Player Season: The Pickup Artist Who Hacked Nike (26 page)

To begin this story, we have to flashback to when I was at Kazmir's condo, the one he rented out after the World Series.

"Are you with Scott?" the early morning text from a female Rays employee read.

"Yeah, why?" I asked.

"Jenn Sterger's dad just called our office and said she was missing. And that he thought she was with Scott," she explained.

She wasn't with him, but this was the first time I learned of her relationship with Kazmir.

The second time is when she came over to Scott's penthouse, which was noted in an earlier chapter. What wasn't noted, for purposes of this chapter, was how she told him about Brett Favre sending her pictures of his dick.

"You won't believe what she just showed me," Kazmir said after Jenn left that night.

"What's that?" I replied.

"Brett Favre has been sending her pictures of his cock, and she just showed me all of them on her phone," he said, laughing in disbelief.

"What? Is his face in the pictures?" I investigated.

"Ha, no, he is wearing a sweet pair of Crocs though," Kazmir remarked.

"Maybe it's not him," I vetted.

"Well if it is, he's not packing much down there," he said.

I didn't repeat the story in Tampa, but I did tell my brothers about it during Thanksgiving dinner in 2009 (which they all remember).

Now I was in Arizona, it was the summer of 2010 and I didn't work for Scott anymore. I also ran a sports blog, and I thought about posting the story, but I didn't have any pictures and I was still hesitant about publicly releasing information Scott told me in confidence.

Although I no longer lived with Dave, we still talked everyday over Google chat. Before making any rash decisions, I decided to seek his advice about whether or not I should post the story. After explaining it all, Dave told me it would only be valuable if I have the pictures, so I chose not to go through with it.

A few short weeks after I have this conversation with Dave, DeadSpin.com obtained the nude pictures Brett Favre sent to Jenn Sterger and the story was subsequently all over the news. Coincidence? I think not.

Although I have no proof, I think Dave played a role in making it happen. I couldn't fathom how a story could stay dormant for so long and then suddenly appear after I tell someone (who is well versed on the Internet). Maybe I'm wrong, but I don't think I am.

Did he sell the details I shared with him? Did he play a role in acquiring the pictures from Jenn Sterger? Was Dave somehow affiliated with DeadSpin.com or did he have nothing to do with it at all? I can only speculate.

I knew better than to throw any accusations his way. If he wasn't involved, I would have looked like an asshole for saying he was. Even if he were complicit, he would still say he had nothing to do with it.

"What do you think about your girl being on the news?" my text to Kazmir read.

"It's crazy! She just sent me an email about it," he replied.

"What did it say?" I asked.

"I'll send it to you," texted Scott.

"Hey Scott, My life is a little hectic right now, as you've probably seen. I just want to let you know that I don't want to drag you into this and affect your career in any way. If they ask me about you I am going to tell them we were just friends. Just a heads up if anyone reaches out to you. Anyways, I hope you're doing well and tell your family I said hello!† Here is my new number xxx-xxx-xxxx."

As soon as I read it, I knew I struck gold. Scott and Jenn were more than friends, and furthermore, she admitted how she was willing to lie to the media if she were asked about their relationship.

If Dave was going to (allegedly) play a secret role in this story, then so was I. The only question was...how would I do it?

I couldn't directly report it to the media, because then Scott would know it was me who did it (which was probably similar to Dave's alleged train of thought). Still, I knew I needed to do something because I genuinely wanted to help Brett Favre.

I didn't like how Jenn Sterger was rubbing his name through the mud just so her fake breasts would be plastered on every TV screen in the country. Up until this point, his 20-year career was squeaky clean, which is an accomplishment in itself. Lastly, I didn't blame him or even judge him for doing what he did, anyone is his position would have done the same (minus the Crocs).

There was a disciplinary hearing coming up for the NFL to decide his punishment, and after being around sports agents, I knew his agent would love to get his hands on this email. I did a Google search for "Brett Favre's agent" and found out his name was Bus Cook, so I called his office.

"Hello?" his female secretary answered.

"Hi, I have some information I think Bus would be interested in hearing. It pertains to the Jenn Sterger situation," I told her.

"He is busy right now but I can take your information," the secretary replied, which seemed like a brush off attempt.

"I don't think you understand. This information would
really
help Brett Favre's case. If Bus is there, you need to get him on the phone," I insisted.

"Hold on," she said.

"This is Bus," a man loudly announced.

"Hey Bus, I have an email I acquired in relation to the Jenn Sterger situation, and I really think it can help Brett's case," I repeated.

"This whole thing has just been a nightmare, and I keep telling Deanna (Brett Favre's wife) that none of it can be true," Bus said, which I took as a hint that she was in the room with him.

"I'm not sure if I'm the person to say that to, because I know it's true. That's not my point though, I think I can help him get out of it," I told him.

"What is the email about?" he asked, moving on from his recent comment.

"I think it'd be better to discuss in person," I told him, insinuating a payment scenario.

"I can fly you to Mississippi," Bus suggested, desperate for a solution.

"Eh, I don't really want to fly to Mississippi," I told him, because I didn't.

"Well, where are you?" he asked.

"Scottsdale, Arizona," I replied.

"There's a kid at the University of Arizona I want to go watch, could you meet me there?" Bus questioned, which was probably a cover story for him flying to see me, maybe it wasn't.

"That's a few hours away in Tucson, I don't really want to drive that far either," I honestly expressed.

"Well could you at least tell me something?" he pleaded.

"It's an email between her and an old boyfriend," I complied.

"Kazmir?" Bus asked, which let me know he did some homework.

"Yeah," I confirmed.

"What was it about?" he pried.

"I want to help you out. Without being too specific, it's a situation where if she were willing to lie about her relationship with another guy, then why wouldn't she lie about Brett? At least that's how you could spin it," I conveyed.

"So she told Kazmir she would lie about their relationship?" Bus relentlessly continued.

"Something like that," I vaguely confirmed.

"Ok, write down my cell number so we can keep in touch," Bus said, and then gave me his number.

I gave him everything he needed; I was sucked dry by a seasoned negotiator. There is no doubt about it; he would have paid me for this information. For me, it wasn't about the money; I just wanted to make a difference.

I posted this picture on my website one day before Brett Favre's meeting with the NFL to decide his punishment. The title was "Brett Favre Isn't Alone Jenn Sterger Sends Nude Pictures Too!"

Then I texted Bus the link to the story and added "I'm doing everything I can to help you out!" I'm sure it scared the hell out of him to realize he was talking on the phone with an active blogger, but I never posted a word about our conversation. In fact, this book is the first time I have ever written anything about it.

Although I can't confirm this, I am pretty confident he used the information I gave him during Brett's meeting with the NFL. Partly because there was no reason not to use it and partly due to the fact that Brett came out of the meeting unscathed with no punishment.

Once again, I have no proof (other than having his cell phone number). I simply put the facts on display; each person is entitled to their own opinion.

I never did speak to Bus again, but I'm sure he remembers me and I like to think he appreciated my contribution.

In the end, I was glad Brett Favre didn't get punished for doing what every guy would have done (minus the Crocs).

Hanging around multi-millionaires creates a burning desire to be on their level, to live how they live. It's unpreventable and it will cause you to cut a few corners to make it
your
reality.

I was sitting on Kazmir's plush leather couch inside his newly leased Scottsdale condo, which he rented months in advance to prepare for spring training with the Angels. He was on the computer ordering a few thousand dollars worth of Nike merchandise; just like before in Tampa.

"How much does Nike give you for gear?" I asked.

"$25,000 a year, if you make the all-star team," he smugly responded.

"Damn," I replied.

"Yeah, but if you don't order the full amount by the end of the year, it's all gone and you start over," informed Scott.

"What a travesty," I sarcastically shot back.

"You just have to get the big orders in for Christmas to drain it," he said.

I looked over his shoulder while he was putting the finishing touches on his NikeElite.com order. Although I wasn't consciously aware at the time; the seed of a Machiavellian plan was being planted in my head.

After returning to my mediocre one-bedroom apartment for the night, I sat down in my computer chair and stared at the screensaver being displayed on my MacBook Pro. I thought about all the years I waited and watched as the lives of those around me steadily progressed; baring witness to what I truly wanted for myself.

I'm not sure if it was Kazmir's Ferrari, Dave's live-at-home millionaire status, BJ's reckless spending habits or Justin's newly installed leather floor (yes, floor) in his bedroom; maybe it was all of them combined. I knew one thing for sure – I reached my breaking point.

So I decided to make a change and I knew, by now, it wouldn't be given to me ... I would have to take it.

I typed NikeElite.com into my Firefox browser and began looking for loopholes in their system. I already knew how to hack email accounts; I was looking to see if I could expose the same flaw.

Once I clicked on the 'Forgot My Password' button, NikeElite's website automatically prompted me to enter a username. I still couldn't figure out if the flaw existed until I entered a username successfully; all I could do was guess.

I went onto Nike's main website and made a list of all their sponsors athletes who I assumed would have accounts with NikeElite. As soon as the list was complete, I went back to NikeElite.com and began guessing usernames at random. I tried entering over 100 player's name, name with jersey number, last name with jersey number and first name with jersey number – but nothing worked.

After three or fours hours passed by, it was late into the night so I gave up and went to sleep...but I couldn't get the thought out of my head.

Actually, the thought was completely consuming me. A double-life was beginning to take shape; during the day, I acted as if I was content with the status quo, but at night ... I was trying to break out of it.

A sense of purpose overcame me when I stepped into my apartment. I never contemplated whether or not it was ethical or illegal, I just knew it was interesting and challenging. Once I took a shower, I threw on a pair of mesh shorts, black slippers and a hoodie. It seemed like a suitable uniform for a hacker, after all, they say you have to look the part to play the part.

When I rested my arms against the $49 glass computer table I got at Wal-Mart, the only other piece of furniture in the room, and the entire apartment, was a $100 black leather futon with minimal back support. This would all change soon.

This time I tried a variation of the athletes name and team name; still came up empty. Two hours and several failed attempts later, I was growing hopeless, but then I hit the jackpot!

It was actually quite simple I entered the player's first initial and their entire last name. When I came to this epiphany I was working on Pau Gasol, all-star forward for the Los Angeles Lakers, or 'PGasol' as I came to know him by.

"Would you like to reset your password by email or answer your security question?" the screen read upon entering the correct username.

Without access to his email account, my only option was to answer his security question.

"What sport did you play in high school?" the security question read.

I wonder what sport Pau Gasol, an NBA basketball player, played in high school. Maybe basketball?

"Your password has been reset, please type in a new password for your account," the screen prompted.

I made his new password 'PGasol16' but this is where it became tricky. Once the password was reset, the player wouldn't be able to get in his account anymore. If they were smart, they would know their account was compromised, but if they weren't, then there was still a shot of maintaining access. Luckily IQ falls well below height, speed, vertical, agility and a list of other attributes on the chart when professional teams are scouting them.

Due to the reset, I thought my window of opportunity was limited so I logged into Pau Gasol's control panel and became acquainted with every intricate detail of the system. There were four tabs at the top: account balance, user information, guests and order history.

His current balance was $7,000, which dwindled down from the $30,000 originally bestowed upon him.

The user information showed his name, email address, phone number and home address. Which was valuable in it's own right.

No guests were listed; at least for the time being.

Previous order history made for useful intelligence gathering. He didn't make any orders over the last 5 months, which meant he probably wasn't logging in anytime soon. I also found out he was a fan of long leather coats and cowboy boots, which made me laugh for the first time in an otherwise serious-faced task.

I wanted to play it smart, so I waited two days to see if anyone would notice the password was reset. They didn't...so it was time to strike.

I logged back inusing my neighbors unlocked Wi-Fi, and figured it was best to make the order as a guest. I did research on Pau Gasol's family and discovered he has two brothers. One was Marc, who also played in the NBA, and the other was Adria, who was mostly unknown.

If there was someone supervising the account, they might question Pau Gasol making an order to Arizona while his season was taking place in Los Angeles, but they may overlook the order if it was listed under his brother's name.

I created a new dummy email account for Adria, and sent the guest confirmation link. This is when I realized that creating a new guest would also generate entirely new login information, thus enabling me to maintain access even after the original account holder changed their password back. Perfecto.

Once I was registered, I ordered a pair of Lebron James basketball shoes, two pairs of shorts, two dri-fit shirts and six pairs of socks. The total ended up just over $300 and I briefly cringed before finding the courage to click 'Ship My Order'.

For the next few days, I stood by the front window of my condo, nervously peeking through the blinds. I was looking for the FedEx guy, who showed up three days into my stakeout and dropped each box on my doorstep – no signature required.

I impatiently ripped each box wide open so I could unearth my newly acquired gear. Then I proudly placed them on one article at a time, being most satisfied with the socks, which came with 'L' and 'R' stitched into each foot. How could I stop now? These socks were awesome.

Later that night I logged back into Pau Gasol's account and took three essential notes before moving forward. The first, no one changed the password yet, so Nike's IT security was lax. The second, and most important, was discovering how orders from a guests account didn't show up in the order history on the main account. Lastly, the name Adria Gasol and the email I made for him was listed under 'Guests' in Pau's account.

So now, after having completed enough homework, I felt comfortable to expand my operation. I wanted to get in as many accounts as possible, but I knew they all wouldn't be inactive like Pau Gasol's. The plan was to get in, create a guest account, get out and sit idle for a week. It's not like there was anything else for me to do.

Instead of finding a family member for every player, I decided to make the guest name the same as the actual account holder. This way, if they clicked on the 'Guests' tab, they would see their own name and hopefully think nothing of it. I also needed to make the fake email accounts similar to those of the actual account holders if I wanted to fully avoid detection.

With all the strategizing, prepping and dry runs completed; the only thing left to do was get more accounts. First in line was none other than future NBA hall of famer Steve Nash.

Surprisingly, his username was 'SNash'. His security question was "Who was your hero growing up?" This would normally be much harder to find, if it weren't for a recent press release publicizing how Steve Nash was co-directing a documentary on his hero...Terry Fox.

I encountered more trouble than expected entering it in correctly. I tried 'TerryFox', 'terryfox', 'TFox', 'tfox', 'TerryF', 'terryf', 'Terry', 'terry', 'Fox' and 'fox' NOTHING was right.

Still, I knew I had the right answer so I pressed on and for the first time in my history of typing passwords, I used a space. 'Terry Fox' and it worked!† Steve Nash was not only sneaky on the court, but he also used spaces in his passwords; he's one slick dude.

After registering the guest, I took a gander around his account and spent more than a few minutes looking at the $450,000 worth of gear he ordered over the past ten years. I could only imagine what his closet looked like.

Next on my hit list was–you guessed it–Evan Longoria.

As those who fell before him, his username was first initial and last name, or 'ELongoria'. His security question was "Who is your favorite superhero?"

I googled "Evan Longoria favorite superhero" expecting to see at least one result but there was no mention of it. You would think, after all those interviews, someone would have asked him who his favorite superhero was, but I wasn't that lucky. Naturally, the next step to take was searching his Facebook account for clues.

Fortunately, he was still a Facebook friend with my fake blonde girl's account. It didn't take long to get a hot lead; he was wearing a shirt imprinted with The Joker's face in his main profile picture. Could this be the answer?

I tried 'Joker', 'joker', 'TheJoker' and 'thejoker'. Swung and missed. Then I went Steve Nash style and tried 'The Joker' and 'the joker' yet it still did not bare fruit. So I moved on to other characters by trying 'Batman', 'batman' and then I tried 'Robin' and presto, I was in.

Robin ... now that's a shitty favorite superhero.

I registered his guest using the fake email account
[email protected]
– since his real email account was similar.

What do you expect from a guy whose favorite superhero is Robin?

As previously noted, I held a vendetta against him, so I took his hack a step further and changed the registered email to my fake one on his main account. Which meant I owned his account, the only way for him to get back in was to call Nike and whine about it.

For the next week, I spent every night attempting to gain access to new accounts and I was pretty damn successful. Google and Facebook were helpful for security questions but when they failed to produce results, I turned to my account on BeenVerified.com to conduct background checks for any questions regarding relatives or what street they grew up on.

When I was done compiling my hit list, I looked it over and I successfully gained private access to the following accounts: Pau Gasol, Steve Nash, Evan Longoria, Troy Tulowitzki, Ben Gordon, Luol Deng, Daniel Gibson, Jon Lester, Roy Hibbert, Jarrett Jack, Matt Holliday, Josh Powell, Luther Head, Luke Walton, James Posey, Julian Wright, Jonny Flynn, Al Horford, the assistant football coach for LSU and Michael Jordan. The assistant coach for LSU's username was 'NRobertson' and I originally thought it was Nate Robertson, the midget basketball player but sadly it wasn't. Michael Jordan's account was being controlled by the clubhouse manager for the Charlotte Bobcats but his username was 'MJordan'... so hey, it counts.

I gave it another week to see who would reset their password, and I was shocked to find out just about every one of them did–besides Evan Longoria–because he couldn't.

With roughly 20 accounts lined up, I patiently waited one more week to let the dust thoroughly clear. Now the only way I could be spotted is if they noticed the dollar amount decrease on their balance; the odds were in my favor.

I struck Luol Deng first, for a 3-wood driver and a baseball bat totaling $700. Then I ransacked Matt Holliday for $300 in shoes and workout clothes I fancied. They were placed neatly in my closet for a pile I envisioned growing much taller.

Next I pillaged Pau Gasol for another $500 in workout gear, and even plundered Steve Nash for a few bills worth of clothes. Nash's actual address was less than a mile from my apartment, so I wasn't too worried about raising any eyebrows with his account.

I looted Matt Holliday and Pau Gasol continuously for the next few weeks, with each order averaging $500 a piece at the rate of two orders per week. My front door was like one of the hungry hungry hippos, gobbling gear instead of marbles; with no end in sight.

Up until this point, I didn't want to involve anyone else. However, after making numerous orders to the same address, I needed to find a new docking point. Plus, my closet was so packed it was comical to even look at; I actually stopped inviting people over just so they wouldn't see it.

I was dating a girl named Katie at the time who was a young, petite and gorgeous 19 year-old brunette (who was one of the girls to move in with Dave). She also held a carefree spirit similar to my own, which was crucial towards accepting the deliveries and keeping it low-key.