Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

Meanwhile, though, I was really growing antsy to find out the truth about
Eric. Too many things about him seemed suspicious.
He didn’t appear to have a job. So how could he afford to hang out at the
clubs he talked about? Hot places like Whiskey à Go-Go, where acts like
Alice Cooper and the Doors, as well as rock gods from back in the day like
Jimi Hendrix had sometimes dropped in to jam.
And that business about not giving me a phone number? Eric wouldn’t
even give me his 
pager
number. Very suspicious.
Lewis and I talked about the situation and decided we needed to find out
what was going on. First step: penetrate the screen of “I won’t give you my
phone number.” Then, once we had his phone number, use it to find his
address.
Caller ID wasn’t being offered then to customers in California because
the state’s Public Utilities Commission was fretting over privacy issues and
hadn’t yet authorized its use. But like most phone companies, Pacific Bell
used central office switches developed by Bell Labs and manufactured by
AT&T, and it was common knowledge in the phreaker community that
these switches already had the caller ID feature built into their software.
In the building where my friend Dave Harrison had his offices, a
terminal on the first floor had hundreds of phone lines running to it. I went
down to the terminal in stealth mode because there was a security guard
stationed very nearby, though thankfully not in direct sight. Using a
lineman’s handset that Dave had sitting around in his office, I connected to
several cable pairs, looking for one that had a dial tone. When I found one, I
dialed the special code to obtain the phone number. That was the bait
number I would set Eric up to call.
Next Dave “punched the pair down” in the terminal, connecting that line
to an unused phone line running up to his office. Back upstairs, we hooked
a phone to the hijacked line and connected a caller ID display box.
From my old VT100 terminal, I dialed in to the Webster Street central
office switch and added the caller ID feature to the bait phone line.
Later that night I returned to my dad’s apartment in Calabasas, set my
alarm clock to go off at 3:30 a.m., and turned in. When the alarm went off,
with my cell phone as usual cloned to someone else’s number, I paged Eric,
who by then had loosened up enough to give me his pager number. I left the
bait phone number for him to return the call. When Eric dialed the number,

the caller ID data would be sent between the first and second rings,
capturing the number of his phone. Gotcha!
Hermit-like, Dave secretly lived and slept in his office. As soon as I
thought Eric would have returned the page, I phoned Dave. It was 3:40 in
the morning. I had to keep calling until he finally answered, really angry.
“What is it?!”
he shouted into the receiver.
“Did you get the caller ID?”
“Yes!”
“Dave, it’s really important. What is it?”
“Call me in the morning!”
he yelled before slamming the phone down.
I went back to sleep and didn’t reach him again until the next afternoon,
when he obligingly read me the phone number off the caller ID: 310 837-
5412.
Okay, so I had Eric’s phone number. Next to get his address.
Posing as a technician in the field, I called Pacific Bell’s Mechanized
Loop Assignment Center, or MLAC, also known simply as the Line
Assignment Office. A lady answered and I said, “Hi. This is Terry out in the
field. I need the F1 and the F2 on 310 837-5412.” The F1 was the
underground cable from the central office, and the F2 was the secondary
feeder cable that connects a home or an office building to the serving area
interface, which eventually connects to the F1, all the way back to the
central office.
“Terry, what’s your tech code?” she asked.
I knew she wasn’t going to look it up—they never did. Any three-digit
number would satisfy, so long as I sounded confident and didn’t hesitate.
“Six three seven,” I said, picking a number at random.
“F1 is cable 23 by 416, binding post 416,” she told me. “F2 is cable
10204 by 36, binding post 36.”
“Where’s the terminal?”
“The oh-dot-one is at 3636 South Sepulveda.” That was the location of
the terminal box, where the field technician bridged the connection to the
customer’s home or office.
I didn’t care about anything I had asked so far. It was just to make me
sound legitimate. It was the next piece of information that I really wanted.

“What’s the sub’s address?” I asked. (“Sub” being phone company lingo
for the subscriber, or customer.)
“Also 3636 South Sepulveda,” she told me. “Unit 107B.”
I asked, “Do you have any other workers at 107B?”—“workers” being
lingo for “working telephone numbers.”
She said, “Yes, we have one other,” and gave me the second number,
along with its F1 and F2. As easy as that. It had taken me not much more
than a few minutes to discover Eric’s address and both of his phone
numbers.
When you use social engineering, or “pretexting,” you become an actor
playing a role. I had heard other people try to pretext and knew it could be
painfully funny. Not everybody could go on stage and convince an
audience; not everybody could pretext and get away with it.
For anyone who had mastered pretexting the way I had, though, it
became as smooth as a champion bowler’s sending a ball down the lane.
Like the bowler, I didn’t expect to score a strike every time. Unlike the
bowler, if I missed, I usually got another try at it with no loss of score.
When you know the lingo and terminology, it establishes credibility—
you’re legit, a coworker slogging in the trenches just like your targets, and
they almost never question your authority. At least, they didn’t back then.
Why was the lady in Line Assignment so willing to answer all my
questions? Simply because I gave her one right answer and asked the right
questions, using the right lingo. So don’t go thinking that the Pacific Bell
clerk who gave me Eric’s address was foolish or slow-witted. People in
offices ordinarily give others the benefit of the doubt when the request
appears to be authentic.
People, as I had learned at a very young age, are just too trusting.
Maybe my venture back into hacking was excusable, or at least
understandable, justified by my need to solve the riddle of my half-brother’s
death. Yet I suddenly realized I had been beyond stupid: I had been using
one of the three phone lines in my dad’s apartment to make all kinds of
social-engineering calls to Pacific Bell, to follow leads in my Adam
investigation, and to talk with Lewis.

These were all clear violations of my conditions of my supervised
release. What if the Feds were monitoring my dad’s phone lines and had
heard those conversations?
I needed to find out what they knew.

Download 2,97 Mb.

Do'stlaringiz bilan baham: