Hacker Crackdown by Bruce Sterling (i have read the book TXT) 📕

“hobbyists,” “amateurs,” “dilettantes,” “volunteers,” “movements,” “users’ groups” and “blue-ribbon panels of experts” around. But a group of this kind—when technically equipped to ship huge amounts of specialized information, at lightning speed, to its members, to government, and to the press—is simply a different kind of animal. It’s like the difference between an eel and an electric eel.

The second crucial change is that American society is currently in a state approaching permanent technological revolution. In the world of computers particularly, it is practically impossible to EVER stop being a “pioneer,” unless you either drop dead or deliberately jump off the bus. The scene has never slowed down enough to become well-institutionalized. And after twenty, thirty, forty years the “computer revolution” continues to spread, to permeate new corners of society. Anything that really works is already obsolete.

If you spend your entire working life as a “pioneer,” the word “pioneer” begins to lose its meaning. Your way of life looks less and less like an introduction to something else” more stable and organized, and more and more like JUST THE WAY THINGS ARE. A “permanent revolution” is really a contradiction in terms. If “turmoil” lasts long enough, it simply becomes A NEW KIND OF SOCIETY—still the same game of history, but new players, new rules.

Apply this to the world of late twentieth-century law enforcement, and the implications are novel and puzzling indeed. Any bureaucratic rulebook you write about computer-crime will be flawed when you write it, and almost an antique by the time it sees print. The fluidity and fast reactions of the FCIC give them a great advantage in this regard, which explains their success. Even with the best will in the world (which it does not, in fact, possess) it is impossible for an organization the size of the U.S. Federal Bureau of Investigation to get up to speed on the theory and practice of computer crime. If they tried to train all their agents to do this, it would be SUICIDAL, as they would NEVER BE ABLE TO DO ANYTHING ELSE.

The FBI does try to train its agents in the basics of electronic crime, at their base in Quantico, Virginia. And the Secret Service, along with many other law enforcement groups, runs quite successful and well-attended training courses on wire fraud, business crime, and computer intrusion at the Federal Law Enforcement Training Center (FLETC, pronounced “fletsy”) in Glynco, Georgia. But the best efforts of these bureaucracies does not remove the absolute need for a “cutting-edge mess” like the FCIC.

For you see—the members of FCIC ARE the trainers of the rest of law enforcement. Practically and literally speaking, they are the Glynco computer-crime faculty by another name. If the FCIC went over a cliff on a bus, the U.S. law enforcement community would be rendered deaf dumb and blind in the world of computer crime, and would swiftly feel a desperate need to reinvent them. And this is no time to go starting from scratch.

On June 11, 1991, I once again arrived in Phoenix, Arizona, for the latest meeting of the Federal Computer Investigations Committee. This was more or less the twentieth meeting of this stellar group. The count was uncertain, since nobody could figure out whether to include the meetings of “the Colluquy,” which is what the FCIC was called in the mid-1980s before it had even managed to obtain the dignity of its own acronym.

Since my last visit to Arizona, in May, the local AzScam bribery scandal had resolved itself in a general muddle of humiliation. The Phoenix chief of police, whose agents had videotaped nine state legislators up to no good, had resigned his office in a tussle with the Phoenix city council over the propriety of his undercover operations.

The Phoenix Chief could now join Gail Thackeray and eleven of her closest associates in the shared experience of politically motivated unemployment. As of June, resignations were still continuing at the Arizona Attorney General’s office, which could be interpreted as either a New Broom Sweeping Clean or a Night of the Long Knives Part II, depending on your point of view.

The meeting of FCIC was held at the Scottsdale Hilton Resort. Scottsdale is a wealthy suburb of Phoenix, known as “Scottsdull” to scoffing local trendies, but well-equipped with posh shopping-malls and manicured lawns, while conspicuously undersupplied with homeless derelicts. The Scottsdale Hilton Resort was a sprawling hotel in postmodern crypto-Southwestern style. It featured a “mission bell tower” plated in turquoise tile and vaguely resembling a Saudi minaret.

Inside it was all barbarically striped Santa Fe Style decor. There was a health spa downstairs and a large oddly-shaped pool in the patio. A poolside umbrella-stand offered Ben and Jerry’s politically correct Peace Pops.

I registerethey REALLY PAY ATTENTION, they are GRATEFUL FOR YOUR INSIGHTS, and they FORGIVE YOU, which in nine cases out of ten is something even your boss can’t do, because as soon as you start talking “ROM,” “BBS,” or “T-1 trunk,” his eyes glaze over.

I had nothing much to do that afternoon. The FCIC were beavering away in their conference room. Doors were firmly closed, windows too dark to peer through. I wondered what a real hacker, a computer intruder, would do at a meeting like this.

The answer came at once. He would “trash” the place. Not reduce the place to trash in some orgy of vandalism; that’s not the use of the term in the hacker milieu. No, he would quietly EMPTY THE TRASH BASKETS and silently raid any valuable data indiscreetly thrown away.

Journalists have been known to do this. (Journalists hunting information have been known to do almost every single unethical thing that hackers have ever done. They also throw in a few awful techniques all their own.) The legality of ‘trashing’ is somewhat dubious but it is not in fact flagrantly illegal. It was, however, absurd to contemplate trashing the FCIC. These people knew all about trashing. I wouldn’t last fifteen seconds.

The idea sounded interesting, though. I’d been hearing a lot about the practice lately. On the spur of the moment, I decided I would try trashing the office ACROSS THE HALL from the FCIC, an area which had nothing to do with the investigators.

The office was tiny; six chairs, a table…. Nevertheless, it was open, so I dug around in its plastic trash can.

To my utter astonishment, I came up with the torn scraps of a SPRINT long-distance phone bill. More digging produced a bank statement and the scraps of a handwritten letter, along with gum, cigarette ashes, candy wrappers and a day-old-issue of USA TODAY.

The trash went back in its receptacle while the scraps of data went into my travel bag. I detoured through the hotel souvenir shop for some Scotch tape and went up to my room.

Coincidence or not, it was quite true. Some poor soul had, in fact, thrown a SPRINT bill into the hotel’s trash. Date May 1991, total amount due: $252.36. Not a business phone, either, but a residential bill, in the name of someone called Evelyn (not her real name). Evelyn’s records showed a ## PAST DUE BILL ##! Here was her nine-digit account ID. Here was a stern computer-printed warning:

 

“TREAT YOUR FONCARD AS YOU WOULD ANY CREDIT CARD. TO SECURE AGAINST FRAUD, NEVER GIVE YOUR FONCARD NUMBER OVER THE PHONE UNLESS YOU INITIATED THE CALL. IF YOU RECEIVE SUSPICIOUS CALLS PLEASE NOTIFY CUSTOMER SERVICE IMMEDIATELY!”

 

I examined my watch. Still plenty of time left for the FCIC to carry on. I sorted out the scraps of Evelyn’s SPRINT bill and reassembled them with fresh Scotch tape. Here was her ten-digit FONCARD number. Didn’t seem to have the ID number necessary to cause real fraud trouble.

I did, however, have Evelyn’s home phone number. And the phone numbers for a whole crowd of Evelyn’s long-distance friends and acquaintances. In San Diego, Folsom, Redondo, Las Vegas, La Jolla, Topeka, and Northampton Massachusetts. Even somebody in Australia!

I examined other documents. Here was a bank statement. It was Evelyn’s IRA account down at a bank in San Mateo, California (total balance $1877.20). Here was a charge-card bill for $382.64. She was paying it off bit by bit.

Driven by motives that were completely unethical and prurient, I now examined the handwritten notes. They had been torn fairly thoroughly, so much so that it took me almost an entire five minutes to reassemble them.

They were drafts of a love letter. They had been written on the lined stationery of Evelyn’s employer, a biomedical company. Probably written at work when she should have been doing something else.

“Dear Bob,” (not his real name) “I guess in everyone’s life there comes a time when hard decisions have to be made, and this is a difficult one for me—very upsetting. Since you haven’t called me, and I don’t understand why, I can only surmise it’s because you don’t want to. I thought I would have heard from you Friday. I did have a few unusual problems with my phone and possibly you tried, I hope so.

“Robert, you asked me to ‘let go’…”

The first note ended. UNUSUAL PROBLEMS WITH HER PHONE? I looked swiftly at the next note.

“Bob, not hearing from you for the whole weekend has left me very perplexed…”

Next draft.

“Dear Bob, there is so much I don’t understand right now, and I wish I did. I wish I could talk to you, but for some unknown reason you have elected not to call—this is so difficult for me to understand…”

She tried again.

“Bob, Since I have always held you in such high esteem, I had every hope that we could remain good friends, but now one essential ingredient is missing—respect. Your ability to discard people when their purpose is served is appalling to me. The kindest thing you could do for me now is to leave me alone. You are no longer welcome in my heart or home…”

Try again.

“Bob, I wrote a very factual note to you to say how much respect I had lost for you, by the way you treat people, me in particular, so uncaring and cold. The kindest thing you can do for me is to leave me alone entirely, as you are no longer welcome in my heart or home. I would appreciate it if you could retire your debt to me as soon as possible—I wish no link to you in any way. Sincerely, Evelyn.”

Good heavens, I thought, the bastard actually owes her money! I turned to the next page.

“Bob: very simple. GOODBYE! No more mind games—no more fascination—no more coldness—no more respect for you! It’s over—Finis. Evie”

There were two versions of the final brushoff letter, but they read about the same. Maybe she hadn’t sent it. The final item in my illicit and shameful booty was an envelope addressed to “Bob” at his home address, but it had no stamp on it and it hadn’t been mailed.

Maybe she’d just been blowing off steam because her rascal boyfriend had neglected to call her one weekend. Big deal. Maybe they’d kissed and made up, maybe she and Bob were down at Pop’s Chocolate Shop now, sharing a malted. Sure.

Easy to find out. All I had to do was call Evelyn up. With a half-clever story and enough brass-plated gall I could probably trick the truth out of her. Phone-phreaks and hackers deceive people over the phone all the time. It’s called “social engineering.” Social engineering is a very common practice in the underground, and almost magically effective. Human beings are almost always the weakest link in computer security. The simplest way to learn Things You Are Not Meant To Know is simply to call up and exploit the knowledgeable people. With social engineering, you use the bits of specialized knowledge you already have as a key, to manipulate people into believing that you