Hacker Crackdown by Bruce Sterling (the reader ebook txt) 📖

Truly heavy-duty hackers, those with serious technical skills who had earned the respect of the underground, never stole money or abused credit cards. Sometimes they might abuse phone-codes—but often, they seemed to get all the free phone-time they wanted without leaving a trace of any kind.

The best hackers, the most powerful and technically accomplished, were not professional fraudsters. They raided computers habitually, but wouldn’t alter anything, or damage anything. They didn’t even steal computer equipment—most had day-jobs messing with hardware, and could get all the cheap secondhand equipment they wanted. The hottest hackers, unlike the teenage wannabes, weren’t snobs about fancy or expensive hardware. Their machines tended to be raw secondhand digital hot-rods full of custom add-ons that they’d cobbled together out of chickenwire, memory chips and spit. Some were adults, computer software writers and consultants by trade, and making quite good livings at it. Some of them ACTUALLY WORKED FOR THE PHONE COMPANY—and for those, the “hackers” actually found under the skirts of Ma Bell, there would be little mercy in 1990.

It has long been an article of faith in the underground that the “best” hackers never get caught. They’re far too smart, supposedly. They never get caught because they never boast, brag, or strut. These demigods may read underground boards (with a condescending smile), but they never say anything there. The “best” hackers, according to legend, are adult computer professionals, such as mainframe system administrators, who already know the ins and outs of their particular brand of security. Even the “best” hacker can’t break in to just any computer at random: the knowledge of security holes is too specialized, varying widely with different software and hardware. But if people are employed to run, say, a UNIX mainframe or a VAX/VMS machine, then they tend to learn security from the inside out. Armed with this knowledge, they can look into most anybody else’s UNIX or VMS without much trouble or risk, if they want to. And, according to hacker legend, of course they want to, so of course they do. They just don’t make a big deal of what they’ve done. So nobody ever finds out.

It is also an article of faith in the underground that professional telco people “phreak” like crazed weasels. OF COURSE they spy on Madonna’s phone calls—I mean, WOULDN’T YOU? Of course they give themselves free long-distance—why the hell should THEY pay, they’re running the whole shebang!

It has, as a third matter, long been an article of faith that any hacker caught can escape serious punishment if he confesses HOW HE DID IT. Hackers seem to believe that governmental agencies and large corporations are blundering about in cyberspace like eyeless jellyfish or cave salamanders. They feel that these large but pathetically stupid organizations will proffer up genuine gratitude, and perhaps even a security post and a big salary, to the hot-shot intruder who will deign to reveal to them the supreme genius of his modus operandi.

In the case of longtime LoD member “Control-C,” this actually happened, more or less. Control-C had led Michigan Bell a merry chase, and when captured in 1987, he turned out to be a bright and apparently physically harmless young fanatic, fascinated by phones. There was no chance in hell that Control-C would actually repay the enormous and largely theoretical sums in long-distance service that he had accumulated from Michigan Bell. He could always be indicted for fraud or computer-intrusion, but there seemed little real point in this—he hadn’t physically damaged any computer. He’d just plead guilty, and he’d likely get the usual slap-on-the-wrist, and in the meantime it would be a big hassle for Michigan Bell just to bring up the case. But if kept on the payroll, he might at least keep his fellow hackers at bay.

There were uses for him. For instance, a contrite Control-C was featured on Michigan Bell internal posters, sternly warning employees to shred their trash. He’d always gotten most of his best inside info from “trashing”—raiding telco dumpsters, for useful data indiscreetly thrown away. He signed these posters, too. Control-C had become something like a Michigan Bell mascot. And in fact, Control-C DID keep other hackers at bay. Little hackers were quite scared of Control-C and his heavy-duty Legion of Doom friends. And big hackers WERE his friends and didn’t want to screw up his cushy situation.

No matter what one might say of LoD, they did stick together. When “Wasp,” an apparently genuinely malicious New York hacker, began crashing Bellcore machines, Control-C received swift volunteer help from “the Mentor” and the Georgia LoD wing made up of “The Prophet,” “Urvile,” and “Leftist.” Using Mentor’s Phoenix Project board to coordinate, the Doomsters helped telco security to trap Wasp, by luring him into a machine with a tap and line-trace installed. Wasp lost. LoD won! And my, did they brag.

Urvile, Prophet and Leftist were well-qualified for this activity, probably more so even than the quite accomplished Control-C. The Georgia boys knew all about phone switching-stations. Though relative johnny-come-latelies in the Legion of Doom, they were considered some of LoD’s heaviest guys, into the hairiest systems around. They had the good fortune to live in or near Atlanta, home of the sleepy and apparently tolerant BellSouth RBOC.

As RBOC security went, BellSouth were “cake.” US West (of Arizona, the Rockies and the Pacific Northwest) were tough and aggressive, probably the heaviest RBOC around. Pacific Bell, California’s PacBell, were sleek, high-tech, and longtime veterans of the LA phone-phreak wars. NYNEX had the misfortune to run the New York City area, and were warily prepared for most anything. Even Michigan Bell, a division of the Ameritech RBOC, at least had the elementary sense to hire their own hacker as a useful scarecrow. But BellSouth, even though their corporate P.R. proclaimed them to have “Everything You Expect From a Leader,” were pathetic.

When rumor about LoD’s mastery of Georgia’s switching network got around to BellSouth through Bellcore and telco security scuttlebutt, they at first refused to believe it. If you paid serious attention to every rumor out and about these hacker kids, you would hear all kinds of wacko saucer-nut nonsense: that the National Security Agency monitored all American phone calls, that the CIA and DEA tracked traffic on bulletin-boards with word-analysis programs, that the Condor could start World War III from a payphone.

If there were hackers into BellSouth switching-stations, then how come nothing had happened? Nothing had been hurt. BellSouth’s machines weren’t crashing. BellSouth wasn’t suffering especially badly from fraud. BellSouth’s customers weren’t complaining. BellSouth was headquartered in Atlanta, ambitious metropolis of the new high-tech Sunbelt; and BellSouth was upgrading its network by leaps and bounds, digitizing the works left right and center. They could hardly be considered sluggish or naive. BellSouth’s technical expertise was second to none, thank you kindly.

But then came the Florida business.

On June 13, 1989, callers to the Palm Beach County Probation Department, in Delray Beach, Florida, found themselves involved in a remarkable discussion with a phonesex worker named “Tina” in New York State. Somehow, ANY call to this probation office near Miami was instantly and magically transported across state lines, at no extra charge to the user, to a pornographic phonesex hotline hundreds of miles away!

This practical joke may seem utterly hilarious at first hearing, and indeed there was a good deal of chuckling about it in phone phreak circles, including the Autumn 1989 issue of 2600. But for Southern Bell (the division of the BellSouth RBOC supplying local service for Florida, Georgia, North Carolina and South Carolina), this was a smoking gun. For the first time ever, a computer intruder had broken into a BellSouth central office switching station and reprogrammed it!

Or so BellSouth thought in June 1989. Actually, LoD members had been frolicking harmlessly in BellSouth switches since September 1987. The stunt of June 13—call-forwarding a number through manipulation of a switching station—was child’s play for hackers as accomplished as the Georgia wing of LoD. Switching calls interstate sounded like a big deal, but it took only four lines of code to accomplish this. An easy, yet more discreet, stunt, would be to call-forward another number to your own house. If you were careful and considerate, and changed the software back later, then not a soul would know. Except you. And whoever you had bragged to about it.

As for BellSouth, what they didn’t know wouldn’t hurt them.

Except now somebody had blown the whole thing wide open, and BellSouth knew.

A now alerted and considerably paranoid BellSouth began searching switches right and left for signs of impropriety, in that hot summer of 1989. No fewer than forty-two BellSouth employees were put on 12-hour shifts, twenty-four hours a day, for two solid months, poring over records and monitoring computers for any sign of phony access. These forty-two overworked experts were known as BellSouth’s “Intrusion Task Force.”

What the investigators found astounded them. Proprietary telco databases had been manipulated: phone numbers had been created out of thin air, with no users’ names and no addresses. And perhaps worst of all, no charges and no records of use. The new digital ReMOB (Remote Observation) diagnostic feature had been extensively tampered with—hackers had learned to reprogram ReMOB software, so that they could listen in on any switch-routed call at their leisure! They were using telco property to SPY!

The electrifying news went out throughout law enforcement in 1989. It had never really occurred to anyone at BellSouth that their prized and brand-new digital switching-stations could be REPROGRAMMED. People seemed utterly amazed that anyone could have the nerve. Of course these switching stations were “computers,” and everybody knew hackers liked to “break into computers”: but telephone people’s computers were DIFFERENT from normal people’s computers.

The exact reason WHY these computers were “different” was rather ill-defined. It certainly wasn’t the extent of their security. The security on these BellSouth computers was lousy; the AIMSX computers, for instance, didn’t even have passwords. But there was no question that BellSouth strongly FELT that their computers were very different indeed. And if there were some criminals out there who had not gotten that message, BellSouth was determined to see that message taught.

After all, a 5ESS switching station was no mere bookkeeping system for some local chain of florists. Public service depended on these stations. Public SAFETY depended on these stations.

And hackers, lurking in there call-forwarding or ReMobbing, could spy on anybody in the local area! They could spy on telco officials! They could spy on police stations! They could spy on local offices of the Secret Service….

In 1989, electronic cops and hacker-trackers began using scrambler-phones and secured lines. It only made sense. There was no telling who was into those systems. Whoever they were, they sounded scary. This was some new level of antisocial daring. Could be West German hackers, in the pay of the KGB. That too had seemed a weird and farfetched notion, until Clifford Stoll had poked and prodded a sluggish Washington law-enforcement bureaucracy into investigating a computer intrusion that turned out to be exactly that—HACKERS, IN THE PAY OF THE KGB! Stoll, the systems manager for an Internet lab in Berkeley California, had ended up on the front page of the NEW YORK TIMES, proclaimed a national hero in the first true story of international computer espionage. Stoll’s counterspy efforts, which he related in a bestselling book, THE CUCKOO’S EGG, in 1989, had established the credibility of ‘hacking’ as a possible threat to national security. The United States Secret Service doesn’t mess around when it suspects a possible action by a foreign intelligence apparat.

The Secret Service scrambler-phones and secured lines put a tremendous kink in law enforcement’s ability to operate freely; to get the word out, cooperate, prevent misunderstandings. Nevertheless, 1989 scarcely seemed the time for half-measures. If the police and Secret Service themselves were not operationally secure, then