After the Sun system administrator in Denver reported the security incident,
the company got wise that it had a gremlin deeply burrowed into its
systems. Dan Farmer and Brad Powell, Sun’s top two security people, sent
emails around the entire company warning staff to watch out for hacker
attacks that also used social engineering. Then they began removing the bug
reports from the database in hopes of hiding them from me. But I was still
reading their internal emails. Many of the bug reports contained statements
like the one in the message above—did you notice it?
If you need a copy of the breakin code see Staci Way (contractor)
(staciw@castello.corp).
You probably already know what I’d do when I saw a message like this.
Right: I’d email Staci from an internal Sun account and social-engineer
her into sending me the bug.
It never failed, not once.
Despite my success in hacking into the company, the following year
Powell would receive a “merit award” from Sun’s chief information officer
“for his role in securing Sun and thwarting the attacks on SWAN by Kevin
Mitnick.” Powell was so proud of the award that he listed it on his résumé,
which I discovered on the Internet.
After about six months of morning and evening bus commutes, it seemed
like a good idea to move nearer to work. The ideal location would be some
place I could walk to work from every morning—plus the right place would
put me within walking distance of the 16th Street Mall in downtown
Denver, my favorite area to hang out on weekends. An old-style apartment
building, the Grosvenor Arms, on East 16th Street, had a unit available on
the fifth floor that I was excited to find—a very cool place, spacious, with
windows all around, and even old-style boxes where the milkman used to
leave bottles of milk every morning. This time I would have to undergo a
credit check, but no sweat: by hacking into
the credit reporting agency
TRW, I was able to identify several Eric Weisses with reasonably good
credit. I used the Social Security number of one of them on my rental
application (different from the one I was using for employment). My
paperwork sailed through without a problem.
Only about five blocks from my new apartment, Denver’s tourist district
offered tons of terrific bars and restaurants. One in particular was a favorite,
a Mexican restaurant at 16th and Larimer Streets that was a hangout for lots
of great-looking girls. I was still avoiding serious relationships, but chatting
up attractive young ladies at the bar didn’t cross any of my barriers of
caution, and it helped me feel human. On occasion
a gal would sit down
next to me and let me buy her a drink or two… or sometimes even buy
them for me. Great for the ego.
Having so many restaurants nearby held particular appeal: I ate out
almost every meal, rarely fixing even oatmeal or bacon and eggs for myself.
Settling into the new apartment made me
feel even more comfortable
about being in Denver, yet I knew I could never let my guard down. With
full access into PacTel Cellular, I was still keeping track of the cell phone
calls that the FBI agents were making to Justin Petersen, aka Eric Heinz,
and also watching to see if they were making any calls to Denver phone
numbers. A check of Justin’s landline at the
safe house showed that his
long-distance service, MCI, was still in the name of Joseph Wernle—which
meant it was probably still being paid for by the Bureau. Justin’s snitching
hadn’t helped the Feds catch me, but they obviously still had him in
harness. I wondered what hackers he was targeting and trying to put into
prison now that I was out of his reach.
One day while working in the computer
room with Darren and Liz, I
noticed that Darren had turned his computer at an angle that would make it
difficult for anyone else to see what he was doing, which naturally made me
suspicious. I fired up a program called “Watch”; aptly named, it let me
watch everything on his screen.
I couldn’t believe my eyes. He was in the law firm’s Human Resources
directory and had pulled up the payroll file, displaying the pay and bonuses
of all the lawyers, assistants, support staff, receptionists, and IT workers, as
well as every other employee of the firm, from the highest-earning partner
to the lowest-paid clerk.
He scrolled down to a listing that read:
WEISS, ERIC Comp Oper MIS $28,000.00 04/29/93
The nerve of this guy, looking up my salary! But I could hardly
complain: I knew he was
spying on me only because
I
was spying on
him!
