Chapter 2-6
Hacker Crackdown

Go to Table of Contents

There have been underground boards almost as long
as there have been boards.  One of the first was 8BBS,
which became a stronghold of the West Coast phone-phreak elite.
After going on-line in March 1980, 8BBS sponsored "Susan Thunder,"
and "Tuc," and, most notoriously, "the Condor."  "The Condor"
bore the singular distinction of becoming the most vilified
American phreak and hacker ever.  Angry underground associates,
fed up with Condor's peevish behavior, turned him in to police,
along with a heaping double-helping of outrageous hacker legendry.
As a result, Condor was kept in solitary confinement for seven months,
for fear that he might start World War Three by triggering missile silos
from the prison payphone.  (Having served his time, Condor is now
walking around loose;  WWIII has thus far conspicuously failed to occur.)

The sysop of 8BBS was an ardent free-speech enthusiast
who simply felt that ANY attempt to restrict the expression
of his users was unconstitutional and immoral.
Swarms of the technically curious entered 8BBS
and emerged as phreaks and hackers, until, in 1982,
a friendly 8BBS alumnus passed the sysop a new modem
which had been purchased by credit-card fraud.
Police took this opportunity to seize the entire board
and remove what they considered an attractive nuisance.

Plovernet was a powerful East Coast pirate board
that operated in both New York and Florida.
Owned and operated by teenage hacker "Quasi Moto,"
Plovernet attracted five hundred eager users in 1983.
"Emmanuel Goldstein" was one-time co-sysop of Plovernet,
along with "Lex Luthor," founder of the "Legion of Doom" group.
Plovernet  bore the signal honor of being the original home
of the "Legion of Doom," about which the reader will be hearing
a great deal, soon.

"Pirate-80," or "P-80," run by a sysop known as "Scan-Man,"
got into the game very early in Charleston, and continued
steadily for years.  P-80 flourished so flagrantly that
even its most hardened users became nervous, and some
slanderously speculated that "Scan Man" must have ties
to corporate security, a charge he vigorously denied.

"414 Private" was the home board for the first GROUP
to attract conspicuous trouble, the teenage "414 Gang,"
whose intrusions into Sloan-Kettering Cancer Center and
Los Alamos military computers were to be a nine-days-wonder in 1982.

At about this time, the first software piracy boards
began to open up, trading cracked games for the Atari 800
and the Commodore C64.  Naturally these boards were
heavily frequented by teenagers.  And with the 1983
release of the hacker-thriller movie War Games,
the scene exploded.  It seemed that every kid
in America had demanded and gotten a modem for Christmas.
Most of these dabbler wannabes put their modems in the attic
after a few weeks, and most of the remainder minded their
P's and Q's and stayed well out of hot water.  But some
stubborn and talented diehards had this hacker kid in
War Games figured for a happening dude.  They simply
could not rest until they had contacted the underground--
or, failing that, created their own.

In the mid-80s, underground boards sprang up like digital fungi.
ShadowSpawn Elite.  Sherwood Forest I, II, and III.
Digital Logic Data Service in Florida, sysoped by no less
a man than "Digital Logic" himself; Lex Luthor of the
Legion of Doom was prominent on this board, since it
was in his area code.  Lex's own board, "Legion of Doom,"
started in 1984.  The Neon Knights ran a network of Apple-
hacker boards: Neon Knights North, South, East and West.
Free World II was run by "Major Havoc."  Lunatic Labs
is still in operation as of this writing.  Dr. Ripco
in Chicago, an anything-goes anarchist board with an
extensive and raucous history, was seized by Secret Service
agents in 1990 on Sundevil day, but up again almost immediately,
with new machines and scarcely diminished vigor.

The St. Louis scene was not to rank with major centers
of American hacking such as New York and L.A.  But St.
Louis did rejoice in possession of "Knight Lightning"
and "Taran King," two of the foremost JOURNALISTS native
to the underground.  Missouri boards like Metal Shop,
Metal Shop Private, Metal Shop Brewery, may not have
been the heaviest boards around in terms of illicit
expertise.  But they became boards where hackers could
exchange social gossip and try to figure out what the
heck was going on nationally--and internationally.
Gossip from Metal Shop was put into the form of news files,
then assembled into a general electronic publication,
Phrack, a portmanteau title coined from "phreak" and "hack."
The Phrack editors were as obsessively curious about other
hackers as hackers were about machines.

Phrack, being free of charge and lively reading, began
to circulate throughout the underground.  As Taran King
and Knight Lightning left high school for college,
Phrack began to appear on mainframe machines linked to BITNET,
and, through BITNET to the "Internet," that loose but
extremely potent not-for-profit network where academic,
governmental and corporate machines trade data through
the UNIX TCP/IP protocol.  (The "Internet Worm" of
November 2-3,1988, created by Cornell grad student Robert Morris,
was to be the largest and best-publicized computer-intrusion scandal
to date.  Morris claimed that his ingenious "worm" program was meant
to harmlessly explore the Internet, but due to bad programming,
the Worm replicated out of control and crashed some six thousand
Internet computers.  Smaller-scale and less ambitious Internet hacking
was a standard for the underground elite.)

Most any underground board not hopelessly lame and out-of-it
would feature a complete run of Phrack--and, possibly,
the lesser-known standards of the underground:
the Legion of Doom Technical Journal, the obscene
and raucous Cult of the Dead Cow  files, P/HUN magazine,
Pirate, the Syndicate Reports, and perhaps the highly
anarcho-political Activist Times Incorporated.

Possession of Phrack  on one's board was prima facie
evidence of a bad attitude.  Phrack was seemingly everywhere,
aiding, abetting, and spreading the underground ethos.
And this did not escape the attention of corporate security
or the police.

We now come to the touchy subject of police and boards.
Police, do, in fact, own boards.  In 1989, there were
police-sponsored boards in California, Colorado, Florida,
Georgia, Idaho, Michigan, Missouri, Texas, and Virginia:
boards such as "Crime Bytes," "Crimestoppers," "All Points"
and "Bullet-N-Board."  Police officers, as private computer
enthusiasts, ran their own boards in Arizona, California,
Colorado, Connecticut, Florida, Missouri, Maryland,
New Mexico, North Carolina, Ohio, Tennessee and Texas.
Police boards have often proved helpful in community relations.
Sometimes crimes are reported on police boards.

Sometimes crimes are COMMITTED on police boards.
This has sometimes happened by accident, as naive hackers
blunder onto police boards and blithely begin offering telephone codes.
Far more often, however, it occurs through the now almost-traditional
use of "sting boards."  The first police sting-boards were established
in 1985:  "Underground Tunnel" in Austin, Texas, whose sysop
Sgt. Robert Ansley called himself "Pluto"--"The Phone Company"
in Phoenix, Arizona, run by Ken MacLeod of the Maricopa County
Sheriff's office--and Sgt. Dan Pasquale's board in Fremont, California.
Sysops posed as hackers, and swiftly garnered coteries of ardent users,
who posted codes and loaded pirate software with abandon,
and came to a sticky end.

Sting boards, like other boards, are cheap to operate,
very cheap by the standards of undercover police operations.
Once accepted by the local underground, sysops will likely be
invited into other pirate boards, where they can compile more dossiers.
And when the sting is announced and the worst offenders arrested,
the publicity is generally  gratifying.  The resultant paranoia
in the underground--perhaps more justly described as a "deterrence effect"--
tends to quell local lawbreaking for quite a while.

Obviously police do not have to beat the underbrush for hackers.
On the contrary, they can go trolling for them. Those caught
can be grilled.  Some become useful informants.  They can lead
the way to pirate boards all across the country.

And boards all across the country showed the sticky
fingerprints of Phrack, and of that loudest and most
flagrant of all underground groups, the "Legion of Doom."

The term "Legion of Doom" came from comic books.  The Legion of Doom,
a conspiracy of costumed super- villains headed by the chrome-domed
criminal ultra- mastermind Lex Luthor, gave Superman a lot of four-color
graphic trouble for a number of decades.  Of course, Superman,
that exemplar of Truth, Justice, and the American Way,
always won in the long run.  This didn't matter to the hacker Doomsters--
"Legion of Doom" was not some thunderous and evil Satanic reference,
it was not meant to be taken seriously.  "Legion of Doom" came
from funny-books and was supposed to be funny.

"Legion of Doom" did have a good mouthfilling ring to it, though.
It sounded really cool.  Other groups, such as the "Farmers of Doom,"
closely allied to LoD, recognized this grandiloquent quality,
and made fun of it.  There was even a hacker group called
"Justice League of America," named after Superman's club
of true-blue crimefighting superheros.

But they didn't last; the Legion did.

The original Legion of Doom, hanging out on Quasi Moto's Plovernet board,
were phone phreaks.  They weren't much into computers.  "Lex Luthor" himself
(who was under eighteen when he formed the Legion) was a COSMOS expert,
COSMOS being the "Central System for Mainframe Operations,"
a telco internal computer network.  Lex would eventually become
quite a dab hand at breaking into IBM mainframes, but although
everyone liked Lex and admired his attitude, he was not considered
a truly accomplished computer intruder.  Nor was he the "mastermind"
of the Legion of Doom--LoD were never big on formal leadership.
As a regular on Plovernet and sysop of his "Legion of Doom BBS,"
Lex was the Legion's cheerleader and recruiting officer.

Legion of Doom began on the ruins of an earlier phreak group,
The Knights of Shadow.  Later, LoD was to subsume the personnel
of the hacker group "Tribunal of Knowledge."  People came and went
constantly in LoD; groups split up or formed offshoots.

Early on, the LoD phreaks befriended a few computer-intrusion
enthusiasts, who became the associated "Legion of Hackers."
Then the two groups conflated into the "Legion of Doom/Hackers,"
or LoD/H. When the original "hacker" wing, Messrs. "Compu-Phreak"
and "Phucked Agent 04," found other matters to occupy their time,
the extra "/H" slowly atrophied out of the name;  but by this time
the phreak wing, Messrs. Lex Luthor, "Blue Archer," "Gary Seven,"
"Kerrang Khan," "Master of Impact," "Silver Spy," "The Marauder,"
and "The Videosmith," had picked up a plethora of intrusion
expertise and had become a force to be reckoned with.

LoD members seemed to have an instinctive understanding
that the way to real power in the underground lay through
covert publicity.  LoD were flagrant.  Not only was it one
of the earliest groups, but the members took pains to widely
distribute their illicit knowledge.  Some LoD members,
like "The Mentor," were close to evangelical about it.
Legion of Doom Technical Journal began to show up on boards
throughout the underground.

LoD Technical Journal was named in cruel parody
of the ancient and honored AT&T Technical Journal.
The material in these two publications was quite similar--
much of it, adopted from public journals and discussions
in the telco community.  And yet, the predatory attitude
of LoD made even its most innocuous data seem deeply sinister;
an outrage; a clear and present danger.

To see why this should be, let's consider the following
(invented) paragraphs, as a kind of thought experiment.

(A)  "W. Fred Brown, AT&T Vice President for
Advanced Technical Development, testified May 8
at a Washington hearing of the National Telecommunications
and Information Administration (NTIA), regarding
Bellcore's GARDEN project.  GARDEN (Generalized
Automatic Remote Distributed Electronic Network) is a
telephone-switch programming tool that makes it possible
to develop new telecom services, including hold-on-hold
and customized message transfers, from any keypad terminal,
within seconds.  The GARDEN prototype combines centrex
lines with a minicomputer using UNIX operating system software."

(B)  "Crimson Flash 512 of the Centrex Mobsters reports:
D00dz, you wouldn't believe this GARDEN bullshit Bellcore's
just come up with!  Now you don't even need a lousy Commodore
to reprogram a switch--just log on to GARDEN as a technician,
and you can reprogram switches right off the keypad in any
public phone booth!  You can give yourself hold-on-hold
and customized message transfers, and best of all,
the thing is run off (notoriously insecure) centrex lines
using--get this--standard UNIX software!  Ha ha ha ha!"

Message (A), couched in typical techno-bureaucratese,
appears tedious and almost unreadable.  (A) scarcely seems
threatening or menacing.  Message (B), on the other hand,
is a dreadful thing, prima facie evidence of a dire conspiracy,
definitely not the kind of thing you want your teenager reading.

The INFORMATION, however, is identical.  It is PUBLIC
information, presented before the federal government in
an open hearing.  It is not "secret."  It is not "proprietary."
It is not even "confidential."  On the contrary, the
development of advanced software systems is a matter
of great public pride to Bellcore.

However, when Bellcore publicly announces a project of this kind,
it expects a certain attitude from the public--something along
certainly not cruel mimickry, one-upmanship and outrageous speculations
about possible security holes.

Now put yourself in the place of a policeman confronted by
an outraged parent, or telco official, with a copy of Version (B).
This well-meaning citizen, to his horror, has discovered
a local bulletin-board carrying outrageous stuff like (B),
which his son is examining with a deep and unhealthy interest.
If (B) were printed in a book or magazine, you, as an American
law enforcement officer, would know that it would take
a hell of a lot of trouble to do anything about it;
but it doesn't take technical genius to recognize that
if there's a computer in your area harboring stuff like (B),
there's going to be trouble.

In fact, if you ask around, any computer-literate cop
will tell you straight out that boards with stuff like (B)
are the SOURCE of trouble.  And the WORST source of trouble
on boards are the ringleaders inventing and spreading stuff like (B).
If it weren't for these jokers, there wouldn't BE any trouble.

And Legion of Doom were on boards like nobody else.
Plovernet.  The Legion of Doom Board.  The Farmers of Doom Board.
Metal Shop.  OSUNY.  Blottoland. Private Sector.  Atlantis.
Digital Logic.  Hell Phrozen Over.

LoD members also ran their own boards.  "Silver Spy" started
his own board, "Catch-22," considered one of the heaviest around.
So did "Mentor," with his "Phoenix Project."  When they didn't run boards
themselves, they showed up on other people's boards, to brag, boast,
and strut.  And where they themselves didn't go, their philes went,
carrying evil knowledge and an even more evil attitude.

As early as 1986, the police were under the vague impression
that EVERYONE in the underground was Legion of Doom.
LoD was never that large--considerably smaller than either
"Metal Communications" or "The Administration," for instance--
but LoD got tremendous press.  Especially in Phrack,
which at times read like an LoD fan magazine; and Phrack
was everywhere, especially in the offices of telco security.
You couldn't GET busted as a phone phreak, a hacker,
or even a lousy codes kid or warez dood, without the cops
asking if you were LoD.

This was a difficult charge to deny, as LoD never
distributed membership badges or laminated ID cards.
If they had, they would likely have died out quickly,
for turnover in their membership was considerable.
LoD was less a high-tech street-gang than an ongoing
state-of-mind.  LoD was the Gang That Refused to Die.
By 1990, LoD had RULED for ten years, and it seemed WEIRD
to police that they were continually busting people who were
only sixteen years old.  All these teenage small-timers
were pleading the tiresome hacker litany  of "just curious,
no criminal intent."  Somewhere at the center of this
conspiracy there had to be some serious adult masterminds,
not this seemingly endless supply of myopic suburban
white kids with high SATs and funny haircuts.

There was no question that most any American hacker
arrested would "know" LoD.  They knew the handles
of contributors to LoD Tech Journal, and were likely
to have learned their craft through LoD boards and LoD activism.
But they'd never met anyone from LoD.  Even some of the
rotating cadre who were actually and formally "in LoD"
knew one another only by board-mail and pseudonyms.
This was a highly unconventional profile for a criminal conspiracy.
Computer networking, and the rapid evolution of the digital underground,
made the situation very diffuse and confusing.

Furthermore, a big reputation in the digital underground
did not coincide with one's willingness to commit "crimes."
Instead, reputation was based on cleverness and technical mastery.
As a result, it often seemed that the HEAVIER the hackers were,
the LESS likely they were to have committed any kind of common,
easily prosecutable crime.  There were some hackers who could really steal.
And there were hackers who could really hack.  But the two groups didn't seem
to overlap much, if at all.  For instance, most people in the underground
looked up to "Emmanuel Goldstein" of 2600 as a hacker demigod.
But Goldstein's publishing activities were entirely legal--
Goldstein just printed dodgy stuff and talked about politics,
he didn't even hack.  When you came right down to it,
Goldstein spent half his time complaining that computer security
WASN'T STRONG ENOUGH and ought to be drastically improved
across the board!

Truly heavy-duty hackers, those with serious technical skills
who had earned the respect of the underground, never stole money
or abused credit cards.  Sometimes they might abuse phone-codes--
but often, they seemed to get all the free phone-time they wanted
without leaving a trace of any kind.

The best hackers, the most powerful and technically accomplished,
were not professional fraudsters.  They raided computers habitually,
but wouldn't alter anything, or damage anything.  They didn't even steal
computer equipment--most had day-jobs messing with hardware,
and could get all the cheap secondhand equipment they wanted.
The hottest hackers, unlike the teenage wannabes, weren't snobs
about fancy or expensive hardware.  Their machines tended to be
raw second-hand digital hot-rods full of custom add-ons that
they'd cobbled together out of chickenwire, memory chips and spit.
Some were adults, computer software writers and consultants by trade,
and making quite good livings at it.  Some of them ACTUALLY WORKED
FOR THE PHONE COMPANY--and for those, the "hackers" actually found
under the skirts of Ma Bell, there would be little mercy in 1990.

It has long been an article of faith in the
underground that the "best" hackers never get caught.
They're far too smart, supposedly.  They never get caught
because they never boast, brag, or strut.  These demigods
may read underground boards (with a condescending smile),
but they never say anything there.  The "best" hackers,
according to legend, are adult computer professionals,
such as mainframe system administrators, who already know
the ins and outs of their particular brand of security.
Even the "best" hacker can't break in to just any computer at random:
the knowledge of security holes is too specialized, varying widely
with different software and hardware.  But if people are employed to run,
say, a UNIX mainframe or a VAX/VMS machine, then they tend to learn
security from the inside out.  Armed with this knowledge,
they can look into most anybody else's UNIX or VMS
without much trouble or risk, if they want to.
And, according to hacker legend, of course they want to,
so of course they do.  They just don't make a big deal
of what they've done.  So nobody ever finds out.

It is also an article of faith in the underground that
professional telco people "phreak" like crazed weasels.
OF COURSE they spy on Madonna's phone calls--I mean,
WOULDN'T YOU?  Of course they give themselves free long-
distance--why the hell should THEY pay, they're running
the whole shebang!

It has, as a third matter, long been an article of faith
that any hacker caught can escape serious punishment if
he confesses HOW HE DID IT.  Hackers seem to believe
that governmental agencies and large corporations are
blundering about in cyberspace like eyeless jellyfish
or cave salamanders.  They feel that these large
but pathetically stupid organizations will proffer up
genuine gratitude, and perhaps even a security post
and a big salary, to the hot-shot intruder who will deign
to reveal to them the supreme genius of his modus operandi.

In the case of longtime LoD member "Control-C,"
this actually happened, more or less.  Control-C had led
Michigan Bell a merry chase, and when captured in 1987,
he turned out to be a bright and apparently physically
harmless young fanatic, fascinated by phones.  There was
no chance in hell that Control-C would actually repay the
enormous and largely theoretical sums in long-distance
service that he had accumulated from Michigan Bell.
He could always be indicted for fraud or computer-intrusion,
but there seemed little real point in this--he hadn't
physically damaged any computer.  He'd just plead guilty,
and he'd likely get the usual slap-on-the-wrist,
and in the meantime it would be a big hassle for Michigan Bell
just to bring up the case.  But if kept on the payroll,
he might at least keep his fellow hackers at bay.

There were uses for him.  For instance, a contrite
Control-C was featured on Michigan Bell internal posters,
sternly warning employees to shred their trash.
He'd always gotten most of his best inside info from
"trashing"--raiding telco dumpsters, for useful data
indiscreetly thrown away.  He signed these posters, too.
Control-C had become something like a Michigan Bell mascot.
And in fact, Control-C DID keep other hackers at bay.
Little hackers were quite scared of Control-C and his
heavy-duty Legion of Doom friends.  And big hackers WERE
his friends and didn't want to screw up his cushy situation.

No matter what one might say of LoD, they did stick together.
When "Wasp," an apparently genuinely malicious New York hacker,
began crashing Bellcore machines, Control-C received swift volunteer
help from "the Mentor" and the Georgia LoD wing  made up of
"The Prophet," "Urvile," and "Leftist."  Using Mentor's Phoenix
Project board to coordinate, the Doomsters helped telco security
to trap Wasp, by luring him into a machine with a tap
and line-trace installed.  Wasp lost.  LoD won!  And my, did they brag.

Urvile, Prophet and Leftist were well-qualified for this activity,
probably more so even than the quite accomplished Control-C.
The Georgia boys knew all about phone switching-stations.
Though relative johnny-come-latelies in the Legion of Doom,
they were considered some of LoD's heaviest guys,
into the hairiest systems around.  They had the good fortune
to live in or near Atlanta, home of the sleepy and apparently
tolerant BellSouth RBOC.

As RBOC security went, BellSouth were "cake."  US West (of Arizona,
the Rockies and the Pacific Northwest) were tough and aggressive,
probably the heaviest RBOC around.  Pacific Bell, California's PacBell,
were sleek, high-tech, and longtime veterans of the LA phone-phreak wars.
NYNEX had the misfortune to run the New York City area, and were warily
prepared for most anything.  Even Michigan Bell, a division of the
Ameritech RBOC, at least had the elementary sense to hire their own hacker
as a useful scarecrow.  But BellSouth, even though their corporate P.R.
proclaimed them to have "Everything You Expect From a Leader," were pathetic.

When rumor about LoD's mastery of Georgia's switching network got around
to BellSouth through Bellcore and telco security scuttlebutt,
they at first refused to believe it.  If you paid serious attention
to every rumor out and about these hacker kids, you would hear all kinds
of wacko saucer-nut nonsense:  that the National Security Agency
monitored all American phone calls, that the CIA and DEA tracked
traffic on bulletin-boards with word-analysis programs,
that the Condor could start World War III from a payphone.

If there were hackers into BellSouth switching-stations, then how come
nothing had happened?  Nothing had been hurt.  BellSouth's machines
weren't crashing.  BellSouth wasn't suffering especially badly from fraud.
BellSouth's customers weren't complaining.  BellSouth was headquartered
in Atlanta, ambitious metropolis of the new high-tech Sunbelt;
and BellSouth was upgrading its network by leaps and bounds,
digitizing the works left right and center.  They could hardly be
considered sluggish or naive.  BellSouth's technical expertise
was second to none, thank you kindly.  But then came the Florida business.

On June 13, 1989, callers to the Palm Beach County Probation Department,
in Delray Beach, Florida, found themselves involved in a remarkable
discussion with a phone-sex worker named "Tina" in New York State.
Somehow, ANY call to this probation office near Miami was instantly
and magically transported across state lines, at no extra charge to the user,
to a pornographic phone-sex hotline hundreds of miles away!

This practical joke may seem utterly hilarious at first hearing,
and indeed there was a good deal of chuckling about it in
phone phreak circles, including the Autumn 1989 issue of 2600.
But for Southern Bell (the division of the BellSouth RBOC
supplying local service for Florida, Georgia, North Carolina
and South Carolina), this was a smoking gun.  For the first time ever,
a computer intruder had broken into a BellSouth central office
switching station and re-programmed it!

Or so BellSouth thought in June 1989.  Actually, LoD members had been
frolicking harmlessly in BellSouth switches since September 1987.
The stunt of June 13--call-forwarding a number through manipulation
of a switching station--was child's play for hackers as accomplished
as the Georgia wing of LoD.  Switching calls interstate sounded like
a big deal, but it took only four lines of code to accomplish this.
An easy, yet more discreet, stunt, would be to call-forward another
number to your own house.  If you were careful and considerate,
and changed the software back later, then not a soul would know.
Except you.  And whoever you had bragged to about it.

As for BellSouth, what they didn't know wouldn't hurt them.

Except now somebody had blown the whole thing wide open, and BellSouth knew.

A now alerted and considerably paranoid BellSouth began searching switches
right and left for signs of impropriety, in that hot summer of 1989.
No fewer than forty-two BellSouth employees were put on 12-hour shifts,
twenty-four hours a day, for two solid months, poring over records
and monitoring computers for any sign of phony access.  These forty-two
overworked experts were known as BellSouth's  "Intrusion Task Force."

What the investigators found astounded them.  Proprietary telco databases
had been manipulated:  phone numbers had been created out of thin air,
with no users' names and no addresses.  And perhaps worst of all,
no charges and no records of use.  The new digital ReMOB (Remote Observation)
diagnostic feature had been extensively tampered with--hackers had learned to
reprogram ReMOB software, so that they could listen in on any switch-routed
call at their leisure!  They were using telco property to SPY!

The electrifying news went out throughout law enforcement in 1989.
It had never really occurred to anyone at BellSouth that their prized
and brand-new digital switching-stations could be RE-PROGRAMMED.
People seemed utterly amazed that anyone could have the nerve.
Of course these switching stations were "computers," and everybody
knew hackers liked to "break into computers:"  but telephone people's
computers were DIFFERENT from normal people's computers.

The exact reason WHY these computers were "different" was
rather ill-defined.  It certainly wasn't the extent of their security.
The security on these BellSouth computers was lousy;  the AIMSX computers,
for instance, didn't even have passwords.  But there was no question that
BellSouth strongly FELT that their computers were very different indeed.
And if there were some criminals out there who had not gotten that message,
BellSouth was determined to see that message taught.

After all, a 5ESS switching station was no mere bookkeeping system for
some local chain of florists.  Public service depended on these stations.
Public SAFETY depended on these stations.

And hackers, lurking in there call-forwarding or ReMobbing, could spy
on anybody in the local area!  They could spy on telco officials!
They could spy on police stations!  They could spy on local offices
of the Secret Service. . . .

In 1989, electronic cops and hacker-trackers began using scrambler-phones
and secured lines.  It only made sense.  There was no telling who was into
those systems.  Whoever they were, they sounded scary.  This was some
new level of antisocial daring.  Could be West German hackers, in the pay
of the KGB.  That too had seemed a weird and farfetched notion,
until Clifford Stoll had poked and prodded a sluggish Washington
law-enforcement bureaucracy into investigating a computer intrusion
that turned out to be exactly that--HACKERS, IN THE PAY OF THE KGB!
Stoll, the  systems manager for an Internet lab in Berkeley California,
had ended up on the front page of the New Nork Times, proclaimed a national
hero in the first true story of international computer espionage.
Stoll's counterspy efforts, which he related in a bestselling book,
The Cuckoo's Egg, in 1989, had established the credibility of `hacking'
as a possible threat to national security.  The United States Secret Service
doesn't mess around when it suspects a possible action by a foreign
intelligence apparat.

The Secret Service scrambler-phones and secured lines put
a tremendous kink in law enforcement's ability to operate freely;
to get the word out, cooperate, prevent misunderstandings.
Nevertheless, 1989 scarcely seemed the time for half-measures.
If the police and Secret Service themselves were not operationally secure,
then how could they reasonably demand measures of security from
private enterprise?  At least, the inconvenience made people aware
of the seriousness  of the threat.

If there was a final spur needed to get the police off the dime,
it came in the realization that the emergency 911 system was vulnerable.
The 911 system has its own specialized software, but it is run on the same
digital switching systems as the rest of the telephone network.
911 is not physically different from normal telephony.  But it is
certainly culturally different, because this is the area of
telephonic cyberspace reserved for the police and emergency services.

Your average policeman may not know much about hackers or phone-phreaks.
Computer people are weird; even computer COPS  are rather weird;
the stuff they do is hard to figure out.  But a threat to the 911 system
is anything but an abstract threat.  If the 911 system goes, people can die.

Imagine being in a car-wreck, staggering to a phone-booth,
punching 911 and hearing "Tina" pick up the phone-sex line
somewhere in New York!  The situation's no longer comical, somehow.

And was it possible?  No question.  Hackers had attacked 911
systems before.  Phreaks can max-out 911 systems just by siccing
a bunch of computer-modems on them in tandem, dialling them over
and over until they clog.  That's very crude and low-tech,
but it's still a serious business.

The time had come for action.  It was time to take stern measures
with the underground.  It was time to start picking up the dropped threads,
the loose edges, the bits of braggadocio here and there; it was time to get
on the stick and start putting serious casework together.  Hackers weren't
"invisible."  They THOUGHT  they were invisible; but the truth was,
they had just been tolerated too long.

Under sustained police attention in the summer of '89, the digital
underground began to unravel as never before.

The first big break in the case came very early on:  July 1989,
the following month.  The perpetrator of the "Tina" switch was caught,
and confessed.  His name was "Fry Guy," a 16-year-old in Indiana.
Fry Guy had been a very wicked young man.

Fry Guy had earned his handle from a stunt involving French fries.
Fry Guy had filched the log-in of a local MacDonald's manager
and had logged-on to the MacDonald's mainframe on the Sprint
Telenet system. Posing as the manager, Fry Guy had altered
MacDonald's records, and given some teenage hamburger-flipping
friends of his, generous raises.  He had not been caught.

Emboldened by success, Fry Guy moved on to credit-card abuse.
Fry Guy was quite an accomplished talker; with a gift for
"social engineering."  If you can do "social engineering"
--fast-talk, fake-outs, impersonation, conning, scamming--
then card abuse comes easy.  (Getting away with it in
the long run is another question).

Fry Guy had run across "Urvile" of the Legion of Doom
on the ALTOS Chat board in Bonn, Germany.  ALTOS Chat
was a sophisticated board, accessible through globe-spanning
computer networks like BITnet, Tymnet, and Telenet.
ALTOS was much frequented by members of Germany's
Chaos Computer Club.  Two Chaos hackers who hung out on ALTOS,
"Jaeger" and "Pengo," had been the central villains of
Clifford Stoll's Cuckoo's Egg case:  consorting in East Berlin
with a spymaster from the KGB, and breaking into American
computers for hire, through the Internet.

When LoD members learned the story of Jaeger's depredations
from Stoll's book, they were rather less than impressed,
technically speaking.  On LoD's own favorite board of the moment,
"Black Ice," LoD members bragged that they themselves could have done
all the Chaos break-ins in a week flat!  Nevertheless, LoD were grudgingly
impressed by the Chaos rep, the sheer hairy-eyed daring of hash-smoking
anarchist hackers who had rubbed shoulders with the fearsome big-boys
of international Communist espionage.  LoD members sometimes traded
bits of knowledge with friendly German hackers on ALTOS--phone numbers
for vulnerable VAX/VMS computers in Georgia, for instance.
Dutch and British phone phreaks, and the Australian clique of
"Phoenix," "Nom," and "Electron," were ALTOS regulars, too.
In underground circles, to hang out on ALTOS was considered
the sign of an elite dude, a sophisticated hacker of the
international digital jet-set.

Fry Guy quickly learned how to raid information from credit-card
consumer-reporting agencies.  He had over a hundred stolen credit-card
numbers in his notebooks, and upwards of a thousand swiped long-distance
access codes.  He knew how to get onto Altos, and how to talk the talk of
the underground convincingly.  He now wheedled knowledge of switching-station
tricks from Urvile on the ALTOS system.

Combining these two forms of knowledge enabled Fry Guy to bootstrap
his way up to a new form of wire-fraud.  First, he'd snitched credit card
numbers from credit-company computers.  The data he copied included names,
addresses and phone numbers of the random card-holders.

Then Fry Guy, impersonating a card-holder, called up Western Union
and asked for a cash advance on "his" credit card.  Western Union,
as a security guarantee, would call the customer back, at home,
to verify the transaction.

But, just as he had switched the Florida probation office to "Tina"
in New York, Fry Guy switched the card-holder's number to a local pay-phone.
There he would lurk in wait, muddying his trail by routing and re-routing
the call, through switches as far away as Canada.  When the call came through,
he would boldly "social-engineer," or con, the Western Union people, pretending
to be the legitimate card-holder.  Since he'd answered the proper phone number,
the deception was not very hard.  Western Union's money was then shipped to
a confederate of Fry Guy's in his home town in Indiana.

Fry Guy and his cohort, using LoD techniques, stole six thousand dollars
from Western Union between December 1988 and July 1989.  They also dabbled
in ordering delivery of stolen goods through card-fraud.  Fry Guy
was intoxicated with success.  The sixteen-year-old fantasized wildly
to hacker rivals, boasting that he'd used rip-off money to hire himself
a big limousine, and had driven out-of-state with a groupie from
his favorite heavy-metal band, Motley Crue.

Armed with knowledge, power, and a gratifying stream of free money,
Fry Guy now took it upon himself to call local representatives
of Indiana Bell security, to brag, boast, strut, and utter
tormenting warnings that his powerful friends in the notorious
Legion of Doom could crash the national telephone network.
Fry Guy even named a date for the scheme:  the Fourth of July,
a national holiday.

This egregious example of the begging-for-arrest syndrome was shortly
followed by Fry Guy's arrest.  After the Indiana telephone company figured
out who he was, the Secret Service had DNRs--Dialed Number Recorders--
installed on his home phone lines.  These devices are not taps, and can't
record the substance of phone calls, but they do record the phone numbers
of all calls going in and out.  Tracing these numbers showed Fry Guy's
long-distance code fraud, his extensive ties to pirate bulletin boards,
and numerous personal calls to his LoD friends in Atlanta.  By July 11,
1989, Prophet, Urvile and Leftist also had Secret Service DNR
"pen registers" installed on their own lines.

The Secret Service showed up in force at Fry Guy's house on July 22, 1989,
to the horror of his unsuspecting parents.  The raiders were led by
a special agent from the Secret Service's Indianapolis office.
However, the raiders were accompanied and advised by Timothy M. Foley
of the Secret Service's Chicago office (a gentleman about whom
we will soon be hearing a great deal).

Following federal computer-crime techniques that had been standard
since the early 1980s, the Secret Service searched the house thoroughly,
and seized all of Fry Guy's electronic equipment and notebooks.
All Fry Guy's equipment went out the door in the custody of the
Secret Service, which put a swift end to his depredations.

The USSS interrogated Fry Guy at length.  His case was put in the charge
of Deborah Daniels, the federal US Attorney for the Southern District
of Indiana.  Fry Guy was charged with eleven counts of computer fraud,
unauthorized computer access, and wire fraud.  The evidence was thorough
and irrefutable.  For his part, Fry Guy blamed his corruption on the
Legion of Doom and offered to testify against them.

Fry Guy insisted that the Legion intended to crash the phone system
on a national holiday.  And when AT&T crashed on Martin Luther King Day,
1990, this lent a credence to his claim that genuinely alarmed telco
security and the Secret Service.

Fry Guy eventually pled guilty on May 31, 1990.  On September 14,
he was sentenced to forty-four months' probation and four hundred hours'
community service.  He could have had it much worse; but it made sense
to prosecutors to take it easy on this teenage minor, while zeroing
in on the notorious kingpins of the Legion of Doom.

But the case against LoD had nagging flaws.  Despite the best effort
of investigators, it was impossible to prove that the Legion had crashed
the phone system on January 15, because they, in fact, hadn't done so.
The investigations of 1989 did show that certain members of
the Legion of Doom had achieved unprecedented power over the telco
switching stations, and that they were in active conspiracy
to obtain more power yet.  Investigators were privately convinced
that the Legion of Doom intended to do awful things with this knowledge,
but mere evil intent was not enough to put them in jail.

And although the Atlanta Three--Prophet, Leftist, and especially Urvile--
had taught Fry Guy plenty, they were not themselves credit-card fraudsters.
The only thing they'd "stolen" was long-distance service--and since they'd
done much of that through phone-switch manipulation, there was no easy way
to judge how much they'd "stolen," or whether this practice was even "theft"
of any easily recognizable kind.

Fry Guy's theft of long-distance codes had cost the phone companies plenty.
The theft of long-distance service may be a fairly theoretical "loss,"
but it costs genuine money and genuine time to delete all those stolen codes,
and to re-issue new codes to the innocent owners of those corrupted codes.
The owners of the codes themselves are victimized, and lose time and money
and peace of mind in the hassle.  And then there were the credit-card victims
to deal with, too, and Western Union.  When it came to rip-off, Fry Guy was
far more of a thief than LoD.  It was only when it came to actual computer
expertise that Fry Guy was small potatoes.

The Atlanta Legion thought most "rules" of cyberspace were for rodents
and losers, but they DID have rules.  THEY NEVER CRASHED ANYTHING,
AND THEY NEVER TOOK MONEY.  These were rough rules-of-thumb, and
rather dubious principles when it comes to the ethical subtleties
of cyberspace, but they enabled the Atlanta Three to operate with
a relatively clear conscience (though never with peace of mind).

If you didn't hack for money, if you weren't robbing people of actual funds
--money in the bank, that is-- then nobody REALLY got hurt, in LoD's opinion.
"Theft of service" was a bogus issue, and "intellectual property" was
a bad joke.  But LoD had only elitist contempt for rip-off artists,
"leechers," thieves.  They considered themselves clean.  In their opinion,
if you didn't smash-up or crash any systems --(well, not on purpose, anyhow--
accidents can happen, just ask Robert Morris)  then it was very unfair
to call you a "vandal" or a "cracker."  When you were hanging out on-line
with your "pals" in telco security, you could face them down from the higher
plane of hacker morality.  And you could mock the police from the supercilious
heights of your hacker's quest for pure knowledge.

But from the point of view of law enforcement and telco security, however,
Fry Guy was not really dangerous.  The Atlanta Three WERE dangerous.
It wasn't the crimes they were committing, but the DANGER,
the potential hazard, the sheer TECHNICAL POWER LoD had accumulated,
that had made the situation untenable.  Fry Guy was not LoD.
He'd never laid eyes on anyone in LoD; his only contacts with them
had been electronic.  Core members of the Legion of Doom tended to meet
physically for conventions every year or so, to get drunk, give each other
the hacker high-sign, send out for pizza and ravage hotel suites.
Fry Guy had never done any of this.  Deborah Daniels assessed Fry Guy
accurately as "an LoD wannabe."

Nevertheless Fry Guy's crimes would be directly attributed to LoD
in much future police propaganda.  LoD would be described as
"a closely knit group" involved in "numerous illegal activities"
including "stealing and modifying individual credit histories,"
and "fraudulently obtaining money and property."  Fry Guy did this,
but the Atlanta Three didn't; they simply weren't into theft,
but rather intrusion.  This caused a strange kink in
the prosecution's strategy.  LoD were accused of
"disseminating information about attacking computers
to other computer hackers in an effort to shift the focus
of law enforcement to those other hackers and away from the Legion of Doom."

This last accusation (taken directly from a press release by the Chicago
Computer Fraud and Abuse Task Force) sounds particularly far-fetched.
One might conclude at this point that investigators would have been
well-advised to go ahead and "shift their focus" from the "Legion of Doom."
Maybe they SHOULD concentrate on "those other hackers"--the ones who were
actually stealing money and physical objects.

But the Hacker Crackdown of 1990 was not a simple policing action.
It wasn't meant just to walk the beat in cyberspace--it was a CRACKDOWN,
a deliberate attempt to nail the core of the operation, to send a dire
and potent message that would settle the hash of the digital underground
for good.

By this reasoning, Fry Guy wasn't much more than the electronic equivalent
of a cheap streetcorner dope dealer.  As long as the masterminds of LoD were
still flagrantly operating, pushing their mountains of illicit knowledge
right and left, and whipping up enthusiasm for blatant lawbreaking,
then there would be an INFINITE SUPPLY of Fry Guys.

Because LoD were flagrant, they had left trails everywhere,
to be picked up by law enforcement in New York, Indiana,
Florida, Texas, Arizona, Missouri, even Australia.
But 1990's war on the Legion of Doom was led out of Illinois,
by the Chicago Computer Fraud and Abuse Task Force.