Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (12 page)

Mom drove home, I took Bonnie to a nearby motel. She was upset,
feeling violated. If she had walked out on me right then, I would have deserved it. Instead, without hesitation, she showed her true colors, her loyalty. Her attitude wasn’t “What have you done to me?” It was more, “What do we do now?”

The next morning she called her work and asked to take some vacation time for a family emergency. Her boss told her that some police officers had shown up, wanting to interview her. My first thought was that since I had been hacking from her apartment and on her telephone, they were assuming that
she
was the hacker. But then I concluded that their strategy was probably to use arresting my girlfriend as a bargaining chip: “Admit everything or your girlfriend goes to jail.”

I spent the next few days calling lawyers, explaining the situation, making plans. The way Bonnie remembers it, “We cried a lot together but we stuck by each other.”

Why didn’t she just walk out? “I was crazy about Kevin,” she says today.

We were able to release some amount of anxiety and worry by spending a lot of time making love. I felt really sorry that I had put Bonnie in this position, and that I caused my mom and grandmother such anxiety, and I guess Bonnie and I found comfort in that basic outlet.

Aunt Chickie drove Bonnie and me down to the Los Angeles County Sheriff’s West Hollywood station. We turned ourselves in, and Chickie immediately posted our bond, $5,000 each. Somehow the police neglected to fingerprint and photograph us. Because of this major procedural error, there was no arrest record created for either of us. Still today, there is no official record that I was ever arrested on the Santa Cruz Operations charge. Please don’t tell anyone.

Over the next few months, for every appearance we had to make in the Santa Cruz courts, I had to buy four round-trip airplane tickets—Bonnie was using a different attorney—plus spring for hotel rooms, a rental car, and meals. Both of the attorneys had required a retainer up front. So much for the money I had been saving for the wedding: the entire $3,000 went to pay my attorney’s retainer. Mom and Gram loaned me money to pay for Bonnie’s attorney and all the other expenses.

So we didn’t have the money anymore for a proper wedding, but it was worse than that. There isn’t any loving, romantic way to put this: I told
Bonnie we needed to get married so she couldn’t testify against me, and also so she could visit me if I landed in jail, which was looking like the way things were headed.

I gave Bonnie a diamond engagement ring, and we were married by a minister who conducted weddings in his home in Woodland Hills. Gram was there, along with my mom and her current boyfriend, deli entrepreneur Arnie Fromin. None of Bonnie’s family joined us; her mother was understandably furious at the situation I had landed her daughter in.

It wasn’t the magical occasion so many girls dream about when they’re young. Bonnie wore pants, a top, and flip-flops. She hadn’t bothered to even attempt to put herself together. Afterward we all headed over to our apartment, Gram bringing a platter of food.

The legal picture turned from bad to worse. On top of the criminal charges, SCO filed a $1.4 million lawsuit against me for damages. And ditto against Bonnie.

Then a little sun broke through. It turned out the lawsuits were just for leverage: the opposing lawyers said the folks at SCO would drop the civil suits if I would tell them how I’d hacked in. They had never been able to figure it out.

Of course I agreed, and sat down with a system admin named Stephen Marr, who acted as if he thought we were going to chat like good buddies. I treated it the same way I would have if it had been a deposition: he asked questions, I answered. But there wasn’t all that much to tell. No high-tech hacking secrets. I told him how I had simply called a secretary and schmoozed her into giving me her log-in name and changing her password to one I provided—no big deal.

Though Bonnie’s mother wouldn’t come to the wedding, she did give us a wedding reception at her home in San Dimas. This time Bonnie wore a wedding dress and I was in a rented tux. My dad and my brother, Adam, were there and of course my mom and Gram, as well as Bonnie’s sister and brothers, and even Bonnie’s ex-boyfriend. This was a much happier day than the real wedding, complete with wedding cake and a photographer.

The criminal charges for the SCO break-in turned out better than I could have hoped. The charges against Bonnie were dropped, and my
attorney, who knew the prosecutor, Michael Barton, got me a good deal. For anyone else—for what was technically a first offense, since my juvenile records were sealed—the case would have been charged as a misdemeanor. But because I was Kevin Mitnick, with a badass reputation, the prosecutor initially insisted on charging me with a felony—even though my trespass into SCO’s network still amounted to only a misdemeanor under the law. I agreed to admit to the trespass to settle the case and get the charges against Bonnie dropped. I wouldn’t have to serve any jail time, only pay a way-modest $216 fine and be on “summary probation” for thirty-six months—meaning that I wouldn’t have to report to a Probation Officer. The only other obvious condition was that I had to promise not to “commit any crimes.”

A few days later I drove up to Santa Cruz for the return of the stuff that had been seized. The cops gave me back my computer terminal but not the disks, which worried me because those incriminating disks contained evidence of my hacks into Pacific Bell, among other interesting places. Another box that they did return, though, they must not have looked at very carefully or cared: it held Bonnie’s pot stash and bong pipe. Then again, this was Santa Cruz, with a small-town police department.

There was an aftermath to the Santa Cruz story. As I had feared, the Santa Cruz detectives apparently got around to looking at those computer disks, and turned information over to Pacific Bell about what I had been doing with its systems. Pacific Bell Security was alarmed enough to generate an internal memo to all managers, which I found out about in a most unlikely way: a Pacific Bell employee named Bill Cook, also a ham operator who frequently used the infamous 147.435 megahertz repeater in Los Angeles, read the memo on the air, just to antagonize me.

Of course, I had to see the memo for myself. How could I get it?

I contacted Lewis De Payne at work and asked him to temporarily reprogram the fax machine there so incoming calls would be answered by a machine that said it belonged to Pacific Bell Security.

Then I dialed into the phone company switch that handled the telephone service for Pacific Bell Security, and reprogrammed the phone line for its fax machine so it would call-forward to the phone number for the machine at Lewis’s work. That took care of the preparations.

I then called the office of Pacific Bell vice president Frank Spiller.
His executive secretary answered. I said I was calling from Pacific Bell Security and gave the name of one of the actual security investigators—maybe I said I was Steve Dougherty.

I asked, “Did Frank get the memo on the Kevin Mitnick case?”

“What’s it about?” she asked.

“A hacker who’s been breaking into our computers.”

“Oh, yes, right. I’ve got it right here.”

I said, “I think we sent you an older revision that has since been updated. Can you fax the version you have to me?” I gave her the internal fax number for Pacific Bell Security in Northern California.

“Sure,” she said. “I’ll do it right now.” As soon as Lewis got the fax, he refaxed it to me, then he and I both undid our setup steps.

Here’s the list of things the memo said had been found on my floppy disks:

• Mitnick’s compromise of all Southern California SCC/ESAC computers. On file were the names, log-ins, passwords, and home telephone numbers for northern and southern ESAC employees.
  

• The dial-up numbers and circuit identification documents for SCC computers and data kits.
  

• The commands for testing and seizing trunk testing lines and channels.
  

• The commands and log-ins for COSMOS wire centers for northern and Southern California.
  

• The commands for line monitoring and the seizure of dial tone.
  

• References to the impersonation of Southern California security agents and ESAC employees to obtain information.
  

• The commands for placing terminating and originating traps.
  

• The addresses of Pacific Bell locations and the electronic door lock access codes for the following Southern California central offices ELSG12, LSAN06, LSAN12, LSAN15, LSAN56, AVLN11, HLWD01, HWTH01, IGWD01, LOMT11, and SNPD01.
  

• Intercompany electronic mail detailing new log-in/password procedures and safeguards.
  

• The worksheet of an UNIX encryption reader hacker file. If successful, this program could break into any UNIX system at will.
  

I imagine a lot of people in the company must have been more than a little upset to find out how deeply I had penetrated their systems, bypassing all of their elaborate security safeguards. Based on what had been found on those disks, I was just stunned that the FBI didn’t show up at my door.

Several months later, by the fall of 1988, I was back at work with Don David Wilson at Franmark. Bonnie was still at GTE, though she was sure their security department had tried to find evidence that she had been hacking into company computers. We were saving money again, trying to put together enough for the down payment on a house. There were some nice places we could afford, but they were so far out of town that the commute would have been daunting and wearing on our nerves and patience.

Trying to support our home-ownership goal, my mom offered us the spare bedroom in her home so we could save on rent and build our down-payment fund quicker. Though neither Bonnie nor I much liked the idea, we decided to give it a try.

Our living with my mom turned out to be a bad idea. As eager as she was to make it work for us, we simply had no privacy. Bonnie would later complain, in a personal memo that she left behind at my mom’s, that she was “reluctant and a bit bitter… about it.”

We were growing apart, and I was getting deeper and deeper back into hacking, spending all my days at work at Franmark and my nights almost until sunup with Lenny DiCicco, largely focused on hacking into Digital Equipment Corporation.

When Lenny told me he was signing up to take a computer course at nearby Pierce College, I said I’d sign up as well to keep him company, despite my earlier run-in with the chair of the Computer Science Department, which had led to my quitting the program. It turned out the administrators had not forgotten me, but I didn’t know it at the time.

One day, Lenny and I went into the student computer room, which had a bunch of terminals connected to a MicroVAX VMS system. We hacked into the machine quickly and obtained all privileges. Lenny had written a script that would allow us to make a backup of the entire system. We had no real use for it: we just planned to treat it as a trophy. So, once we got in, Lenny put a cartridge tape into the computer tape drive,
and ran his script to start the backup, and we left. We were going to return for it a few hours later, after the copy had finished.

A bit later as we were walking across campus, I got a page from Eliot Moore, a longtime friend I hadn’t been in touch with for a while. I went to a pay phone to call him back.

“Are you at Pierce College?” he asked.

“Yes.”

“Did you leave a tape in the tape drive?”

“Oh, shit… how did you know?” I said.

“Don’t go back to the computer room,” he warned me. “They’re waiting for you.” By some strange chance, Eliot had been in the computer lab when the instructor noticed the blinking light on the MicroVAX tape drive. It was obvious that someone had inserted a cartridge tape and was copying some files.

The computer science instructor, Pete Schleppenbach, had immediately suspected us. Eliot overheard the instructor discussing the situation with another staff member and called me right away. If he hadn’t, we would’ve walked right into a trap.

The college later contacted the LAPD to report the incident.

Since we never went to pick up the tape, they had no evidence, and we were allowed to continue as students, attending classes and using the computer lab. But the LAPD kept an eye on us, positioning their team on the classroom rooftops and trailing us for days. Apparently, attempting to copy student lab work became a top priority. You’d think they’d have more interesting cases to work on. At night, they’d follow us to Lenny’s work, where we stayed at his office hacking until the wee hours of the morning. They knew we were up to no good, but they couldn’t prove anything.

I guess the Pierce College folks were disappointed, and weren’t ready to drop it. I noticed a DEC company vehicle in the college parking lot. So I called the local DEC field office for Los Angeles, said I was from Accounts Payable at Pierce College, and asked what support they were providing at the time.

“Oh,” the guy told me, “we’re trying to help you catch some hackers.”

At a terminal in the Pierce computer lab, I was able to examine a memory location from my student account that showed me that all “security auditing” was enabled on my account. Lenny checked his account using the same technique; security auditing was enabled on it, as well. The guy from DEC was closeted in a small room with a computer and printer, watching everything we were doing from our student accounts. (I discovered this by showing up early one day before the tech arrived and following him to the room.) I thought this was a bit overkill since the system was only used by students to complete their lab work, and not connected to any network or phone line. But I found a way to keep him busy: I wrote a very simple script that listed the files in my directory, over and over. Since the security auditing was designed to send a detailed alert for every file opened or read, I knew his printer would be working nonstop. I could picture the guy closed up in his tiny room, pulling his hair out that his printer kept running until it was out of paper. And as soon as he would load more paper, the file lists would start printing out again.