At 5:00 p.m. today, like every other day, as soon as the phone rates drop, San Diego’s electronic underground will activate almost as if on command. Tonight an estimated 450,000 people from every corner of the nation will connect a personal computer to their telephone and talk with each other through a vast network of electronic “bulletin boards" — in what constitutes a nation within a nation. This new form of mass communication, known by its members as the “Network Nation," is cheaper, more accessible, and less regulated than any other national medium.
It is within this tangled and uncharted maze of bulletin boards that members of San Diego’s electronic underground prowl long into the early morning hours. One of them goes by the name of Lady Guinevere. She is sixteen, tan, blonde, and blue-eyed and looks as though she belongs in a Sunkist soft drink commercial. She is, however, a full-fledged member of the “pirate community," as San Diego’s electronic underground is commonly referred to.
The first contact I had with Lady G was by U.S. mail. “I hear from the underground you are preparing some sort of article on hackers and the electronic underground,” she wrote. "I would like hackers to get an accurate representation in your work. I am willing to answer any questions you might have.”
A ten-minute phone call dispelled any suspicions that the letter was a fake, and we agreed on a face-to-face meeting at the Pannikin Coffeehouse and Bookstore in Solana Beach.
For her debut/farewell appearance (this was to be the first and only time I would meet her face to face), Lady G is dressed in Levis and a pink sweat shirt five sizes too big. Surrounded by the old-timey ambiance of the Pannikin’s coffeehouse and by millions of words in traditional black-and-white print, Lady G talks of electronic communications, high-tech “pirates,” and what the pirate community is all about. It’s a group made up of hundreds of white, upper- middle-class males (ages twelve to twenty) who own microcomputers and modems. “Females and guys over twenty are a rarity,” she says. When asked about what she finds so interesting about the pirate community, she smiles and responds, “It’s full of guys. I get a lot of attention because there’s not a lot of other girls hanging around. I like all the attention. And there’s no competition between me and the other guys. It’s like I get special consideration or something.”
You’ve read all about these kids, in publications from Newsweek to Dun and Bradstreet Report, and you’ve seen Hollywood’s version of their type in the movie WarGames. It’s likely you’ve heard them referred to as “hackers”: mischievous, little computerized vandals with an obsession for breaking into national computers owned by the likes of the Pentagon, NASA, and TRW.
Called everything from criminals to geniuses, these kids want to set the record straight, to have the story told from their eyes. This article is the result of a four-month association with the electronic underground. All the names have been changed, including their CB-like handles, which are as unique to these kids as their fingerprints.
They call themselves the Allied Force. What has brought them together is a common interest — pirating — that developed during thousands of casual messages exchanged on bulletin boards. They are a loose coalition, drawing members from the different factions within the pirate community: Pirates, Phone Phreaks, and Crackers.
Pirates specialize in the art of copying, trading, and giving away commercial computer programs. Phone Phreaks exploit the telephone system for personal gain — which amounts to circumventing Ma Bell’s accounting system — by making thousands of free phone calls each month. Crackers devote their efforts to proving that anything developed by man is fallible: they break into scores of supposedly secure computer systems.
Arranging to meet the Allied Forces took on all the hype and posturing of a labor-management strike negotiation. Lady G took care of the mediator role. First she gave me the phone number and password to the Allied Force bulletin board, then vouched for my integrity (which meant assuring the rest of the Allied Force that I wasn’t a federal agent).
Communications with the Allied Force took place on their own bulletin board. The microcomputer the board runs on (an Apple He) is owned by a member known as “Captain Crook.” The computer itself is located in Captain Crook’s bedroom, in his parents’ quiet Kensington home.
Pirate bulletin boards, all operating on home microcomputers, allow the posting of electronic messages, much in the way you can post messages at the local Laundromat using a tack, felt-tip pen, and three-by-five card. Messages are displayed on electronic bulletin boards using a computer and a “modem” — a device that allows computers to “talk” over the phone lines.
There are twenty pirate boards operating at any one time in San Diego County (nationwide there are an estimated 1200). Because these boards operate from an individual’s home on personal computers, few of them are used as bulletin boards twenty-four hours a day, which accounts for the varying number of pirate boards operating at any given time. Each pirate board has its own name, such as “Pirate’s Harbor,” “Crow’s Nest,” “United Federation of Pirates,” and “Sherwood Forest.” The Allied Force’s bulletin board is called the “Ghost Ship.”
In any one night a typical pirate bulletin board will receive between thirty and fifty calls, with a large number of those calls coming from out of state. Ghost Ship is a typical pirate board. Pirate boards are divided into different areas, each area being dedicated to a different topic. The topics found on any pirate board include Phreaking, Cracking, Wares, Anarchy, and War.
Each specific topic area functions much like a drawer in a file cabinet. Within each “drawer” there are several files pertaining to that specific subject. These files are like regular file folders, except that they contain electronic text that can be read on the computer screen. The caller can “down-load” these files, a simple procedure that allows anything being displayed on the computer screen to be stored on a floppy disk.
Each topic area also includes a discussion area, where messages are posted regarding the section’s topic. This discussion area is where the interactive dialogue takes place, where people meet others, and where ideas are exchanged. It is through these discussion areas that the various pirate groups, such as the Allied Force, are formed. The trading of messages tends to build up a camaraderie of sorts, and after a while a group of individuals will decide to form a “support group,” take on a name and identity, and “incorporate” as an autonomous entity.
When I first called the Ghost Ship, my computer screen displayed a text that could have been written by a would-be science-fiction writer:
Your ship has just gone out of control. Veering toward the surface of the purple, gaseous planet, your craft tumbles out of its controlled flight path and begins to spin in wild circles.
The impact crushes you into the seat and breaks a seal on the outer door of the space craft. Through your half-daze, you notice a gnarled, yellowish hand push open the door. With a primitive stone instrument the hand scratches a message on the titanium wall of your spaceship. It reads:
HAVE YOU EVER BEEN HERE?
At this point I entered my name and the password given to me by Lady G. The computer checked the information I entered against its list of authorized users. The computer accepted my entries and issued a warning on my screen:
THE INFORMATION ENTERED HERE IS NOT THE RESPONSIBILITY OF THE OWNER OF THIS SYSTEM. ALL INFORMATION BELONGS TO THE ORIGINAL AUTHOR. OWNER NOT RESPONSIBLE FOR ILLEGAL MESSAGES OF ANY KIND. YOU HAVE BEEN WARNED....
Having to enter a name and password is a token security measure, like showing a photo ID badge to a security guard before entering a secure building. It is a kind of electronic gate, but opening the gate is only the first step. A pirate board will carry possibly hundreds of different security levels. Each person using the bulletin board is given a security level. This security level is nothing more than an entry that the owner of the board, called a system operator — “sysop” (pronounced “sis-op”) for short — makes on the floppy disk telling the computer which topic areas you are allowed to read when using the bulletin board. These security levels are necessary for keeping unauthorized persons out of confidential file areas. (Confidential files might include a listing of other pirate boards; “unauthorized persons” means law enforcement officials.) A high security level (levels range from 0 to 128) denotes your ranking in the group. A first-time or unknown caller is automatically assigned a security level of 0. This level of security gives a caller use of password and access to the “General” topic area, where nothing much happens. A low security level doesn’t even let you know that other areas are available.
Many messages were exchanged between the Allied Force and me during a “feeling out” phase. During this phase of my participation on the bulletin board, I was only allowed to submit the full text of articles I’d previously written on the subjects of software piracy and invasion of privacy. I was also allowed to respond to any messages that were sent to me.
After all the members of the Allied Force had read my articles, they decided I was “worthy” of the highest security level (I assume because they liked the nonjudgmental tone of the writing regarding those touchy subjects). This high security level allowed me to roam at will through any of the bulletin board’s files.
The phreaking section of the Ghost Ship contains files that detail how to exploit the phone company. I saw complete schematics for building several types of “boxes” (blue, black, silver, purple, and white). These boxes alter phone line signals, fooling the Bell phone computer into thinking the outgoing call is to an 800 number and electronically making a connected call look as if it’s still ringing.
Each schematic came complete with detailed documentation and step-by-step assembly procedures. A materials list, complete with parts numbers, was also provided. Other files told how to test a telephone exchange for line monitoring, as well as the dates and time of day when Pacific Bell would be monitoring certain area codes (this information was lifted, or so the author stated, from the briefcase of his father, a military base telecommunications director). Also listed in the phreaking section were homegrown software programs that can be transferred over the phone lines, from computer to computer; one of these is SprintCat, a program that allows the computer to dial tirelessly through a sequential series of Sprint access codes and then print out the verified numbers. Often someone will provide a file that contains as many as fifty Sprint codes, with the admonishment, “Enjoy them while they last!”
Files in the cracking section of bulletin boards are the ones that grab national press headlines. Well-publicized raids on pirates have turned up cracking files that listed account numbers and passwords to computers like those at the Ames Research Center, NASA satellite tracking stations, naval shipyards, and the Sloan-Kettering Research Center. (This happened in a recent bust of seven New Jersey youths who allegedly broke into a NASA computer and attempted to move a communications satellite out of orbit.) The cracking files I found on Ghost Ship included telephone numbers and passwords for an incredible range of computers, from TRW’s credit computer to UCSD’s Cognitive Science Lab. Files also list the best times to attempt cracking certain computers, along with details of successful (and failed) cracking attempts.
The wares section, referred to as the “Ship’s Wares,” “Pirate’s Stash,” or “Treasure Trove,” contains copyrighted commercial software available for transfer from the bulletin board to the caller’s computer. It’s all free for the taking. It’s not uncommon for a wares section to contain software that, if purchased over the counter, would cost into the thousands. Some of the better-known programs I saw listed for “trading” included WordStar, dBase II, Lotus 1-2-3, Apple Works, and Wizardry.
Anarchy is rampant on Ghost Ship and most other pirate boards. Message files read like chapters from homegrown terrorist manuals. Verbatim chapters from The Anarchist's Cookbook are available for casual perusal. There are files on how to manufacture (and deploy) everything from chlorine gas to bazookas. The files exhort the use of such weapons in school classrooms (“Next time your class gets boring, unleash the [chlorine] gas from the back of the room”) and on the streets. The file on how to manufacture a bazooka (from PVC tubing, using a Binaca bottle as a projectile) contained a newspaper clip from a Santa Cruz paper that told how four youths used the device to attack a street bum. The news clip was listed under the heading “suggested uses.”
The war section of a pirate board resembles a rest room wall. Here members of the pirate community “fight it out” with verbal onslaughts that would have made Lenny Bruce blush. Messages here are strung together with so many four-letter words and references to “your mama” that it’s hard to believe the authors are teen-agers and not grizzled chief petty officers.
Soon after I was given clearance to read any part of the Ghost Ship bulletin board, I began to discuss setting up face-to-face meetings with the Allied Force. These discussions were actually a series of sequential messages stored on the bulletin board. I would call the bulletin board and type in my message requesting a certain date for a meeting, then I would hang up. Someone else would then call and be notified by the computer that there were new messages to be read. That caller would read the message I left and then enter his response into the computer.
This routine was repeated by each successive caller. The next time I called the bulletin board, I could read each person’s response to my request. Always inconsistent and always at their convenience (and ultimately my inconvenience), meetings were on for one day, canceled the next, then on again. Three weeks after my meeting with Lady G, however, I managed to meet the Allied Force face to face.
Headquarters for the Allied Force is, in reality, a fifteen-year-old’s bedroom. And I’m not much surprised at the clutter. The bedroom carpet is nothing more than a series of pathways through mounds of dirty clothes. These pathways lead to all the vital activity centers in the ten-by-twelve bedroom: the stereo, the closet, and the computer desk.
The computer desk resembles more a shrine than a veneer-covered, particle-board furniture piece. The edges of the desk hold the computer’s supporting cast: printer, manuals, blank floppy disks, cables, Oreo cookies, and an odd assortment of writing utensils.
The computer is an Apple IIe — considered the ultimate “hacking” machine in the minds of nearly all of those in the pirate community because there are hundreds of ways to modify the system. The amount of software available for the Apple also makes it highly desirable (some of the most advanced software used with modems has been developed for the Apple). This Apple sits on the desk in what can be described as the “holy of holies” — center stage and stuck under a protective bookcase.
The bookcase holds a virtual library of reference materials. Several books are distinctively marked with a Dewey decimal number and a due date in February of some year. Book titles run from basic electronics to cryptology. In a separate section of the bookcase are monuments to a different underground: a Fidel Castro book on guerrilla warfare, Abbie Hoffman’s Steal This Book, and the infamous Anarchist’s Cookbook. And so they gather, arriving after school in this quiet, semiaffluent, Kensington suburb by bus, motorcycle, moped, and car. Most are coming from North County — three from La Jolla, two from Del Mar, two from Solana Beach — and one travels from Hillcrest.
This is the home of Captain Crook. Because his parents work every day until early evening, Crook’s house is the perfect place to hold meetings without a lot of interference. At fifteen, Crook is the typical latchkey kid — only this kid has found an “educational” activity to keep him off the streets.
The membership of the Allied Force totals ten; nine are at the meeting. The roll call reads like the cast of an adventure-fantasy-science-fiction film: Captain Crook, fifteen; Dr. Doom, sixteen; Apple Jax, seventeen; Captain Blackbeard, seventeen; Bluebeard, fifteen; Colonel Khaos, eighteen; Apple Pirate, sixteen; Lord Flathead, fourteen; and Lancelot, fifteen. Only Lady Guinevere is absent.
It would be difficult to pick these kids out from any randomly assembled group of teen-agers. To call any of them athletic would move this story into the realm of fiction. Attire runs the gamut from Bluebeard’s scaled-down high-school preppie look (polo shirt, corduroy jeans, and deck shoes), to Apple Pirate’s faded 501’s, beaten Nikes, and Motley Crue concert T-shirt. Sitting attentively, they carry on a reasonable facsimile of a corporate board room meeting.
These meetings are held on an irregular basis, usually called for only when the bulletin board discussions can’t communicate exactly what needs to be said. This meeting would see some business taken care of (such as the sharing of new information), and I would get to meet and interview the members.
I am surprised at how relaxed everyone appears. Because of the three weeks of discussions I've had with the Allied Force on the bulletin board, it's almost as if we already know each other. The initial shock of “Oh, so that's what you look like” fades quickly, and business matters are attended to.
The first order of business is contributions. Every member presents something new to the group. Apple Pirate offers a printout of electronic “addresses” (each address is a number code that will connect you to mainframe computers belonging to the likes of Rand Information Systems and the New Jersey Institute of Technology), carried on Telenet, a commercial phone network to which hundreds of databases are electronically linked.
Lancelot tosses a couple of disks on the conference table (a twin bed). “Two new games from Electronic Arts. Beta test versions. They aren't even on the shelf yet.”
Lord Flathead, sitting next to me, is shuffling a pile of photocopies. A glance over his shoulder reveals the copied article to be the infamous “Back Yard A-Bomb” article from The Progressive. He is submitting this for someone to type up and store in the anarchy section of the bulletin board.
Captain Crook contributes a couple of hundred new [pirate board] numbers that he down-loaded from an East Coast board.
Dr. Doom, Bluebeard, and Apple Pirate all contribute illegal copies of several computer games.
Colonel Khaos offers a new version of the program SprintCat that he has been working on for a month.
Captain Blackbeard passes around the latest issue of an underground publication called TAP: The Hobbyist's Newsletter for the Communications Revolution (number 91).
Apple Jax, who has gained celebrity status for being the first, locally, to crack the security system of CompuServe (the nation's oldest electronic consumer information service), is the leader of the group. Though not the oldest, he has been a pirate longer than the rest. The pecking order in any pirate group is determined by certain accomplishments, which may include finding a series of unlisted computer phone numbers; cracking a major database or software program; or writing a revision of a program like SprintCat. These activities arc status builders in the pirate community nationwide as well. When a “first” is accomplished, the results are written up and passed around to pirate boards around the nation.
Apple Jax explains a hot tip he picked up during a routine call to a pirate board in Vista. The tip mentions that several of the companies in Sorrento Valley’s Naiman Tech Center, on Scranton Road, have been doing some “house cleaning” and that the dumpsters should be full of technical data thrown out by unthinking employees. Plans are made for a “trashing” of the Naiman Tech Center. A trashing entails a systematic perusal through the dumpsters, the contents of which are examined for computer passwords and account numbers, old technical manuals, and anything that could be used to further their online exploits. (Most of the assaults on the phone system are direct results of information gleaned from technical manuals salvaged from the trash.) Jax takes names of those wanting to be in on the trashing. A glance my way and I'm given an opportunity to join in the outing. A nod of my head reserves me a space.
The last order of business involves discussion of a local teletrial (the pirate community's own form of retribution against its members). It seems a newcomer to the San Diego pirate scene has been trying, with unusual ineptness, to crack a UCSD computer. Members of the Allied Force learned of the bungling when the newcomer left several messages on their Ghost Ship bulletin board outlining his failed at tempts and asking for help.
Often these inexperienced pirates get into trouble when trying to enter a computer system. Repeated unsuccessful break-ins (which can total in the hundreds during a single sitting) can alert the computer systems operator that an attempt to break the security system is being tried. This kind of blatant “attack” leads to tightened security — cutting off access for other pirates — and it is dealt with harshly in a teletrial. Those who violate the “Hacker’s Ethic” are subject to such teletrials, a democratic judge- and-jury activity that involves anyone who wants to participate. Except the accused.
Typically, the word is spread on the network of pirate boards that a teletrial will be taking place. Pirates from around the country are encouraged to call a designated board — the trial “venue” — and take part in the trial. Usually the operator of the “trial board” acts as moderator for the teletrial. This entails setting up the “charges” in a text file for all to read on-line. After the charges are read, a discussion takes place and suggestions are made about a sentence that should be handed down.
In a case of “radical stupidity,” the punishment is usually banishment from any kind of pirating activities. The accused is never allowed a defense. Once the sentence is handed out, summaries of the teletrial are then sent to pirate boards across the country, which leads to a nationwide blacklisting of the individual. (Although the sentenced person could easily change the handle he uses, all pirate boards now require that a user supply his real name, phone number, and address so that the systems operator can verify who he is. This is an extra security measure that tends to weed out the law enforcement officials who are starting to crack down on pirate boards.)
The most celebrated teletrial was the sentencing of Newsweek reporter Richard Sandza, who infiltrated the pirate community. Using the handle “Montana Wild Jack,” he passed himself off as a sixteen-year- old. After months of undercover research, he wrote for the November 12, 1984 issue the article “The Night of the Hackers,” a damaging story from the pirates’ point of view. Burned by this intrusion on their activities, the pirates held a nationwide teletrial — the first of its kind.
More than a thousand kids participated in the trial.
The sentence handed down was merciless. The reporter’s credit was wiped out when someone got into the TRW credit computer and erased his record. Next he was assaulted by a barrage of “attack- dialers” on his home phone. His phone would ring, but no one would answer when he picked it up. Calls averaged one every fifteen seconds during the first week of the sentence. His MasterCard account number was given out, and thousands of dollars of useless merchandise was charged to his account (and sent to his residence).
Generally, though, pirates are not known for the swiftness of their teletrial proceedings. In the case of the San Diego newcomer and his bungled assaults on the UCSD computer, the teletrial is now in its second month of deliberation.
Sitting with Colonel Khaos in the bedroom of his parents’ Solana Beach home, I am given a demonstration of the art of breaking into a computer system. As he sets up his Apple He to run the demonstration, he speaks of the thousands of corporations that have their mainframe computers tied into the phone lines. “There’s no way they can keep us out. If a company tries to close off its database, then outside clients can’t get to it. That means the client goes somewhere else.
“The nature of information is distribution,” he continues, “and we, as a society, have decided that information should be available to anyone that wants it. Ah, America, Land of the Free. I love it.”
When a system is penetrated, the cracker may be a voyeur who is just looking to see what is there and then leaves. Sometimes the cracker, having made numerous penetrations into a system, may start mysteriously signing his computer alias (called “tagging the system”), letting the systems operator know that he’s been in and out. Colonel Khaos says the practice of “tagging the system” with an alias is “a pretty stupid thing to do.” If the operator gets tired of logging on every morning and staring at a taunting message, it’s usually then that some kind of anticracking procedure takes place.
“Sometimes he [the corporate systems operator] will set up a trace with the phone company,” says the Colonel. “The sysop might even start to encourage the kid to log-on more. It’s a trap, and one that new kids fall into all the time.”
Although these crackers are often portrayed as a new wave of geniuses in our technology-driven era, beating computers at their own game with the brilliance of a Nobel laureate, breaking into private data systems may be nothing more than child’s play. For equipment you need a computer, a modem that connects two computers via the phone lines, and a program that can make repeated phone calls. This program is called an “attack-dialer” or “demondialer.” The program can be set up to call every variation of a four-digit telephone number in a given telephone exchange (yes, you saw this in the movie WarGames). When it connects with another computer — it will know because an answering computer issues a high-pitched “beep” tone — it will make a notation on the computer screen and enter the number on a floppy disk.
“Once I’ve got a handful of new numbers from the attack-dialer, the fun really begins,” says Khaos. A fifteen-minute demonstration of the attack-dialer program on La Mesa’s 464 exchange reveals four computer telephone numbers from a total of 150 dialed.
The Colonel begins an assault on these new “discoveries” by simply turning on the computer and modem. After loading the communications software into his computer, the Colonel dials the first of his new numbers. Once he has dialed the numbers, the two computers will connect. No mystery here. It’s a function of electronics — one computer calls, the other answers. The time-consuming part begins once the two computers connect.
The Colonel explains the process. “Almost everything taught about computers is that they are logical — to a fault. But passwords are the exception. It seems that people want to project some kind of human quality on the computer, and they tend to do that with passwords. People are completely emotional about it — it’s stupid, but it makes cracking a computer a lot easier. People use their wives’ or children’s names, something very personal. Or they make it obvious, like someone at a bank using the password money!' As he speaks, the Colonel is interrupted by the high-pitched tone coming from his computer; he has hooked into a remote computer (one of his four new discoveries), one about which he knows no details.
As I watch, the remote computer identifies itself and kindly asks for a password. Khaos enters the word password and the remote computer rolls out the red carpet. Leading him step by step, the remote computer then asks Khaos for a user name. First he tries John. No good. But the remote computer is a patient one and again asks for a user name. Khaos then tries Mark, Bob, and J Doeall without success.
“Okay, let’s see if [the computer] will give us any help,” says Khaos. And next he enters the word help.
The computer responds by giving the expected format for the user name, which turns out to be at least eight characters in length. With the correct format now in hand, Khaos enters the word computer — still no luck.
“I’ve got one more ‘standard’ to try,” says Khaos, speaking of a routine set of passwords and user names he always enters when first trying to crack a computer system. The word security is entered —, and accepted by the remote computer. “Won’t these people ever learn?” Khaos laughs and proceeds to shuffle through the electronic corridors of someone’s business computer system. He explains that the password and user name must have been left in the computer after the system was originally set up. “Usually a computer system will come with a password and user name installed by the software manufacturer,” he says. “This allows the sysop to get into the system and set the different accounts he needs for those using the system. Most sysops are lazy or just forget to delete that ‘generic’ password and user name.”
The final plans for the trashing came in a message left for me on the Ghost Ship. On Saturday, June 8, at 9:00 p.m. I am to drive to Tor- rey Pines High School and wait until a 1967 VW arrives.
The bug pulled into the parking lot thirty minutes late. I jam into the back seat with Apple Pirate and Dr. Doom. During the twenty-minute drive to the Naiman Tech Center, I am given the short course in the fine art of trashing. “I can know everything about a company in a couple nights of trashing,” brags Apple Pirate. “You’re not going to believe the stuff we can find in the trash.”
I am told that the janitors make work even easier because they put the wastebasket contents from each office area, such as engineering, marketing, and research and development, into separate industrial- strength garbage bags. “We can nab an entire day’s trash from a computer room in one bag. No fuss, no muss, it’s one clean sweep.”
Finally we pull into the target area. The huge steel sculpture in front of the Megatek building stands like a mute god. A hundred years ago the sculpture might have scared away a weak-hearted intruder; tonight it serves as a landmark for an Information Age commando raid. The first objective is a huge dumpster sitting at the far end of a deserted parking lot. A parking lot that, after hours, might as well be a graveyard — there’s no one in sight. And the only noise is the faint hum of cars speeding along Interstate 5. As I step out of the car, an arsenal for assaulting the trash bins is unfolded before me.
The “weapons” include an assortment of low-tech tools: gloves that had seen better days, for protecting the hands; palm-size flashlights, for poking around in the dark corners of the dumpsters; a garden rake, for moving piles of trash out of the way; a cheap pair of binoculars, used to peer through first-floor windows at computer terminals in hopes of picking up a password left on the screen or tacked to the computer monitor; and a decoy bag of aluminum cans, “in case someone happens to ask what we’re doing,” says Dr. Doom. Although no one has ever challenged them during a trashing party, “there’s nothing like insurance,” says Apple Jax. I suggest that the only thing missing is the ceremonial war paint. The suggestion draws laughter and breaks the tension. I begin to sweat.
In teams of two we begin a systematic search through the dumpsters. Digging through the trash, I have to smile at the irony. Rummaging through a dumpster in a Sorrento Valley industrial park epitomizes the phrase “high-tech, high-touch,” coined by John Naisbitt. author of Megatrends.
My trashing partner. Dr. Doom, explains the paradox of computer system security. “Most of these companies need to have a ‘user-friendly’ system, but they also need to have some kind of security. It's impossible to have a system easy to use and completely secure. People have trouble remembering their passwords. And if the system is too complicated, they write it [the password] down on a piece of paper somewhere nearby. The paper usually ends up coffee stained, and bingo: it's in the trash.”
One by one we jump into dumpsters and “move trash.” Ripping into the garbage bags, we look for interesting material, such as computer printouts and engineering documents. When an opened garbage bag looks promising, it’s tossed over the side to be picked up later. In the large dumpsters it’s impossible (not to mention disgusting) to search through everything, so only the first few feet or so of trash is investigated. In all our party goes through twenty- two dumpsters. The VW swings by and we shove our finds in the car’s trunk.
Our haul for the night is better than average. “Usually we end up with a printout or two, maybe a password and phone number, but not much else ” says Apple Pirate. “To get some really good stuff you have to trash on a regular basis — and I don’t know many pirates who can handle jumping around in this shit all the time.” This night’s trashing yields a technical manual, found intact, that gives operating procedures for an IBM system 38. Handwritten margin notes in the manual give access codes and passwords. Inside the manual, protected by plastic, are the phone numbers and times the computer goes on-line to the outside world. Another bag contains reams of computer printouts. These printouts hold complete log-in sessions, on which are printed the exact steps (including passwords and account numbers) for entering another computer. From various office wastebaskets come carbon receipts from MasterCard, VISA, and American Express. There is even the carbon of a card, from the commercial information service, CompuServe, that shows the account number and password of a new subscriber.
During a two-week period after the trashing, the phone numbers will be tried out (with no success, the numbers having been disconnected) and the printout passwords and accounts tried (also a bust). The only thing that actually materializes is the CompuServe account. Dr. Doom uses the account for a couple of hours, then it seems the account’s rightful owner changed the password, and efforts to crack the new password are unsuccessful. The MasterCard, VISA, and American Express account numbers are placed in a message on the bulletin board for anyone who wants to risk using them.
The “why” of all these pirate activities has remained largely unanswered. The popular press paints these pirates as alienated teenagers. Psychologists, too busy scrambling for the funding of pet theories, haven’t begun to research the motivation of these kids. Police and security analysts maintain they are the Information Age counterparts of the kids who stole cars and went joy-riding in them for an afternoon. The pirates themselves have their own explanations.
“It’s the ‘thrill of the hunt,’ ” says Lord Flathead. “There are few things that you can do that will give you the rush of cracking a computer. Gaining access to a computer system gives me the sense of ‘owning’ it. If I want to screw up the data, I can. If I want to change passwords, I can. If I want to leave it alone, sort of bestow mercy on a pitiful security system, I can. That’s power. And where in this adult- dominated world can a fourteen-year-old kid get a handle on power?”
“Being the first one to pirate a new software program makes you popular,” says Lancelot. “Do I look like I can play linebacker? Do I look like I want to play linebacker? Hell no. But if I can supply copies of the hottest computer game in town, suddenly I’m somebody. I’ve done something more than score a touchdown or sink the winning basket.”
“To constantly break computer security systems that guys with computer science degrees have designed, that’s a big deal to me,” says Bluebeard. “I feel I earn a degree of respect from the sysops I harass. If I didn’t bug them, why would they try so hard to catch me? Having that kind of power over an adult, or over several adults, is great.”
“The WarGames scenario is real, when you’re trying to crack a computer system,” Colonel Khaos tells me. He explains that it is a real-life adventure, with real-life consequences if you get caught. “And you don’t get that by playing video games.”
“We’ve actually caused one of the nation’s most powerful companies [AT&T] to rethink its entire technology,” comments Apple Jax. “When you can have an effect like that on something, when you can see that what you are doing is causing radical changes, it’s exciting. We’re changing the way the Information Age is operating.”
“My dad cheats on his taxes,” says Captain Black- beard. “Everyone cheats on their taxes. That, to me, is a worse crime than just bouncing around a computer system. And as far as copying software goes, how many record albums have you borrowed and copied onto a cassette tape? What's the difference?” Apple Pirate asks, “When have you ever heard of a pirate transferring money to a bank account in Switzerland? The entire computer security industry knows that most of the computer ‘crime’ is done by people from within a particular company. But does that make the cover of Newsweek? Fuck no. The papers go after a story about a stupid kid that gets caught logging on to a NASA computer or something.”
My phone starts to ring as early as 5:00 a.m. I receive word that last night (October 15) forty FBI agents carried out a raid in the North County. Their targets were twenty-three pirates. The FBI confiscated all types of equipment, from computers to printers to floppy disks. The raids came during “prime time” — from 8:00 p.m. to 9:00 p.m. — and there wasn’t even time for anyone to send a warning about what was happening.
The Allied Force-has been seriously crippled. Four of the ten members were visited by the FBI. Somebody in the group made a serious error when cracking a computer owned by Interactive Data Corporation, a subsidiary of Chase Manhattan Bank Corporation: he was tagging the system with his alias and calling from his own phone (as opposed to using a stolen MCI or Sprint code). Because he used his own phone, the FBI was able to put a trace on the line and track it to San Diego.
But the bust sent only minor ripples through the electronic underground. Instead, a series of well-calculated “contingency” plans has gone into action. When a raid takes place and members of the pirate community know that their names are likely to show up on disks the FBI reads, a process to cover their electronic tracks is used. First, all personal pirating disks are either erased of all information or the disks are run through an encryption scheme. Encryption will render disks unreadable by anyone except the person who knows the encryption. This is “standard operating procedure” for most pirates. Next, all paper files are destroyed, since the FBI will take printouts as well.
It was a “cosmetic bust,” according to the Allied Force. The FBI does this from time to time to “stay current with the state-of-the-art pirate technology,” says Apple Jax. An article in the October 28 issue of Infoworld, however, states that Chase Manhattan notified the FBI in late July that individuals were illegally entering the system by using a toll-free number restricted to Interactive Data subscribers. When IDC learned its system had been cracked, it changed numbers and set up a tracer line on the original 800 number. Only valid subscribers would know of the change; anyone calling the old line was thus a suspect in the cracking incident.
The Justice Department will now review all the confiscated equipment, which means they will read all the disks, list all the programs, make printouts of all the messages, and create files based on the names they find. There are no privacy rights to protect electronic communications, such as there are for mail and telephone communications, so the FBI can confiscate all communications stored on floppy disk.
According to Bluebeard, one of the Allied Force members who had his computer confiscated, the FBI told him that all the confiscated equipment would be returned in ninety days. “And with that they think the score is back to zero,” he says.
News of the raid has already been chronicled and transferred to pirate boards across the nation. New strategies must now be discussed and developed. Damages to pirating tactics are evaluated, not unlike the evaluation the Department of Defense makes when it discovers security information is in the hands of the Soviets. “Nothing much ever comes of these raids,” Apple Jax tells me, “especially when it has anything to do with money. It’s bad publicity for the bank. So they don’t press charges.”
Jax appears to know what he’s talking about. In the same October 28 Infoworld article, bank officials are claiming that the FBI inflated the actions of the individuals involved and that nothing much happened. The FBI, however, claims it has sworn statements from the bank claiming severe damages because of the break-ins.
To date no arrests have been made as a result of the raid. A raid is simply the confiscation of materials for review, and if the review can prove that a wrongful act was committed, charges may be brought against the pirates under the Crime Control Act. The penalties under the act include a fine equal to twice the value of the information obtained or the loss created by the offense up to $100,000, plus a maximum penalty of one year in prison.
Five days after the October 15 raid, there is another message on my answering machine. “I hear you’re doing a story on pirates,” says the young male voice. He’s a friend of a friend of Dr. Doom. And I am invited to participate in another late-night trashing.
At 5:00 p.m. today, like every other day, as soon as the phone rates drop, San Diego’s electronic underground will activate almost as if on command. Tonight an estimated 450,000 people from every corner of the nation will connect a personal computer to their telephone and talk with each other through a vast network of electronic “bulletin boards" — in what constitutes a nation within a nation. This new form of mass communication, known by its members as the “Network Nation," is cheaper, more accessible, and less regulated than any other national medium.
It is within this tangled and uncharted maze of bulletin boards that members of San Diego’s electronic underground prowl long into the early morning hours. One of them goes by the name of Lady Guinevere. She is sixteen, tan, blonde, and blue-eyed and looks as though she belongs in a Sunkist soft drink commercial. She is, however, a full-fledged member of the “pirate community," as San Diego’s electronic underground is commonly referred to.
The first contact I had with Lady G was by U.S. mail. “I hear from the underground you are preparing some sort of article on hackers and the electronic underground,” she wrote. "I would like hackers to get an accurate representation in your work. I am willing to answer any questions you might have.”
A ten-minute phone call dispelled any suspicions that the letter was a fake, and we agreed on a face-to-face meeting at the Pannikin Coffeehouse and Bookstore in Solana Beach.
For her debut/farewell appearance (this was to be the first and only time I would meet her face to face), Lady G is dressed in Levis and a pink sweat shirt five sizes too big. Surrounded by the old-timey ambiance of the Pannikin’s coffeehouse and by millions of words in traditional black-and-white print, Lady G talks of electronic communications, high-tech “pirates,” and what the pirate community is all about. It’s a group made up of hundreds of white, upper- middle-class males (ages twelve to twenty) who own microcomputers and modems. “Females and guys over twenty are a rarity,” she says. When asked about what she finds so interesting about the pirate community, she smiles and responds, “It’s full of guys. I get a lot of attention because there’s not a lot of other girls hanging around. I like all the attention. And there’s no competition between me and the other guys. It’s like I get special consideration or something.”
You’ve read all about these kids, in publications from Newsweek to Dun and Bradstreet Report, and you’ve seen Hollywood’s version of their type in the movie WarGames. It’s likely you’ve heard them referred to as “hackers”: mischievous, little computerized vandals with an obsession for breaking into national computers owned by the likes of the Pentagon, NASA, and TRW.
Called everything from criminals to geniuses, these kids want to set the record straight, to have the story told from their eyes. This article is the result of a four-month association with the electronic underground. All the names have been changed, including their CB-like handles, which are as unique to these kids as their fingerprints.
They call themselves the Allied Force. What has brought them together is a common interest — pirating — that developed during thousands of casual messages exchanged on bulletin boards. They are a loose coalition, drawing members from the different factions within the pirate community: Pirates, Phone Phreaks, and Crackers.
Pirates specialize in the art of copying, trading, and giving away commercial computer programs. Phone Phreaks exploit the telephone system for personal gain — which amounts to circumventing Ma Bell’s accounting system — by making thousands of free phone calls each month. Crackers devote their efforts to proving that anything developed by man is fallible: they break into scores of supposedly secure computer systems.
Arranging to meet the Allied Forces took on all the hype and posturing of a labor-management strike negotiation. Lady G took care of the mediator role. First she gave me the phone number and password to the Allied Force bulletin board, then vouched for my integrity (which meant assuring the rest of the Allied Force that I wasn’t a federal agent).
Communications with the Allied Force took place on their own bulletin board. The microcomputer the board runs on (an Apple He) is owned by a member known as “Captain Crook.” The computer itself is located in Captain Crook’s bedroom, in his parents’ quiet Kensington home.
Pirate bulletin boards, all operating on home microcomputers, allow the posting of electronic messages, much in the way you can post messages at the local Laundromat using a tack, felt-tip pen, and three-by-five card. Messages are displayed on electronic bulletin boards using a computer and a “modem” — a device that allows computers to “talk” over the phone lines.
There are twenty pirate boards operating at any one time in San Diego County (nationwide there are an estimated 1200). Because these boards operate from an individual’s home on personal computers, few of them are used as bulletin boards twenty-four hours a day, which accounts for the varying number of pirate boards operating at any given time. Each pirate board has its own name, such as “Pirate’s Harbor,” “Crow’s Nest,” “United Federation of Pirates,” and “Sherwood Forest.” The Allied Force’s bulletin board is called the “Ghost Ship.”
In any one night a typical pirate bulletin board will receive between thirty and fifty calls, with a large number of those calls coming from out of state. Ghost Ship is a typical pirate board. Pirate boards are divided into different areas, each area being dedicated to a different topic. The topics found on any pirate board include Phreaking, Cracking, Wares, Anarchy, and War.
Each specific topic area functions much like a drawer in a file cabinet. Within each “drawer” there are several files pertaining to that specific subject. These files are like regular file folders, except that they contain electronic text that can be read on the computer screen. The caller can “down-load” these files, a simple procedure that allows anything being displayed on the computer screen to be stored on a floppy disk.
Each topic area also includes a discussion area, where messages are posted regarding the section’s topic. This discussion area is where the interactive dialogue takes place, where people meet others, and where ideas are exchanged. It is through these discussion areas that the various pirate groups, such as the Allied Force, are formed. The trading of messages tends to build up a camaraderie of sorts, and after a while a group of individuals will decide to form a “support group,” take on a name and identity, and “incorporate” as an autonomous entity.
When I first called the Ghost Ship, my computer screen displayed a text that could have been written by a would-be science-fiction writer:
Your ship has just gone out of control. Veering toward the surface of the purple, gaseous planet, your craft tumbles out of its controlled flight path and begins to spin in wild circles.
The impact crushes you into the seat and breaks a seal on the outer door of the space craft. Through your half-daze, you notice a gnarled, yellowish hand push open the door. With a primitive stone instrument the hand scratches a message on the titanium wall of your spaceship. It reads:
HAVE YOU EVER BEEN HERE?
At this point I entered my name and the password given to me by Lady G. The computer checked the information I entered against its list of authorized users. The computer accepted my entries and issued a warning on my screen:
THE INFORMATION ENTERED HERE IS NOT THE RESPONSIBILITY OF THE OWNER OF THIS SYSTEM. ALL INFORMATION BELONGS TO THE ORIGINAL AUTHOR. OWNER NOT RESPONSIBLE FOR ILLEGAL MESSAGES OF ANY KIND. YOU HAVE BEEN WARNED....
Having to enter a name and password is a token security measure, like showing a photo ID badge to a security guard before entering a secure building. It is a kind of electronic gate, but opening the gate is only the first step. A pirate board will carry possibly hundreds of different security levels. Each person using the bulletin board is given a security level. This security level is nothing more than an entry that the owner of the board, called a system operator — “sysop” (pronounced “sis-op”) for short — makes on the floppy disk telling the computer which topic areas you are allowed to read when using the bulletin board. These security levels are necessary for keeping unauthorized persons out of confidential file areas. (Confidential files might include a listing of other pirate boards; “unauthorized persons” means law enforcement officials.) A high security level (levels range from 0 to 128) denotes your ranking in the group. A first-time or unknown caller is automatically assigned a security level of 0. This level of security gives a caller use of password and access to the “General” topic area, where nothing much happens. A low security level doesn’t even let you know that other areas are available.
Many messages were exchanged between the Allied Force and me during a “feeling out” phase. During this phase of my participation on the bulletin board, I was only allowed to submit the full text of articles I’d previously written on the subjects of software piracy and invasion of privacy. I was also allowed to respond to any messages that were sent to me.
After all the members of the Allied Force had read my articles, they decided I was “worthy” of the highest security level (I assume because they liked the nonjudgmental tone of the writing regarding those touchy subjects). This high security level allowed me to roam at will through any of the bulletin board’s files.
The phreaking section of the Ghost Ship contains files that detail how to exploit the phone company. I saw complete schematics for building several types of “boxes” (blue, black, silver, purple, and white). These boxes alter phone line signals, fooling the Bell phone computer into thinking the outgoing call is to an 800 number and electronically making a connected call look as if it’s still ringing.
Each schematic came complete with detailed documentation and step-by-step assembly procedures. A materials list, complete with parts numbers, was also provided. Other files told how to test a telephone exchange for line monitoring, as well as the dates and time of day when Pacific Bell would be monitoring certain area codes (this information was lifted, or so the author stated, from the briefcase of his father, a military base telecommunications director). Also listed in the phreaking section were homegrown software programs that can be transferred over the phone lines, from computer to computer; one of these is SprintCat, a program that allows the computer to dial tirelessly through a sequential series of Sprint access codes and then print out the verified numbers. Often someone will provide a file that contains as many as fifty Sprint codes, with the admonishment, “Enjoy them while they last!”
Files in the cracking section of bulletin boards are the ones that grab national press headlines. Well-publicized raids on pirates have turned up cracking files that listed account numbers and passwords to computers like those at the Ames Research Center, NASA satellite tracking stations, naval shipyards, and the Sloan-Kettering Research Center. (This happened in a recent bust of seven New Jersey youths who allegedly broke into a NASA computer and attempted to move a communications satellite out of orbit.) The cracking files I found on Ghost Ship included telephone numbers and passwords for an incredible range of computers, from TRW’s credit computer to UCSD’s Cognitive Science Lab. Files also list the best times to attempt cracking certain computers, along with details of successful (and failed) cracking attempts.
The wares section, referred to as the “Ship’s Wares,” “Pirate’s Stash,” or “Treasure Trove,” contains copyrighted commercial software available for transfer from the bulletin board to the caller’s computer. It’s all free for the taking. It’s not uncommon for a wares section to contain software that, if purchased over the counter, would cost into the thousands. Some of the better-known programs I saw listed for “trading” included WordStar, dBase II, Lotus 1-2-3, Apple Works, and Wizardry.
Anarchy is rampant on Ghost Ship and most other pirate boards. Message files read like chapters from homegrown terrorist manuals. Verbatim chapters from The Anarchist's Cookbook are available for casual perusal. There are files on how to manufacture (and deploy) everything from chlorine gas to bazookas. The files exhort the use of such weapons in school classrooms (“Next time your class gets boring, unleash the [chlorine] gas from the back of the room”) and on the streets. The file on how to manufacture a bazooka (from PVC tubing, using a Binaca bottle as a projectile) contained a newspaper clip from a Santa Cruz paper that told how four youths used the device to attack a street bum. The news clip was listed under the heading “suggested uses.”
The war section of a pirate board resembles a rest room wall. Here members of the pirate community “fight it out” with verbal onslaughts that would have made Lenny Bruce blush. Messages here are strung together with so many four-letter words and references to “your mama” that it’s hard to believe the authors are teen-agers and not grizzled chief petty officers.
Soon after I was given clearance to read any part of the Ghost Ship bulletin board, I began to discuss setting up face-to-face meetings with the Allied Force. These discussions were actually a series of sequential messages stored on the bulletin board. I would call the bulletin board and type in my message requesting a certain date for a meeting, then I would hang up. Someone else would then call and be notified by the computer that there were new messages to be read. That caller would read the message I left and then enter his response into the computer.
This routine was repeated by each successive caller. The next time I called the bulletin board, I could read each person’s response to my request. Always inconsistent and always at their convenience (and ultimately my inconvenience), meetings were on for one day, canceled the next, then on again. Three weeks after my meeting with Lady G, however, I managed to meet the Allied Force face to face.
Headquarters for the Allied Force is, in reality, a fifteen-year-old’s bedroom. And I’m not much surprised at the clutter. The bedroom carpet is nothing more than a series of pathways through mounds of dirty clothes. These pathways lead to all the vital activity centers in the ten-by-twelve bedroom: the stereo, the closet, and the computer desk.
The computer desk resembles more a shrine than a veneer-covered, particle-board furniture piece. The edges of the desk hold the computer’s supporting cast: printer, manuals, blank floppy disks, cables, Oreo cookies, and an odd assortment of writing utensils.
The computer is an Apple IIe — considered the ultimate “hacking” machine in the minds of nearly all of those in the pirate community because there are hundreds of ways to modify the system. The amount of software available for the Apple also makes it highly desirable (some of the most advanced software used with modems has been developed for the Apple). This Apple sits on the desk in what can be described as the “holy of holies” — center stage and stuck under a protective bookcase.
The bookcase holds a virtual library of reference materials. Several books are distinctively marked with a Dewey decimal number and a due date in February of some year. Book titles run from basic electronics to cryptology. In a separate section of the bookcase are monuments to a different underground: a Fidel Castro book on guerrilla warfare, Abbie Hoffman’s Steal This Book, and the infamous Anarchist’s Cookbook. And so they gather, arriving after school in this quiet, semiaffluent, Kensington suburb by bus, motorcycle, moped, and car. Most are coming from North County — three from La Jolla, two from Del Mar, two from Solana Beach — and one travels from Hillcrest.
This is the home of Captain Crook. Because his parents work every day until early evening, Crook’s house is the perfect place to hold meetings without a lot of interference. At fifteen, Crook is the typical latchkey kid — only this kid has found an “educational” activity to keep him off the streets.
The membership of the Allied Force totals ten; nine are at the meeting. The roll call reads like the cast of an adventure-fantasy-science-fiction film: Captain Crook, fifteen; Dr. Doom, sixteen; Apple Jax, seventeen; Captain Blackbeard, seventeen; Bluebeard, fifteen; Colonel Khaos, eighteen; Apple Pirate, sixteen; Lord Flathead, fourteen; and Lancelot, fifteen. Only Lady Guinevere is absent.
It would be difficult to pick these kids out from any randomly assembled group of teen-agers. To call any of them athletic would move this story into the realm of fiction. Attire runs the gamut from Bluebeard’s scaled-down high-school preppie look (polo shirt, corduroy jeans, and deck shoes), to Apple Pirate’s faded 501’s, beaten Nikes, and Motley Crue concert T-shirt. Sitting attentively, they carry on a reasonable facsimile of a corporate board room meeting.
These meetings are held on an irregular basis, usually called for only when the bulletin board discussions can’t communicate exactly what needs to be said. This meeting would see some business taken care of (such as the sharing of new information), and I would get to meet and interview the members.
I am surprised at how relaxed everyone appears. Because of the three weeks of discussions I've had with the Allied Force on the bulletin board, it's almost as if we already know each other. The initial shock of “Oh, so that's what you look like” fades quickly, and business matters are attended to.
The first order of business is contributions. Every member presents something new to the group. Apple Pirate offers a printout of electronic “addresses” (each address is a number code that will connect you to mainframe computers belonging to the likes of Rand Information Systems and the New Jersey Institute of Technology), carried on Telenet, a commercial phone network to which hundreds of databases are electronically linked.
Lancelot tosses a couple of disks on the conference table (a twin bed). “Two new games from Electronic Arts. Beta test versions. They aren't even on the shelf yet.”
Lord Flathead, sitting next to me, is shuffling a pile of photocopies. A glance over his shoulder reveals the copied article to be the infamous “Back Yard A-Bomb” article from The Progressive. He is submitting this for someone to type up and store in the anarchy section of the bulletin board.
Captain Crook contributes a couple of hundred new [pirate board] numbers that he down-loaded from an East Coast board.
Dr. Doom, Bluebeard, and Apple Pirate all contribute illegal copies of several computer games.
Colonel Khaos offers a new version of the program SprintCat that he has been working on for a month.
Captain Blackbeard passes around the latest issue of an underground publication called TAP: The Hobbyist's Newsletter for the Communications Revolution (number 91).
Apple Jax, who has gained celebrity status for being the first, locally, to crack the security system of CompuServe (the nation's oldest electronic consumer information service), is the leader of the group. Though not the oldest, he has been a pirate longer than the rest. The pecking order in any pirate group is determined by certain accomplishments, which may include finding a series of unlisted computer phone numbers; cracking a major database or software program; or writing a revision of a program like SprintCat. These activities arc status builders in the pirate community nationwide as well. When a “first” is accomplished, the results are written up and passed around to pirate boards around the nation.
Apple Jax explains a hot tip he picked up during a routine call to a pirate board in Vista. The tip mentions that several of the companies in Sorrento Valley’s Naiman Tech Center, on Scranton Road, have been doing some “house cleaning” and that the dumpsters should be full of technical data thrown out by unthinking employees. Plans are made for a “trashing” of the Naiman Tech Center. A trashing entails a systematic perusal through the dumpsters, the contents of which are examined for computer passwords and account numbers, old technical manuals, and anything that could be used to further their online exploits. (Most of the assaults on the phone system are direct results of information gleaned from technical manuals salvaged from the trash.) Jax takes names of those wanting to be in on the trashing. A glance my way and I'm given an opportunity to join in the outing. A nod of my head reserves me a space.
The last order of business involves discussion of a local teletrial (the pirate community's own form of retribution against its members). It seems a newcomer to the San Diego pirate scene has been trying, with unusual ineptness, to crack a UCSD computer. Members of the Allied Force learned of the bungling when the newcomer left several messages on their Ghost Ship bulletin board outlining his failed at tempts and asking for help.
Often these inexperienced pirates get into trouble when trying to enter a computer system. Repeated unsuccessful break-ins (which can total in the hundreds during a single sitting) can alert the computer systems operator that an attempt to break the security system is being tried. This kind of blatant “attack” leads to tightened security — cutting off access for other pirates — and it is dealt with harshly in a teletrial. Those who violate the “Hacker’s Ethic” are subject to such teletrials, a democratic judge- and-jury activity that involves anyone who wants to participate. Except the accused.
Typically, the word is spread on the network of pirate boards that a teletrial will be taking place. Pirates from around the country are encouraged to call a designated board — the trial “venue” — and take part in the trial. Usually the operator of the “trial board” acts as moderator for the teletrial. This entails setting up the “charges” in a text file for all to read on-line. After the charges are read, a discussion takes place and suggestions are made about a sentence that should be handed down.
In a case of “radical stupidity,” the punishment is usually banishment from any kind of pirating activities. The accused is never allowed a defense. Once the sentence is handed out, summaries of the teletrial are then sent to pirate boards across the country, which leads to a nationwide blacklisting of the individual. (Although the sentenced person could easily change the handle he uses, all pirate boards now require that a user supply his real name, phone number, and address so that the systems operator can verify who he is. This is an extra security measure that tends to weed out the law enforcement officials who are starting to crack down on pirate boards.)
The most celebrated teletrial was the sentencing of Newsweek reporter Richard Sandza, who infiltrated the pirate community. Using the handle “Montana Wild Jack,” he passed himself off as a sixteen-year- old. After months of undercover research, he wrote for the November 12, 1984 issue the article “The Night of the Hackers,” a damaging story from the pirates’ point of view. Burned by this intrusion on their activities, the pirates held a nationwide teletrial — the first of its kind.
More than a thousand kids participated in the trial.
The sentence handed down was merciless. The reporter’s credit was wiped out when someone got into the TRW credit computer and erased his record. Next he was assaulted by a barrage of “attack- dialers” on his home phone. His phone would ring, but no one would answer when he picked it up. Calls averaged one every fifteen seconds during the first week of the sentence. His MasterCard account number was given out, and thousands of dollars of useless merchandise was charged to his account (and sent to his residence).
Generally, though, pirates are not known for the swiftness of their teletrial proceedings. In the case of the San Diego newcomer and his bungled assaults on the UCSD computer, the teletrial is now in its second month of deliberation.
Sitting with Colonel Khaos in the bedroom of his parents’ Solana Beach home, I am given a demonstration of the art of breaking into a computer system. As he sets up his Apple He to run the demonstration, he speaks of the thousands of corporations that have their mainframe computers tied into the phone lines. “There’s no way they can keep us out. If a company tries to close off its database, then outside clients can’t get to it. That means the client goes somewhere else.
“The nature of information is distribution,” he continues, “and we, as a society, have decided that information should be available to anyone that wants it. Ah, America, Land of the Free. I love it.”
When a system is penetrated, the cracker may be a voyeur who is just looking to see what is there and then leaves. Sometimes the cracker, having made numerous penetrations into a system, may start mysteriously signing his computer alias (called “tagging the system”), letting the systems operator know that he’s been in and out. Colonel Khaos says the practice of “tagging the system” with an alias is “a pretty stupid thing to do.” If the operator gets tired of logging on every morning and staring at a taunting message, it’s usually then that some kind of anticracking procedure takes place.
“Sometimes he [the corporate systems operator] will set up a trace with the phone company,” says the Colonel. “The sysop might even start to encourage the kid to log-on more. It’s a trap, and one that new kids fall into all the time.”
Although these crackers are often portrayed as a new wave of geniuses in our technology-driven era, beating computers at their own game with the brilliance of a Nobel laureate, breaking into private data systems may be nothing more than child’s play. For equipment you need a computer, a modem that connects two computers via the phone lines, and a program that can make repeated phone calls. This program is called an “attack-dialer” or “demondialer.” The program can be set up to call every variation of a four-digit telephone number in a given telephone exchange (yes, you saw this in the movie WarGames). When it connects with another computer — it will know because an answering computer issues a high-pitched “beep” tone — it will make a notation on the computer screen and enter the number on a floppy disk.
“Once I’ve got a handful of new numbers from the attack-dialer, the fun really begins,” says Khaos. A fifteen-minute demonstration of the attack-dialer program on La Mesa’s 464 exchange reveals four computer telephone numbers from a total of 150 dialed.
The Colonel begins an assault on these new “discoveries” by simply turning on the computer and modem. After loading the communications software into his computer, the Colonel dials the first of his new numbers. Once he has dialed the numbers, the two computers will connect. No mystery here. It’s a function of electronics — one computer calls, the other answers. The time-consuming part begins once the two computers connect.
The Colonel explains the process. “Almost everything taught about computers is that they are logical — to a fault. But passwords are the exception. It seems that people want to project some kind of human quality on the computer, and they tend to do that with passwords. People are completely emotional about it — it’s stupid, but it makes cracking a computer a lot easier. People use their wives’ or children’s names, something very personal. Or they make it obvious, like someone at a bank using the password money!' As he speaks, the Colonel is interrupted by the high-pitched tone coming from his computer; he has hooked into a remote computer (one of his four new discoveries), one about which he knows no details.
As I watch, the remote computer identifies itself and kindly asks for a password. Khaos enters the word password and the remote computer rolls out the red carpet. Leading him step by step, the remote computer then asks Khaos for a user name. First he tries John. No good. But the remote computer is a patient one and again asks for a user name. Khaos then tries Mark, Bob, and J Doeall without success.
“Okay, let’s see if [the computer] will give us any help,” says Khaos. And next he enters the word help.
The computer responds by giving the expected format for the user name, which turns out to be at least eight characters in length. With the correct format now in hand, Khaos enters the word computer — still no luck.
“I’ve got one more ‘standard’ to try,” says Khaos, speaking of a routine set of passwords and user names he always enters when first trying to crack a computer system. The word security is entered —, and accepted by the remote computer. “Won’t these people ever learn?” Khaos laughs and proceeds to shuffle through the electronic corridors of someone’s business computer system. He explains that the password and user name must have been left in the computer after the system was originally set up. “Usually a computer system will come with a password and user name installed by the software manufacturer,” he says. “This allows the sysop to get into the system and set the different accounts he needs for those using the system. Most sysops are lazy or just forget to delete that ‘generic’ password and user name.”
The final plans for the trashing came in a message left for me on the Ghost Ship. On Saturday, June 8, at 9:00 p.m. I am to drive to Tor- rey Pines High School and wait until a 1967 VW arrives.
The bug pulled into the parking lot thirty minutes late. I jam into the back seat with Apple Pirate and Dr. Doom. During the twenty-minute drive to the Naiman Tech Center, I am given the short course in the fine art of trashing. “I can know everything about a company in a couple nights of trashing,” brags Apple Pirate. “You’re not going to believe the stuff we can find in the trash.”
I am told that the janitors make work even easier because they put the wastebasket contents from each office area, such as engineering, marketing, and research and development, into separate industrial- strength garbage bags. “We can nab an entire day’s trash from a computer room in one bag. No fuss, no muss, it’s one clean sweep.”
Finally we pull into the target area. The huge steel sculpture in front of the Megatek building stands like a mute god. A hundred years ago the sculpture might have scared away a weak-hearted intruder; tonight it serves as a landmark for an Information Age commando raid. The first objective is a huge dumpster sitting at the far end of a deserted parking lot. A parking lot that, after hours, might as well be a graveyard — there’s no one in sight. And the only noise is the faint hum of cars speeding along Interstate 5. As I step out of the car, an arsenal for assaulting the trash bins is unfolded before me.
The “weapons” include an assortment of low-tech tools: gloves that had seen better days, for protecting the hands; palm-size flashlights, for poking around in the dark corners of the dumpsters; a garden rake, for moving piles of trash out of the way; a cheap pair of binoculars, used to peer through first-floor windows at computer terminals in hopes of picking up a password left on the screen or tacked to the computer monitor; and a decoy bag of aluminum cans, “in case someone happens to ask what we’re doing,” says Dr. Doom. Although no one has ever challenged them during a trashing party, “there’s nothing like insurance,” says Apple Jax. I suggest that the only thing missing is the ceremonial war paint. The suggestion draws laughter and breaks the tension. I begin to sweat.
In teams of two we begin a systematic search through the dumpsters. Digging through the trash, I have to smile at the irony. Rummaging through a dumpster in a Sorrento Valley industrial park epitomizes the phrase “high-tech, high-touch,” coined by John Naisbitt. author of Megatrends.
My trashing partner. Dr. Doom, explains the paradox of computer system security. “Most of these companies need to have a ‘user-friendly’ system, but they also need to have some kind of security. It's impossible to have a system easy to use and completely secure. People have trouble remembering their passwords. And if the system is too complicated, they write it [the password] down on a piece of paper somewhere nearby. The paper usually ends up coffee stained, and bingo: it's in the trash.”
One by one we jump into dumpsters and “move trash.” Ripping into the garbage bags, we look for interesting material, such as computer printouts and engineering documents. When an opened garbage bag looks promising, it’s tossed over the side to be picked up later. In the large dumpsters it’s impossible (not to mention disgusting) to search through everything, so only the first few feet or so of trash is investigated. In all our party goes through twenty- two dumpsters. The VW swings by and we shove our finds in the car’s trunk.
Our haul for the night is better than average. “Usually we end up with a printout or two, maybe a password and phone number, but not much else ” says Apple Pirate. “To get some really good stuff you have to trash on a regular basis — and I don’t know many pirates who can handle jumping around in this shit all the time.” This night’s trashing yields a technical manual, found intact, that gives operating procedures for an IBM system 38. Handwritten margin notes in the manual give access codes and passwords. Inside the manual, protected by plastic, are the phone numbers and times the computer goes on-line to the outside world. Another bag contains reams of computer printouts. These printouts hold complete log-in sessions, on which are printed the exact steps (including passwords and account numbers) for entering another computer. From various office wastebaskets come carbon receipts from MasterCard, VISA, and American Express. There is even the carbon of a card, from the commercial information service, CompuServe, that shows the account number and password of a new subscriber.
During a two-week period after the trashing, the phone numbers will be tried out (with no success, the numbers having been disconnected) and the printout passwords and accounts tried (also a bust). The only thing that actually materializes is the CompuServe account. Dr. Doom uses the account for a couple of hours, then it seems the account’s rightful owner changed the password, and efforts to crack the new password are unsuccessful. The MasterCard, VISA, and American Express account numbers are placed in a message on the bulletin board for anyone who wants to risk using them.
The “why” of all these pirate activities has remained largely unanswered. The popular press paints these pirates as alienated teenagers. Psychologists, too busy scrambling for the funding of pet theories, haven’t begun to research the motivation of these kids. Police and security analysts maintain they are the Information Age counterparts of the kids who stole cars and went joy-riding in them for an afternoon. The pirates themselves have their own explanations.
“It’s the ‘thrill of the hunt,’ ” says Lord Flathead. “There are few things that you can do that will give you the rush of cracking a computer. Gaining access to a computer system gives me the sense of ‘owning’ it. If I want to screw up the data, I can. If I want to change passwords, I can. If I want to leave it alone, sort of bestow mercy on a pitiful security system, I can. That’s power. And where in this adult- dominated world can a fourteen-year-old kid get a handle on power?”
“Being the first one to pirate a new software program makes you popular,” says Lancelot. “Do I look like I can play linebacker? Do I look like I want to play linebacker? Hell no. But if I can supply copies of the hottest computer game in town, suddenly I’m somebody. I’ve done something more than score a touchdown or sink the winning basket.”
“To constantly break computer security systems that guys with computer science degrees have designed, that’s a big deal to me,” says Bluebeard. “I feel I earn a degree of respect from the sysops I harass. If I didn’t bug them, why would they try so hard to catch me? Having that kind of power over an adult, or over several adults, is great.”
“The WarGames scenario is real, when you’re trying to crack a computer system,” Colonel Khaos tells me. He explains that it is a real-life adventure, with real-life consequences if you get caught. “And you don’t get that by playing video games.”
“We’ve actually caused one of the nation’s most powerful companies [AT&T] to rethink its entire technology,” comments Apple Jax. “When you can have an effect like that on something, when you can see that what you are doing is causing radical changes, it’s exciting. We’re changing the way the Information Age is operating.”
“My dad cheats on his taxes,” says Captain Black- beard. “Everyone cheats on their taxes. That, to me, is a worse crime than just bouncing around a computer system. And as far as copying software goes, how many record albums have you borrowed and copied onto a cassette tape? What's the difference?” Apple Pirate asks, “When have you ever heard of a pirate transferring money to a bank account in Switzerland? The entire computer security industry knows that most of the computer ‘crime’ is done by people from within a particular company. But does that make the cover of Newsweek? Fuck no. The papers go after a story about a stupid kid that gets caught logging on to a NASA computer or something.”
My phone starts to ring as early as 5:00 a.m. I receive word that last night (October 15) forty FBI agents carried out a raid in the North County. Their targets were twenty-three pirates. The FBI confiscated all types of equipment, from computers to printers to floppy disks. The raids came during “prime time” — from 8:00 p.m. to 9:00 p.m. — and there wasn’t even time for anyone to send a warning about what was happening.
The Allied Force-has been seriously crippled. Four of the ten members were visited by the FBI. Somebody in the group made a serious error when cracking a computer owned by Interactive Data Corporation, a subsidiary of Chase Manhattan Bank Corporation: he was tagging the system with his alias and calling from his own phone (as opposed to using a stolen MCI or Sprint code). Because he used his own phone, the FBI was able to put a trace on the line and track it to San Diego.
But the bust sent only minor ripples through the electronic underground. Instead, a series of well-calculated “contingency” plans has gone into action. When a raid takes place and members of the pirate community know that their names are likely to show up on disks the FBI reads, a process to cover their electronic tracks is used. First, all personal pirating disks are either erased of all information or the disks are run through an encryption scheme. Encryption will render disks unreadable by anyone except the person who knows the encryption. This is “standard operating procedure” for most pirates. Next, all paper files are destroyed, since the FBI will take printouts as well.
It was a “cosmetic bust,” according to the Allied Force. The FBI does this from time to time to “stay current with the state-of-the-art pirate technology,” says Apple Jax. An article in the October 28 issue of Infoworld, however, states that Chase Manhattan notified the FBI in late July that individuals were illegally entering the system by using a toll-free number restricted to Interactive Data subscribers. When IDC learned its system had been cracked, it changed numbers and set up a tracer line on the original 800 number. Only valid subscribers would know of the change; anyone calling the old line was thus a suspect in the cracking incident.
The Justice Department will now review all the confiscated equipment, which means they will read all the disks, list all the programs, make printouts of all the messages, and create files based on the names they find. There are no privacy rights to protect electronic communications, such as there are for mail and telephone communications, so the FBI can confiscate all communications stored on floppy disk.
According to Bluebeard, one of the Allied Force members who had his computer confiscated, the FBI told him that all the confiscated equipment would be returned in ninety days. “And with that they think the score is back to zero,” he says.
News of the raid has already been chronicled and transferred to pirate boards across the nation. New strategies must now be discussed and developed. Damages to pirating tactics are evaluated, not unlike the evaluation the Department of Defense makes when it discovers security information is in the hands of the Soviets. “Nothing much ever comes of these raids,” Apple Jax tells me, “especially when it has anything to do with money. It’s bad publicity for the bank. So they don’t press charges.”
Jax appears to know what he’s talking about. In the same October 28 Infoworld article, bank officials are claiming that the FBI inflated the actions of the individuals involved and that nothing much happened. The FBI, however, claims it has sworn statements from the bank claiming severe damages because of the break-ins.
To date no arrests have been made as a result of the raid. A raid is simply the confiscation of materials for review, and if the review can prove that a wrongful act was committed, charges may be brought against the pirates under the Crime Control Act. The penalties under the act include a fine equal to twice the value of the information obtained or the loss created by the offense up to $100,000, plus a maximum penalty of one year in prison.
Five days after the October 15 raid, there is another message on my answering machine. “I hear you’re doing a story on pirates,” says the young male voice. He’s a friend of a friend of Dr. Doom. And I am invited to participate in another late-night trashing.
Comments