Masters of Deception: The Gang That Ruled Cyberspace (24 page)

The MOD boys also did a fair amount of star-gazing. They kept entries on certain celebrities those credit histories that

John would look up on a whim. Geraldo's financial profile was there. So was David Duke's. So was John Gotti's and Julia Roberts's, and Winona Ryder's. Mad Magazine founder William Gaines was also in the pantheon of celebs because John had a vague plan to call him and ask for a job. So was Christina Applegate, a TV actress on whom Chris Goggans was said to dote. The MOD boys had been letting it be known that they'd called up Ms. Applegate pretending to be Chris.

"Maybe you saw my photo in Newsweek, babe, " the faux Chris supposedly told her. The real Chris was just sick about it.

The real Chris, in fact, knew all about the MODNET database, all about what those New York boys were up to.

It seemed that one of Allen's pals, a Houston hacker who we'll call The Dentist, was an authorized MODNET user. The Dentist also fed information to the Texans. The Dentist was a double agent.

The Dentist told the guys at Comsec all about his account on MODNET. The Dentist was anxious to please.

"Give me the account, " Chris said.

Well...

"Let us take a look at it, " Chris said.

Well...

"Come on, we won't do anything, " Chris said.

The Dentist, who'd been hanging out a lot in Comsec's offices lately, shares.

Pizza boxes and Coke cans litter the office. Full-bellied and full of steam, the Comsec boys sign onto their IBM 386 tower computer and call MODNET. Chris jokes about it: Oh, no, the lame guys from Texas break into MOD's computer! He's really pretty pleased.

The Comsec modem places the call, and on the first ring, the MODNET modem answers. Connection!

Here's what the Comsec boys see on their monitor:

M O D N E T

Please use lowercase when logging in.

If you are new here, log in as "new",

password "new".

Modnet !2400 baud login: dentist

dentist's Password: xxxxxxx

The current time is 2l: 03

SECURITY Password:

UNIX System V Release 3. 51m

modnet

Copyright (c) 1984, 1986, 1987, 1988

AT&T All Rights Reserved

Last login: No mail.

M O D N E T M O D N E T M

O O

D D

N MODNET UNIX /SYSTEM V O N

E E

T T

M O D N E T M O D N E T M

Your mailing address is:

[email protected]

Extension 227 has 0 voice mail messages.

Extension 911 has 0 voice mail messages.

modnet$

That last line is the prompt. It's prompting the Comsec boys to issue a command.

Usually, the first command you type whenever you get inside a UNIX system is: ls

That command lists all the subdirectories and files and tells whether you, the user, are authorized to read them.

Now, The Dentist does not have the highest level of access. He's not even a member of MOD, he's more of a hanger-on than anything else. Most of MODNET's supersecret delicacies are beyond his reach. He is not authorized to get into the dot-annoy database, for instance.

This minor problem is no surprise to Chris, however.

Not only did he anticipate the limited usefulness of The Dentist's account, but Chris has a plan to surmount the problem.

The plan can be summarized in two little words.

Finger bug. That phrase, fraught with all the innuendo that any teenager could hope to convey, is the name of one of the better known security holes in the Unix operating system.

First, you must know what "finger" is. "Finger" is a common Unix command that tells you whether a certain user is logged in on your network. You finger, or locate, the user. For instance, if you want to find out if a user named k00ldewd is logged into the system, you type:

modnet$ finger k00ldewd

In response, you might see k00ldewd's name, his real name, the date and time he last logged in is he logged on now?

and whether he has any unread electronic mail.

In addition, the finger bug would show you k00ldewd's. plan file (that's dot-plan, of course), which typically is an autobiographical description of the user you want to locate. Think of the dot-plan file as a user's high school yearbook entry.

i'm a k00ldewd

i love depeche mode

i drive an IBM 386 clone

my favorite food is Cheeze Waffies.

deth to lamerz and rodents!!

The finger bug exploits a well-known vulnerability in certain Unix systems. The bug temporarily gives root access to anyone invoking the finger command. Let's say you wanted to read a file called k00ldewd. mail. Using another string of commands, you just link k00ldewd. mail to. plan. Hence:

ln -s k00ldewd. mail. plan

Chris uses the finger bug to read the electronic mail of all the MOD boys. He reads all of John's mail, and then copies it for later gloating:

From: The Wing

To: outlaw corrupt

Subject: username

I got a username if you don't have this

one. "mcreese" p/w "blue moon" on tymnet.

also got "tnxmdhit01" p/w "ufonetran"

(jumps into some sort of xmodem shit).

Welp, I'm outta here... The Wing

of M. O. D.

Most of the stuff, if you must know, is pretty dull, pretty weak, pretty, well, unreadable. Like most people's e-mail. But it's the principle of the thing. Comsec has broken into MOD's hideaway. Chris efficiently makes copies of all the files so that he'll have a record of his exploits. Of course, it would be awesome to have also infiltrated the database. Can you imagine? Bet you could change your own phone number so that when those New York idiots tried to dot-annoy you, they ended up calling themselves.

But the Comsec boys couldn't get into the database because, well, they couldn't even find it. They didn't know that the database is housed on a totally separate computer, the Apple. Oh well.

Chris would like to keep the buffered trophies proprietary to Comsec. They'd be useful to show to prospective clients: These kids think they're so smart, doncha know, they even have a file called Comsuc. But look at this, looks like your computer system is one of the ones they can infiltrate. Your system is one of many in a file called MODOWND. Get it?

MOD-owned.

However, Kenyon has to go and slip the copies to Alfredo. Couldn't resist.

Alfredo "publishes" the scandalous information in his electronic newsletter, "The NASTY Journal. " It publishes sporadically. Twice, in fact. In its final report, "NASTY Journal No. 2, " publisher, editor-in-chief, and staff writer Alfredo De La Fe scores a beat with this exclusive scoop:

During the past few months, NASTY has taken a small vacation. During that time, MOD has bragged about crushing NASTY with my thumb'. Well, it just got to be unbearable. It's time for us to show the little shits for what they really are.

Well, let me start off by recapping the situation. MOD claims to be so dam untouchable. They also claim [MODNET]

and their UNIX are so dam secure. Hehe what a joke. During the time NASTY has been 'crushed', we have been monitoring [MODNET]! All of the mail, files, password files, messages, and lovers' quarrels have been intercepted. YES

we OWN MOD! EVERYTHING, I mean EVERYTHING is going to be made public. Including, but not limited to, MOD's

'PRIVATE' database!

Nice going, Alf.

You might expect the MOD boys to be swooning from the embarrassment of it all. They don't swoon. In fact, they issue spin control on the incident. Finger bug, schminger bug. The whole thing was a trap, don't you see, to lure the Comsec crew. MOD knew The Dentist couldn't be trusted. They wanted Comsec to disseminate, far and wide, evidence of MOD's incredible prowess in accumulating information. Bad publicity is still publicity, isn't it?

One day, John Lee has an ingenious idea for pranking the Texans. Why didn't he think of it before?

He puts his plan into action during the long, hot summer of 1991. It keeps his mind off the lack of air conditioning in the brownstone apartment on Kosciusko Street. The mechanics of the spying are fairly simple. John logs in to the Southwestern Bell switch that controls Comsec's phone service in Houston.

Then John types commands to ask the switch if any of Comsec's phone lines are off the hook. If they are, then John would know that a conversation was under way right now.

A phone line is in fact off the hook. So he issues another command, just like an operator would, to seize control of the line that carries the call. That easily, he splices himself into the ongoing conversation.

There's a quiet click on the line, but it's not the sort of noise you'd notice unless you were waiting for it. And no one at Comsec has any reason to believe that calls are being tapped.

John starts to eavesdrop routinely. That was the way to find out what the enemy was up to, a way to anticipate the Texans' every move before it was made.

So here's John, listening in on Comsec's lines one afternoon when the security firm gets a call from a hacker named Craig Neidorf.

It is safe to say that no hacker was more famous than Neidorf in 1991. That was because Neidorf had beaten the feds at their own game a year earlier. In the months since, his legal fight had become legend. For years to come, wary prosecutors who were considering indicting hackers would caution one another to make sure their cases were airtight, so they could avoid "pulling another Neidorf. "

The co-editor of the electronic magazine Phrack, Neidorf went on trial in Illinois in the summer of 1990, charged with fraud. The alleged crime was possessing and publishing an allegedly proprietary phone company document in an issue of Phrack. The government argued that the information was worth thousands of dollars, based on estimates from the phone company. But midway through the trial, the defense showed that the document's so-called proprietary information was publicly available; Bellcore sold the information to anyone who had thirteen dollars to pay for a technical article.

Humiliated, the federal prosecutors in Chicago dropped the charges before the case reached a jury.

Yes, Neidorf was a hero to some hackers. But his notoriety also made him a target for anyone in the underground determined to make a name for himself in cyberspace.

Now, in the middle of a workday, Chris Goggans has answered the phone at Comsec's end of the call and Neidorf is on the other end. (John eavesdrops noiselessly; he's so quiet that he isn't even breathing as loudly as he normally would. ) The phone call is just a friendly chat, but today Neidorf is frankly annoyed.

The problem is that anonymous callers have been phoning Neidorf at home and harassing him over the line. He doesn't know who is responsible, but he wants the prank calls to stop. They're really annoying.

"Sounds like they're doing stuff along similar lines as what they're doing to us, " Chris says.

"Someone just called up my dad's house in Virginia, " Neidorf says.

Chris is not surprised. He's outraged on behalf of this potential client, of course, but definitely not surprised. He even has a theory about who might be behind the calls.

"Sounds like Corrupt, " Chris says, recounting his suspicions that John Lee has also been pranking him in Houston. "It sounds like something he would do. "

At that moment a second phone line rings in Houston, another incoming call for Comsec. Chris asks Neidorf to hold on a minute, then answers the other line.

The voice on the second phone line says to Chris, "Yeah, that does sound like something I would do. "

John couldn't resist. This was just so good.

In an instant, the reality hits Chris. He can barely believe it. The hackers are bugging the hacker trackers! And then calling up to boast about it! Impossible. But true.

Chris hangs up on John, gets back on the other line with Neidorf, and barks tersely, "They're listening to our call. "

When he gets off the phone, Chris is so mad he can't think straight. John Lee has been eavesdropping! On Comsec's private phone calls! For how long? How often? What has he heard? What has he told his little friends up there in MOD? If this got out, Comsec would be a laughingstock!

Would you hire a computer security company that couldn't keep its own phone lines secure?

Chris calls the FBI.

He leaves the Comsec office, goes to a pay phone

at least this line is secure

and calls an agent in Washington, a

name Craig Neidorf gave him, and tells the FBI agent that he has proof that hackers have been illegally listening in on his phone calls.

Of course, Chris has no idea that the Secret Service and New York Telephone have been keeping tabs on every electronic move that John Lee and Julio Fernandez make. He has no idea that an investigation is already under way.

Chris has no idea that Secret Service Agent Rick Harris would quickly learn from his fibbie cohorts of the Texans'

"cooperation" and view Comsec's involvement as a "nuisance. " It would not help the government get convictions if the U.

S. Attorney's office had to explain to a jury that the Southwestern Bell intrusions are nothing more than a pissing match among a bunch of kids.

Chris figures he's a businessman and has a legitimate right to protection. He tells the FBI in Washington that Comsec can't have hackers listening to calls from clients who are trying to outwit hackers themselves.

The FBI agent says he is very concerned.

A few weeks later, Chris and Scott go to the FBI's Houston office to discuss the full details of their beleaguered situation.

They name names. MOD names. They tell the agents that MOD has access to Southwestern Bell switches.

Chris thought the agents looked "rather shocked. "

But when the agents reported back to the office, they learned that a lot of people already knew about this electronic gang war. In fact, the FBI and the Secret Service were wrangling for control over the investigation of the case against John and Julio. Suddenly, everyone seemed to know what a switch is. Representatives from the U. S. Justice Department's newly created computer crimes unit traveled from Washington to New York City to be briefed. The FBI wanted to run the show.