File: WHO IS CAPTAIN ZAP?

 -=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-
 =                                                                           -
 -                   COMPUTERS:  Hacking Away at Break-Ins                   =
 =                    [Washington Post -- June 28, 1984]                     -
 -                            By David H. Rothman                            =
 =                     Word Processed by BIOC Agent 003                      -
 -                                                                           =
 -=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-

   Some once-rebellious computer hackers' may be going establishment.

   A Philadephian named "Captain Zap," for example, who calls himself a
"retired electronics hobbyist," is even doing computer security.  Quite a
switch from the days when he and friends were stealing -- via computer --
hundreds of thousands of dollars in goods and services.

   Another young man simultaneously advises corporations and puts out the TAP
newsletter for hacking trying to get into big computers without authorizaition.

   Aside from the ethical questions, can such consultants help prevent
incidents such as the recent acquisition of secret passwords to a computer
storing credit data at the TRW Information Systems, Anaheim, Calif.?  Opinions
vary.

   On on hand, you normally don't hire an ex-thief to guard your safe.  But on
the other hand, a New Jersey security man says he's uncovered hacker threats --
via Zap -- to major banks and dozens of corporations.  He and a prominent
Washington-area consultant are among those who swear by Zap.  A third computer
expert working for the prestigious SRI think tank in Menlo Park, Calif., claims
hackers without the usual credentials can make first-rate security people.  The
term "hacker," he stresses, is far from synonymous with "criminal."

   Says Jay BloomBecker, a Los Angeles computer crime expert:  "It's pretty
foolish to hire a hacker who's broken the law because they've already
demonstrated their lack of trustworthiness.  There are a lot of other people
just as bright who have stayed within the law."

   Zap, whose real name is Ian A. Murphy, drew his nickname out of the air.  "I
zapped security, so I named myself that.  I tried not to destroy anything.  The
object was to show people that if I could get in, a less benign person could."

   In the names of major corporations, however, Zap and friends ordered, in the
early '80s, five Texas Instrument 787 terminals worth $3,800 each, a $13,000
Hewlett Packard minicomputer and other odds and ends.

   All together they stole over $100,000 in goods and $212,000 in services.
Zap received a $1,000 fine, 2.5 years probation and 15 hours a week of
community service.

   Despite his anti-establishment computer acts, he is a Philadelphia
Republican fond of wing tips ("they show good breeding").  His usual rates are
between $450 and $1,200 a day, plus expenses.  He says he now has six clients
through subcontracting, although his high daily rate apparently puts off many
prospects.  To earn rent money, Zap fills in as an air-conditioning repairman,
work he started in his teens when he first began taking computer-science
courses (and started hacking).

   "I kept asking Spring, Bel and the others for jobs," he says, "and they kept
turning me down.  The strange thing is that I'd call Bell and say, 'Hi there,
I bet I can get into this and that,' and they'd say, 'No, you can't.'"

   He could.  He charged phone calls to an ocean liner, and even broke into
military computer networks to play computer games.  ("They have 'Star Trek,'
'Hangman,' and 'Chess'.")

   Among those who take Zap's advice seriously:  Lindsay L. Baird Jr., a tough
ex-military policeman now in computer security consulting, and Robert P.
Cambell, once a top Army man in computer security and now head of Advanced
Information Management, Inc., Woodbridge, Va.

   "I had doubts at first," concedes Baird.  Zap read of Baird in the
Philadelphia Inquirer last year, requested a meeting, walked through Baird's
house in Mountain Lakes, N.J., and declared "You're clean."

   "In what way?"

   "No hidden recording devices or microphones," replied Zap, and pulling back
his coat to reveal a bug-detecting device.

   Baird, who believes no in The Redemption of Zap, says he has picked up items
off hackers' electronic bulleting boards that revealed in detail how to break
into the compters of a leading hospital supply firm, a food company and major
banks, among dozens of other victims.

   "The FBI knows I'm working with him," says Baird, who shares much of the
infomation that Zap uncovers.  He praises Zap as "a damn good technician."

   "We're both learning from each other," says Cambell, adding that "There is
nothing that Ian can do that my staffers can't do better, but he's developed
his talents without a formal education."

   Captain Zap, who has started his own security firm, Secure Data Systems,
tests clients' computer safeguards before "electronics hobbyists" get around to
it, as he did for a major finacial firm.

   How safe was its computer system?  "I can't tell you," says Zap.  "I'm under
a confidentiality agreement."

   Zap, one must remember, is a felon (and as of a few days ago had yet to pay
off the $1,000 fine, pleading tight finances).  Other reminders:  Federal laws
prohibit banks' hiring of felons for work too close to the money; some
government agencies may not find use of a felon-consultant to be legally or
politically possible, even through a subcontracting agreement.  Besides, not
every client can monitor the Zaps as well as a security expert.

   Despite all this, some experts maintain that people like Zap may be
excellent at simplifying techno-gook and warning the nontechnical of some of
the more common threats from crooks, malicious or snoopy hackers and other
electronic break-in artists.  The computer-room crew may rant and rave about
the need for good computer security, but that's now match for hhearing thd
facts directly from a computer felon.

   Baird plans to use Cheshire Catalyst, a New York hacker who doesn't want his
real name use ("I like my privacy") and Zap in the "Tiger Team," military term
for electronic devil's advocates to test cliens' computer security.

   Most problems, says Cheshire Catalyst, are "people problems.  People tack
passwords onto the corkboard above terminals.

   "If I cam in to deliver pizza," he declares.  "I'd memorize the number on
the way in and write it down as I left."

   A tall, thin man in his late twenties -- named after the grinning, vanishing
cat in "Alice's Adventures in Wonderland" -- Cheshire edits the TAP newsletter
(which bills itself "For Informational Purposes Only").  Even though TAP is
known as the bible for people trying to break into computer and phone systems,
Cheshire claims he himself is clean, except for logging on to systems to look
for weaknesses.

   Meanwhile, discussion of the term "hacker" seems to be excalating.  Cheshire
distinguishes between "good" and "bad" hackers, the latter of whom a few buffs
call "crackers."

   Geoffrey S.  Goodfellow -- who testified at congressional hearings on
computer crime and is a coauthor of The Hacker's Dictionary:  a Guide to the
World of Computer Wizards -- confirms that a "hacker" isn't necessarily a
"computer criminal."

   A "hacker," he says, is merely someone who truly enjoys programming.  He
stretches his machine's power to the limits, and loves to "hack away" at
computer problems.

   Not that Goodfellow thinks all hackers are 100 percent honest.  He believes
that as computer literacy spreads, more will be stealing money as well as
computer time.

   His advice to hackers' prospective clients:  "If they seem reasonable, I
advocate putting them on a loose leash.  You shouldn't take a holier-than-thou
attitude.  Unfortunately most people take the authoritarian approach...

   Goodfellow claims that hackers -- often as long-time kibitzers of computer
systems -- may see the big security picture better than many professional
programmers used to working within their niches.

   Goodfellow, 28, a high-school dropout, can offer himself as an example of
sorts.  A decade ago he dialed up a computer at SRI and left a note saying he'd
improve the system in return for free computer time.  He got it, and eventually
went full-time at SRI.  Among his clients:  the Defense Department.

   To this day, however, Goodfellow proudly calls himself a hacker. <>

(David H. Rothman is author of "The Silicon Jungle:  Computer Survival at Work
and Home" to be published by Ballantine Books early next year.)

SF][G9:ba003.010585

[Courtesy of Sherwood Forest ][ -- (914) 359-1517]

-----End of File



[1-77, Last=32, Quit=Q] Read File # is author of "The Silicon Jungle:  Computer Survival at Work
and Hollllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll