Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (6 page)

Before anything else, I started grabbing all the passwords for the guys in the development team.

When I got together with Neal, I told him, “Getting into the Ark was a snap. I have every RSTS/E developer’s password.” He rolled his eyes with an expression that said,
What’s this guy been smoking?

He dialed the modem number and got to the Ark’s log-in banner. Telling him to “move over,” I typed the log-on credentials and got the “Ready” prompt.

“Satisfied, Neal?” I asked.

He couldn’t believe what he was seeing. It was like I had shown him a winning lottery ticket. After they had picked my brain for details of how I had gained access, Neal, Dave, and a few other friends went to a company called PSI near Culver City, where they had the newest, fastest modems, running at 1,200 baud—four times as fast as the 300-baud modems the rest of us had. The guys started downloading the RSTS/E source code.

The old adage says there’s no honor among thieves. Instead of taking me into their confidence and sharing information, they downloaded the source code for RSTS/E and kept it to themselves.

I learned later that these bastards actually called DEC and told them
the Ark had been hacked, and gave
my
name as the hacker. Total betrayal. I had no suspicion these guys would dream of snitching on me, especially when they had reaped such rich rewards. It was the first time of many instances to come when the people I trusted would betray me.

At seventeen, I was still in high school but dedicated to working on what might be called a PhD in RSTS/E hacking. I would find targets by checking want ads for companies looking to hire a computer person experienced with RSTS/E. I’d call, claiming to be from DEC Field Support, and was usually able to talk a system administrator into revealing dial-up numbers and privileged account passwords.

In December 1980, I ran into a kid named Micah Hirschman, whose father happened to have an account with a company called Bloodstock Research, which used a RSTS/E system; I assume the company kept historical records on the bloodlines of racehorses for breeders and bettors. I used the Hirschman account to connect to Bloodstock Research so I could exploit a security flaw and gain access to a privileged account, then Micah and I played with the operating system to teach ourselves about it, basically for kicks.

The episode blew up in our faces. Micah logged in late one night without me, and Bloodstock spotted the break-in and alerted the FBI, telling them that the attack had been through the Hirschman account. The Feds paid Mr. Hirschman a visit. He denied knowing anything about the attack. When they pressured him, he fingered his son. Micah fingered me.

I was in my bedroom on the second floor of our condo, online, hacking into the Pacific Telephone switches over a dial-up modem. Hearing a knock at the front door, I opened my window and called down, “Who is it?” The answer was one that I would come to have nightmares about: “Robin Brown, FBI.”

My heart began pounding.

Mom called to me, “Who is it?”

“A man who says he’s from the FBI,” I called back.

Mom just laughed. She didn’t know who it was but she didn’t think it could possibly be the FBI.

I was in a panic, already hanging up the phone from the computer modem cradle and stashing under the bed the TI-700 computer terminal Lewis De Payne had lent me for a few weeks. Back then, before the days
of the personal computer, all I had was a terminal and a modem that I was using to connect to a system at a company or university. No computer monitor: the responses to my commands would print out on a long roll of thermal paper.

I was flashing on the fact that I had a
ton
of that thermal paper under my bed, filled with data that would show I had been hacking for many hours a week into telephone company computers and switches, as well as a load of computers at private firms.

When I went downstairs, the agent offered me his hand, and I shook it. “I busted Stanley Rifkin,” he told me, understanding that I’d know whom he was talking about: the guy who had pulled off the biggest theft of its kind in history, stealing $10 million from Security Pacific National Bank by a wire-transfer ruse. The agent thought that would scare me, except I knew that Rifkin had been caught only because he had returned to the States and then blabbed about what he had done. Otherwise he’d still be living abroad in luxury.

But this guy was a Fed, and there
still
weren’t any federal laws covering the kind of computer break-ins I was doing. He said, “You can get twenty-five years if you continue messing with the phone company.” I knew he was powerless, just trying to scare me.

It didn’t work. As soon as he left, I went right back online. I didn’t even burn the printouts. Yes, it was stupid. I was already incorrigible.

If the agent’s visit didn’t give me any chills, my mother’s reaction was not what you might expect. To her, the whole thing was like a dumb joke: What harm could a boy come to just from playing with a computer at home? She had no concept of what I was up to.

The thrill and satisfaction of doing things I wasn’t supposed to do were just too great. I was consumed by a fascination with the technology of phones and computers. I felt like an explorer, traveling cyberspace without limitations, sneaking into systems for the pure thrill and satisfaction, outsmarting engineers with years of experience, figuring out how to bypass security obstacles, learning how things worked.

It wasn’t long before I began experiencing some turbulence from the authorities. Micah had left shortly after for a trip to Paris. The Air France flight had been in the air for a couple of hours when an announcement came over the PA system: “Mr. Micah Hirschman, please turn on
your stewardess call button.” When he did, a stewardess came to him and said, “The pilot wants to speak with you in the cockpit.” You can just imagine his surprise.

He was led to the cockpit. The copilot spoke into the radio to say Micah was present, then handed him a microphone. A voice over the radio said, “This is FBI Special Agent Robin Brown. The Bureau has learned that you have left the country, headed for France. Why are you going to France?”

The whole situation made no sense. Micah gave his answer, and the agent grilled him for a few minutes. It turned out the Feds thought that Micah and I were pulling off some Stanley Rifkin–style big computer hack, maybe setting up a phony transfer of millions from a U.S. bank to some other bank in Europe.

It was like a scene from a caper movie, and I loved the thrill of it.

After getting a taste of that kind of excitement, I was hooked—and I hungered for more. In high school my brain was so occupied with hacking and phreaking that I had little attention or motivation left for the classroom. Happily, I discovered a solution that was one big step better than becoming a dropout or waiting for the Los Angeles School District to show its displeasure by kicking me out.

Passing the GED exam would give me the equivalent of a high school diploma without wasting any more of my time or my teachers’ time. I signed up for the exam, which turned out to be way easier than I had expected—about an eighth-grade level, I thought.

What could be better than becoming a college student studying computers, working toward a degree while feeding my insatiable thirst for computer knowledge? In the summer of 1981, at the age of seventeen, I enrolled at Pierce College, a two-year school in nearby Woodland Hills.

The school’s computer-room manager, Gary Levi, recognized my passion. He took me under his wing, giving me special status by allowing me to have a “privileged account”—on the RSTS/E system.

His gift had an expiration date. He left the school; not long after, the Computer Science chair, one Chuck Alvarez, noticed I was logged in to a privileged account and told me to sign off immediately. I explained that Levi had given me permission, but it didn’t wash; he booted me from the computer lab. My dad went in with me for a meeting with Alvarez, who
offered as an excuse, “Your son already knows so much about computers that there is nothing Pierce College can teach him.”

I dropped out.

I had lost my access to a great system, but in the late 1970s and the beginning of the 1980s, the world of personal computing went through a dramatic transition period, bringing the first desktop machines that included a monitor or even had one built in. The Commodore PET, the Apple II, and the first IBM PC began to make computers a tool for everyone, and to make computers much more convenient for heavy users… including computer hackers. I couldn’t have been happier.

Lewis De Payne had been my closest hacking and phreaking partner just about from that first time he called and said he wanted to get together and learn from me. Even though he was five years older—which at that stage of life makes quite a difference—we shared the same boyish exhilaration from phone phreaking and hacking. And we shared the same goals: access to companies’ computers, access to passwords, access to information that we weren’t supposed to have. I never damaged anyone’s computer files or made any money from the access I gained; as far as I know, Lewis didn’t either.

And we trusted each other—even though his values were, well, different from mine. A prime example was the U.S. Leasing hack.

I got into U.S. Leasing’s system using a tactic that was so ridiculously easy I should have been embarrassed to try it. It went like this.

I would call the company I’d targeted, ask for their computer room, make sure I was talking to a system administrator, and tell him, “This is [whatever fictitious name popped into my head at that moment], from DEC support. We’ve discovered a catastrophic bug in your version of RSTS/E. You could lose data.” This is a very powerful social-engineering technique, because the fear of losing data is so great that most people won’t hesitate to cooperate.

With the person sufficiently scared, I’d say, “We can patch your system without interfering with your operations.” By that point the guy (or, sometimes, lady) could hardly wait to give me the dial-up phone number and access to the system-manager account. If I got any pushback, I’d just say something like, “Okay, we’ll send it to you in the mail” and move on to try another target.

The system administrator at U.S. Leasing gave me the password to the system manager account without a blink. I went in, created a new account, and patched the operating system with a “backdoor”—software code that sets me up so I’d be able to gain covert access whenever I want to get back in.

I shared details of the backdoor with Lewis when we next spoke. At the time Lewis was dating a wannabe hacker who sometimes went by the name of Susan Thunder and who later told one interviewer that in those days she had sometimes worked as a prostitute, but only to raise money for buying computer equipment. I still roll my eyes when I think about that line. Anyway, Lewis told Susan that I had broken into U.S. Leasing and gave her the credentials. Or maybe, as he later claimed, he didn’t give them to her but she saw them written on a notepad he had left alongside his computer.

Shortly after, the two of them had a falling-out and parted company, I guess with some bad feelings. She then took revenge
on me
. To this day, I don’t know why I was the target, unless perhaps she thought Lewis had broken up with her so he could spend more time with me, hacking, and so blamed me for the breakup.

Whatever the reason, she reportedly used the stolen credentials to get into the U.S. Leasing computer systems. The later stories about the incident said she had destroyed many of their files. And that she had sent messages to all their printers to print out, over and over until they ran out of paper:

What really burned me about this whole affair was that in a later plea agreement, the government insisted on including this act that I didn’t commit. I was faced with a choice between confessing to this abusive, ridiculous act and going to juvenile prison.

Susan waged a vendetta against me for some time, disrupting my phone service, and giving the phone company orders to disconnect my telephone number. My one small act of revenge came about by chance.
Once, in the middle of a phone company hack, I needed one telephone line that would ring and ring, unanswered. I dialed the number of a pay phone I happened to know by heart. In one of those small-world coincidences that happen to most of us now and then, Susan Thunder, who lived nearby, was walking past that particular phone booth just at that moment. She picked up the telephone and said hello. I recognized her voice.

I said, “Susan, it’s Kevin. I just want you to know I’m watching every move you make. Don’t fuck with me!”

I hope it scared the hell out of her for weeks.

I’d been having fun, but my evading the law wasn’t going to last forever.

By May 1981, still age seventeen, I had transferred my extracurricular studies to UCLA. In the computer lab, the students were there to do homework assignments or to learn about computers and programming. I was there to hack into remote computers because we couldn’t afford a computer at home, so I had to find computer access at places like universities.

Of course, the machines in the student computer lab had no external access—you could dial out from the modem at each station, but only to another campus phone number, not to an outside number—which meant they were essentially worthless for what I wanted to do.