Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker



Download 2,97 Mb.
Pdf ko'rish
bet19/121
Sana05.05.2023
Hajmi2,97 Mb.
#935282
1   ...   15   16   17   18   19   20   21   22   ...   121
Bog'liq
1 - Ghost in the Wires My Adventures as the World\'s Most Wanted Hacker issue 15th Aug 2011 ( PDFDrive )

Will Hack for Love
Kyoo olxi rzr Niyovo Cohjpcx ojy dn T apopsy?
I
n his time at Hughes Aircraft, Lenny DiCicco told me, he had become
buddy-buddy with a lady security guard. I was to come see him on a night
when this lady would be on duty, and say I was a DEC employee. When I
showed up, she signed me in with a wink, not asking to see any ID.
Lenny arrived to escort me from the lobby, barely able to control his
excitement, but still arrogant and full of himself. He led me to a Hughes
VAX computer that had access to the Arpanet, linking a collection of
universities, research labs, government contractors, and the like. Typing
commands, he told me he was accessing a computer system called
Dockmaster, which was owned by the National Computer Security Center
(NCSC), a public arm of the supersecret National Security Agency. We
were elated, knowing that this was the closest we’d ever come to
establishing a real connection to the NSA.
Bragging about his social engineering, Lenny said he had pretended to
be a member of the National Computer Security Center’s IT Team and
conned a worker there named T. Arnold into revealing his credentials to the
system. Lenny was practically dancing with pride. He was still such a geek,
it seemed like he must be high on some great dope when he boasted, “I’m
as good a social engineer as you are, Kevin!”
We fished around for maybe an hour but came up only with
uninteresting information.
Much later, that hour would come back to haunt me.
I was sure there was some way I could fast-track my computer skills to
something that could land me a job I coveted: working for General


Telephone. I found out the company was actively recruiting graduates from
a technical school called the Computer Learning Center. It was an easy
drive from my place and I could earn a certificate by going to school there
for only six months.
A Federal Pell Grant plus a student loan paid my way, and my mom came
up with the bread for some of the extra expenses. The school required male
students to wear a suit and tie to class every day. I hadn’t dressed like that
since my bar mitzvah at age thirteen, and now, since I was twenty-three and
fairly beefed out, that suit would have been a pretty miserable fit. Mom’s
cash paid for two new suits.
I really enjoyed programming in “assembler language,” more
challenging because the programmer has to master many technical details,
but yielding much more efficient code that uses a much smaller memory
footprint. Coding in this lower-level language was fun. It felt like I had
more control over my applications: I was coding much closer to the
machine level than using a higher-level programming language such as
COBOL. The classwork was routine to somewhat challenging, but also
fascinating. I was doing what I loved: learning more about computer
systems and programming. When the subject of hacking came up every
now and then, I played dumb, just listening.
But of course, I was continuing to hack. I had been playing cat-and-mouse
games with Pacific Bell, as the former Pacific Telephone had restyled itself.
Every time I figured out a new way of getting into the company’s switches,
somebody there would eventually figure out a way of blocking my access.
I’d use the dial-up numbers that RCMAC was using to connect to various
switches to process service orders and they’d catch on, then change the dial-
up numbers or restrict them so I couldn’t dial in. And then I would remove
the restriction when they weren’t paying attention. It went back and forth
for months. Their constant interference had gotten to the point where
hacking into Pacific Bell switches was getting to be more like work.
Then I got the idea of trying out a higher-level approach: attacking their
Switching Control Center System, or SCCS. If I could do that, I’d have just
as much control as if I’d been sitting in front of the switches themselves,


able to do whatever I wanted without having to social-engineer clueless
technicians day after day. Ultimate access and power could be mine.
I started with an attack aimed at the SCCS at Oakland, in Northern
California. On my first call, I planned to say I was from ESAC (the
Electronic Systems Assistance Center), providing support for all the SCCS
software deployed throughout the company. So I did my research, coming
up with the name of a legit ESAC worker, then claiming, “I need to get into
the Oakland SCCS but our Data kit equipment is down for maintenance, so
I’ll have to get access through dial-up.”
“No sweat.”
The man I had reached gave me the dial-up number and a series of
passwords, and stayed on the line with me, talking me through each step.
Oops, this was a system with “dial back” security: you had to enter a
phone number and wait for the computer to ring you back. What now?
“Look, I’m off-site at a remote office,” I said off the top of my head. “So
I won’t be able to take a callback.”
I had magically hit on a reasonable-sounding excuse. “Sure, I can
program it to bypass the dial back when you log in with your username,” he
assured me—defeating the company’s elaborate security that would
otherwise have required that I be at an authorized callback number.
Lenny joined me in the SCCS break-in effort. Each one we got into gave us
access to five or six central-office switches, with full control over them, so
we were able to do anything a tech who was in the CO could do, sitting at
the switch. We could trace lines, create new phone numbers, disconnect any
phone number, add/remove custom calling features, set up traps-and-traces,
and access logs from traps-and-traces. (A trap-and-trace is a feature placed
on a line that captures incoming numbers, usually placed on customers’
lines if they are the victim of harassing phone calls.)
Lenny and I put a huge amount of time into this, from late 1985 through
much of 1986. We eventually got into the switches for all of Pacific Bell,
then Manhattan, then Utah and Nevada, and in time many others throughout
the country. Among these was the Chesapeake and Potomac Telephone
Company, or C&P, which served the Washington, DC, area, including all of
the DC-based departments of the Federal government as well as the
Pentagon.


The National Security Agency temptation was an itch I couldn’t resist.
NSA’s telephone service was provided through a phone company switch in
Laurel, Maryland, which we had already gained access to. Directory
assistance listed the agency’s public phone number as 301 688-6311. After
randomly checking out several numbers with the same prefix, I proceeded
on the reasonable hunch that NSA was assigned the entire prefix. Using a
test function for switch technicians called “Talk & Monitor,” I was able to
set up a circuit to listen to random calls in progress. I popped in on one line
and heard a man and a woman talking. Hardly able to believe I was actually
listening in on the NSA, I was thrilled and nervous at the same time. The
irony was great—I was wiretapping the world’s biggest wiretappers.
Okay, I’d proved I could do it… time to get out, in a hurry. I didn’t stay
on long enough to hear what they were talking about, and I didn’t want to
know. If the call had been really sensitive, I’m sure it would have been on a
secure line, but even so, it was way too risky. The likelihood of my getting
caught was slim if I just did it once and didn’t ever go back.
The government never found out I had gained this access. And I
wouldn’t be including it here, except the statute of limitations has long run
its course.
For Lenny and me, it was thrilling every time we compromised another
SCCS—like getting into higher and higher levels of a video game.
This was the most significant hacking of my career because of the
immense control and power it gave us over the phone systems of much of
the United States. And yet we never made any use of it. For us, the thrill lay
simply in knowing we had gained the power.
Pacific Bell eventually found out about the access we had gained. Yet
we were never arrested and charged because, I later learned, company
management was afraid of what would happen if others found out what I
had been able to do and started trying to duplicate my efforts.
Meanwhile Lenny’s accessing of Dockmaster had not gone unnoticed.
NSA traced the break-in back to Hughes, which in turn traced it back to the
computer room where Lenny was working on the night I visited. Security at
Hughes questioned him first, then the FBI summoned him for an official
interview. Lenny hired an attorney who accompanied him to the meeting.


Lenny told the agents he and I had never done anything with
Dockmaster. He was grilled several times by Hughes management. He
stood his ground and wouldn’t point a finger at me. Much later, though, to
save his own neck, he claimed that I had hacked into Dockmaster while I
visited Hughes that evening. When they asked why he’d lied about my not
being involved in the first place, he said he’d been afraid because I’d
threatened to kill him if he gave me up. Clearly, he was desperately trying
to come up with an excuse why he lied to Federal agents.
The visitors’ log showed that a Kevin Mitnick had indeed signed in as a
guest of Lenny’s. Of course he was summarily canned from Hughes.
Two years later I would be accused of possessing secret access codes for
the NSA, when I actually only had the output of a “whois” command—
which showed the names and telephone numbers of registered users with
accounts on Dockmaster—something readily available to anyone with
access to the Arpanet.
Meanwhile, back at the computer school, the students weren’t all guys. One
of the girls was a cute, petite coed named Bonnie. I wasn’t exactly the most
attractive guy around, carrying all the extra weight I had put on ever since
that friend from my preteen bus-riding days had introduced me to junk food
as a basic food group. I was weighing in at around fifty-five pounds
overweight. “Obese” would have been a more-than-polite term.
Still, I thought she was really cute. When we were both in the computer
room working on school projects, I started sending messages to her across
the room, asking her not to stop any of my programs that were running at a
higher priority, and her replies were friendly enough. I asked her out to
dinner. She said, “I can’t. I’m engaged.” But I had learned from my hacking
not to give up easily; there’s usually a way. A couple of days later I asked
again about dinner, and told her she had a beautiful smile. And whaddaya
know? This time she accepted.
Later, she told me she thought her fiancé might be lying to her about his
finances—what cars he owned and how much he owed on them. I told her,
“I can find out if you want.” She said, “Yes, please.”
I had lucked my way into accessing TRW, the credit-reporting company,
while still in high school. Nothing clever about this. One night I went out to
the back of Galpin Ford in the San Fernando Valley and dug through the


trash. It took about fifteen minutes, but my little Dumpster-diving
expedition paid off. I found a bunch of credit reports on people buying cars
from the dealership. Incredibly, printed out on each report was Galpin’s
access code for TRW. (Even more incredible: they were still printing out the
access code on each credit report 
years
later.)
In those days, TRW was very helpful to its clients. If you called in and
gave a merchant’s name and the correct access code, and explained that you
didn’t know the procedure, the nice lady would talk you through every step
of getting a person’s credit report. Very helpful to real clients, very helpful
as well to hackers like me.
So when Bonnie said she’d like me to look into what her boyfriend was
really up to, I had all the tricks I needed. A call to TRW and a few hours on
the computer gave me his credit report, his bank balance, his property
records. Suspicions confirmed: he was nowhere near as well-off as he had
been claiming, and some of his assets were frozen. DMV records showed
he still had a car he told Bonnie he had sold. I felt bad about all this—I
wasn’t trying to undermine her relationship. But she broke off their
engagement.
Within two or three weeks, when she had gotten over her initial
emotions about the breakup, we started dating. Though six years older than
I was and considerably more experienced at this game, she thought I was
smart and good-looking, despite my weight. This was my first serious
relationship; I was soaring.
Bonnie and I both liked Thai food and going to the movies, and she
turned me on to hiking, something far out of my normal comfort zone,
showing me the beautiful trails in the nearby San Gabriel Mountains. She
was fascinated by my ability to gather information on people. And one
thing more, a coincidence I still laugh at: my new girlfriend was having her
salary paid and her tuition covered by one of my principal lifelong hacking
targets, the phone company GTE.
After finishing the prescribed half year for my certificate at the
computer school, I ended up staying on a bit longer. The system admin,
Ariel, had been trying to catch me getting administrator privileges on the
school’s VM/CMS system for months. He finally nailed me by hiding
behind a curtain in the terminal room while I was snooping inside his
directory, catching me red-handed. But instead of booting me out of the
program, he offered me a deal: he was impressed with the skills that had


allowed me to hack into the school’s computers, and if I would agree to
write programs that would make their IBM minicomputer more secure, he
would label it an “honors project.” How about that: the school was training
students in the esoteric knowledge of computers, but recruiting a student to
improve its own security. That was a big first for me. I took it as a
compliment and accepted the assignment. When I finished the project, I
graduated with honors.
Ariel and I eventually became friends.
The Computer Learning Center had an inducement it used for signing up
students: a number of high-profile companies made a practice of hiring its
graduates. And one of them was Bonnie’s employer, GTE, my hacking
target for so many years. How fantastic was that!?
After interviewing with GTE’s IT Department, I was brought back for
an interview with three people from Human Resources, then offered a job
as a programmer. Dreams really did come true! No more hacking for me—I
wouldn’t need it. I’d be getting paid for doing what I loved, at the place I
loved doing it.
The job began with employee orientation to teach new hires about the
names and functions of all the different GTE computer systems. Hello! It
was a telephone company: I could have been teaching the classes. But of
course I sat there taking notes like everyone else.
Cool new job, a daily quick stroll to the cafeteria for lunch with my
girlfriend, a legitimate paycheck—I had it made. Walking through the
offices, I’d smile at the hundreds of usernames and passwords that were
right in front of my nose, written out on Post-it notes. I was like a reformed
drunk on a Jack Daniel’s distillery tour, confident but nearly dizzy from
imagining 

Download 2,97 Mb.

Do'stlaringiz bilan baham:
1   ...   15   16   17   18   19   20   21   22   ...   121




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish