FBI, trace, hacker, gregg
(the name I was using),
trap
, and
security
.
One day I came across a message that rocked me on my heels:
FBI called because source code showed up at a site that they
monitor in LA. May 10th the files were FTP’ed from netcom7 to
site in LA. 5 files, containing about 1 total meg of stuff. 1210-
29.lzh p74428.lzh v3625dr.lzh v3625uss.lzh v4428us.scr.
Kathleen called Bill Puknat.
Puknat—whose name I had dropped in my first phone conversation with
Jeff Lankford—was the lead software engineer for the Mobile Radio
Division in the States. “Kathleen” must be Kathleen Carson, from the FBI
in Los Angeles. And “a site that they monitor in LA” had to mean the Feds
were watching the systems where I was storing the NEC files: USC. They
had been watching most or all of my transfers to USC.
Shit!
I needed to find out how I was being watched, and how long it had been
going on.
Examining the systems I had been using at USC, I found that a monitoring
program had been installed to spy on my activities, and I was even able to
identify the USC system administrator who had set it up, a guy named
Asbed Bedrossian. Reasoning that one good spy deserved another, I located
the host where he and other USC system administrators received their email
—
sol.usc.edu
—got root access, and searched Asbed’s mail, in particular for
the term
FBI
. I came upon this:
Heads up! We have a security incident. We have two accounts
that are being monitored by the FBI and by sysadmin ASBED.
The accounts have been compromised. If you receive a call from
ASBED, please co-operate with capture and copy files, etc.
Thanks.
It was bad enough that these guys had found one account I was using;
now I knew they had found the second one as well. I was worried but at the
same time pissed that I hadn’t caught on to the monitoring sooner.
I figured Asbed must have noticed that a huge amount of file space was
being used that couldn’t be accounted for. When he took a peek, he would
have realized immediately that some hacker was storing purloined software
on the system. Since I had used several USC systems to store source code
during my DEC hack in 1988, I assumed I was at the top of the suspect list.
I learned later that the Feds had started looking through the files and
calling companies to alert them that proprietary source code had been lifted
from their systems and was now residing on a server at USC.
Jonathan Littman wrote in his book
The Fugitive Game
about a meeting
that took place in early 1994, convened, he says, by prosecutor David
Schindler and held at the FBI’s Los Angeles office. Attending were
“embarrassed and alarmed” representatives from the major cell phone
manufacturers I had hacked into. Not a single person wanted it known that
their company had been the victim of a hack—not even in this roomful of
other victims. Littman says Schindler told him, “I had to dole out aliases.
This guy was from company A, this guy was from company B. They
wouldn’t do it any other way.”
“Everyone suspected Mitnick,” Littman wrote, adding that Schindler
wondered aloud, “What’s the purpose of gathering all this code? Is
somebody sponsoring him? Is he selling it? From a threat assessment, what
can he do with it?”
Apparently it never occurred to any of them that I might be doing it just
for the challenge. Schindler and the others were stuck in what you might
call “Ivan Boesky thinking”: for them, hacking made no sense if there
wasn’t money being made from it.
Do'stlaringiz bilan baham: |