TUCoPS :: Phrack Inc. Issue #21 :: p21-09.txt

Phrack World News Special Edition II


                      Volume Two, Issue 21, File 9 of 11

    PWN PWN PWN PWN PWN PWN PWN Special Edition PWN PWN PWN PWN PWN PWN
    PWN                                                             PWN
    PWN                        Phrack World News                    PWN
    PWN                    Special Edition Issue Two                PWN
    PWN                                                             PWN
    PWN                  Created, Written, and Edited               PWN
    PWN                       by Knight Lightning                   PWN
    PWN                                                             PWN
    PWN                 Special Thanks To Hatchet Molly             PWN
    PWN                                                             PWN
    PWN PWN PWN PWN PWN PWN PWN Special Edition PWN PWN PWN PWN PWN PWN


                     Ed Schwartz Show on WGN Radio 720 AM
                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                            September, 27-28, 1988

                         Transcribed by Hatchet Molly


Hello.  In this special presentation of Phrack World News, we have the abridged
transcripts from the Ed Schwartz Show, a late night talk show broadcast by
WGN Radio 720 AM - Chicago, Illinois.

The transcripts that appear here in Phrack have been edited for this
presentation.  For the most part, I have decided to omit the unrelated chatter
as well as any comments or discussions that are not pertinent to the intent of
Phrack World News.  In addition to this, I have also edited the speech somewhat
to make it more intelligible, not an easy task.  However, the complete unedited
version of this broadcast can be found on The Phoenix Project (512)441-3088,
sysoped by The Mentor.

:Knight Lightning

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Cast;

A  = Anna (Self-proclaimed phone phreak in Kansas City, Missouri)
AA = Sergeant Abagail Abraham (Illinois State Police; Computer Crime Section)
B  = Bob (A bulletin board system operator)
BG = Bob Gates (Manager of Corporate Security for Ameritech)
CM = Chuck Moran (Director of Internal Affairs; Ameritech Applied Technologies)
D  = Dan (A computer science major at DeVry Technical Institute in Chicago, IL)
ES = Edward Schwartz (Our host)
EZ = Ed Zahdi (A researcher from THE READER, a local publication in Chicago)
G  = Gordon (Hatchet Molly, a graduate student at Northern Illinois University)
JM = John F. Maxfield (Our famous friend from BoardScan in Detroit, Michigan)
K  = Kevin (A BBS sysop)
L  = Louis (A caller)
P  = Penny (A victim)
R  = Robert (A legal hacker)
R  = Ray (A former software pirate)
S  = ?? (A consulting engineer)


Also mentioned, but not on the show, was SHADOW HAWK of Chicago, Illinois, who
was recently arrested for theft of software from AT&T, and TOM TCIMPIDIS, a
famous sysop who was arrested for having, unknown to him, AT&T Calling Card
numbers on his legal bulletin board.

                                      ^*^

ES: It's 12 minutes after the hour.  The hour, of course, is eleven o'clock. We
    have a tremendous amount of commerce that goes on late at night and in the
    early morning.  When I say commerce I'm talking about computer operations
    of all kind from keypunching to tabulating - you name it.

    We've done two programs with Ed Zahdi who is the researcher from THE READER
    (the weekly newspaper) from the "straight dope" column.  Ed Zahdi does the
    research and on two appearances (on two Friday nights) within the last year
    or so on this program Ed Zahdi has received a number of phone calls...
    about computer hacking, about people whose telephones mysteriously ring in
    the middle of the night -- or almost any time of the day but constantly do
    so and they pick up the phone and there's nobody there.

    The last time Ed Zahdi was on, we were flooded with calls from people who
    claimed that;

    o  There are all kinds of telemarketing people who are ringing telephones.
    o  That the phone company is testing phones and you don't know it.
    o  That the phone network gets tested every day and everybody's phone rings
       once or for half a ring and nobody's ever there.

    I was amazed at the number and type of calls that came in. We called the
    phone company and we asked for some cooperation and tonight we are having
    as guests not only Mr. Ed Zahdi from THE READER, but also Mr. Chuck Moran,
    the Director of Internal Affairs from Ameritech Applied Technologies.  We
    also have Mr. Bob Gates, Manager of Corporate Security for Ameritech.

    We're gonna get into this whole thing as to whether or not people are using
    and abusing the phone networks.  Whether or not computer hackers are
    ferreting out phone numbers with computers.  Whether or not you can really
    program a computer to randomly ring every telephone in the city or not.

    If you're a computer person hang around.  We're also going to talk about
    some of the things that the phone company and other allied businesses are
    doing to catch up with the computer hackers.
JC: Well, that sounds interesting to me.
ES: Well now are you ready for this?  The Bureau of Criminal Investigation of
    the Illinois State Police has a computer fraud unit.
JC: Uh-huh
ES: And do you know what they like to do?
JC: What do they like to do?
ES: Lock up computer hackers.  Tonight we're going have the computer hackers
    running for the hills!  Well maybe I should say "typing for the hills" huh?
JC: Probably! (chuckle)
ES: Because they don't run...most of them are couch potatoes.
JC: That's right!
ES: Glad to see you here Ed.
EZ: Glad to be here Ed.  In In the "straight dope" we deal with all kinds of
    questions one of the questions we got onto was the question of ghost
    rings.  People would hear these things primarily at night.
ES: On their home phone?
EZ: On their home phone.  What would happen is that they'd be sitting at home
    and the telephone would ring for a half a ring or a whole ring or maybe
    even two rings.  They would pick it up and nobody would be there.  And I'd
    heard about this in the past.  I thought it was some peculiarity of buying
    a phone from K-Mart or who knows where.

    We got easily a dozen calls in the course of the evening from people who
    had the same experience happen to them.  And it would always, oddly
    enough, happen at the same time of the night or on the same day of the
    week at the same time of the night and it was pretty eerie.

    We got one woman, who I've spoken to several times since who said that she
    was an answering service operator and she had whole banks of phones and
    sets of these phones would jingle once at a certain time of the night and
    then the next day a different set would jingle at a certain time of the
    night and then the following week or the following whenever the pattern
    would repeat, but nobody was ever there.  And so we decided there had to be
    some obvious solution to this problem and the speculation at the time was
    that it was some sort of a testing program that the phone company had to
    check out the trunk lines or something like that.

    So, I called up the phone company, Illinois Bell, I called up CenTel,
    called up Bell Labs, called up places like that to ask if they knew
    anything about it.  I asked whether there was a testing program, if not
    what explanation could they offer.  They said no, there was no testing
    program, they had no idea.  They had some speculation they thought
    conceivably some sort of computer ringing service was involved, but they
    didn't have any really clear idea so we came back here a couple of months
    ago to talk about it again.
ES: We were swamped with calls again.
EZ: I asked for the woman, whose name is Pat, who was the answering service
    operator to give me a call.  She did and she volunteered to help us out
    and see if we could use her phone system as a guinea pig and have the
    telephone company try and find out, if they had means of doing this, what
    the source of these ghost rings was.  One of the things she pointed out
    was that during the Hinsdale fire or during the time that the Hinsdale
    switching system was out of operation after the fire there the ghost rings
    stopped.
ES: Ahhhh!
EZ: After it was repaired the rings started up again, but they were on a more
    irregular basis whereas before they were sort of like clockwork at a given
    time of the night.
ES: Uh humm.
EZ: Now the same sets of phones would ring on a given day, but at predictable
    times.  And it would vary within an hour or so.  So what I hoped to do at
    that point was to get together with Pat and try and get together with the
    phone company at her place and see what we could find out.  Unfortunately
    she got sick, had a bad infection, so she was out of work for a long time.
ES: Uh humm.
EZ: She has just recently gotten back on the job and I spoke her today and our
    plan now is that I'll go over to her place of business on Thursday just to
    see for myself and at that point I'm going to call up probably your friend
    Ken Went at Illinois Bell.
ES: Head of Security
EZ: We'll see what we can find out and see if they'll do it for cheap 'cuz we
    haven't got a whole lot of resources yet.  Now the problem is that the
    connection only lasts for a split second and I hope that they can find
    something out in that short of a period of time in terms of tracing but
    its not clear to me that its totally possible.
ES: Now one of the things that we found out when you were here a few
    weeks ago on a Friday night was another element to all of this.
    Telemarketers have been known to, in terms of getting a hold of people,
    ring phones of people whose numbers they don't know.
EZ: We got some real interesting things.  There were two basic theories here
    that I guess that I should talk about.  One is that computer hackers do
    this.  One of the things that computer hackers do is program their
    computers to use their modems their modems to find other computers.  When
    they find one, there will be a characteristic tone that will tell the
    computer on the other end that its reached another computer.  If they
    don't find a computer they can disconnect real quickly before the
    connection is actually made and the charge is placed to their bills.  So
    they can do this all for free basically.  They'll do this routinely to
    try and find new locations of computers.
ES: Right.
EZ: So that was one theory.  The drawback to that theory is well, why would
    they do this repeatedly with a given number?  Because obviously if the
    computer isn't there Tuesday its not going to be there Friday afternoon.
    Why would they try this repeatedly every week.  That was one problem.  The
    second theory that was presented to us was that telemarketing firms do
    this to keep their files up to date.  They want to find out if given
    numbers are still in use or something along those lines.
ES: Cause people do move and people do change their phone numbers.
EZ: Right, so what they do is they dial a number up real quick and hang up
    before you can answer it.  At least they can detect whether the line is
    actually in use.  This gives them apparently some useful information.  So
    these were the two main theories and there were several elaborations on
    these that we'll probably hear more about tonight, but those were the
    theories that we had. he problem of course as I say is its not clear
    exactly what the advantage of doing this on a routine basis, weekly or
    whenever would be to the person who is doing it.
ES: There there are some very important elements to all of this.  First of all
    there was a guy on yesterday morning who apparently filed some lawsuits
    against companies that do telemarketing for disturbing him and he is going
    to set a precedent that if you are bothered at home by telemarketers that
    you can sue them and collect damages.

    Not often a lot of money but enough to make them uhh sit up and take
    notice and he is trying to teach other people how to sue telemarketing
    people.

              (Break for commercial followed by re-introductions)

CM: Thank you, Ed. It is our pleasure to be here.
ES: It's a pleasure to have you here.  Ameritech Applied Technologies is a
    division of Ameritech the phone company, right?
CM: Right. We're a subsidiary of Ameritech that that deals with information
    technology needs of the Ameritech family which includes Illinois Bell.
ES: What are some of the things you work on or are responsible for?
CM: I'm responsible for computer security for the Ameritech companies. I also
    happen to have auditing for Ameritech Applied Technologies, physical
    security for our company.  That kind of stuff.
ES: Big job!
CM: Yes.  We are involved with hackers regularly all the time.
ES: Good to have you here tonight Chuck.  Also I would like to introduce Mr.
    Bob Gates, manager of Corporate Security also with Ameritech Applied
    Technologies.
BG: Good Morning.
ES: And a good morning to you.  Bob previously was a police officer.  You have
    been in Corporate Security at Ameritech for how long now Bob?
BG: Since divestiture which was in January 1984.  Its a much more specialized
    field and you deal with one particular aspect of the whole scenario.
ES: Is it correct, are our callers correct?  Do you ring people's phones at
    various hours of the day and night?  Are there "ghost" rings?  Are there
    people out there playing around?  Is it the phone company or is it others?
    What's going on?
CM: Well, I've been in this telephone business for 22 years now.
ES  Okay now this is the Director of Internal Affairs for Ameritech Applied
    Technologies, Mr. Moran, go ahead.
CM: In my days at Illinois Bell, we very often heard these complaints.  We
    kept trying to find out what it was some of the things the we've
    discovered is the computer hackers!  They love to scan a prefix and look
    for a computer tone. They want a computer to talk to, so it'll ring a
    phone.  Their computer will ring your phone.
ES: Now this can be done from the bedroom of a thirteen year of a computer
    phreak right?  Or anybody else for that matter.
CM: If he has got a semi-good computer mind he can do it while he is asleep.
    He can program his PC to use his modem to dial your number.
ES: Is most of the computer hacking and unauthorized use of computers done in
    the off hours?  In other words its not people in business during the day,
    right?  Would that be basically your computer hacker description?
CM: People still have to live, they still have to have jobs to feed themselves,
    and they still have to go to school or go to classes and so your going to
    find that since hacking is a hobby, it is going to done during their free
    time.  Which is typically evenings, weekends, and vacation periods.
ES: I guess what I'm getting at here is I'm trying to establish most of the the
    computer related misbehavior comes more from private homes than from
    business offices.
CM: No. The studies seem to indicate that 80% of computer abusers are in fact
    people in business and are abusing their own company, but that is not going
    to cause your phone to ring.  The people who are using the network to call
    and look for computers are the people which we typically call hackers,
    which amount for 15-25% of the computer abuse that goes on in the world.
ES: How concerned is Ameritech and the other technology and phone
    companies around the country about all of this?
CM: Well just as any business Ameritech is highly dependent upon information
    systems to survive.  So we are concerned with whatever risks go with
    computer usage.
ES: Did you both see the film WarGames with Matthew Broderick?
CM and BG: Yeah.
ES: Now while the plot is pretty far-out, the theory is workable, correct?
BG: The natural inquisitiveness of the youthful mind, the need to explore.
ES: We've heard stories about computer hackers who have gotten into computers
    in government offices, high schools, colleges, and universities.  They've
    changed grades, added and subtracted information from formulas, and done
    all kinds of things.

    Payroll records have been changed and we've got a thing now called the
    computer virus.  We've got a conviction of a guy who is going to jail for
    literally destroying a computer program two days after he left the company
    and apparently that is something that computer people are very worried
    about.

    Are we going to end up with a huge number of people called "computer
    police" here at some point?  To get a handle on all of this, is that what
    we need?
BG: I think computer security is just a natural extension of using your
    computers to ensure that they are used in a secure manner.  That they
    aren't tampered with and they aren't abused.  To do that you have to take
    some degree of effort to protect your computer system.
ES: Is law enforcement geared up to deal with the kinds of crimes that you guys
    are working on, investigating and trying to deal with?
BG: Law enforcement does have experts with them.  They also have to investigate
    everything else that occurs.  So it becomes a priority item to private
    companies to make a commitment to look at it themselves to protect their
    systems and include law enforcement if appropriate.
ES: Is there a naivety on the part of a lot of people that just left computer
    systems unguarded.
BG: Yes.  In reference to the law enforcement, in our current criminal justice
    system I know that in the states that we deal with and the federal agencies
    that I have dealt with part of the problem is finding a prosecutor, a
    judge, and a jury that understands what a computer crime is,  Because they
    are not computer literate.
ES: Well stealing information and stealing time are crimes.  How about the
    stories of computer hackers breaking into computers at nuclear laboratories
    like Lawrence Livermore Laboratories in California.  This is where they do
    the research on nuclear weapons and God knows what else.  Think of the
    potential of this kind of misbehavior it's frightening.
BG: That's why computer security has become a hot job.
EZ: I'm still trying to focus on my immediate problem here which was the
    question of the ghost rings.  What I'm hearing you say is that you think
    that the ghost rings are primarily the work of hackers.
CM: I think its a very plausible cause.
EZ: The question that people raise about this of course is that you can see it
    happening once in a while, but why all the time on a regular basis?
CM: The computer hacker scans prefixes and will set his dialer look for
    computer tones.  He may find a few numbers and tell two or three friends.
    Those two or three friends will now tell two or three other friends.  They
    will see these numbers and then they will go and scan that whole thousand
    number group again.
EZ: I still don't quite see why the ghost rings occur at exactly the same time
    all of the time.
CM: I can't answer that.
ES: I respond to that by saying the times are most likely approximate.  Most
    people's watches aren't perfect and neither are their memories.  However
    if the majority of the hackers are in high school, then they are probably
    going to sleep at about the same time every night and setting their dialers
    to run while they are asleep, therefore hitting the same numbers at roughly
    the same time every night.

    Is it correct to say that they can program these computers to do this work
    without any billing information being generated?  And how can they do this?
    Or is that an area we should stay away from,  I don't want to compromise
    you guys.
BG: You're talking toll fraud and that's really not my area of expertise.  Toll
    fraud is a fact of life, but I'm not a toll fraud person.
CM: The presumption is that the billing doesn't kick in for a split second
    after the phone is picked up and that is what enables these guys to get
    away with this.
BG: Talk to Ken.
ES: Ken will tell you things that you'll never be able to talk about on the
    radio or write about I'm afraid.  We're going to get into some other
    elements of all of this.  Are the penalties for computer hackers set to
    meet the crime these days? I mean do we catch many of them do they get
    punished and does the punishment fit the crime?
CM: The computer hackers that usually get caught are juveniles, which means the
    most you can do is keep them in jail until they are 21 and confiscate their
    computer equipment.  The U.S. Attorneys Office in the Northern District for
    Illinois did in fact return a juvenile indictment against a hacker who used
    the code name SHADOW HAWK.  It made the front page of the Chicago Tribune.
ES: What did he do?  Can you tell us?
CM: According to the Tribune, he stole software from AT&T.
ES: This proves that as smart as some of these hackers are, some of them get
    caught, maybe even a lot of them get caught.  So as hard as they're working
    to defy the system apparently you people are working from inside the system
    to foil what they are doing and catch them.
CM: Exactly
ES: If you don't prosecute them when you catch then then it will not mean a
    thing so does that mean that the various phone companies and their
    subsidiaries have got a very serious mood about prosecuting if you catch
    people?  Is that the way of the future?
CM: Every case is different.  Prosecution is always an option.
ES: Are we a couple of years late in dealing with this problem?
BG: The laws typically catch up to the need.  You have to identify a problem
    before you can really address it.
ES: We have made arrangements thanks to our guests tonight to speak to an
    Illinois State police detective sergeant who works on computer fraud;
    Sergeant Abagail Abraham.
AA: Good morning I appreciate being here.
ES: Have you been listening to the radio prior to our call?
AA: I've been glued to the radio yes.
ES: Okay.  Your unit is called Computer Crime Section?
AA: Sure.
ES: How long have you been in existence?
AA: Since February 1986.
ES: There obviously was a need for it.  Do we have enough state laws or state
    statutes for you to do what you have to do?
AA: I think so.  At the time that the section came into existence, the laws
    were not very good.  Most computer crimes were misdemeanors until a few
    months later when the attorney general held hearings in which we
    participated and thus they drafted a law.

ES: Sergeant, is it handled better at the state level as opposed to the federal
    level?  The gentlemen here from Ameritech mentions that the US Attorneys
    Office has recently brought a prosecution here in Northern Illinois.  Is
    his office going to be doing much more of this or do you see it being done
    at a state level?
AA: I think it depends upon the kind of case.  Certain cases are probably
    better handled at the federal level and certain cases are handled best at
    the local.  When dealing with the federal agencies, the jurisdiction for
    computer fraud is shared between the FBI and the Secret Service.  So it
    depends upon the nature of the case as to which agency would take it, but
    many cases are not appropriate for the federal government to take part in.
ES: Let's say we have a student who changes a grade in a school computer
    system.  That would be more a state case I would presume than a federal
    case right?
AA: Certainly it would be likely to be a state case, we had a case like that.
ES: If you were able to develop a case like that and have evidence, are you
    liable to get a conviction?  Our guests were saying that the courts don't
    necessarily understand all of this.  When you go into state court on this
    kind of a thing are you getting judges and/or juries who understand what
    you're talking about?
AA: Well we have had no cases go to jury trials.  As a matter of fact, no cases
    have even gone to bench trials because as like the vast majority of cases
    in the system they are plead out.
ES: They plead guilty?
AA: We have a 100% conviction rate.
ES: Really!
AA: Our success is based very good cooperation from state's attorneys offices.
    We've had no problems bringing our cases to them.
ES: Your data is so good that by the time you make your pinch there is no way
    they can talk their way out of it.  You've got them dead to rights.
AA: Yeah, we haven't had a problem with that.
ES: What kind of penalties are you getting Sarg?
AA: All of our cases have had a 100% conviction rate, be we haven't had that
    many finally adjudicated.  They are in various stages because the law is so
    new.
ES: I presume that you're going to continue working very hard put more people
    in jail.
AA: Yes, it's a growth industry.
ES: Is Director Margolis supportive of what you are doing?
AA: I think so.  Our unit came into existence under the prior director, Zegal,
    but Director Margolis has been very supportive of our efforts and I suspect
    that he will become even more so.
ES: Do people who are victims of computer crime know who to report it to? If
    you operate a business and your computer has been violated or anything at
    all has been done to you, does the average computer owner know who to
    report it to?
AA: No.  That's a really easy question!
BG: I would, but only because I'm in the industry.  However, the average small
    business man would probably be somewhat at a loss.
AA: He might not even realize that is is a crime.
BG: That's exactly true and fortunately Illinois has had the foresight to put
    together a unit such as the Sergeant's.
ES: Let's say there is a medium size company that uses computers.  I'll invent
    a company.  My name is Mr. X and I own a a fairly nice real estate company
    in the neighborhood of Chicago.  I've got maybe a dozen employees and a
    couple of years ago we went to computers to keep track of our listings, and
    all of our accounting and our bookkeeping, our past customers, and all our
    contactees.  I mean we've got a lot of data.  We communicate with some
    other real estate agencies and so we use modems, telephone lines and let
    computers talk to computers.  Since some of this work is done when our
    office is closed, we leave our system hooked up.  I came in yesterday
    morning and low-and-behold somebody got into our computer and erased all of
    our data, or part of it, or changed something.  I am the victim of a crime
    should I pick up the phone and call the Illinois State Police
AA: Sure.
ES: You'll show up and you'll investigate?
AA: Sure.
ES: Okay.
AA: There are several ways in which a case can get to us.  One of them is that
    you as the victim could contact us directly and another way would be to
    contact the local police and hope that they would call us.
ES: There's the key word...hope.  Does the Chicago Police, the Wilmette
    police, the Joliet police, do they know enough to refer these cases to you?
AA: I don't know if Joliet does, but Chicago and Wilmette certainly do.  For
    any of the police that are out there listening at this point let me add
    that if we were to get a case referred to us, we will handle the case in
    any one of a number of ways.  If the local agency brings it to us and wants
    nothing to do with the case because they have too much on their own we will
    take the case over.  If they would just like to either work cooperatively
    or have us go with them on an interview or two to translate what the victim
    may be saying we'd be happy to do that too.  So we have enough work to do
    now that we need not take cases over.  We are happy to work with any
    agency.
CM: I think one thing worth pointing out here is that we're focusing on on a
    crime via telephone.  Computer crime is done from afar where the victim
    doesn't know the offender.
AA: That's true.
CM: The majority of cases probably don't involve telephones at all.  They
    involve companies' own employees who are committing what amounts to
    embezzlement using computers.  Either transferring money by computer to
    their own accounts or somehow playing with the books and the employer might
    not realize for a long time until some auditing process occurs that the
    crime has even occurred.
AA: You're right.  There are a number of cases like that.  What happens very
    often in a case like that when it is somebody in-house is that the company
    will choose to not call it to the attention of the police they will choose
    instead to take disciplinary action or fire the person.  Their argument
    most times is that they don't want the embarrassment. We do not go out and
    seek headlines unless our victim is interested in having headline sought.
    We don't choose to publicize cases and embarrass our victim.  The stuff is
    simply not reported that much.
EZ: I was talking to a computer consultant once who said that the higher you
    are up in the company if you're involved with something like this the less
    likelihood there is of not only you never doing time, but even getting any
    sort of penalty involved.  I was there was one particular case of a guy who
    was an executive vice president for a bank who I think stole some
    phenomenal amount of money was in the millions who was discovered after
    some period of time and they didn't want it to get out that one their
    trusted employees was a crook so they gave threw this guy a retirement
    banquet
ES: Hahahahahaha.
EZ: They retired him from the company and he left with honors.
AA: I like this....
EZ: The consultant said he was there and it was the most hypocritical thing he
    ever saw, but they will do it to avoid the unfavorable publicity.
ES: I believe it.
AA: Certainly if you are high in the organization and you control things then
    you can control various procedures so that you are less likely to be caught
    and you are probably in control of enough money that you are able to come
    up with creative ways to embezzle it with less suspicion aroused.  I'm not
    sure why, but the more money you take the less likely you are to get
    prosecuted.
ES: People admire these kinds of crime.

           (Commercial Break and then reintroductions including...)

ES: I want to welcome a new player to our game tonight, Mr. John Maxfield.
    John Maxfield owns a corporate security consulting company.  John...are you
    there?
JM: Yes I am, good morning.
ES: Good morning I guess you are outside of Chicago and are you close enough to
    have been listening to our program?
JM: Well ahhhhh, unfortunately ahhhh I'm ahhh a bit to the east of you and I
    had a little trouble listening in on the radio so uhhh I've been listening
    the last few minutes on the telephone.
ES: We've gotten into all kinds of data here.  Have you and the sergeant ever
    talked before?
JM: I don't believe so.  I may have talked to somebody in the Illinois State
    Police ummmm maybe a year or so ago, but it was not the sergeant.
ES: Sergeant Abraham you're still there, correct?
AA: Yes.  I'm here
ES: I presume John that you know Chuck Moran and Bob Gates.
JM: Yes I ahhh am acquainted with ah Bob Gates.
ES: What does a private computer security company do?
JM: Well uhhh we get involved with ahhhhhh ahhhhh the cases that perhaps don't
    make the headlines.  Ummmmm and my role is more of kind of in counseling
    clients as to how they should secure their systems and to acquaint them
    with the risks and the kind of the nature of the enemy what they are up
    against.
ES: We were talking earlier about a movie called WarGames which I'm sure you
    must be familiar with.  My guests have been telling us a little bit about
    some of the things that go on. I suspect that the computer hacking problem
    and related behaviors is probably very severe isn't it?
JM: Yes ahhh it certainly is a growing problem  The movie WarGames kind of put
    out into the public eye what had been going on very quietly behind the
    scenes for a number of years.  And uhhh of course as a result of WarGames I
    think there was an increase in hacking activity because now a lot of the
    uhhh hackers suddenly realized that it was something that maybe something
    they should do and achieve notoriety.
ES: I have a question here that may or may not have an answer.  Why is that the
    legitimate use of the computer isn't enough to satisfy its user or owner.
    In other words, why hack?  Why misbehave?  Why break the law?  Why cost
    people a fortune?  I mean there are so many fascinating things you can do
    with a computer without breaking the law why are so many people into this
    anti-social, anti-business behavior?
JM: Well that's a difficult question..ahhhhhh you could say "why do we have
    criminals?" You know when you know there's plenty of gainful employment out
    there.  Ahhhhh the thing with the computer hackers uhhh most of them are
    thrill seekers. ahhh they are not the kind of people that are going to be
    ahhhh good achievers with computers they're really only know how to do the
    destructive things.  They're kind of the analog of the vandal.  Ahhhh
    they're not really ahhh some of them are very bright but they're very
    misguided.  Misdirected.  And uhhh it's it's kind of hard to make a
    generalization or a stereotype because they do kind of cover a wide
    spectrum.  We've got a one end of the spectrum a lot of these young kids
    ahhh teenagers.  And they mostly seem to be boys there is very few female
    hackers out there.
ES: really?
JM: Yeah that's an interesting phenomenon.  I would say that maybe there is one
    girl for every ten thousand boys.  But ahhh anyway at the one end of the
    spectrum we have these kids that are just kind of running loose they really
    don't know how to do very much but ahhhh when they do manage to do it they
    do a lot of damage.  Just by sheer numbers.  And then on the other end of
    the spectrum you perhaps got a the career criminal whose chosen to commit
    his crimes over the telephone line.  Instead of you know holding up people
    with guns uhhh he robs banks by telephone.  So you've got this wide
    spectrum and it's very hard to put a stereo type to it, but most of the
    hackers start out because there's kind of a thrill there's sort thrill of
    ripping off the phone company or breaking into a bank computer and
    destroying data or something. There's a ahhhh kind of a power trip
    involved.
ES: Now what you're trying to do is advise your clients how to avoid this
    before it happens.  Do most of them end up getting burned before they come
    to you or are people smart enough to invest early?
JM: Security unfortunately in the business world tends to take kind of a back
    seat because it doesn't generate profits, it doesn't generate any revenue.
    It's an expense uhhh if if you're worried about burglars and you live in a
    big city like I do or like Chicago.  Then you know you've got to spend
    extra money for locks and burglar alarms and it's a nuisance you've gotta
    unlock your door with three different keys and throw back all these dead
    bolts and stuff and turn the burglar alarm off and back on again when you
    leave so it's a big nuisance. So security tends to be left sort of as the
    last thing you do.  And uhhh of course after a corporations been hit their
    data's been damaged or stolen or destroyed or whatever.  Then they can't
    spend enough money, you know, to keep it from happening again.
ES: We have been told there is not premise that is burglar proof, there is no
    person regardless of their importance in this world who is totally
    protectable.  Is a computer or a computer system totally protectable?  I
    mean can you teach somebody how to secure the system so the hacker just
    can't get at it?
JM: Quite frankly you're you're correct. I think the only secure computer is
    one that is unplugged.  Or you change all the passwords and don't write
    them down so no one can log on.  Like any other form of security if you put
    enough locks and bars on your doors and windows the burglar's going to go
    somewhere else where its easier pickings.  The same is true with computer
    security.  You can secure your system from all but the really ummmm you
    know intense organized attack.  Now obviously in industry we've got certain
    segments that are targets, if you will.  Banks obviously are a target,
    that's where the money is.
ES: If computers are so capable and so smart, can't we say to a computer "Okay
    Computer, protect yourself"?
JM: The computer actually is fairly capable of defending itself, the only
    problem is it's not intelligent.  Uhh and it doesn't really care you see
    whether somebody breaks in or not. You see there's no human in the loop, if
    you will.  So you have to have you have to have a human someplace that
    looks at the exception report that the computer generates and says "hey!
    What's all these two o'clock in the morning logons...those accounts are
    supposed to be active at that time of night."  Now you can program a
    computer to do some of that, but you still need a human auditor to
    scrutinize the workings of the system ever now and then just to be sure
    that the computer is protecting what its supposed to protect.
ES: John, what's the name of your company?
JM: My company is called BoardScan and we're in Detroit Michigan
ES: We have some callers, first up is young lady by the name of Penny.  Are you
    there Penny?
P:  Yes I am Ed, how are you?
ES: Good.  Are you enjoying the program?
P:  Yes!  I'm a victim!
ES: A victim! Tell us how.
P:  We moved in about three months ago, two of our phones are rotary service
    and one of them is a cheapy touch-tone that you go from touch to pulse or
    something on it.  When somebody dials out on one of the rotary phones, this
    cheapy phone beeps back at us.  Well I don't mind it too much because I've
    got little kids and I get to know who's using the phone.  Except, 10:38 at
    night when my kids are sleeping and I'm sitting in the family room, my
    little touch-tone phone beeps at me. Twice.
JM: Oh I think I can explain that, perhaps.  Now it just beeps...
P:  Twice!
JM: It does it every night about the same time?
P:  Just about, yeah.
JM: Well there's an automatic scanner in every telephone exchange that runs at
    night testing lines.
ES: Oh no! Now wait a minute!
P:  Now wait a minute!  They said that doesn't happen! No no no no.
ES: The phone company all right.  This is the one thing that everybody we've
    talked to in the telephone industry has denied!
EZ: We, ahh, yeah....
ES: Go ahead Ed!  Take over, take over
EZ: We talked to a number of people at the phone company and the original
    thought was the phone company was doing some sort of testing, but the
    people at the phone company we talked to said "no...they don't."  That
    testing occurs only when the actual connection is made in a routine phone
    call.  This is part of the on-going sort of testing program.  There is no
    additional testing, however, they said.  Now does it work differently in
    Michigan?
JM: Well I don't know.  I know I have a phone that ahhh will ahh...it's got
    like a little buzzer in it and it will go "tick- tock" at about 1:30am
    every night.  And ummmm if you're on a if you're on one of the older
    electro-mechanical exchanges uhh then I dare say there is a scanner that
    does scan all the lines at night.  And it it only stops on each line for
    about oh a 1/2 second...just long enough to make your phone go beep-beep.
    And I'm sure that's what the explanation is. I am pretty qualified, before
    I got computer security work I used to install telephone exchanges.
P:  Okay, I have a home computer.  It's a Commodore I do not have a modem.  Is
    there anyway that I could get one and verify this?
JM: Ahhhhh I don't what a modem would have to do with the telephone company
    testing your line at 10:30 at night.  I don't see the connection there.
P:  What would verify it?  Could I verify that I'm being used as a test or
    would it verify that I'm being scanned by some other computer someplace?
JM: Well no.  If you were being scanned by a hacker, you'd be getting an actual
    ring, you wouldn't get just say a short beep.
EZ: Penny where do you live?
P:  Oaklawn.
EZ: Would you be willing to participate in a little experiment?
P:  Sure, it happens pretty regularly.
EZ: Okay. Well is it every night or just some nights?
P:  6 nights out of 10.  More than 50-50.  It happened tonight as a matter of
    fact.
EZ: Okay well tell you what.
P:  It happened last night as a matter of fact!
ES: Penny, we'll get your name and your number and Ed is going to
    call you during the day and do a little work with you, okay?
P:  Sounds good.
ES: Thanks Penny.  Hold on a minute okay?
P:  Thank you.
ES: You see now, Mr Maxfield is telling us something that every source we've
    gone to has denied.  There's no such thing they tell us as of random
    testing of the phone network either by the local phone company or by AT&T
    they say to us "what for?"  There's no need to do it.  There's no reason to
    do it.  Let me ask our guests in the studio here from Ameritech.  Has
    either one of you ever heard of anything like this?  Is it the kind of
    thing that either one of you can address?  I know that you're computer
    guys, but what about this?
CM: I know who you've talked to over at Illinois Bell Security and at one time
    historically they used to do testing, but they stopped that when I was
    still at Illinois Bell.
ES: So this is some years ago.
CM: Yeah.
EZ: Now did it only apply to the electro-mechanical systems?
CM: The only offices I ever worked out of were electro-mechanical, so yes.
JM: Well I don't know. That would be my first guess because I know when I was
    on electro-mechanical exchange here in Detroit that's what would happen
    every night.
ES: It's a different phone company.
JM: Well I know, it's the same equipment though.  Now on two electronic
    switching systems the line is tested every time you make a call.  So there
    isn't any scanner like that.  I think the mystery would be solved by just
    verifying what kind of equipment you know she was being served out of.
EZ: It never dawned on us that that would make a difference.

           (Commercial Break and then reintroductions including...)

ES: I've got a call coming in here long distance from Missouri. Anna are you
    there?
A:  Yes I am.
ES: Where in Missouri are you?
A:  I'm in Kansas City.
ES: And you're listening to us tonight?
A:  Yes.
ES: Okay now my producer tells me that when you called up you identified
    yourself as a computer hacker, is that correct?
A:  I am a female phone hacker and computer hacker, Yes.
ES: One of the few because apparently mostly males are into this.
A:  Uh-huh.
ES: Anna, talk up a little bit louder.  How old are you?
A:  I'm 27.
ES: Twenty seven years old and do you have a job?
A:  No.
ES: You don't?!
A:  No I have a lot of idle time.
ES: And you're a computer hacker. By definition what do you do
    with your computer that makes you a hacker?
A:  Well I scan out codes that residents and companies have with US Sprint and
    different companies and I've used about fifteen thousand dollars worth of
    free long distance.
ES: Are you calling free right now?
A:  Yes I am. I am not paying for this call.
ES: Your computer has allowed you to make an illegal long distance call?
A:  Through the computer I obtain the codes and then I dial codes with the
    touch-tone.
ES: Sergeant, should I be talking to her since she's committing crime right
    now.  Am I aiding and abetting her? No wait..no.  I've got a police officer
    on here....Sarge?
AA: Yes.
ES: What do you think?  Should we continue with this?
AA: I'd be real curious to know what her justification is for her behavior.
ES: How about that Ann, how about giving us an answer for this?
A:  Well I have a lot of idle time and very little money and I like to talk to
    a lot of my friends.  I have a suggestion for companies and residents out
    there who might have remote access codes.  You might make them difficult,
    not not easy where hackers could, you know the first things they try are
    like 1-2-3-4, etc.
ES: Well let me ask you a question Anna.  Have you found your computer hacking
    to be relatively easy to do?
A:  Yes I have.
ES: So you're saying that the computer people of the world have not tried hard
    enough to keep you out?
A:  No they haven't.  I would suggest as far as the phone companies who use
    remote access codes to make the codes more difficult.
ES: When we run into people like Anna who obviously have some intuitive talent
    and some success at this, why don't we hire some of these people and put
    their knowledge to work?
AA: No!
ES: No?
JM: No. No.  I'd have to say no to that also.
A:  Why not?
JM: You have to understand the the technical side of it.  Just knowing how to
    hack out a code doesn't qualify you as knowing how to change they system so
    you can't hack codes anymore.
AA: There's a perception that these people are all whiz-kids and I don't think
    that's the case.
ES: Are you a whiz-kid Anna?
A:  No, I don't always use the computer to find these codes I have a lot of
    friends and I also do some hacking of my own and there are a lot of
    different methods.  What you figure out is what how many digits are in the
    codes and different things like that so it does require some brains.
    Unless you have friends of course and that's all you rely on.
ES: Do you not understand that what you are doing is illegal?  Does that not
    even enter into the equation?
A:  Of course I understand that!  Yes.
ES: That what you are doing somebody else ultimately has to pay for Doesn't
    that bother you?  I mean if you were the victim of a thief or a burglar, I
    presume you would call the police and you'd scream and yell until they did
    something about it. And yet you and so many thousands of other people think
    nothing of committing thievery and fraud by wire and God knows what other
    crimes and because your victim is not sitting in the same room with you it
    just doesn't seem to bother you.
A:  Well I haven't I haven't physically bodily hurt anybody and it's mostly
    companies you know that I've dealt with.
ES: That makes it okay?  Companies are made up of people. Sometimes they're
    privately owned and sometimes they're made up of stockholders, but
    companies are people and so you're hurting people.
CM: I don't know what service she's coming through on, but you gotta remember
    its costing that company money right now to enable her to talk and they've
    got to recover those costs from their legitimate customers.
A:  Don't they just use it as a tax write-off?
BG: No.
JM: There's been some of the smaller long distance companies, some of the
    people that resell service provided by AT&T or Sprint, some of these
    smaller companies have actually been bankrupted by people like Anna.
A:  Well I happen to know the person who bankrupted one of them.
AA: I don't see why that's something that would make anybody proud.
A:  I'm not proud to know this person.
AA: Why would you be proud to do what you're doing because you're doing the
    exact same thing, just perhaps not at the same scale.
A:  Well I don't I don't deal with small time companies.
AA: So, you and many people like you are costing large companies a enormous sum
    of money.  You're the people you're the reason that a company like Sprint
    is not profitable and could in fact bankrupt or could have to lay people
    off and could put people out of work.
A:  They're not profitable?
JM: Sprint has been losing money almost since the beginning.
CM: Or just make a basic rate increase which makes phone service less
    affordable.
EZ: My long distance company is All-Net which has had to change access codes
    three times in the last year.  Primarily because of hackers and I don't
    think it's ever been profitable.
CM: Which is inconvenient to you as a customer.
EZ: Sure
ES: I think what bothers me the most out of this whole thing with Anna is the
    fact that she is, committing crime literally every day and just doesn't
    acknowledge that as either morally offensive.
JM: Yes you've hit on the crux of the problem here.  Ahhh these phone phreaks
    and hackers really don't see themselves as criminals and the crime here is
    totally anonymous it's as simple as dialing some numbers on a telephone
    that belong to someone else.  Okay and so there is no victim.  I mean the
    hacker or the phone phreak doesn't even know the victim that ahh they're
    billing the call to.  In most cases.
ES: Like the burglar who burglarizes during the day when nobody is home he
    doesn't see the faces of his victims and so its a very impersonal crime.
    Anna how would you feel if someday you get  a knock on the door and it's
    the FBI or the Secret Service and they have finally tracked you down and
    the US Attorney for Kansas City decides to indict you and they've got a
    good case and you end up going to prison.  How would you feel then?
A:  My original reason for taking an interest in this particular hobby is that
    someone got hold of my AT&T calling card and ran up my phone bill to
    several thousand dollars and I took an interest in it to find out
    originally what was going on with it.  Now I have had contact with the
    Secret Service and the FBI and they didn't do anything about the person who
    offended me.  They didn't do anything at all.
AA: That doesn't answer the question.
ES: Well what's going to happen if they come back and grab you?  How would you
    feel if you ended up having to go to prison?
A:  I guess those are the breaks.
ES: Are you married or single?
A:  I'm single.
ES: Does your family know that you're involved in all this?
A:  Yes they do.
ES: I mean how would they react if you ended up being arrested?
A:  I guess they wouldn't get anymore free long distance.
ES: They're using it too!?
A:  They have me place the calls for them.
ES: You know what disturbs me.  You know don't sound like a stupid person, but
    you represent a lack of morality that disturbs me greatly.  You really do.
    I think you represent a certain way of thinking that is morally bankrupt.
    I'm not trying to offend you, but I'm offended by you!
A:  Well I appreciate your time and you giving me air time an everything.  I
    thought I'd let some of you know that we are out there and look out for us.
    Change those remote access codes to more difficult codes and...
BG: Is that to make the challenge more difficult for you?
A:  Possibly for some of us, but to also those hackers who don't have the
    intelligence or don't have the friends or don't have the computers or
    whatever they're using.
BG: Or the idle time.
A:  Right, the idle time.  There you go.
ES: How do you pay your rent Anna?  Or do you live at home with your folks?
A:  I live with my parents.
ES: Oh...okay.
AA: Why not take that time and do something constructive or socially useful?
A:  Well I went out and applied for a job with US. Sprint and didn't get hired.
AA: That's good!
EZ: Is it any wonder?!
ES: Anna, do you listen to this program very often?  I don't believe you've
    ever called before have you?
A:  No.
ES: Do you listen every once in a while?
A:  Yes.  I had just happened to hear through a friend that it was coming on.
ES: Okay.  I tell you what Anna.  A little something for all new callers.  I've
    got very fancy WGN T-shirts.  If you give my producer your name and address
    we'll send one to you.  Okay?
A:  Okay
ES: We'll be right back. (Click!) She hung up.  I have to tell you the truth.
    I thought we had her there for a minute.
AA: Well done!
JM: She hung up on you?
ES: The minute we went in on the line to get her address to send her the prize
    she hung up.
JM: Yeah, I don't doubt that.
ES: I'm not trying to make an enemy out of the woman, but I really am disturbed
    by her lack of moral fiber.  I got another person on the phone claiming to
    be a computer hacker.  Dan, are you there?
D:  Yes
ES: Are you a computer hacker?
D:  No. I'm a computer science major.
ES: Oh, okay.
D:  I'd like to ask your security experts what types of risk avoidance is
    involved in providing unauthorized people into corporation's computer
    systems?
BG: What you're asking us is what we do to try to keep unauthorized people out
    and for me to answer that, would give away the store.
AA: Besides it would take about two days.
JM: I think you can answer that in generalities.  As a number we're talking
    about I guess, telephone dial-up access to computers.
BG: I think he's asking generically.  Just computing.  I don't think it would
    be appropriate for me to discuss.  There is enough literature out there,
    you're a computer science major you read the literature and I think your
    answer lies there.
EZ: Just to give you an example I know in terms not so much as computers, but
    misuse of long distance credit card numbers, the All-Net people who I deal
    with made their numbers longer which is the simplest thing you can do.
    It's harder to find one that's working.
JM: When protecting your computers, the first line of defense is the password.
    Obviously you don't want to use trivial passwords.  Ahhh that's the first
    line of defense.  After that you add on other things like dial-back,
    encryption and various other techniques to rule out anyone with just a
    casual ahhh attempt at access that is just not going to get through.
ES: Dan, where are you going to school?
D:  Right across the street from WGN, the Devry institute.
ES: What is your feeling when you hear somebody else talk about, you just heard
    Anna, what what's your feeling about what she's doing?
D:  I'm not really familiar with the hackers.
ES: Don't you see things being stolen?  Does that bother you at all?  I mean
    you see the illegality of it? The immoral...morality of it?
D:  I think it's very unethical because a lot of the companies have billions of
    dollars in equipment.
ES: It's not something you're into?  Correct?
D:  That's correct, yes.
ES: I'm glad.  Thanks for your call Dan.
D:  Okay.
ES: Hello Louis are you there?
L:  Yes I'm here.
ES: Okay you're on with all of our panel members Louis.
L:  Thank you very much. I heard a story that had to do with a certain hacker
    who had gotten inside the computer system of a let's say a large oil
    company.  We'll leave the names out of it.  They had set up a security
    system which automatically traces the call directly back to wherever the
    originating connection is made and this goof called from his home.  Two or
    three days later, he found FBI agents on his front door step.
AA: I'm not familiar with the case, but it's certainly is within the realm of
    possibility.
JM: This happens quite a bit.  A person like Anna for example might use a long
    distance service that is subscribing to a service from the originating
    telephone company of identification of calling number.  When the fraudulent
    bill is generated the number that placed the call is also there and working
    it backwards is very trivial at that point.
L:  They simply did something like putting a trap on the line.
JM: On some of the systems, the trap is already there. It's just part of the
    system, it's not really a trap at all.
ES: There are ways to catch people and the computer hackers like to play the
    odds.  All right Louis thank you.
L:  Hopefully this will teach a lot of people who are considering doing
    something like this to keep their hands off.
ES: I hope so, good point.  Thanks for the call.
L:  Thank you very much
ES: We've got a call here.  Hello Bob!
B:  I'd like to make a few comments on computer law.  I live in Oaklawn and
    they've got the most modern exchanges that Illinois Bell has to offer.  My
    son lives in that area and I know they offer features that are only
    available on the newer switches out there.  I go back with computers to
    before Apple and IBM sold PC's, I had a couple sitting here at home.
ES: Uh-humm.
B:  I bought my first modem about 1978.  I consider myself somewhat a hacker,
    but I've never really tried to get into anybody else's system, not so much
    that I considered it illegal, simply because there wasn't that much of
    interest to me available.  As far as computers go, if I sit here and dial
    random phone numbers in some states, now that is illegal.  It's illegal if
    your 14 year old is sitting at home at a computer, but it's not illegal if
    your using a computerized phone system for generating sales leads.
ES: We call it tele-marketing.
B:  Tele-marketing is essentially what some hackers have been hassled for and n
    some states it is illegal now.  I've accidentally accessed systems I did
    not intend to access.
CM: You didn't pursue that right?
B:  No, I've never used it.  I've never used a computer for theft of services.
    I am not about to try and defend somebody that uses a computer to as a tool
    for theft of service from a telecommunications company. However, there are
    certain computer laws that never should have been passed.  The case of the
    fellow out in California two or three years back that had a bulletin board,
    somebody had posted access codes on his bulletin board.  He has an
    automated machine that answers his telephone.  The telephone line is in his
    name, the Secret Service came and confiscated his equipment Its not right
    that this happened because of third party theft of service.
BG: I think the rationale is over simplistic.
B:  Am I responsible for what you say when I answer my phone is essentially the
    question.
BG: No, I think the question is, is the bulletin board operator responsible for
    what is posted on his bulletin board.
B:  Well that literally makes no sense.  If a telemarketer calls me am I
    responsible for anything he says after I pick up the phone?
BG: A bulletin board is used to disseminate information further.  When a person
    posts something, in this case a code, the bulletin board is used to further
    spread that information.
JM: I believe that is the Tom Tcimpidis case that you're referring to and I'm
    quite familiar with it.  It was not quite as you put it.  The stolen AT&T
    calling card that was posted was posted anonymously one minute and one
    minute after the AT&T card being posted by the anonymous party, Tom
    Tcimpidis, the sysop, the operator of the bulletin board himself had been
    on-line and had posted other messages.  So there was reason to believe
    perhaps that the anonymous person was actually the system operator.  There
    was a further complication that arose in that the stolen AT&T card belonged
    to a former employer of the system operator.  Ultimately there was not
    enough evidence with which to charge anybody and the whole thing was
    quietly dropped, but it did raise some interesting questions as to
    responsibilities of the system operator because Mr. Tcimpidis said that he
    didn't know the code was there and yet his own equipment log showed that he
    had been on-line.
B:  Let's take that a little further then.  Let's say there was an answering
    machine connected to his phone and we know he listened to the answering
    machine. Let's say somebody with a voice message left him half a dozen
    stolen credit card numbers.  Would the action of the law enforcement
    agencies have been the same?
JM: No...no, you're
B:  I think you must look at a situation where over the years an unnecessary
    fear has grown of some of the hackers.  The phone phreaks scare me to an
    extent.  I've got bogus calls on my US. Sprint and All-Net bills, never got
    one on my AT&T bill.  I can see this is a definite problem, the phone
    phreaks do scare me, and I realize that real problem is that nobody seems
    to reconcile every call or even read their long distance bills.
AA: If I have an answering machine on my phone and somebody calls up and leaves
    me information that were I to use it it would be illegal and I either erase
    the information or turn that other person in.  I have no intent to use it
    and there is no law enforcement officer that I can imagine who is going to
    take action and no prosecutor who would take the case.
ES: In other words if a guy sets up a computer bulletin board for the express
    purpose of exchanging information he is not supposed to have when other
    people have information their not supposed to have, I don't think there's
    any doubt about what their intent is and about the fact that they are
    violating the law.

    Sarge, if you went after somebody like Anna for what she admitted doing,
    stealing $15,000 dollars worth of long distance and you were able to handle
    the investigation, come up with the evidence, and bust her,  what kind of
    penalty might she get?
AA: A very difficult question to answer because it depends upon her prior
    criminal history.  Most of these hackers do not have a history.  In Anna's
    case the crime would be a class four felony which would result in probably
    simple felony probation.
ES: She admitted to stealing $15,000!
AA: I'm sure that her estimate is wildly off on the low end. if she is
    disseminating codes then she is also somewhat responsible for other
    people's use of the same codes.
ES: Could we charge someone like her with conspiracy?
AA: Sure!
ES: She is generating a continuing criminal enterprise.
AA: It depends again on whether you choose to prosecute her federally or at the
    state level.  She would be looking here at a class three or class two
    felony depending upon the sum of money that she had stolen.
ES: The bottom line here is if the punishment doesn't fit the crime, its not
    going to stop the criminals.
AA: You have to remember that these are the people who have not been processed
    in the criminal justice systems and even to hold them over the weekend in
    Cook County would not be an experience I'd care to repeat.
ES: Many of them are pretty arrogant sounding it seems.

                    (Commercial Break And Reintroductions)

ES: We've got an interesting new telephone law here; Chapter 38 of the Illinois
    Criminal Code.  A person can be prosecuted, arrested and convicted for
    bothering somebody even if the person doesn't answer the phone.  Just
    ringing a persons phone now is against the law, it's harassing them.
JM: I might add, since we're discussing harassment by phone... the hackers
    don't like me too well and I'll get about a death threat a week from a
    hacker.
ES: Really.
JM: Oh yeah and every now and then I figure out who it was and I call them back
    and that kind of shakes up a little bit.
ES: There was this reporter here that was being harassed like crazy in the news
    department here by a hacker who had a computer that was ringing the phone.
    He was ringing the phones like crazy and I didn't know about.  Finally the
    reporter asked what I could recommend.  I made a phone call and the
    Illinois Bell Security did what it had to do and then the Chicago Police
    were brought in and one night when I was on the air the officers went to
    guys home, knocked on the door, and this kid was shocked!  He was a
    telemarketing representative for a major magazine and apparently he was
    working at home he had some of their equipment at home including a rapid
    dialer.  He's got two detectives at the front door and he had literally
    just gotten off the phone.  We've got all the data and so now comes the
    decision what do you want to do.  Take him to court?  Lock him up?  Go to
    his boss?  I went back to the reporter in our news room and asked him what
    he wanted to do about it?
JM: What did he say?
ES: Write a 500 word essay on why he was never going to do it again.
JM: Ha Ha!  We had one 14 year old one hacker who was on the bulletin boards
    and posting messages about how to make pipe bombs, different types of
    poison, long distance codes, and computer passwords, etc.  On the bulletin
    boards he would come across like Ghengis Khan or or Joseph Stalin or
    something.  I mean his language was all four letter words and yet face to
    face he was a very meek, mild mannered, well behaved youngster.  However,
    get him behind the keyboard and he just sort of changes personality.  What
    do you do to a 14 year old?  He is much too young to really be put through
    any of the the serious criminal prosecutions so his penalty was that he had
    to read out loud to his parents all of the messages that he'd posted on the
    bulletin boards, four letters words and all.  And that cured him... hahaha.

    In most of the cases I've worked on it's rare that someone goes to jail.  I
    think the longest sentence that I've been involved with was probably like
    30 days.  I think there was one fellow down in Virginia, if I recall
    correctly, that got 90 days.  You don't necessarily want to put these
    folks in jail because then they'll meet the real crooks and teach them all
    these nifty tricks.
ES: God help us.  Lets grab a call real quick here from Gordon.  Hello Gordon,
    where are you calling from?
G:  Hello, I'm calling from DeKalb, Illinois.
ES: You have a question for our panel...go ahead.
G:  Yeah I do.  I'm a graduate student in Criminology up here at Northern
    Illinois University and I'm kinda involved in some field research with the
    types of people that you're discussing tonight.  I've heard a lot of terms
    flying back and forth between phreakers and hackers and things like that.
    I'd like to hear some input from the people on the panel as far as how they
    define these types of activities, if they draw and distinctions between the
    two, and secondly, if anybody can add any insight into maybe just how many
    people are currently active in this type of activity.
JM: I could take that because one of my specialties is identification and
    gathering data about how many perpetrators there are.  To answer the first
    question, a computer hacker would be someone who concentrates mainly on
    breaking into computer systems.  The phone phreak would be someone who,
    like Anna we heard earlier tonight, just makes long distance calls for
    free.  The problem is you can't really separate them.  The hacker needs to
    know the phone phreak tricks in order to break into computers in other
    states or other countries.  Certainly the phone phreak perhaps needs some
    computer aids in obtaining stolen codes.  It is hard to separate them.  You
    can call them phreakers or you can call them hackers or you can just call
    them criminals.

    As to how many, this is a tough one because at what point to you draw the
    line?  Do you say somebody that makes fifteen thousand dollars worth of
    calls in a year is a phone phreak and somebody that makes $14,900 is not?
    The problem is that its been a tradition to rip off the phone company ever
    since day one.  There has been phone phreaks for twenty-five or thirty
    years at least.  Ever since we've had long distance dialing.
BG: The phone companies not the only one under siege either.
JM: There are thousands of hackers, I would say just in the state of Illinois
    there are several thousand active computer hackers.
G:  Those hackers are the active ones?  Would you say that most of them are
    involved in communicating via the bulletin board systems and voice
    mail-boxes and things like that or is this pretty much a solitary activity.
JM: There are a few solitary hackers, in fact the beginnings of hacking, 25-30
    years ago, it was a solitary activity.  The bulletin boards have changed
    all that.  Now the hackers no longer really operate in solitude.
AA: One thing also about the criminal element here, the hacker and the
    phreakers, my experience has been that we have had very few "clean" if you
    will, computer frauds.  We have had some people who are only into
    multi-level marketing of codes, which ends up being enormous sums of money,
    but very often we've found that hackers are involved in other things too.
    For example, credit card frauds, we have done search warrants and found a
    reasonable quantities of illegal substances, of weapons, of other evidence
    of other offenses.  We have probably easily 50% of our warrants turn up
    other things besides computer fraud.  Which I think is an interesting point
    to keep in mind.
ES: Very good point.

                  (Break For Commercial and re-introductions)

R:  Hello, I just wanted to call up and clarify something concerning computer
    hackers.  I'm a hacker, but I'm not a criminal.
ES: We'll be the judge of that Bobby.
R:  I think you will be.  The reason I say that is, you're confusing things.
    The hacker is term that you could apply or compare more or less to "ham."
    It's a computer hobbyist, whether he does it just on his machine at home or
    he accesses legitimate services throughout the country and pays for his
    services he's a hacker.  There are a lot of people who are irresponsible,
    mostly teenagers, who are quite impressed with the power of this machine
    and get carried away with it and do criminal acts.  They happen to be
    hackers, but they're also criminals.  I think that distinction.
CM: I think the point is well taken I think originally the hacker was a very
    positive term historically and for whatever reasons the word hacker has
    taken on some negative connotations.
R:  Yes and that is unfair because I know legions of people who are hackers.
JM: I consider myself to be a hacker, but I'm certainly not a computer criminal
    (No, at least not a COMPUTER criminal).  I mean my business is catching the
    criminal hackers.  If we go back to 1983 when hackers made headlines for
    the first time, that was the Milwaukee 414 gang, they called themselves
    hackers and so right away the good term, hacker being someone who could do
    wonderful things with a computer got turned into someone who could do
    criminal things with a computer.
ES: I remember back to a time a few years ago when there was a group of
    criminals that got busted for coming up with a device called a black box
    which they used to circumvent paying the tolls you know on long distance
    phone charges.  Was that kind of the beginning of this computer
    misbehavior?  I mean was that a computer device?
JM: There are several boxes; the black box, blue box, red box, silver box, etc.
    I must confess that back when I was a teenager, over thirty years ago,
    there were not any computers to play around with, but there was this
    wonderful telephone network called the Bell System.  I was one of the
    original inventors of the device known as the black box and another device
    known as the blue box (Yeah right, YOU invented these).  In those days the
    phone network was such that you could manipulate it with very simple tone
    signals.

    A black box essentially allows all calls to your phone to be received free
    of charge to the caller.  In other words if somebody called you from a
    payphone they got their dimes back and if someone dialed you direct long
    distance they never got a bill.

    The blue box was a little more insidious.  It allows you to actually take
    over the long distance lines and dial direct anywhere in the world.
    I got into it just out of curiosity as a true hacker and I found out that
    these things were possible and I told a friend of mine at the phone company
    about what I could do with their circuits and of course he turned me into
    the security people.

    It never really got started, but I do have sitting here in front of me a
    device that makes some of those tones.  You could call it a blue box.  I
    guess this is legitimate piece of test equipment, but let's see if it will
    pick up. (Beeeep!)
ES: Came through loud and clear.
JM: The blue box today is obsolete, it really doesn't work anymore.  There,
    there are a few circuits that still us those kind of signals, but back
    25-30 years ago that was the way to make your free phone calls. You didn't
    have Sprint and MCI to abuse.
S:  I'm a consulting engineer now but, I have been a communications manager for
    three Fortune 500 companies.  One of the reasons I was hired was to put a
    stop to some long distance calling that had cost that company over a
    million and a half dollars in 27 months.  We found the person that was
    doing it and he got a suspended sentence of six months.  Then we turned
    around and sued him in civil court.
ES: We've got to start treating these criminals like criminals.  Suspended
    sentences are unacceptable, hard jail time is absolutely mandatory and
    unfortunately, and I think that sergeant you probably will agree with me,
    it must be very frustrating to spend all the hours you do chasing people
    and even when you get them to plead guilty seeing how easy sometimes they
    get away.
AA: Oh sure.
S:  How many people do you have assigned to your unit here in this state sarge?
AA: You're talking to 50% of the unit.

                 (Break for commercials and re-introductions)

ES: Okay Ray, go ahead.
R:  You would not believe how long I've been trying to get in touch with you.
    Since I was 14 years old, every time I've called, you've been busy.
ES: So how old are you tonight?
R:  18
ES: Four years!?  What's on your mind?
R:  I used to pirate games when I was younger. As a matter of fact when I was
    14.  I mean my Dad had just bought me a computer and modem and I was
    pumped.  People are always complaining about it, but it's so easy for a 14
    year old kid to do this, don't you think that they should make it a little
    bit harder?  Do you understand what I'm trying to say?
ES: Yes, but Ray it's easy to steal a car.  If your neighbor leaves his car in
    the driveway with the key in the ignition does that give you the right to
    take it?
R:  I know I did wrong, but there is no way I can give it back.  Its just
    stupid because when you get older you feel guilty about things.
ES: What did you used to do?
R:  I used to call up certain places and I would like break in and take their
    games and then just keep them for myself.
BG: It was more entertainment for you?
R:  It kept me occupied and it was so easy that I began to think that maybe it
    was meant to be easy so they could get publicity.
JM: There is perhaps a difference because when you copy a a computer program
    you can't tell it from an original, but if you make a copy of a tape or a
    record it doesn't sound quite the same.
CM: When you're 14 years old it's something new, right?
R:  I got the biggest pump out of it.
CM: I think you did something for your ego and it gave you a sense of power.
ES: Okay Ray
R:  Bye
ES: I've really enjoyed this program, but we're out of time.  John, I want to
    thank you for staying up and I have a feeling that we'll do more radio
    because you're an interesting guy.
JM: Thank you.  It's been interesting talking with you.  By the way, I think I
    know who Anna is, but we'll keep that a secret from our listeners.
ES: Oh.  Well why don't you just tell the FBI?
JM: The Secret Service, yes.
ES: Right and I want to thank everyone else for being on the show tonight.
Everyone: Its been our pleasure.  Lets do it again some time.
_______________________________________________________________________________
                                ==Phrack Inc.==

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH