young man. He could no more stop hacking than he could stop in the middle of a jigsaw puzzle, or stop in the middle of reading a Stephen Donaldson fantasy trilogy. (The name "Urvile" came from a best-selling Donaldson novel.) Urvile's airy, bulletproof attitude seriously annoyed his interrogators. First of all, he didn't consider that he'd done anything wrong. There was scarcely a shred of honest remorse in him. On the contrary, he seemed privately convinced that his police interrogators were operating in a demented fantasy-world all their own. Urvile was too polite and well-behaved to say this straight- out, but his reactions were askew and disquieting.
For instance, there was the business about LoD's ability to monitor phone-calls to the police and Secret Service. Urvile agreed that this was quite possible, and posed no big problem for LoD. In fact, he and his friends had kicked the idea around on the "Black Ice" board, much as they had discussed many other nifty notions, such as building personal flame-throwers and jury-rigging fistfulls of blasting-caps. They had hundreds of dial-up numbers for government agencies that they'd gotten through scanning Atlanta phones, or had pulled from raided VAX/VMS mainframe computers. Basically, they'd never gotten around to listening in on the cops because the idea wasn't interesting enough to bother with. Besides, if they'd been monitoring Secret Service phone calls, obviously they'd never have been caught in the first place. Right?
The Secret Service was less than satisfied with this rapier-like hacker logic.
Then there was the issue of crashing the phone system. No problem, Urvile admitted sunnily. Atlanta LoD could have shut down phone service all over Atlanta any time they liked. *Even the 911 service?* Nothing special about that, Urvile explained patiently. Bring the switch to its knees, with say the UNIX "makedir" bug, and 911 goes down too as a matter of course. The 911 system wasn't very interesting, frankly. It might be tremendously interesting to cops (for odd reasons of their own), but as technical challenges went, the 911 service was yawnsville.
So of course the Atlanta Three could crash service. They probably could have crashed service all over BellSouth territory, if they'd worked at it for a while. But Atlanta LoD weren't crashers. Only losers and rodents were crashers. LoD were *elite.*
Urvile was privately convinced that sheer technical expertise could win him free of any kind of problem. As far as he was concerned, elite status in the digital underground had placed him permanently beyond the intellectual grasp of cops and straights. Urvile had a lot to learn.
Of the three LoD stalwarts, Prophet was in the most direct trouble. Prophet was a UNIX programming expert who burrowed in and out of the Internet as a matter of course. He'd started his hacking career at around age 14, meddling with a UNIX mainframe system at the University of North Carolina. Prophet himself had written the handy Legion of Doom file "UNIX Use and Security From the Ground Up." UNIX (pronounced "you-nicks") is a powerful, flexible computer operating-system, for multi-user, multi-tasking computers. In 1969, when UNIX was created in Bell Labs, such computers were exclusive to large corporations and universities, but today UNIX is run on thousands of powerful home machines. UNIX was particularly well- suited to telecommunications programming, and had become a standard in the field. Naturally, UNIX also became a standard for the elite hacker and phone phreak.
Lately, Prophet had not been so active as Leftist and Urvile, but Prophet was a recidivist. In 1986, when he was eighteen, Prophet had been convicted of "unauthorized access to a computer network" in North Carolina. He'd been discovered breaking into the Southern Bell Data Network, a UNIX-based internal telco network supposedly closed to the public. He'd gotten a typical hacker sentence: six months suspended, 120 hours community service, and three years' probation.
After that humiliating bust, Prophet had gotten rid of most of his tonnage of illicit phreak and hacker data, and had tried to go straight. He was, after all, still on probation. But by the autumn of 1988, the temptations of cyberspace had proved too much for young Prophet, and he was shoulder-to-shoulder with Urvile and Leftist into some of the hairiest systems around. In early September 1988, he'd broken into BellSouth's centralized automation system, AIMSX or "Advanced Information Management System." AIMSX was an internal business network for BellSouth, where telco employees stored electronic mail, databases, memos, and calendars, and did text processing. Since AIMSX did not have public dial-ups, it was considered utterly invisible to the public, and was not well-secured -- it didn't even require passwords. Prophet abused an account known as "waa1," the personal account of an unsuspecting telco employee. Disguised as the owner of waa1, Prophet made about ten visits to AIMSX.
Prophet did not damage or delete anything in the system. His presence in AIMSX was harmless and almost invisible. But he could not rest content with that.
One particular piece of processed text on AIMSX was a telco document known as "Bell South Standard Practice 660-225-104SV Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers dated March 1988."
Prophet had not been looking for this document. It was merely one among hundreds of similar documents with impenetrable titles. However, having blundered over it in the course of his illicit wanderings through AIMSX, he decided to take it with him as a trophy. It might prove very useful in some future boasting, bragging, and strutting session. So, some time in September 1988, Prophet ordered the AIMSX mainframe computer to copy this document (henceforth called simply called "the E911 Document") and to transfer this copy to his home computer.
No one noticed that Prophet had done this. He had "stolen" the E911 Document in some sense, but notions of property in cyberspace can be tricky. BellSouth noticed nothing wrong, because BellSouth still had their original copy. They had not been "robbed" of the document itself. Many people were supposed to copy this document -- specifically, people who worked for the nineteen BellSouth "special services and major account centers," scattered throughout the Southeastern United States. That was what it was for, why it was present on a computer network in the first place: so that it could be copied and read -- by telco employees. But now the data had been copied by someone who wasn't supposed to look at it.
Prophet now had his trophy. But he further decided to store yet another copy of the E911 Document on another person's computer. This unwitting person was a computer enthusiast named Richard Andrews who lived near Joliet, Illinois. Richard Andrews was a UNIX programmer by trade, and ran a powerful UNIX board called "Jolnet," in the basement of his house.
Prophet, using the handle "Robert Johnson," had obtained an account on Richard Andrews' computer. And there he stashed the E911 Document, by storing it in his own private section of Andrews' computer. Why did Prophet do this? If Prophet had eliminated the E911 Document from his own computer, and kept it hundreds of miles away, on another machine, under an alias, then he might have been fairly safe from discovery and prosecution -- although his sneaky action had certainly put the unsuspecting Richard Andrews at risk.
But, like most hackers, Prophet was a pack-rat for illicit data. When it came to the crunch, he could not bear to part from his trophy. When Prophet's place in Decatur, Georgia was raided in July 1989
, there was the E911 Document, a smoking gun. And there was Prophet in the hands of the Secret Service, doing his best to "explain."
Our story now takes us away from the Atlanta Three and their raids of the Summer of 1989. We must leave Atlanta Three "cooperating fully" with their numerous investigators. And all three of them did cooperate, as their Sentencing Memorandum from the US District Court of the Northern Division of Georgia explained -- just before all three of them were sentenced to various federal prisons in November 1990.
We must now catch up on the other aspects of the war on the Legion of Doom. The war on the Legion was a war on a network -- in fact, a network of three networks, which intertwined and interrelated in a complex fashion. The Legion itself, with Atlanta LoD, and their hanger-on Fry Guy, were the first network. The second network was *Phrack* magazine, with its editors and contributors. The third network involved the electronic circle around a hacker known as "Terminus."
The war against these hacker networks was carried out by a law enforcement network. Atlanta LoD and Fry Guy were pursued by USSS agents and federal prosecutors in Atlanta, Indiana, and Chicago. "Terminus" found himself pursued by USSS and federal prosecutors from Baltimore and Chicago. And the war against Phrack was almost entirely a Chicago operation.
The investigation of Terminus involved a great deal of energy, mostly from the Chicago Task Force, but it was to be the least-known and least-publicized of the Crackdown operations. Terminus, who lived in Maryland, was a UNIX programmer and consultant, fairly well- known (under his given name) in the UNIX community, as an acknowledged expert on AT&T minicomputers. Terminus idolized AT&T, especially Bellcore, and longed for public recognition as a UNIX expert; his highest ambition was to work for Bell Labs.