TWELVE You Can Never Hide

You Can Never Hide
Yhlt xak tzg iytfrfad RanBfld squtpm uhst uquwd ce mswf tz wjrwtsr
a
wioe lhsv Ecid mwnlkoyee bmt oquwdo’t ledn mp acomt?
I
had become so wrapped up in investigating Adam’s death that I needed a
break—something else to focus my attention on that wasn’t so emotional.
For me, the diversion I needed wasn’t hard to find: I would go back and
tackle Neill Clift, the Brit who had been finding all the security holes in
DEC’s VMS operating system. How could I trick him into giving me all the
security bugs he had found?
From messages I had been reading, I knew that Clift had long craved a
job at DEC; maybe that could be my opening. I duped British Telecom into
giving me his unlisted home telephone number and called him, introducing
myself as Derrell Piper, the name of an actual Digital software engineer in
VMS Development. I told him, “We’ve got a hiring freeze right now, but
despite that we may be hiring some security engineers. Your name came up
because you’ve been so helpful in finding security vulnerabilities and
sharing them with us.” And I went on to talk to him about some DEC
manuals I knew he wanted.
At the end of the call, I said, “Well, nice talking to you, it’s been a long
time.”
Oops—big mistake. The two men had never spoken before.
Later I would learn that Neill called well-known security consultant Ray
Kaplan, who he knew had interviewed me on his “Meet the Enemy”
conference series. Ray played a portion of the tape.
Neill had to listen for only a few moments before confirming, “Yes—the
guy who called me was Kevin Mitnick.” The next time we spoke, Ray told
me, “I guess you’re still doing some social engineering.”

Confused, I asked, “What do you mean?”
“Neill called me. I played a piece of the interview I did with you. He
recognized your voice and said you’ve been calling him.”
Of course, all this time I was also still in contact with Eric Heinz, who kept
bringing up Kevin Poulsen’s name. I had never met Poulsen but had read
enough and heard enough to admire his hacking achievements. It was
strange that we had never met, never hacked together, because we were
close to the same age and had grown up just a few miles apart. He would
later explain that he started learning about phone phreaking some time after
I did—I was already famous in the hacker community when he was still a
neophyte.
Lewis and I were both eager to find out more from Eric about what he
and Poulsen had been doing together. In one phone conversation, Eric again
rattled off the names of Pacific Bell systems he and Poulsen had gained
control over. The list was familiar, all except one that I had never heard of:
“SAS.”
“What’s SAS?” I asked.
“It’s an internal testing system that can be used to monitor a line.”
In phone company lingo, “monitor” is a tactful word for wiretap.
I told Eric, “With switch access, you can monitor a line anytime.” I
figured he’d understand: the phone company’s 1A ESS switches had a “talk
& monitor” feature that let you pop in on a line and listen to the
conversation.
Eric said, “SAS is better.”
He claimed that he and Poulsen had made a nighttime visit to the Sunset
central office in West Hollywood. But their visit had turned up some things
they hadn’t seen before. They found the place strange: unlike other COs, it
was equipped with unusual computer terminals and tape drives, “looking
like something from an alien planet.” One refrigerator-sized box had
various types of equipment humming inside it. They came across a manual
identifying the device as a Switched Access Services unit—SAS for short.
When Poulsen started leafing through the manual, he realized that SAS was
meant for line testing, which sounded like it meant you could connect onto
any phone line.

But was it just for checking that the line was working? Or could you
pick up conversations?
Poulsen started fiddling with the SAS control terminal. Punching in the
number of a pay phone he sometimes used, he confirmed that, yes, you
could drop in on a line and hear the conversation.
He went back into the CO on another night with a tape recorder so he
could capture the data being sent out from the SAS equipment. He wanted
to try to reverse-engineer the protocol at home and give himself the same
capabilities.
I had to have access to this system. But when I asked for details, Eric
clammed up and quickly changed the subject.
I started researching it the very next day.
The mysterious SAS was just what I had been lacking in my life: a puzzle
to be solved, an adventure with hazards. It was unbelievable that in my
years of phone phreaking, I had never heard about it. Intriguing. I felt, 

Download 2,97 Mb.

Do'stlaringiz bilan baham: