Approaching Zero Part 9

It was an opportunistic intelligence-gathering operation. The Soviet hacker gang had quite literally walked through the KGB's front door, offering to sell military secrets. Given that the agency paid $68,000 for the data, it must be a.s.sumed they were satisfied with what they had received.

Espionage is a curious trade. Those who claim to know how intelligence agencies work say that computer penetration has become a new and useful tool for latter-day spies. The Americans are said to be involved, through the NSA, as are the British, through GCHQ, the General Communications Headquarters, which gathers intelligence from diverse sources. Hacking, at this rarefied level, becomes a matter of national security.

Of course the Americans and the British aren't the only ones suspected of involvement. Mossad, the Israeli secret service, is said to have penetrated the computer systems of French defense contractors who had sold weapons to its enemies in the Middle East. The Israeli service then altered some of the data for the weaponry, rendering it vulnerable to their own defense systems. In this case, the Israelis may have been merely copying the French. During the Gulf War it was widely reported that certain French missiles--the Exocets, which had previously been sold to the Iraqis--included back doors to their computer guidance sys- tems. These back doors would allow the French military to send a radio signal to the Exocets' on-board computers, rendering the weapons harmless.

The scheme, neat as it appears, was never put to the test. The Iraqis never used their Exocets during the conflict--perhaps because they, too, had heard the stories. On the other hand, the entire scenario could well have been French disinformation.

It was in this murky world of spying and double-cross that the Soviet hacker gang found itself. In the wider sphere of international and industrial espionage the Germans were ultimately only minor irritants. The technology now exists to access the computer systems of compet.i.tors and rivals, and it would be naive to presume that these methods are not being used. It is possible, for instance, to read a computer screen with a radio signal from a site hundreds of feet away. And, during the Cold War, a small truck believed to be equipped with such a device was shipped from Czechoslovakia to Canada. It entered the United States under the guise of diplomatic immunity and traveled, in a curious and indirect way, to the Mexican border. The route took the van close to a sizable number of American defense installations, where the driver would stop, often for days. It was a.s.sumed by the small army of federal agents following the truck that it was homing in on computer screens on the bases and sending the material on to the Soviet Emba.s.sy in Washington.

It's not known if the Czechs and the Soviets found any information of real value, but with the increased use of technology, and the vulnerability of networked computer systems, it is probable that corporations and governments will be tempted to subvert or steal data from rivals. And, under these circ.u.mstances, there is inevitably another explanation for the break-in at Philips-France and SGS-Thomson. In 1986 and 1987 Mossad was becoming increasingly worried about deliveries of French weaponry to Iraq and other Arab states. Some of the electronic components for these weapons were designed at the two companies. The Israelis wanted to destroy or steal the data for these components, and to do so, hacked into the companies' computers, using the same techniques being used by the Germans. Mossad knew that the German hackers would get the blame. Indeed, they knew that Pengo and Koch were wandering about the same computers. But the two Germans wouldn't have destroyed information--that would have drawn attention to their activities; nor did they ever manage to steal anything worth hundreds of millions of dollars. That was Mossad.

Koch, with his love of conspiracies, would have appreciated such a theory. The Illuminati--the French police, the KGB, the Stasi and Mossad--were real after all.

Chapter 8.

CRACKDOWN.

The Soviet hacker gang wasn't the only reason for the subsequent U.S. government crackdown on the computer underworld. But the threat of a Communist plot to steal top-secret military data was enough to focus the attention of the previously lethargic investigators. The federal authority's lack of urgency in dealing with what appeared to be a threat to national security had been doc.u.mented by Clifford Stoll in The Cuckoo's Egg, and the diffidence displayed by the FBI and the Secret Service in that case had caused them a great deal of embarra.s.sment. After Stoll's disclosures, the authorities began monitoring hacker bulletin boards much more closely.

One of the boards staked out by the Secret Service was Black ICE, the Legion of Doom's favorite, located somewhere in Richmond, Virginia. On March 4, 1989, two days after the arrest of the Soviet hacker gang, intrigued Secret Service agents recorded the following exchanges: I SAW SOMETHING IN TODAY'S PAPER THAT REALLY BURNS ME, growled a Legionnaire known as Skinny Puppy, initiating a series of electronic messages.' He continued: SOME WEST GERMAN HACKERS WERE BREAKING INTO SYS- TEMS AND SELLING INFO TO THE RUSSIANS. IT'S ONE THING REINa A HACKER. IT'S ANOTHER BEING A TRAITOR. IF I FIND OUT THAT ANYONE ON THIS BOARD HAD ANYTHING TO DO WITH IT, I WILL PERSONALLY HUNT THEM DOWN AND MAKE THEM WISH THEY HAD BEEN BUSTED BY THE FBI. I AM CON- SIDERING STARTING MY OWN INVESTIGATION INTO THIS INCIDENT AND DESTROYING A FEW PEOPLE THE BKA [German federal police] DIDN'T GET. DOES ANYONE CARE TO JOIN ME ON THIS CRUSADE? OR AT LEAST GIVE SUPPORT? CAN I CLAIM AN ACT UPON THESE CREEPS AS LOD VENGEANCE FOR DEFILING THE HACKERS IMAGE?

An hour and a half later the Prophet uploaded his response: DON'T FROTH AT THE MOUTH, PUPPY; YOU'LL PROBABLY JUST ATTRACT THE ATTENTION OF THE AUTHORITIES, WHO SEEM TO HAVE HANDLED THIS WELL ENOUGH ON THEIR OWN. TOO BAD THE IDIOTS AT NASA AND LOS ALAMOS COULDN'T HAVE DONE THE SAME. HOW MANY TIMES ARE THEY GOING TO ALLOW THEIR SECURITY TO BE PENETRATED? HOW DO YOU THINK THIS IS GOING TO AFFECT DOMESTIC HACKERS? MY GUESS IS, THE FEDS ARE GOING TO RF.AR DOWN ON IJS HARDER.

The Highwayman, one of the bulletin board's system operators, suggested, LET'S BREAK INTO THE SOVIET COMPUTERS AND GIVE THE INFO TO THE CIA. I KNOW YOU CAN GET ON A SOVIET PSN [Public Switched Network, the public telephone system] FROM AN EAST GERMAN GATEWAY FROM WEST GERMANY.

Other Legionnaires were less patriotic. Erik Bloodaxe said, TAKE MONEY ANY WAY YOU CAN! f.u.c.k IT. INFORMATION IS A VALUABLE COMMODITY, AND SHOULD BE SOLD. IF THERE lS MONEY TO BE MADE, THEN MAKE IT. f.u.c.k AMERICAN SECRETS. IT DOESN'T MATTER. IP RUSSIA REALLY WANTED SOMETHING, THEY WOULD PROBABLY GET IT ANYWAY. GOOD FOR WHOEVER SOLD IT TO THEM! The last message was posted late that same night. THIS GOVERNMENT DESERVES TO BE f.u.c.kED, said the Urvile. I'M ALL FOR A GOVERNMENT THAT CAN HELP ME (HEY, COMRADE, GOT SOME SE- CRETS FOR YOU CHEAP). f.u.c.k AMERICA. DEMOCRACY lS FOR LOSERS.

DICTATORSHIP, RAH! RAH! At this early date there were rumors that Chaos had been involved with the Soviet hackers, even that some of its members had been arrested. One of the Legionnaires tried calling up Altos--the board in Munich that had become an internationa hacker hangout--to find out what was going on, but the board was down due to some sort of technical fault.

To the watching Secret Service agents, at least some of the messages suggested that American hackers might well follow in the footsteps of the Soviet hacker gang and go into business selling military or industrial secrets. It was disquieting--even if the characteristic hacker bravado was taken into account.

But in reality, the Soviet hacker gang was only a momentary distraction for the Legion of Doom. By the next day the flurry of interest had died out; the bulletin board messages resumed the usual pattern--technical queries; reports on hacking sites; postings about police surveillance, about Secret Service monitoring, about the FBI and the CIA.

Black ICE was the LoD's princ.i.p.al board, and was restricted to twenty users (mostly LoD members). It was accessed by remote call forwarding, which kept it- -or so it was believed--one step ahead of the law. The name Black ICE came from a novel by the science-fiction writer William Gibson. ICE, for Intrusion Countermeasures Electronics, was a program that kept watch for hackers; when it detected them, it literally "fried their brains"--the deadly "black" countermeasure.

The author William Gibson is an icon in the computer underworld, and his imaginative sci-fi thrillers have acquired cult status. In his best-known book, Neuromancer (1984), Gibson created a world he called Cybers.p.a.ce, populated by computer cowboys who roamed the s.p.a.ce's electronic systems. Neuromancer forecast the world of hackers--the networks and communication links that they inhabit--and gave them an alternate, more glamorous ident.i.ty. The networks became known as Cybers.p.a.ce, and the hacker became a Cyberpunk.

The conceit became common in the late 1980S. The Cyberpunk image complemented the secrecy and role-playing of handles, and it gave a whole new ident.i.ty to fifteen-year-old computer wizards sitting in front of their computer screens. They weren't just teenagers, or even hackers--they were Cyberpunks, the meanest, toughest technology junkies in the world.

The Legion of Doom was the best-known Cyberpunk gang in America; certainly it generated the most press. Like Chaos in Germany, the gang was conscious of the publicity value of a sinister, slightly menacing name. One of its members was once asked why they picked it: "What else could we have called our-selves?" he answered. "The Legion of Flower Pickers?"

The LoD's origins go back to the summer of 1984, when a hacker named Lex Luthor set up one of the first specialist hacker bulletin boards, based in Florida. It was an elite, invitation-only board, with detailed files on hacking and related crafts, such as social engineering and dumpster diving.

The first Legion of Doom had nine members, with handles such as Karl Marx, Agrajag the Prolonged, and King Blotto. The gang has been re-formed three times since. It went into decline when five of the original Legionnaires were busted, but bounced back in 1986 and again in 1988. The latest re-formation took place in late 1990. It was never a large group, and although the original LoD board had more than 150 users, admission to the bulletin board was not the same as gang membership. The LoD was the elite of the elite, a sort of inner circle. The real LoD generally hovered between nine and eleven members; it has never had more than twelve at any one time. Between 1984 and January 1992 there were only forty confirmed LoD members in total.

The LoD was eulogized by the hacker bulletin PHRACK after one of its periodic demises: LoD members may have entered into systems numbering in the tens of thousands, they may have peeped into credit histories, they may have snooped into files and buffered [stolen] interesting text, they may still have control over entire computer networks, but what damage have they done?

The answer is none--well, almost none. There are the inevitable exceptions: unpaid use of CPU [Central Processing Unit] time and network access charges.

What personal gains have any members gained? Again, the answer is none--apart from three instances of credit fraud that were instigated by three separate greedy individuals without group knowledge.

The bulletin concluded, "The Legion of Doom will long be remembered as an innovative and pioneering force."

But the LoD was not the only group on the electronic block: it had rivals, other high-tech gangs that contested LoD's reputation as the best hackers in Cybers.p.a.ce. One of these other gangs was MoD--which, depending on whom you ask and what time of day it is, stands for either Masters of Destruction or Masters of Deception or sometimes Mom's on Drugs. The MoD membership was centered in New York; the gang included hackers such as Corrupt, Julio, Renegade Hacker, and, from Philadelphia, the Wing.

But LoD's most serious rival was DPAC, a gang with members in both Maryland and New Jersey. The group had taken its name from a Canadian data communications system (a contraction of "Data Packet") and was led, off and on, by a hacker called Sharp. Membership in DPAC varied, but included Remob (after the device that allows phones to be tapped remotely), Meat Puppet, the Executioner, Supern.i.g.g.e.r, and GZ. Despite the handle, Supern.i.g.g.e.r wasn't black; and GZ, very unusually, was female.

The LoD disparaged the abilities of DPAC members. One of the Black ICE sysops, the Mentor, messaged, SUPERn.i.g.g.e.r AND GZ ARE BOTH BLATANT IDIOTS WHO LIKE TO SHOOT THEIR MOUTHS OFF. GZ DOES STUFF LIKE HACK MCI FOR DAYS FROM HER HOUSE.

The Urvile, though, was less sanguine. In a message to Black ICE, he reported having received a phone call from someone named Mike Dawson, who claimed to be a special agent with the Secret Service, telling him that "We'll be visiting you tomorrow." The Urvile thought the voice sounded too young for a Secret Service agent; he was also bothered that Mike didn't know his address or last name.

"Are your parents going to be home tomorrow between two and three?" Mike persisted.

"Gee, I guess so."

His parents probably would be home, he thought--but at their home, not his. The Urvile, at the time, was a university student and lived in his own apartment. When he asked if the agent knew how old he was, Mike answered, "All will be made apparent tomorrow.

The next day the Urvile removed all his notes and files, just in case. But the Secret Service never appeared. "I'm betting five to one odds that it's DPAC, and I don't like it one bit," he said.

Ordinarily the Urvile's concerns could be dismissed as just another bout of hacker paranoia. But by 1989 the LoD had become involved in a "hacker war" with DPAC and MoD--a fight for control of Cybers.p.a.ce, over phone lines and computer tworks, with threatening messages left on bulletin boards or swering machines. In one case, an LoD member who worked (somewhat incongruously) for a telephone company's security department found taunting messages on his computer terminal at work. On a more serious level, there were attempts to reprogram switches to land opponents with astronomical phone bills; there was one instance of breaking into a credit bureau to destroy a gang member's credit rating. But while the three gangs were squabbling among themselves, the biggest crackdown on hacking in the United States had just begun.

The catalyst was an anonymous phone call to an unlisted residential number in Indianapolis at eight P.M. on June 29, 1989.

As security manager for Indiana Bell, Robert S. was accustomed to anonymous calls: he was a prime target for hackers attempting to impress him with their ability to break into his system and find his home number. And the caller this night didn't seem much different from the others. He sounded like a young man trying to seem older, his voice a mix of swagger and menace. The caller presented his credentials by repeating Robert's credit history to him--which meant only that the anonymous hacker could also break into credit bureau computers.

"Tell you something else, Bob--you don't mind if I call you Bob, do you? I'll tell you, somebody like me who really knows the phone systems could really f.u.c.k things up. I mean I could put your 5ESS's into an endless loop. You know what I mean? You know what that would do?"

The 5ESS's were a type of electronic switching system. There were hundreds in Indiana Bell, thousands around the country. An endless loop is caused by changing the coding of the switch so that it no longer puts forward calls. The calls instead just loop around the switch, like a record needle caught in the same groove. The result would be paralysis: no calls from the switch could get out.

"It could cause a lot of problems. Is that what you're threatening?"

"Sort of. But I've made it better than that. I've planted computer bombs in some of the 5ESS's--time bombs--they're going to f.u.c.k up your switches. The game is to see if you can find them before they go off. And all I'm going to tell you about them is that they're programmed to blow on a national holiday. They could be anywhere in the country--it's sort of a compet.i.tion, a security test, it'll give you something interesting to do for a change. You know what I mean?"

The line went dead. Of all the hacker calls Robert had received--most a mix of braggadocio and hubris--this was one of the few he would think of as threatening.

The threat was the bomb--a piece of computer programming, probably only a short program, that would be hidden among the thousands of instructions on any 5ESS switch, anywhere in the country. A computer bomb is a one-shot explosion. It could throw a switch into an endless loop, it could overload the system--or, indeed, it could create havoc by releasing a self-replicating program such as a worm, which would move through the network, knocking out switch after switch.

In a nightmare scenario the country could effectively be closed down for days, leaving its citizens with no means of communication and cut off from emergency fire, police, and ambulance services. The cost in terms of lives would be unthinkable and the revenue losses would be incalculable: crime would soar and businesses could be forced to shut down.

Robert couldn't know where the bombs had been hidden, nor did he know how many there were or what they would do when they went off. All he knew was that they had been set to explode on a national holiday--and five days later it would be Independence Day, the Fourth of July.

He reported the call to his superiors at Indiana Bell and to Bellcore (Bell Communication Research), which coordinates network security. Given the imminence of the Fourth of July, Bellcore had little choice but to take the threat seriously. The company organized an alert, a.s.sembling a security task force consisting of forty-two full-time employees. They would work around the clock in two twelve-hour shifts examining the 5ESS's, checking through each and every program for a few lines of code that could cause disruption.

The threat to the phone system was also reported to the United States Secret Service. The agency, part of the Treasury Department, had been a.s.signed national responsibility for computer crime in 1984, after a long bureaucratic battle with the FBI. The limits of its responsibilities and those of the FBI have never been strictly defined; there have always been areas where the two agen- cies overlapped. The Secret Service's responsibility is to investigate access device fraud that affects interstate and foreign commerce if there is a minimum loss of $1000. Their mandate, though, is subject to agreement between the secretary of the Treasury (their boss) and the Attorney General, who runs the FBI. The effect has been to leave the two agencies to fight out their responsibilities between themselves.

The Secret Service was already in the midst of an in-depth investigation of the computer underworld. In 1988 the agency had become aware of a new proposal, one that seemed to signal an increase in hacker activity. Called the Phoenix Project, it was heralded in the hacker bulletin PHRACK as "a new beginning to the phreak/hack community where knowledge is the key to the future and is free.

The telecommunications and security industries can no longer withhold the right to learn, the right to explore, or the right to have knowledge." The Phoenix Project, it was announced, would be launched at SummerCon '88--the annual hacker conference, to be held in a hotel near the airport in Saint Louis.

The Phoenix was the legendary bird that rose from its own ashes after a fiery death. To the hackers it was just a name for their latest convention. But to the telephone companies and the Secret Service, the Phoenix Project portended greater disruption--as well as the theft of industrial or defense secrets. The implications of "the right to learn, the right to explore, or the right to have knowledge" appeared more sinister than liberating, and the article was published just as the Secret Service was becoming aware of an upsurge in hacker activity, princ.i.p.ally telecommunications fraud. The increase appeared linked to the hacker wars, then spluttering inconclusively along.

Coincidentally, in May 1988, police in the city of Phoenix, Arizona, raided the home of a suspected local hacker known as the Dictator. The young man was the system operator of a small pirate board called the Dark Side. The local police referred his case to the district attorney for prosecution, and he in turn notified the secret service.

No one was quite sure what to do with the Dictator--but then someone had the bright idea of running his board as a sting. The Dictator agreed to cooperate: in return for immunity from prosecution, he continued to operate the Dark Side as a Secret Service tool for collecting hacker lore and gossip and for monitoring the progress of the Phoenix Project. That the scheme to investigate the Phoenix Project was based in the city of Phoenix was entirely coincidental: it was established there solely because the local office of the Secret Service was willing to run an undercover operation.

Dubbed Operation Sundevil, after the Arizona State University mascot, it was officially described as "a Secret Service investigation into financial crimes (fraud, credit card fraud, communications service losses, etc.) led by the Phoenix Secret Service with task force partic.i.p.ation by the Arizona U.S. Attorney's office and t he Arizona Attorney General's office." The Arizona a.s.sistant attorney general a.s.signed to the case was Gail Thackeray, an energetic and combative attorney who would become the focal point for press coverage of the operation.

But the impetus for Operation Sundevil--the Dark Side sting--only provided the authorities with a limited insight into the computer underworld. Reams of gossip and electronic messages were collected, but investigators were still no nearer to getting a fix on the extent of hacking or the ident.i.ties of the key players. They decided on another trick: they enlisted the Dictator's help in penetrating the forthcoming SummerCon '88, the event that would launch the Phoenix Project.

Less a conference and more a hacker party, SummerCon '88 was held in a dingy motel not far from the Saint Louis airport. Delegates, usually adolescent hackers, popped in and out of one another's rooms to gossip and play with computers.

The Dictator stayed in a special room, courtesy of the Secret Service. Agents next door filmed the proceedings in the room through a two-way mirror, recording over 150 hours of videotape. Just what was captured in this film has never been revealed (the Secret Service has declined all requests to view the tapes), but cynics have suggested that it may be the most boring movie ever made--a six-day epic featuring kids drinking c.o.ke, eating pizzas, and gossiping.

Nonetheless, the intelligence gathered at SummerCon and through the Dark Side had somehow convinced the Feds that they were dealing with a national conspiracy, a fraud that was costing the country more than $50 million in telecom costs alone. And that, said Gail Thackeray (boo hiss b.i.t.c.h!), was "just the tip of the iceberg."

Then the Phoenix Secret Service had a lucky break.

In May 1989, just a year after ousting the Dictator, police investigating the abuse of a Phoenix hotel's private telephone exchange stumbled across another hacker. He was no small-time operator. Questioned by the Secret Service, he admitted that he had access to Black ICE. He wasn't an LoD member, he added, merely one of the few non-Legionnaires allowed to use the gang's board. Under pressure from the Secret Service, who reminded him of the penalties for hacking into a private telephone exchange and stealing services, he, too, agreed to become an informant. He would be referred to only as Hacker 1.

A month later the Secret Service learned about the anonymous call to the Indiana Bell security manager and the threat to the telephone switches. At this stage there was still no evidence of an attack. Similar hoax calls are received every day by the phone companies. But then, on July 3rd, four days after the anonymous call, the Bellcore task force discovered that this wasn't just an idle threat. Three computer bombs were found, just hours before the Fourth of July public holiday. The bombs, as the caller had warned, were spread across the country: one was discovered in a switch in BellSouth in Atlanta, Georgia; another in Mountain Bell's system in Denver, Colorado; and the third in Newark, New Jersey. The devices were described by the Secret Service as "time bomb[s] .

which if left undetected, would have compromised these computers (for an unknown period) and effectively shut down the compromised computer telephone systems in Denver, Atlanta. and New Jersey." In ~lainer language, had the bombs not been discovered and defused, they could have created local disasters.

In the Secret Service offices in Phoenix, the interrogation of Hacker 1 acquired more urgency. The agents now knew that somewhere out there was a computer freak--or perhaps a gang of freaks--with the ability and inclination to plant bombs in the telephone system. It could happen again, and the next time there might not be any warning. The agents probed Hacker I about his contacts in the Legion of Doom, particularly those Legionnaires who might have access to the compromised phone companies.

He told them about the Urvile, the Leftist, and the Prophet, three members who had the expertise to plant bombs, and were all based in Atlanta, the home of BellSouth.

This information was enough for the Georgia courts to authorize the placing of Dialed Number Recorders (DNRs) on the three hackers' phone lines.

For ten days the Secret Service monitored every call and recorded the hackers looping around the country to gain free telephone service and to avoid detection. The Atlanta hackers often started their loops by dialing into the computer system at Georgia Tech, using IDs and pa.s.swords provided by the Urvile, a student there. From Georgia Tech they could tour the world, if they felt the inclination, hopping from one network to another, wherever lax security or their own expertise permitted. With the evidence from the DNRs, the Secret Service executed search warrants on the three LoD members, and eventually raided their homes.

The investigators uncovered thousands of pages of proprietary telephone company information, hundreds of diskettes, half a dozen computers, and volumes of notes. The three Legionnaires and their fellow hackers had been dumpster diving at BellSouth, looking for telco manuals. With the information gleaned, they had developed techniques for accessing over a dozen of BellSouth's computer systems, and from these they downloaded information that would allow them to get into other computer systems--including those belonging to banks, credit bureaus, hospitals, and businesses. When the Leftist was interviewed, he nonchalantly agreed that the Legionnaires could easily have shut down telephone services throughout the country.

Among the ma.s.ses of information that the investigators found were files on computer bombs and trojan horses--as well as one doc.u.ment that described in detail how to bring down a telephone exchange by dropping a computer program into a 5ESS switch. The program simply kept adding new files to the switch's hard disk until it was full, causing the computer to shut down.

What the investigators didn't uncover was any direct evidence linking the Atlanta Three to the computer bombs. Simple possession of a report that details how a crime could be committed does not prove that it has been. But they did find one doc.u.ment that seemed to portend even greater destruction: during the search of the Prophet's home they discovered something called the "E911 file." Its significance escaped the Treasury agents, but it immediately caused the technicians from BellSouth to blanch: "You mean the hackers had this stuff?" The file, they said, described a new program developed for the emergency 911 service: the E simply stood for enhanced.

The 911 service is used throughout North America for handling emergency calls-- police, fire, and ambulance. Dialing 911 gives direct access to a munic.i.p.ality's Public Safety Answering Point, a dedicated telephone facility for summoning the emergency services. The calls are carried over an ordinary telephone switch; however, incoming 911 calls are given priority over all other calls. From the switch, the 911 calls travel on lines dedicated to the emergency services.

In March 1988 BellSouth had developed a new program for enhancing the 911 service. The E911 file contained information relating to installation and maintenance of the service, and was headed, "Not for use or disclosure outside BellSouth or any of its subsidiaries except under written agreement." It had been stored in a computer in BellSouth's corporate headquarters in Atlanta, Georgia. While hacking into the supposedly secure system, the Prophet had found the file and downloaded it to his own PC.

In the hands of the wrong people, the BellSouth technicians said, the critical E911 doc.u.ment could be used as a blueprint for widespread disruption in the emergency systems. Clearly, hackers were the wrong sort of people. According to BellSouth, "any damage to that very sensitive system could result in a dangerous breakdown in police, fire, and ambulance services." Mere computer bombs seemed childish by comparison.

Just seven months later, on the public holiday in honor of Martin Luther King, Jr., the most sophisticated telephone system in the world went down for nine hours. At 2:25 P.M. on January 15,1990 the nationwide network operated by AT&T was. .h.i.t by a computer failure. For the duration of the breakdown, the only voice responding to millions of long-distance callers was a recorded message: "All services are busy--please try again later."

It was estimated that by early afternoon as many as half the long-distance calls being dialed in every major city were blocked. Some twenty million calls were affected, causing chaos in many businesses, especially those such as airlines, car rental companies, and hotels which rely on free 1-800 numbers. It was the most serious failure since the introduction of computer-based phone systems thirty years earlier.

Robert E. Allen, AT&T chairman, emerged the following day to explain that "preliminary indications are that a software problem occurred, which spread rapidly through the network." Another spokesman said that while a failure in the software systems was probably to blame, a computer bomb could not be ruled out. The problem had been centered in what was called a signal node, a computer or switch attached to the network. According to AT&T, the errant system "had told switches it was unable to receive calls, and this had a domino effect on other switches." The effect was not dissimilar to the endless loop, which causes all incoming calls to circle idly around the switch.

Software problems are not uncommon, but few have such spectacular effects. And coming so soon after the computer bomb threat, rumors flourished that AT&T had been hit by hackers. In the course of researching this book, the authors were told more than once that the AT&T failure had been caused by a computer bomb. One source even claimed he could identify the culprit. The rumors continue to circulate, as they do about everything in the computer underworld.

However, there is absolutely no proof that it was a computer bomb, and AT&T's final, official explanation remains that the shutdown was caused by an errant piece of software.

The attack did not affect the emergency 911 numbers, which are handled by local carriers. Nor, even if it was a bomb, was it likely to have been linked to the previous incident. But it had taken place on a national holiday--Martin Luther King Day--and the coincidence bothered the authorities.

On January 18th, three days after the AT&T system collapsed the Secret Service began a nationwide sweep, targeting hacker gangs--in particular the Legion of Doom--and anyone who appeared to be a threat to the phone system.

Their first call was on Knight Lightning. The handle belonged to Craig Neidorf, a twenty-year-old prelaw student at the University of Missouri in Columbia, and one of the coeditors of the underground newsletter PHRACK. He was found in his room on the third floor of the Zeta Beta Tau fraternity house. Special Agent Tim Foley, who had been investigating the attacks on the telephone computer switches for seven months, and Reed Nolan, a security representative from Southwestern Bell Telephone, questioned Neidorf about an article in PHRACK on the electronic switching systems. They also brought up the E911 doc.u.ment. They knew that Neidorf had received a copy of the file from the Prophet, and had published it in PHRACK in February 1989. According to Foley, Neidorf admitted knowing that the E911 tutorial had been stolen from BellSouth.

The next day Foley returned with a search warrant and the local police. The ESS article had been forgotten; Neidorf was instead charged with ten felony counts centering on the publication of the E911 file in PHRACK. If found guilty, he faced a sentence of up to sixty-five years in prison.

On January 24, 1990, the Secret Service operation moved to Queens, New York, to the homes of several known hackers. The first target was a twenty-year-old known among the underground as Acid Phreak. When the Secret Service arrived, they told him that he was suspected of causing the AT&T crash nine days earlier. One of the agents pointed to his answering machine. "What's that for?"

he asked. "Answering the phone," Acid Phreak said. He wasn't arrested, but instead was asked to accompany the agents to their headquarters in the World Trade Center, where he was questioned until the early hours of the morning.

Phiber Optik, who also lives in Queens, was raided next. According to hacker lore, he was awakened in the middle of the night and confronted with nine loaded guns, which seems unlikely, as most other raids were conducted by one or two agents, usually accompanied by a telephone security man. Another New York hacker, the Scorpion, a friend of both Phiber Optik and Acid Phreak, was also raided on that day.

On March 1st the action moved to Texas, with an almost comically aggressive bust of a games publishing company.

The day started early, in Austin, with a dawn raid on the home of Loyd Blankenship. Loyd, known as the Mentor to colleagues in the Legion of Doom, was also sysop of an underground bulletin board, the Phoenix Project, and the author of a series of "hacker tutorials" in PHRACK. He and his wife were roused from their bed by a team of six Secret Service agents, a local cop, and a representative from Bellcore.

While his own computer and equipment were being seized, Loyd was driven to his office at Steve Jackson Games. The company specialized in publishing computer games, most of them involving role-playing of one sort or another. At the time it employed fifteen people and had a turnover of $500,000. Founded by Steve Jackson, the company also ran its own, completely legitimate bulletin board, which functioned as an information service for its customers. The only remarkable thing about the bulletin board was its name--Illuminati, after the secret, world-dominant sect that had so exercised the Soviet hacker gang. Computer enthusiasts the world over clearly read the same books.

Steve Jackson himself arrived at the office just as the Secret Service agents were attempting to kick down the door. The agents were offered a key instead. They spared the door but did prefer to force open a locker and to cut the locks off of the outside storage sheds, despite being offered the appropriate keys.

The agents seized all the computer equipment they could find. They also tore open cartons in the warehouse, looking for a handbook on computer crime that was in preparation: they intended to seize all copies before it could be distributed.

The "handbook on computer crime" later turned out to be an innocent game about computers called GURPS Cyberpunk, published by Steve Jackson Games.s The mere fact that Loyd had chosen the name Cyberpunk had led the authorities to conclude that the program was part of a conspiracy to spread hacking techniques nationwide. The Secret Service seized all copies of the game at the company's premises and made doubly certain that they collected the data for Loyd's manual as well.

Two months later Operation Sundevil struck again. On May 8th coordinated raids on hackers in fourteen cities were carried out. Over 150 Secret Service agents were deployed, teamed with numerous local and state law enforcement agencies. The agents served twenty-seven search warrants in Chicago, Cincinnati, Detroit, Los Angeles, Miami, Newark, New York, Phoenix, Pittsburgh, Plano (Texas), Richmond, San Diego, San Jose, and Tucson. Forty computers and 23,000 diskettes were seized.

The official reason for the busts was telecommunications fraud. The raids were synchronized in order to completely surprise the hacker community and prevent important evidence from being destroyed.

But that nearly happened anyway. As reports of the Atlanta and New York raids circulated, a number of hacker boards carried warnings that another "major bust" was imminent. (Captain Zap, the Philadelphia hacker arrested years before for theft, takes credit for the messages.) One of those who took the warnings seriously was Erik Bloodaxe, the LoD member who was so keen on selling U.S. military secrets to the Soviets. All his equipment, as well as any doc.u.ments that could incriminate him, was hidden away before the raids. When the Secret Service and local cops burst in on him, he was the picture of innocence. With little to choose from, the agents considered taking away his PacMan game--then decided to take his phone instead. It was the only piece of hacker equipment they could find.

Others were less lucky. As the Secret Service raided homes of known hackers, carrying away boxes of diskettes and computer equipment, they were invariably asked, "When do I get my system back?" The authorities were well aware that confiscating equipment for use as evidence later--should there ever be a case-- was punishment in itself.

During the raids half the members of the Legion of Doom were busted. MoD and DPAC were less affected than the Legion by the busts, but the aftershock would cause DPAC to split up, and MoD would come to grief the next year.

The spluttering, intermittent hacker wars had ended in default. The Secret Service had broken the hacker gangs and brought law and order to Cybers.p.a.ce. Or so it seemed.