Approaching Zero Part 7

For Popp, whatever his motives and his mental state, the AIDS scheme was an expensive affair--all funded from his own pocket. The postage needed to send out the first twenty thousand diskettes had cost nearly $7,700, the envelopes and labels about $11,500, the diskettes and the blue printed instruction leaflets yet another $11,500--to say nothing of the cost of registering PC Cyborg Corporation in Panama, or establishing an address in London. To add insult to injury, not one license payment was ever received from anyone, anywhere.

Popp's scheme was not particularly well thought out. The scam depended on recipients of his diskettes mailing checks halfway around the world in the hope of receiving an antidote to the trojan. But, as John Austen said, "Who in their right mind would send money to a post office box number in Panama City for an antidote that might never arrive?" Or that may not be an antidote anyway.

It seems unlikely that anyone will ever again attempt a ma.s.s blackmail of this type; it's not the sort of crime that lends itself to a high volume, low cost formula. It's far more likely that specific corporations will be singled out for targeted attacks. Individually, they are far more vulnerable to blackmail, particularly if the plotters are aided by an insider with knowledge of any loopholes. An added advantage for the perpetrators is the likely publicity blackout with which the corporate victim would immediately shroud the affair: every major corporation has its regular quota of threats, mostly empty, and a well-defined response strategy.

But at present, hacking--which gives access to information--has proven to be substantially more lucrative. Present-day hackers traffic in what the authorities call access device codes, the collective name for credit card numbers, telephone authorization codes, and computer pa.s.swords. They are defined as any card, code, account number, or "means of account access" that can be used to obtain money, goods, or services. In the United States the codes are traded through a number of telecom devices, princ.i.p.ally voice-mail computers; internationally, they are swapped on hacker boards.

The existence of this international traffic has created what one press report referred to colorfully as "offsh.o.r.e data havens"--pirate boards where hackers from different countries convene to trade Visa numbers for computer pa.s.swords, or American Express accounts for telephone codes. The pa.s.swords and telephone codes, the common currency of hacking, are traded to enable hackers to maintain their lifeline--the phone--and to break into computers. Credit card numbers are used more conventionally: to fraudulently acquire money, goods, and services.

The acquisition of stolen numbers by hacking into credit agency computers or by means as mundane as dumpster diving (scavenging rubbish in search of the carbons from credit card receipts) differs from ordinary theft. When a person is mugged, for example, he knows his cards have been stolen and cancels them. But if the numbers were acquired without the victim knowing about it, the cards generally remain "live" until the next bill is sent out, which could be a month away.

Live cards--ones that haven't been canceled and that still have have credit on them--are a valuable commodity in the computer underworld. Most obviously, they can be used to buy goods over the phone, with the purchases delivered to a temporary address or an abandoned house to which the hacker has access.

The extent of fraud of this sort is difficult to quantify. In April 1989 Computerworld magazine estimated that computer-related crime costs American companies as much as $555,464,000 each year, not including lost man-hours and computer downtime. The figure is global, in that it takes in everything: fraud, loss of data, theft of software, theft of telephone services, and so on. Though it's difficult to accept the number as anything more than a rough estimate, its apparent precision has given the figure a spurious legitimacy. The same number frequently appears in most surveys of computer crime in the United States and is even in many government doc.u.ments. The blunt truth is that no one can be certain what computer fraud of any sort really costs. All anyone knows is that it occurs.

154 APPROACHING ZERO [WYRWA ??????]

erably older than the 150 or so adolescent Olivers she gathered into her ring. As a woman, she has the distinction of being one of only two or three female hackers who have ever come to the attention of the authorities.

In 1989 Doucette lived in an apartment on the north side of Chicago in the sort of neighborhood that had seen better days; the block looked substantial, though it was showing the first signs of neglect. Despite having what the police like to term "no visible means of support," Doucette was able to provide for herself and her two children, pay the rent, and keep up with the bills. Her small apartment was filled with electronic gear: personal computer equipment, modems, automatic dialers, and other telecom peripherals.

Doucette was a professional computer criminal. She operated a scheme dealing in stolen access codes: credit cards, telephone cards (from AT&T, MCI, Sprint, and ITT) as well as corporate PBX telephone access codes, computer pa.s.swords, and codes for voice-mail (VM) computers. She dealt mostly in MasterCard and Visa numbers, though occasionally in American Express too. Her job was to turn around live numbers as rapidly as possible. Using a network of teenage hackers throughout the country, she would receive credit card numbers taken from a variety of sources. She would then check them, either by hacking into any one of a number of credit card validation computers or, more often, by calling a "chat line" telephone number. If the chat line accepted the card as payment, it was live. She then grouped the cards by type, and called the numbers through to a "code line," a hijacked mailbox on a voice-mail computer.

Because Doucette turned the cards around quickly, checking their validity within hours of receiving their numbers and then, more importantly, getting the good numbers disseminated on a code line within days, they remained live for a longer period. It was a very efficiently run hacker service industry. To supplement her income, she would pa.s.s on card numbers to members of her ring in other cities, who would use them to buy Western Union money orders payable to one of Doucette's aliases. The cards were also used to pay for an unknown number of airline tickets and for hotel accommodation when Doucette or her accomplices were traveling.

The key to Doucette's business was communication--hence the emphasis on PBX and voice-mail computer access codes. The PBXs provided the means for communication; the voice-mail computers the location for code lines.

PBX is a customer-operated, computerized telephone system, providing both internal and external communication. One of its features is the Remote Access Unit (RAU), designed to permit legitimate users to call in from out of the office, often on a 1-800 nunlher. and access a long-distance line after punching in a short code on the telephone keypad. The long-distance calls made in this way are then charged to the customer company. Less legitimate users-- hackers, in other words--force access to the RAU by guessing the code. This is usually done by calling the system and trying different sequences of numbers on the keypad until stumbling on a code. The process is time-consuming, but hackers are a patient bunch.

The losses to a company whose PBX is compromised can be staggering. Some hackers are known to run what are known as "call-sell" operations: sidewalk or street-corner enterprises offering pa.s.sersby cheap long-distance calls (both national and international) on a cellular or pay phone. The calls, of course, are routed through some company's PBX. In a recent case, a "callsell" operator ran up $1.4 million in charges against one PBX owner over a four-day holiday period. (The rewards to "call-sell" merchants can be equally enormous: at $10 a call some operators working whole banks of pay phones are estimated by U.S. Iaw enforcement agencies to have made as much as $10,000 a day.) PBXs may have become the blue boxes for a new generation of phreakers, but voice-mail computers have taken over as hacker bulletin boards. The problem with the boards was that they became too well known: most were regularly monitored by law enforcement agencies. Among other things, the police recorded the numbers of access device codes trafficked on boards, and as the codes are useful only as long as they are live--usually the time between their first fraudulent use and the victim's first bill--the police monitoring served to invalidate them that much faster. Worse, from the point of view of hackers, the police then took steps to catch the individuals who had posted the codes.

The solution was to use voice mail. Voice-mail computers operate like highly sophisticated answering machines and are often attached to a company's toll-free 1-800 number. For users, voicemail systems are much more flexible than answering machines: they can receive and store messages from callers, or route them from one box to another box on the system, or even send one single message to a preselected number of boxes. The functions are controlled by the appropriate numerical commands on a telephone keypad. Users can access their boxes and pick up their messages while they're away from the office by calling their 1-800 number, punching in the digits for their box, then pressing the keys for their private pa.s.sword. The system is just a simple computer, accessible by telephone and controllable by the phone keys.

But for hackers voice mail is made to order. The 1-800 numbers for voice-mail systems are easy enough to find; the tried-and-true methods of dumpster diving, social engineering, and war-dialing will almost always turn up a few usable targets. War-dialing has been simplified in the last decade with the advent of automatic dialers, programs which churn through hundreds of numbers, recording those that are answered by machines or computers. The process is still inelegant, but it works.

After identifying a suitable 1-800 number, hackers break into the system to take over a box or, better, a series of boxes. Security is often lax on voice-mail computers, with box numbers and pa.s.swords ridiculously easy to guess by an experienced hacker. One of the methods has become known as finger hacking: punching away on the telephone keypad trying groups of numbers until a box and the appropriate pa.s.sword are found. Ideally, hackers look for unused boxes. That way they can a.s.sign their own pa.s.swords and are less likely to be detected. Failing that, though, they will simply annex an a.s.signed box, changing the pa.s.sword to lock out the real user.

VM boxes are more secure than hacker boards: the police, for a start, can't routinely monitor voice-mail systems as they can boards, while hackers can quickly move to new systems if they suspect the authorities of monitoring one they are using. The messaging technology of voice-mail systems lends itself to pa.s.sing on lists of codes. The code line is often the greeting message of the hacker-controlled mailbox; in other words, instead of hearing the standard "h.e.l.lo, Mr. Smith is not in the office. Please leave a message," hackers calling in will hear the current list of stolen code numbers. In this manner, only the hacker leaving the codes need know the box pa.s.sword. The other hackers, those picking up the codes or leaving a message, only need to know the box number.

It was ultimately a voice-mail computer that led the authorities to Doucette. On February 9, 1989, the president of a real estate company in Rolling Meadow, Illinois, contacted the U.S. Secret Service office in Chicago. His voice-mail computer, he complained, had been overrun by hackers.

The hara.s.sed real estate man became known as Source 1. On February 1 5th, two Secret Service agents--William "Fred" Moore and Bill Tebbe--drove from Chicago to the realtor's office to interview him. They found a man beset by unwanted intruders.

The company had installed its voice-mail system in the autumn of 1988. The box numbers and pa.s.swords were personally a.s.signed by the company president. While the 1-800 number to access the system was published, he insisted that the pa.s.swords were known only to himself and to the individual box users.

In November 1988, during an ordinary review of the traffic on the system, he had been startled to discover a number of unexplained messages. He had no idea what they were about or who they were for; he thought they could have been left in error.

However, the number of "errors" had grown throughout November and December. By January 1989 the "errors" had become so frequent that they overwhelmed the system, taking over almost all of the voice-mail computer's memory and wiping out messages for the company's business.

The Secret Service recorded the messages over a period from late February to March. Listening to the tapes, they realized they were dealing with a code line.

The law on access devices prohibits the unauthorized possession of fifteen or more of such codes, or the swapping or sale of the codes "with an intent to defraud." (Fraud is defined as a $1,000 loss to the victim or profit to the violator.) On the tapes, the agents could identify 130 devices that were trafficked by the various unknown callers. They also heard the voice of a woman who identified herself alternatively as "Kyrie" or "long-distance information."

It seemed as if she was running the code line, so they decided to focus the investigation on her.

In March security officials from MCI, the long-distance telephone company, told the Secret Service that Canadian Bell believed "Kyrie" to be an alias of Leslie Lynne Doucette, a Canadian citizen who had been hacking for six or seven years.

In March 1987 Doucette had been convicted of telecommunications fraud in Canada and sentenced to ninety days' imprisonment with two years' probation. She had been charged with running a code line and trafficking stolen access codes. Subsequently, the Canadians reported, Doucette had left the country with her two children.

Later that month an MCI operative, Tom Schutz, told Moore that an informant had pa.s.sed on the word that a well-known hacker named Kyrie had just moved from the West Coast to the Chicago area. The informant, Schutz said, had overheard the information on a hacker "bridge" (a conference call). At the beginning of April an MCI security officer, Sue Walsh, received information from another informant that Kyrie had a Chicago telephone number.

By mid-month, Moore was able to get court authorization to attach a dialed-number recorder (DNR), to Doucette's phone. A DNR monitors outgoing calls, recording the number accessed and any codes used. From the surveillance, agents were able to detect a large volume of calls to various voice-mail systems and PBX networks.

The authorities traced the other compromised voice-mail systems to Long Beach, California, and Mobile, Alabama. They discovered that Kyrie was operating code lines on both networks. It's not unusual for hackers to work more than one system; sometimes Hacker A will leave codes for Hacker B on a voicemail computer in, say, Florida, while Hacker B might leave his messages for Hacker A on a system in New York. By rotating through voice-mail computers in different states, hackers ensure that local law enforcement officials who stumble upon their activities see only part of the picture.

The agents also realized that Kyrie was running a gang. From other sources they heard tapes on which she gave tutorials to neophyte hackers on the techniques of credit card fraud. Over the period of the investigation they identified 152 separate contacts from all over the country, all used as sources for stolen codes. Of the gang, the agents noted seven in particular, whom they identified as "major hackers" within the ring: Little Silence in Los Angeles; the ironically named FBI Agent in Michigan; Outsider, also in Michigan; Stingray from Ma.s.sachusetts; EG in Columbus, Ohio; Navoronne, also from Columbus; and Game Warden in Georgia.4 DNRs were also attached to their telephones.

The agents a.s.signed to the case described the group, imaginatively, as "a high-tech street gang." By then the Secret Service had turned the enquiry into a nationwide investigation involving the FBI, the Illinois State Police, the Arizona Attorney General's Office, the Chicago Police Department, the Columbus (Ohio) Police Department, the Cobb County (Georgia) Sherifrs Office, the Royal Canadian Mounted Police, and the Ontario Provincial Police. Security agents from MCI, Sprint, AT&T, and nine Bell phone companies provided technical a.s.sistance.

On May 24th the Secret Service asked local authorities in six cities for a.s.sistance to mount raids on Doucette's Chicago apartment and the addresses of the five other major hackers in the ring. Prior to the raids the authorities compiled a list of equipment that was to be seized: telephones and speed-dialing devices; computers and peripherals; diskettes; ca.s.sette tapes; videotapes; records and doc.u.ments; computer or data-processing literature; bills, letters invoices, or any other material relating to occupancy; informa- tion pertaining to access device codes; and "degaussing" equipment.

The raid on Doucette's Chicago apartment produced a lode of access codes. Moore found a book listing the numbers for 171 AT&T, ITT, and other telephone cards, as well as authorization codes for 39 PBXs. In addition, the agents found numbers for 118 Visa cards, 150 MasterCards, and 2 American Express cards.

Doucette admitted that she was Kyrie. Later in the Secret Service offices, she confessed to operating code lines, trafficking stolen numbers, and receiving unauthorized Western Union money orders. She was held in custody without bond and indicted on seventeen counts of violating rederal computer, access device, and telecom fraud laws between January 1988 and May 1989.

Estimates of the costs of Doucette's activities varied. On the day of her arrest, she was accused of causing "$200,000 in losses ... by corporations and telephone service providers." Later it was announced that "substantially more than $1.6 million in losses were suffered" by credit card companies and telephone carriers.

Doucette's was a high-profile arrest, the first federal prosecution for hacking voice-mail systems and trafficking in access devices. The prosecution was determined that she would be made an example of; her case, the authorities said, would reflect "a new reality for hackers" in the 1990s--the certainty of "meaningful punishment." If convicted of all charges, Doucette faced eightynine years' imprisonment, a $69,000 fine, and $1.6 million in rest.i.tution charges.

The case was plea-bargained. Doucette admitted to one count; the other charges were dismissed. On August 17, 1990, Doucette, then aged thirty-six, was sentenced to twenty-seven months in prison. It was one of the most severe sentences ever given to a computer hacker in the United States.

Willie Sutton, a U.S. gangster, was once asked why he robbed banks. "Because that's where the money is," he replied.

Little has changed; banks still have the money. Only the means of robbing them have become more numerous. Modern banks are dependent on computer technology, creating new opportunities for fraud and high-tech bank robbery.

Probably the best-known story about modern-day bank fraud involves the computation of "rounded-off" interest payments. A bank employee noticed that the quarterly interest payments on the millions of savings accounts held by the bank were worked out to four decimal points, then rounded up or down. Anything above .0075 of a dollar was rounded up to the next penny and paid to the customer; anything below that was rounded down and kept by the bank. In other words, anything up to three quarters of a cent in earned interest on millions of accounts was going back into the bank's coffers.

Interest earned by bank customers was calculated and credited by computer. So it would be a simple matter for an employee to write a program amending the process: instead of the roundeddown interest going back to the bank, it could all be amalgamated in one account, to which the employee alone had access. Over the two or three years that such a scam was said to have been operational, an employee was supposed to have grossed millions, even billions, of dollars.

The story is an urban legend that has been told for years and accepted by many, but there has not been a single doc.u.mented case. However, it certainly could be true: banks' dependence on computers has made fraud easier to commit and harder to detect. Computers are impersonal, their procedures faster and more anonymous than paper-based transactions. They can move money around the world in microseconds, and accounts can effortlessly be created and hidden from a computer keyboard.

Like any corporate fraud, most bank fraud is committed by insiders, employees with access to codes and procedures who can create a "paper trail" justifying a transaction. In such cases the fraud is not really different from illegal transactions carried out in the quill-pen era: the use of a computer has simply mechanized such fraud and made it more difficult to track.

The new threat to banks comes from hackers. In addition to the familiar duo of the bank robber and the criminal employee--the one bashing through the front door with a shotgun, the other sitting in the back room quietly cooking the books--banks now face a third security risk: the adolescent hacker with a PC, a modem, and the ability to access the bank's computers from a remote site. Unlike traditional bank robbers, hackers don't come through the front door: they sneak in through the bank's own computer access ports, then roam unseen through the systems, looking for vulnerable areas. Unlike crooked employees, hackers aren't a physical presence: they remain unseen and undetected until it's too late.

Though banks spend millions protecting their computer systems from intruders, they aren't necessarily that secure. Bank employees, particularly those who work in dealing rooms, are notorious for using the most obvious pa.s.swords, generally those that reflect their own ambitions: Porsche and s.e.x are perennial favorites. Sometimes even the most basic security precautions are overlooked. Recently two hackers demonstrated this point for a London newspaper. They targeted the local headquarters of "a leading American bank" one that was so well known for its laxity that its systems had become a training ground for neophyte hackers. The two had first hacked into the bank's computer in March 1988, and in October 1990 the pair did it again, using the same ID and pa.s.sword they had first employed in 1988. The bank hadn't bothered to modify its most basic procedures, and its first line of defense against hackers, for over two and a half years.

Given such opportunity, it could be a.s.sumed that banks are regularly being looted by hackers. The mechanics appear straightforward enough: operating from home a hacker should be able to break into a bank's central computer quite anonymously, access the sector dealing with cash transfers, then quickly move the money to an account that he controls. However, in practice the procedure is more complex. Banks use codes to validate transfers; in addition, transactions must be confirmed electronically by the recipient of the funds. Because of such safeguards, the plundering is probably limited.

But the threat from hackers is still real. There may be a hundred hackers in the United States with the necessary skills to break into a bank and steal funds, which is a sizable number of potential bank robbers. And of course it would be the dream hack, the one that justifies the time spent staring at a video terminal while learning the craft.

The most successful bank robbery ever carried out by hackers mal have occurred two years ago. The target was a branch of Citibank in New York. The ident.i.ty of the two hackers is unknown, though they are thought to be in their late teens or early twenties.

The scheme began when the two became aware that certain financial inst.i.tutions, including Citibank, used their connections on the various X.25 networks--the computer networks operated by commercial carriers such as Telenet or Sprint--to transfer money. (The process is known as Electronic Fund Transfer, or EFT.) The two decided that if the funds could be intercepted in mid-transfer and diverted into another account--in this case, a computer file hidden within the system--then they could be redirected and withdrawn before the error was noticed.

The hackers began the robbery by investigating Telenet. They knew that Citibank had two "address prefixes" of its own--223 and 224 on the network; these were the prefixes for the sevendigit numbers (or "addresses") that denoted Citibank links to the system. By churning through sequential numbers they found a series of addresses for Citibank computer terminals, many of which were VAXen, the popular computers manufactured by DEC. One weekend they hacked into eight of the VAXen and found their way to the Citibank DECNET, an internal bank network linking the DEC computers. From there they found gateways to other banks and financial inst.i.tutions in the New York area.

They ignored the other banks. What had particularly intrigued them were references in the computer systems to an EFT operation run by Citibank: in various files and throughout the electronic mail system they kept turning up allusions to EFT, clues that they were convinced pointed to a terminal that did nothing but transfer funds. They began sifting through their lists of computer access numbers, looking for one among hundreds that belonged to the EFT computer, and by a laborious process of elimination they whittled the lists down to five machines whose function they couldn't divine: Of those, one seemed particularly interesting. It could be entered by a debug port (a computer access port used for maintenance) that had been left in default mode--in other words, it could be accessed with the standard manufacturer-supplied pa.s.sword, because yet again no one had ever bothered to change it.

The system they entered contained menus that guided them through the computer. One path took them directly into an administration area used by system operators. After an hour of exploration they found a directory that held a tools package, allowing them to create their own programs. With it, they wrote a procedure to copy all incoming and outgoing transmissions on the terminal into their own file. They named the file ".trans" and placed it in a directory they called "..- -" (dot, dot, s.p.a.ce, s.p.a.ce), effectively hiding it from view. What they had created was a "capture" file; from the transmissions that were copied, they would be able to divine the functions of the computer terminal.

The capture file was created late on a Sunday night. At about nine P-M- on the next evening they logged on to the system again, and from the day's transmissions they could tell that the targeted machine was indeed an EFT terminal. They discovered that the computer began transactions by linking itself to a similar computer at another bank, waiting for a particular control sequence to be sent, and then transferring a long sequence of numbers and letters. They captured about 170 different transactions on the first day and several hundred more in the following week. At the end of the week they removed the ".trans" file and its directory, killed the capture routine, and went through the system removing any trace that they had ever been there.

From the captured transmissions they were able to piece together the meaning of the control sequence and the transfers themselves. They also noticed that after the Citibank computer had sent its transfer, the destination bank would repeat the transaction (by way of confirmation) and in ten seconds would say TRANSACTION COMPLETED, followed by the destination bank ID. The two guessed that the bank IDs were the standard Federal Reserve numbers for banks (every bank in America that deals with the Federal Reserve system has a number a.s.signed to it, as do several European banks). To confirm the hunch, they called up Citibank and asked for its Federal Reserve number. It was the same as the ID being sent by the computer.

The two hackers then realized that they had collected all of the technical information they needed to raid the bank. They had discovered the codes and the procedures for the control sequence and the transfers; they knew what the bank IDs signified; and from the Federal Reserve itself they got a listing of all the national and international bank ID numbers. Now they had to organize the downstream: a secure process of getting money into their own pockets.

One of the duo had a friend, an accountant of questionable moral character, who opened a numbered Swiss account under a false name for the two hackers. He had originally laughed at the idea, explaining that an initial $50,000 was required to open a numbered account. But when he was told to get the forms so that the money could be wired to Switzerland, he began to take the scheme seriously. A few days later the accountant delivered the paperwork, the account number, and several transaction slips. He also raised his usual $1,000 fee to $6,500.

The two hackers flew to Oklahoma City to visit the hall of records and get new birth certificates. With these they obtained new Oklahoma IDs and Social Security numbers. Then, using the false IDs, they opened accounts at six different banks in Houston and Dallas, with $1,000 cash deposited in each.

The next day, armed with one Swiss and six American accounts, they began the attack. They rigged the Citicorp computer controlling the EFT transfers to direct all of its data flow to an unused Telenet terminal they had previously discovered. They took turns sitting on the terminal, collecting the transmissions, and returning the correct acknowledgments with the Federal Re- serve IDs. The transmissions each represented a cash transfer: essentially, the money was being hijacked. But by sending the required acknowledgments the hackers were giving Citibank "confirmation" that the transactions had reached the destination banks. By noon the two had $184,300 in their limbo account.

The two then disabled the "data forwarding" function on the Citibank computer, taking control of the EFT machine themselves so that they could redistribute the captured funds. By altering the transmissions, they transferred the money to the Swiss account. To the Swiss, it looked like a normal Citibank transmis- sion; after all, it had come through the Citibank's own EFT computer.

Once the two hackers had received the standard confirmation from the Swiss bank, they immediately filled out six withdrawal forms and faxed them to its New York branch, along with instructions detailing where the funds should be sent. They told the Swiss bank to send $7,333 to each of the six U.S. accounts.

(The amount was chosen because it was below the sum requiring notification of the authorities.) They followed the same procedure for three days, leaving the Swiss account with a little over $52,000 remaining on deposit.

Over the next week they withdrew $22,000 from each of the Dallas and Houston banks in amounts of $5,000 per day, leaving just under $1,000 in each account. At the end of the week they had each taken home $66,000 in cash.

You can believe this story or not as you wish. Certainly Citibank doesn't believe a word of it; it has consistently denied that anything resembling the events described above have ever happened, or that it has lost money in an EFT transfer due to hacking. The only reason anyone knows about the incident is that the two hackers who did it--or say they did--posted the details on a pirate board called Black ICE. The board was used by the Legion of Doom, at one time the most proficient and experienced hacker gang in the United States, and the two hackers-c.u.m-robbers are thought to be LoD members--or at least to consider themselves LoD members.

Hackers are generally boastful. They gain credibility by exaggerating their abilities and glamorizing their exploits. It's the issue of ident.i.ty: just as meek little Harvey Merkelstein from Brooklyn becomes the fearsome Killer Hacker when he gets loose on a keyboard, he also gains points with his peers by topping everyone else's last hack, and robbing a bank would be considered a pretty good hack.

The report from the two hackers could have been a fantasy, a means of impressing other LoD members. But, if they had managed to pull the robbery off, they would still have wanted to boast about it. And the perfect crime is the one that even the victim doesn't realize has happened. In the report posted on Black ICE, one of the two "bank robbers" wrote, IT WILL BE INTERESTING TO SEE HOW THE CITICORP [CITI- BANK'S PARENT] INTERNAL FRAUD AUDITORS AND THE TREASURY DEPARTMENT SORT THIS OUT. THERE ARE NO TRACES OF THE DIVERSION, IT JUST SEEMS TO HAVE HAPPENED. CITIBANK HAS PRINTED PROOF THAT THE FUNDS WERE SENT TO THE CORRECT BANKS, AND THE CORRECT BANKS ACKNOWLEDGMENT ON THE SAME PRINTOUT. THE CORRECT DESTINATION BANKS, HOWEVER, HAVE NO RECORD OF THE TRANSACTION. THERE IS RECORD OF CITIBANK SENDING FUNDS TO OUR SWISS ACCOUNT, BUT ONLY THE SWISS HAVE THOSE RECORDS. SINCE WE WERE CONTROLLING THE HOST [THE EFT COMPUTER] WHEN THE TRANSACTIONS WERE SENT, THERE WERE NO PRINTOUTS ON THE SENDING SIDE. SINCE WE WERE NOT ACTUALLY AT A TERMINAL CONNECTED TO ONE OF THEIR LINE PRINTERS, NO ONE SHOULD FIGURE OUT TO START CONTACTING SWISS BANKS, AND SINCE CITIBANK DOES THIS SORT OF THING DAILY WITH LARGE EUROPEAN BANKS, THEY WILL BE ALL TWISTED AND CONFUSED BY THE TIME THEY FIND OURS. SHOULD THEY EVEN GET TO OUR BANK, THEY WILL THEN HAVE TO START THE LONG AND TEDIOUS PROCESS OF EXTRACTING INFORMATION FROM THE SWISS. THEN IF THEY GET THE SWISS TO COOPERATE, THEY WILL HAVE A DEAD END WITH THE ACCOUNT, SINCE IT WAS SET UP UNDER THE GUISE OF A NONENt.i.tY. THE ACCOUNTS IN DALLAS AND HOUSTON WERE ALSO IN FAKE NAMES WITH FAKE SOCIAL SECURITY NUMBERS; WE EVEN CHANGED OUR APPEARANCES AND HANDWRITING STYLES AT EACH BANK.

I'M GLAD l'M NOT THE ONE WHO WILL HAVE THE JOB OF TRACKING ME DOWN, OR EVEN TRYING TO MUSTER UP PROOF OF WHAT HAPPENED. NOW WE WON'T HAVE TO WORRY ABOUT DISPOSABLE INCOME FOR A WHILE. I CAN FINISH COLLEGE WITHOUT WORKING AND STILL LIVE IN RELATIVE LUXURY. IT'S KIND OF WEIRD HAVING OVER SIX HUNDRED $100 BILLS IN THE DRAWER, THOUGH. TOO BAD WE CAN'T EARN ANY INTEREST ON IT!

Needless to say, the anonymous authors of this report have never been traced.

It wasnt until later that anyone in the LoD realized that Black ICF had been compromised. The board had been regularly monitored by the authorities, particularly the U.S. Secret Service, as part of a continuing investigation of the LoD, an investigation that was just about to blow open.

The authorities tended to take reports of hacker exploits seriously. The various federal agencies, police forces, and prosecutors who had dealt with the computer underworld knew that computer security had been undermined by hacking.

Everything was at risk: hackers had entered the military computer networks; they had hacked NASA and the Pentagon; they had compromised credit agencies and defrauded credit card companies; they had broken into bank systems; and they had made the telecom system a playground. But it wasn't just fraud that concerned the authorities. It was now also apparent that some hackers were selling their services to the KGB.

Chapter 7.

THE ILLUMINATI CONSPIRACY.

Karl Koch was last seen alive on May 23, 1989. That morning he had turned up to work as usual at the Hannover office of Germany's ruling Christian Democratic party. Just before twelve o'clock he drove off alone to deliver a package across town, but he never arrived. In the late afternoon his employers notified the police of his disappearance.

Nine days later the police went to a woods on the outskirts of the small village of Ohof, just outside Hannover, on a routine enquiry. They were investigating a report of an abandoned car, its roof, hood, and windscreen thick with dust. In the undergrowth near the car, the police stumbled on a charred corpse lying next to an empty gasoline can. The vegetation around the body was scorched and burned. The police noticed that the corpse was barefoot-- but no shoes were found in the car or in the surrounding area.

The investigators were perplexed. There had been no rain for five weeks, and the undergrowth was as dry as matchwood. But the scorched patch around the body was contained, as if the fire that consumed the victim had been carefully controlled.

The body was later identified as that of the twenty-four-yearold Karl Koch. The police a.s.sumed he had committed suicide. But still there were questions: princ.i.p.ally, if Koch had killed himself, how had he been able to control the fire? Why had it not spread outside the confined perimeter?

Then there were the shoes: Koch had obviously been wearing shoes when he left his office. If he had taken them off, what had he done with them? It seemed as if someone had taken them.

But there were no clues to a killer, and the death was deemed to be suicide.

Four years previously Karl Koch had been the first hacker in Germany recruited by agents working for the KGB. At the time he was living in Hannover, a dropout from society and school who had recently squandered the small inheritance he had received following the death of his parents. A small-time drug habit helped him through his bereavement, and beyond, but his life was going nowhere.

Apart from drugs, Koch's only interest was hacking. His handle was Hagbard, an alias taken from the Illuminati trilogy by Robert Shea and Robert Anton Wilson.

According to the books, the Illuminati is a secret cult that has been in existence since the beginning of time and has orchestrated every major crime, misfortune and calamity. Only one man had ever emerged who could fight the cult: the hero, Hagbard Celine. Koch was drawn by the conspiracy theories nurtured in the books; he believed there were parallels in real life.

That year Koch met an older man named Peter Kahl. Kahl was then in his mid-thirties, a small-time fixer who was looking for a big break. He worked nights as a croupier in a Hannover casino and during the day was occupied with putting together his latest scheme.

Kahl's idea was simple: he planned to recruit a gang of hackers who could break into West European and American computer systems, particularly those on military or defense-industry sites. Then he would sell the data and information they had gathered to the KGB.

Kahl first encountered Koch at a hacker's meeting in Hannover. The young man seemed an ideal recruit: malleable, drifting, amoral. Later, when Kahl explained his scheme to Koch, the hacker appeared receptive. Two weeks later Koch agreed to become a member of the Soviet hacker gang.

In 1985 the computer underworld was a growing force in Germany. Hacking had become prevalent at the beginning of the decade, as low-cost personal computers became increasingly available. It had grown in popularity with the release of War Games--the 1983 film in which Matthew Broderick nearly unleashes the next world war by hacking into NORAD which proved peculiarly influential in Germany.

By the mid-1980s the Germans were second only to the Americans in the number of hackers and their audacity. The national computer networks had all been compromised; German hackers would later turn up on systems all over the world.

The growth of the computer underworld was nurtured by sustained media coverage and the quasi-inst.i.tutionalization of hacking. Nearly everything in Germany is organized, even anarchy. So, in a parody of Teutonic orderliness, hackers a.s.sembled into clubs: there was the BHP (the Bayrische Hackerpost) in Munich, Foebud-Bi in Bielefeld, Suecrates-S in Stuttgart, and HICop-CE (the Headquarters of the Independent Computer-Freaks) in Celle. Of course the most famous and best-organized of all was the Chaos Computer Club in Hamburg. Since its inception in 1981, it had sp.a.w.ned affiliates in other towns and cities, even a branch in France, and in 1984 hosted the first of its annual confer- ences, an event that served to keep the Chaos name in the press. In between the annual congresses, Chaos also held smaller hacker meets at the various computer conventions held around Germany. Whatever the event, the venue for the hacker meet was always next to the stand occupied by the Bundespost, the German Post Office, and the time was always four P.M. on the first Tuesday of the exhibition.

Chaos was never a huge organization--even now it only has about 150 registered members--but it is very accomplished at self-promotion and zealous in disseminating information on hacking. It publishes a bimonthly magazine, Die Datenschleuder (literally, "the Distribution of Data by Centrifuge") with sixteen to twenty pages an issue. It also promotes Die Hackerbibel ("The Hacker Bible"), a two-part set of reference books detailing hacker techniques.

Chaos first came to the notice of the general public in 1984, Then it hacked into the German computer information system, ,tx (Bildschirmtext).' Like all telephone and data services in Jermany, the system is run by the Bundespost, an unloved, lureaucratic inst.i.tution that is obsessive in its attempts to control all national telecommunications links. The company added to its popularity with hackers when it began licensing telephone anwering machines and regulating the use of modems.

At first, Chaos was just another "information provider" on Btx. Subscribers to the service could dial up and read pages of information supplied by Chaos on their home computers. Users vere charged at a premium rate for the calls, with proceeds shared between the Bundespost and Chaos. This seemed a good recipe or making money--until one of the computer wizards at Chaos discovered that security on the system was hopelessly weak. He realized that if a hacker broke into Btx, he could get hold of the Chaos ID and pa.s.sword (used by the club to access and update the information on its pages), then dial up other services and ~ddle Chaos with the cost. With a minimum of 10 marks per call, bout $6.80, the amount involved could soon become astronomic.

Chaos's founder, Wau Holland, and a younger member of the club, Steffen Wernery, then aged twenty-two, decided to go public with the discovery. The two contacted Hans Gliss, the managing editor of the computer security journal Datenschutz-Berater ("Data Security Adviser"). Gliss invited Holland and Steffen to attend an upcoming conference on data security and present their information. But at the meeting Bundespost representatives disputed the club's claims, unwisely stating that its Btx security was impenetrable. It was the cue for Chaos to demonstrate otherwise.

The Chaos team hacked into the Btx system and into the account of their local savings bank, the Hamburger Sparka.s.se. They then introduced a computer program they had written, causing the bank to call up the Chaos Btx pages repeatedly over a ten-hour period. The program was simple: it merely called the Chaos Btx number, waited for an answer and then hung up. Over and over again. After ten hours, the bill for the bank came to almost $92,000. But although the bill was never presented, the ensuing publicity carefully orchestrated by Chaos through the German press agency--forced the Bundespost to improve its computer security, and Holland and Steffen became national heroes.