Chapter 3-7
Hacker Crackdown

Go to Table of Contents

Next day we heard an extensive briefing from a guy who'd been a computer cop,
gotten into hot water with an Arizona city council, and now installed
computer networks for a living (at a considerable rise in pay).
He talked about pulling fiber-optic networks apart.

Even a single computer, with enough peripherals, is a literal
"network"--a bunch of machines all cabled together, generally
with a complexity that puts stereo units to shame.  FCIC people
invent and publicize  methods of seizing computers and maintaining
their evidence.  Simple things, sometimes, but vital rules of thumb
for street cops, who nowadays often stumble across a busy computer
in the midst of a drug investigation or a white-collar bust.
For instance:  Photograph the system before you touch it.
Label the ends of all the cables before you detach anything.
"Park" the heads on the disk drives before you move them.
Get the diskettes.  Don't put the diskettes in magnetic fields.
Don't write on diskettes with ballpoint pens.  Get the manuals.
Get the printouts.  Get the handwritten notes.  Copy data before
you look at it, and then examine the copy instead of the original.

Now our lecturer distributed copied diagrams of a typical LAN
or "Local Area Network", which happened to be out of Connecticut.
ONE HUNDRED AND FIFTY-NINE desktop computers, each with its own
peripherals.  Three "file servers."  Five "star couplers"
each with thirty-two ports.  One sixteen-port coupler
off in the corner office.  All these machines talking to each other,
distributing electronic mail, distributing software, distributing,
quite possibly, criminal evidence.  All linked by high-capacity
fiber-optic cable.  A bad guy--cops talk a about "bad guys"
--might be lurking on PC #47 lot or #123 and distributing
his ill doings onto some dupe's "personal" machine in
another office--or another floor--or, quite possibly,
two or three miles away!  Or, conceivably, the evidence might
be "data-striped"--split up into meaningless slivers stored,
one by one, on a whole crowd of different disk drives.

The lecturer challenged us for solutions.  I for one was utterly clueless.
As far as I could figure, the Cossacks were at the gate; there were probably
more disks in this single building than were seized during the entirety
of Operation Sundevil.

"Inside informant," somebody said.  Right.  There's always the human angle,
something easy to forget when contemplating the arcane recesses of high
technology.  Cops are skilled at getting people to talk, and computer people,
given a chair and some sustained attention, will talk about their computers
till their throats go raw.  There's a case on record of a single question--
"How'd you do it?"--eliciting a forty-five-minute videotaped confession
from a computer criminal who not only completely incriminated himself
but drew helpful diagrams.

Computer people talk.  Hackers BRAG.  Phone-phreaks
talk PATHOLOGICALLY--why else are they stealing phone-codes,
if not to natter for ten hours straight to their friends
on an opposite seaboard?  Computer-literate people do
in fact possess an arsenal of nifty gadgets and techniques
that would allow them to conceal all kinds of exotic skullduggery,
and if they could only SHUT UP about it, they could probably
get away with all manner of amazing information-crimes.
But that's just not how it works--or at least,
that's not how it's worked SO FAR.

Most every phone-phreak ever busted has swiftly implicated his mentors,
his disciples, and his friends.  Most every white-collar computer-criminal,
smugly convinced that his clever scheme is bulletproof, swiftly learns
otherwise when, for the first time in his life, an actual no-kidding
policeman leans over, grabs the front of his shirt, looks him right
in the eye and says:  "All right, ASSHOLE--you and me are going downtown!"
All the hardware in the world will not insulate your nerves from
these actual real-life sensations of terror and guilt.

Cops know ways to get from point A to point Z without thumbing
through every letter in some smart-ass bad-guy's alphabet.
Cops know how to cut to the chase.  Cops know a lot of things
other people don't know.

Hackers know a lot of things other people don't know, too.
Hackers know, for instance, how to sneak into your computer
through the phone-lines.  But cops can show up RIGHT ON YOUR DOORSTEP
and carry off YOU and your computer in separate steel boxes.
A cop interested in hackers can grab them and grill them.
A hacker interested in cops has to depend on hearsay,
underground legends, and what cops are willing to publicly reveal.
And the Secret Service didn't get named "the SECRET Service"
because they blab a lot.

Some people, our lecturer informed us, were under the mistaken
impression that it was "impossible" to tap a fiber-optic line.
Well, he announced, he and his son had just whipped up a
fiber-optic tap in his workshop at home.  He passed it around
the audience, along with a circuit-covered LAN plug-in card
so we'd all recognize one if we saw it on a case.  We all had a look.

The tap was a classic "Goofy Prototype"--a thumb-length rounded
metal cylinder with a pair of plastic brackets on it.
From one end dangled three thin black cables, each of which ended
in a tiny black plastic cap.  When you plucked the safety-cap
off the end of a cable, you could see the glass fiber--
no thicker than a pinhole.

Our lecturer informed us that the metal cylinder was a
"wavelength division multiplexer."  Apparently, what one did
was to cut the fiber-optic cable, insert two of the legs into
the cut to complete the network again, and then read any passing data
on the line by hooking up the third leg to some kind of monitor.
Sounded simple enough.  I wondered why nobody had thought of it before.
I also wondered whether this guy's son back at the workshop had any
teenage friends.

We had a break.  The guy sitting next to me was wearing a giveaway
baseball cap advertising the Uzi submachine gun.  We had a desultory chat
about the merits of Uzis.  Long a favorite of the Secret Service,
it seems Uzis went out of fashion with the advent of the Persian Gulf War,
our Arab allies taking some offense at Americans toting Israeli weapons.
Besides, I was informed by another expert, Uzis jam.  The equivalent weapon
of choice today is the Heckler & Koch, manufactured in Germany.

The guy with the Uzi cap was a forensic photographer.  He also did a lot
of photographic surveillance work in computer crime cases.  He used to,
that is, until the firings in Phoenix.  He was now a private investigator and,
with his wife, ran a photography salon specializing in weddings and portrait
photos.  At--one must repeat--a considerable rise in income.

He was still FCIC.  If you were FCIC, and you needed to talk
to an expert about forensic photography, well, there he was,
willing and able.  If he hadn't shown up, people would have missed him.

Our lecturer had raised the point that preliminary investigation
of a computer system is vital before any seizure is undertaken.
It's vital to understand how many machines are in there, what kinds
there are, what kind of operating system they use, how many people
use them, where the actual data itself is stored.  To simply barge into
an office demanding "all the computers" is a recipe for swift disaster.

This entails some discreet inquiries beforehand.  In fact, what it
entails is basically undercover work.  An intelligence operation.
SPYING, not to put too fine a point on it.

In a chat after the lecture, I asked an attendee whether "trashing" might work.

I received a swift briefing on the theory and practice of "trash covers."
Police "trash covers," like "mail covers" or like wiretaps, require the
agreement of a judge.  This obtained, the "trashing" work of cops is just
like that of hackers, only more so and much better organized.  So much so,
I was informed, that mobsters in Phoenix make extensive use of locked
garbage cans picked up by a specialty high-security trash company.

In one case, a tiger team of Arizona cops had trashed a local residence
for four months.  Every week they showed up on the municipal garbage truck,
disguised as garbagemen, and carried the contents of the suspect cans off
to a shade tree, where they combed through the garbage--a messy task,
especially considering that one of the occupants was undergoing
kidney dialysis.  All useful documents were cleaned, dried and examined.
A discarded typewriter-ribbon was an especially valuable source of data,
as its long one-strike ribbon of film contained the contents of every
letter mailed out of the house.  The letters were neatly retyped by
a police secretary equipped with a large desk-mounted magnifying glass.

There is something weirdly disquieting about the whole subject of
"trashing"-- an unsuspected and indeed rather disgusting mode of
deep personal vulnerability.  Things that we pass by every day,
that we take utterly for granted, can be exploited with so little work.
Once discovered, the knowledge of these vulnerabilities tend to spread.

Take the lowly subject of MANHOLE COVERS.  The humble manhole cover
reproduces many of the dilemmas of computer-security in miniature.
Manhole covers are, of course, technological artifacts, access-points
to our buried urban infrastructure.  To the vast majority of us,
manhole covers are invisible.  They are also vulnerable.  For many years now,
the Secret Service has made a point of caulking manhole covers along all routes
of the Presidential motorcade.  This is, of course, to deter terrorists from
leaping out of underground ambush or, more likely, planting remote-control
car-smashing bombs beneath the street.

Lately, manhole covers have seen more and more criminal exploitation,
especially in New York City.  Recently, a telco in New York City
discovered that a cable television service had been sneaking into
telco manholes and installing cable service alongside the phone-lines--
WITHOUT PAYING ROYALTIES.  New York companies have also suffered a
general plague of (a) underground copper cable theft; (b) dumping of garbage,
including toxic waste, and (c) hasty dumping of murder victims.

Industry complaints reached the ears of an innovative New England
industrial-security company, and the result was a new product known
as "the Intimidator," a thick titanium-steel bolt with a precisely machined
head that requires a special device to unscrew.  All these "keys" have registered
serial numbers kept on file with the manufacturer.  There are now some
thousands of these "Intimidator" bolts being sunk into American pavements
wherever our President passes, like some macabre parody of strewn roses.
They are also spreading as fast as steel dandelions around US military bases
and many centers of private industry.

Quite likely it has never occurred to you to  peer under a manhole cover,
perhaps climb down and walk around down there with a flashlight, just to see
what it's like.  Formally speaking, this might be trespassing, but if you
didn't hurt anything, and didn't make an absolute habit of it, nobody would
really care.  The freedom to sneak under manholes was likely a freedom
you never intended to exercise.

You now are rather less likely to have that freedom at all.
You may never even have missed it until you read about it here,
but if you're in New York City it's gone, and elsewhere it's likely going.
This is one of the things that crime, and the reaction to
crime, does to us.

The tenor of the meeting now changed as the Electronic Frontier Foundation
arrived.  The EFF, whose personnel and history will be examined in detail
in the next chapter, are a pioneering civil liberties group who arose in
direct response to the Hacker Crackdown of 1990.

Now Mitchell Kapor, the Foundation's president, and Michael Godwin,
its chief attorney, were confronting federal law enforcement MANO A MANO
for the first time ever.  Ever alert to the manifold uses of publicity,
Mitch Kapor and Mike Godwin had brought their own journalist in tow:
Robert Draper, from Austin, whose recent well-received book about
ROLLING STONE magazine was still on the stands.  Draper was on assignment
for TEXAS MONTHLY.

The Steve Jackson/EFF civil lawsuit against the Chicago Computer Fraud
and Abuse Task Force was a matter of considerable regional interest in Texas.
There were now two Austinite journalists here on the case.  In fact,
counting Godwin (a former Austinite and former journalist) there were
three of us.  Lunch was like Old Home Week.

Later, I took Draper up to my hotel room.  We had a long frank talk
about the case, networking earnestly like a miniature freelance-journo
version of the FCIC:  privately confessing the numerous blunders
of journalists covering the story, and trying hard to figure out
who was who and what the hell was really going on out there.
I showed Draper everything I had dug out of the Hilton trashcan.
We pondered the ethics of "trashing" for a while, and agreed
that they were dismal.  We also agreed that finding a SPRINT
bill on your first time out was a heck of a coincidence.

First I'd "trashed"--and now, mere hours later, I'd bragged to someone else.
Having entered the lifestyle of hackerdom, I was now, unsurprisingly,
following  its logic.  Having discovered something remarkable through
a surreptitious action, I of course HAD to "brag," and to drag the passing
Draper into my iniquities.  I felt I needed a witness.  Otherwise nobody
would have believed what I'd discovered. . . .

Back at the meeting, Thackeray cordially, if rather tentatively,
introduced Kapor and Godwin to her colleagues.  Papers were distributed.
Kapor took center stage.  The brilliant Bostonian high-tech entrepreneur,
normally the hawk in his own administration and quite an effective
public speaker, seemed visibly nervous, and frankly admitted as much.
He began by saying he consided computer-intrusion to be morally wrong,
and that the EFF was not a "hacker defense fund," despite what had appeared
in print.  Kapor chatted a bit about the basic motivations of his group,
emphasizing their good faith and willingness to listen and seek common ground
with law enforcement--when, er, possible.

Then, at Godwin's urging, Kapor suddenly remarked that EFF's own Internet
machine had been "hacked" recently, and that EFF did not consider
this incident amusing.

After this surprising confession, things began to loosen up
quite rapidly.  Soon Kapor was fielding questions, parrying objections,
challenging definitions, and juggling paradigms with something akin
to his usual gusto.

Kapor seemed to score quite an effect with his shrewd and skeptical analysis
of the merits of telco "Caller-ID" services.  (On this topic, FCIC and EFF
have never been at loggerheads, and have no particular established earthworks
to defend.)  Caller-ID has generally been promoted as a privacy service
for consumers, a presentation Kapor described as a "smokescreen,"
the real point of Caller-ID being to ALLOW CORPORATE CUSTOMERS TO BUILD
EXTENSIVE COMMERCIAL DATABASES ON EVERYBODY WHO PHONES OR FAXES THEM.
Clearly, few people in the room had considered this possibility,
except perhaps for two late-arrivals from US WEST RBOC security,
who chuckled nervously.

Mike Godwin then made an extensive presentation on
"Civil Liberties Implications of Computer Searches and Seizures."
Now, at last, we were getting to the real nitty-gritty here,
real political horse-trading.  The audience listened with close
attention, angry mutters rising occasionally:  "He's trying to
teach us our jobs!"  "We've been thinking about this for years!
We think about these issues every day!"  "If I didn't seize the works,
I'd be sued by the guy's victims!"  "I'm violating the law if I leave
ten thousand disks full of illegal PIRATED SOFTWARE and STOLEN CODES!"
"It's our job to make sure people don't trash the Constitution--
we're the DEFENDERS of the Constitution!"  "We seize stuff when
we know it will be forfeited anyway as restitution for the victim!"

"If it's forfeitable, then don't get a search warrant, get a
forfeiture warrant," Godwin suggested coolly.  He further remarked
that most suspects in computer crime don't WANT to see their computers
vanish out the door, headed God knew where, for who knows how long.
They might not mind a search, even an extensive search, but they want
their machines searched on-site.

"Are they gonna feed us?"  somebody asked sourly.

"How about if you take copies of the data?" Godwin parried.

"That'll never stand up in court."

"Okay, you make copies, give THEM the copies, and take the originals."

Hmmm.

Godwin championed bulletin-board systems as repositories of First Amendment
protected free speech.  He complained that federal computer-crime training
manuals gave boards a bad press, suggesting that they are hotbeds of crime
haunted by pedophiles and crooks, whereas the vast majority of the nation's
thousands of boards are completely innocuous, and nowhere near so
romantically suspicious.

People who run boards violently resent it when their systems are seized,
and their dozens (or hundreds) of users look on in abject horror.
Their rights of free expression are cut short.  Their right to associate
with other people is infringed.  And their privacy is violated as their
private electronic mail becomes police property.

Not a soul spoke up to defend the practice of seizing boards.
The issue passed in chastened silence.  Legal principles aside--
(and those principles cannot be settled without laws passed or
court precedents)--seizing bulletin boards has become public-relations
poison for American computer police.

And anyway, it's not entirely necessary.  If you're a cop, you can get 'most
everything you need from a pirate board, just by using an inside informant.
Plenty of vigilantes--well, CONCERNED CITIZENS--will inform police the moment
they see a pirate board hit their area  (and will tell the police all about it,
in such technical detail, actually, that you kinda wish they'd shut up).
They will happily supply police with extensive downloads or printouts.
It's IMPOSSIBLE to keep this fluid electronic information out of the
hands of police.

Some people in the electronic community become enraged at the prospect
of cops "monitoring" bulletin boards.  This does have touchy aspects,
as Secret Service people in particular examine bulletin boards with
some regularity.  But to expect electronic police to be deaf dumb
and blind in regard to this particular medium rather flies in the face
of common sense. Police watch television, listen to radio, read newspapers
and magazines; why should the new medium of boards be different?
Cops can exercise the same access to electronic information
as everybody else.  As we have seen, quite a few computer
police maintain THEIR OWN bulletin boards, including anti-hacker
"sting" boards, which have generally proven quite effective.

As a final clincher, their Mountie friends in Canada (and colleagues
in Ireland and Taiwan) don't have First Amendment or American
constitutional restrictions, but they do have phone lines,
and can call any bulletin board in America whenever they please.
The same technological determinants that play into the hands of hackers,
phone phreaks and software pirates can play into the hands of police.
"Technological determinants" don't have ANY human allegiances.
They're not black or white, or Establishment or Underground,
or pro-or-anti anything.

Godwin  complained at length about what he called "the Clever Hobbyist
hypothesis" --the assumption that the "hacker" you're busting is clearly
a technical genius, and must therefore by searched with extreme thoroughness.
So:  from the law's point of view, why risk missing anything?  Take the works.
Take the guy's computer.  Take his books. Take his notebooks.
Take the electronic drafts of his love letters. Take his Walkman.
Take his wife's computer.  Take his dad's computer.  Take his kid
sister's computer.  Take his employer's computer.  Take his compact disks--
they MIGHT be CD-ROM disks, cunningly disguised as pop music.
Take his laser printer--he might have hidden something vital in the
printer's 5meg of memory.  Take his software manuals and hardware
documentation. Take his science-fiction novels and his simulation-
gaming books.  Take his Nintendo Game-Boy and his Pac-Man arcade game.
Take his answering machine, take his telephone out of the wall.
Take anything remotely suspicious.

Godwin pointed out that most "hackers" are not, in fact, clever
genius hobbyists.  Quite a few are crooks and grifters who don't
have much in the way of technical sophistication; just some rule-of-thumb
rip-off techniques.  The same goes for most fifteen-year-olds who've
downloaded a code-scanning program from a pirate board.  There's no
real need to seize everything in sight.  It doesn't require an entire
computer system and ten thousand disks to prove a case in court.

What if the computer is the instrumentality of a crime? someone demanded.

Godwin admitted quietly that the doctrine of seizing the instrumentality
of a crime was pretty well established in the American legal system.

The meeting broke up.  Godwin and Kapor had to leave.  Kapor was testifying
next morning before the Massachusetts Department Of Public Utility,
about ISDN narrowband wide-area networking.

As soon as they were gone, Thackeray seemed elated.
She had taken a great risk with this.  Her colleagues had not,
in fact, torn Kapor and Godwin's heads off.  She was very proud of them,
and told them so.

"Did you hear what Godwin said about INSTRUMENTALITY OF A CRIME?"
she exulted, to nobody in particular.  "Wow, that means
MITCH ISN'T GOING TO SUE ME."