[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: My Bust (Part I) ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #43 | Release date : 1993-07-01 | Editor : Erik Bloodaxe
IntroductionDatastream Cowboy
Phrack Loopback Part IPhrack Staff
Phrack Loopback Part II / EditorialPhrack Staff
Line Noise Part IPhrack Staff
Line Noise Part IIPhrack Staff
Phrack Pro-Phile on Doctor WhoDoctor Who
Conference News Part Ivarious
Conference News Part IIvarious
How To Hack Blackjack (Part I)Lex Luthor
How To Hack Blackjack (Part II)Lex Luthor
Help for Verifying Novell SecurityPhrack Staff
My Bust (Part I)Robert Clark
My Bust (Part II)Robert Clark
Playing Hide and Seek, Unix StylePhrack Accident
Physical Access and Theft of PBX SystemsCodec
Guide to the 5ESSFirm G.R.A.S.P.
Cellular InfoMadjus
LODCOM BBS Archive Informationunknown
LODCOM Sample Messagesunknown
Step By Step Guide To Stealing a CamaroSpy Ace
Acronyms Part IFirm G.R.A.S.P.
Acronyms Part IIFirm G.R.A.S.P.
Acronyms Part IIIFirm G.R.A.S.P.
Acronyms Part IVFirm G.R.A.S.P.
Acronyms Part VFirm G.R.A.S.P.
International Scenevarious
Phrack World NewsDatastream Cowboy
Title : My Bust (Part I)
Author : Robert Clark
                              ==Phrack Magazine==

                 Volume Four, Issue Forty-Three, File 12 of 27


                                  My Bust
                                    Or,
                          An Odyssey of Ignorance

                        (C) 1993 Robert W. F. Clark


[This is a factual account; however, certain innocent parties have
 already suffered enough damage to their reputations
 without further identification.  I have changed their names.
 Where I have done so I follow the name with an asterisk [*].


I.  _In flagrante delicto_

I am writing this article for the benefit of those who have yet to
become acquainted with the brotherhood of law enforcement, a subculture
as warped and depraved as any criminal organization.

The law enforcement community entered my life in the early part of
December 1989.  I am yet to be quit of it.  My initial contact with law
enforcement and its quaint customs was one afternoon as I was reading email.
Suddenly, without warning, I heard a voice shout:  "Freeze, and get away from
the computer."  Nonplussed, but still with some command of my faculties, I
drawled:  "So, which do you want me to do?"

The police officer did not answer.

I was in the main public academic computing facility at Penn State,
which was occupied by several startled-looking computer users, who now trained
their eyes on the ensuing drama with all the solicitous concern of Romans
attending an arena event.

The officer, Police Services Officer Anne Rego, then left the room,
and my immediate concern was to kill all processes and
delete all incriminating files, or at least to arrange an accidental
disruption of power.  However, before I could do anything, Miss Rego
reappeared with a grim, mustached police officer and what appeared to be the
cast of Revenge of the Nerds.

Angela Thomas, computer science instructor, immediately commandeered
both terminals I had been using and began transferring the contents of
all directories to a safe machine; the newcomer, Police Services Officer
Sam Ricciotti, volunteered the helpful information:  "You're in big
trouble, kid."

In an excess of hospitality, they then offered me a ride to Grange
Building, police headquarters of Penn State, for an afternoon of
conversation and bright lights.

I asked if I were under arrest, and finding that I was not, asked
what would happen if I refused their generous offer.  They said that
it might have negative repercussions, and that the wise choice was to
accompany them.

So, after a moment of thought, I agreed to accompany them.  Forming a
strange procession, with a police officer preceding me and another
following, we entered an elevator.  Then, still in formation, we exited
the building to be greeted by two police cars with flashing red and
blue lights.  Like a chauffeur, Officer Ricciotti opened the door for
me, and it was only after he closed it that I realized, for the first
time, that the back doors of police cars have no handles on the inside.

I had made yet another mistake in a long series.

The purpose of this article is to detail several possible mistakes in dealing
with police and how they may be avoided.  As I made almost every possible
mistake, my experience should prove enlightening.

While I hope that this article might prevent you from being busted,
I will have been successful if even one person does not make the
mistakes I made when I was busted.

II.  Prelude

To provide the reader with context, I shall explain the series of events
which culminated in my apprehension.

On my entrance to the Pennsylvania State University as a University
Scholar, the highest distinction available from an institution remarkable for
its lack of distinction, I received an account on PSUVM, an IBM 3090 running
VM/CMS.  Before receiving the account, I acquired all available documentation
from the Information Desk and read it.  As it happened, the first document I
read concerned "Netnews," the local name for Usenet.

As soon as my account was activated, I immediately typed netnews.
I have never been the same since.  Within a week, I began posting
articles of my own and was immediately lambasted, flamed and roasted
to a crisp.  Discovering my own talent in the area of malediction,
I became an alt.flame and talk.bizarre regular.  I also read comp.risks,
comp.dcom.telecom and other technical journals assiduously.

I began hacking VM/CMS, independently discovering a vast
number of flaws in the system.  Within a few months, I was able to
access any information in the system which interested me, submit
anonymous batch jobs, and circumvent the 'ration' utility which limited
a luser's time on the system.  It was a trivial matter to write a trojan
horse which imitated the login screen and grabbed passwords.  Late
at night, when there were few users, I would crank the CPU, of
a system capable of handling 300 users simultaneously,
to 100% capacity just for the sake of doing it.  I discovered a
simple method of crashing the system, but felt no need to do it,
as I knew that it would work.  To avoid disk space rationing, I
would store huge files in my virtual punch.  To my credit, lest
I seem a selfish pig unconcerned with the welfare of
other users, I limited such exercises to the later hours of the
night, and eliminated large files when they were no longer useful
to me.

Like one starved, I glutted myself on information.  To have
legitimate access to such a system was marvellous.  For a few months,
I was satisfied with my level of 'power,' that elusive quality which is
like a drug to those of a certain peculiarity of mind.

However, it was not long before I realized that despite the sheer
power of the system, the user interface was clumsy,
unaesthetic and intolerable to anyone desiring to understand
the machine directly.  The damn thing had a virtual punch
card system!

I had heard about Unix, and was interested in trying this system.  However,
without an affiliation with the Computer Science Department, I had no
way to get Unix access.

Comparative Literature majors apparently should not clutter their heads with
such useless and destructive nonsense as the Unix operating system,
just as an Engineering major can only be damaged by such
mental clutter as the works of Shakespeare; this, in any case, seemed
to be the only justification for such an arcane, Byzantine
policy of restricting access to a nearly unlimited resource.

The academic community is addicted to the unhealthy practice of restricting
information, and its policies are dedicated to the end of turning agile, eager
young minds into so many identical cogs in the social mill.  Those unable or
unwilling to become cogs are of no use to this machine, and are dispensable.

Thus, in the latter part of my freshman year, I became increasingly
frustrated and disillusioned with higher education in general, and
by the very idea of specialized education in particular.  I stopped
attending classes, and even skipped tests.  I became increasingly
nocturnal and increasingly obsessed with Usenet.  Nevertheless, even
by doing the entire semester's work during finals week, I still
barely managed to maintain honors status.

The summer restored my spirits greatly.  I experimented
with LSD for the first time, and found that it allowed me to see
myself as I truly was, and to come to a certain grudging acceptance of
myself, to a greater degree than any psychologist had.  I found that I
preferred marijuana to alcohol, and soon no longer subjected myself to
prolonged bouts of drinking.

However, I mistook my upturn in spirits for a rejuvenation, when
it was more likely due to the lack of pressure and hedonism
of summer.

Near the end of my first year, I met Dale Garrison [*], an
electronic musician and audio man for WPSX-TV, the university
public television station.  He also recorded music recitals
for faculty and visiting luminaries, and thus had access to
the Electronic Music Lab and all its facilities.
His friend Shamir Kamchatka [*] had bequeathed him a Unix
account on the mail hub of the Pennsylvania State University.
Another friend, Ron Gere [*], a systems operator for the
Engineering Computer Lab, had created an account for him on
the departmental VAXcluster following the termination of his
legitimate account due to a change in policy.  They gave the
account the cover name of Huang Chang [*] as a sort of joke,
but this name was remarkably inconspicuous with the preponderance
of Asian names on the system.  Dale began posting articles under
this name, as he had no account with his real name, but by a slow
process, the nom-de-plume became a well-developed and individual
personality, and the poems, articles and diatribes written
under this name became quite popular.  Even when we later
realized the ease with which he could forge articles with his
actual name, he was disinclined to do so.  The wit and
intelligence of the assumed identity became so unique to
that identity that it would have been difficult to shed.

I often used the Unix account, and quickly began to
understand and appreciate the complexity and organic unity
of the Internet.

I had no moral qualms about using a computer account with the
permission of the legitimate owner of the account, any more than
I would have moral qualms about checking out a book from the
mathematics library.  A source of information for which my tuition
and taxes has paid is a source of information which I have every
right to access.  To deny my access is a crime greater by far
than for me to claim my rights by nondestructive means.  Any
university will allow a student of any college to check out a book
on any subject from the library.

However, myopic university administrations seem to believe that restricting
access to information, rather than allowing a free exchange of ideas, is the
purpose of an educational institution.  Every department will have its own
computer subnetwork, regardless of whether it is sensible or equitable to do
so.  The stagnation and redundancy we see on the Internet is the inevitable
result of such an absurd _de facto_ standard.

This policy is by no means limited to computers.  It extends to
class scheduling, work-study programs, any technical equipment worth
using, arts training, religious studies, athletic facilities, degree
requirements, musical instruments, literature and any thing which is
useful to the mind.  Bean-counters who can neither read a line
of Baudelaire nor parse a line of C decide what is to be the canned
curriculum for anyone who chooses a major.  This is the obvious
outcome in a society where education is so undervalued that
Education majors have the lowest SAT scores of any degree-level
students.

So I thought as I saw resources wasted, minds distorted,
the lives of close friends ruined by the slow, inexorable grinding
of the vast, impersonal machine known as higher education.  I saw
professors in computer science tell blatant falsehoods, professors
in philosophy misquote Nietzsche, professors in English Literature
hand out typewritten memos rife with grammatical errors.
I grew entirely disgusted with the mismanagement of higher
education.  When I discovered that the most intelligent and individual
people around me were usually not students, I gave up on college
as a means of self-actualization.

My second year of college was essentially the first repeated,
except that my frustration with the academic world bloomed into
nihilism, and my depression into despair.  I no longer even bothered to
attend most tests, and even skipped finals.  I allowed my paperwork for
the University Scholars Program to lapse, rather than suffer
the indignity of ejection for poor academic performance.

Another summer followed, with less cheer than the previous.  Very early in the
summer, a moron rear-ended my car without even slowing down before slamming
into me.  My mother and stepfather ejected me from their house, and I moved to
Indiana to live with my father.  When the insurance money arrived from my
totalled car, I purchased a cheap vehicle and hit the highway with no
particular destination in mind.  With a lemming's logic, I turned east instead
of west on I-70, and returned to State College, Pennsylvania.

At the last moment, I registered for part-time classes.


III.  History of a Conflagration

>From the beginning of this semester, I neglected my classes, and
instead read RFCs and Unix system security manuals.  I began
experimenting with the communications capabilities of the TCP/IP protocol
suite, and began to understand more deeply how it was that such a network
could exist as an organic whole greater than the sum of its parts.

In the interest of experimenting with these interconnections, I
began to acquire a number of Internet 'guest' accounts.  When possible, I
would use these to expand my area of access, with the goal of testing the
speed and reliability of the network; and, I freely admit, for my amusement.

I realized, at the time, that what I was doing was, legally, in
a gray area; but I did not give moral considerations more than
a passing thought.  Later, I had leisure to ponder the moral and legal aspects
of my actions at great length, but at the time I was collecting accounts I
only considered the technical aspects of what I was doing.

I discovered Richard Stallman's accounts on a variety of computers.
I used these only for testing mail and packet routing.
I realized that it would be trivial to use them for malicious
purposes, but the thought of doing so did not occur to me.  The very
idea of hacking a computer system implies the desire to outsmart the
security some unknown person had designed to prevent intrusion; to
abuse a trust in this manner has all the appeal to a hacker that a
hunter would find in stalking a kitten with a howitzer.  To hack an
open system requires no intelligence and little knowledge, and
imparts no deeper knowledge than is available by legitimate use of
the system.

I soon had a collection of accounts widely scattered around
the continent:  at the University of Chicago, at the Pennsylvania
State University, at Johns Hopkins, at Lawrence-Berkeley Laboratories
and a number of commercial and government sites.

However, the deadly mistake of hacking close to home was my downfall.
I thought I was untouchable and infallible, and in a regrettable accident I
destroyed the /etc/groups file at the Software Engineering Laboratory at Penn
State, due to a serious lapse in judgment combined with a series of
typographical errors.  This is the only action for which I should have been
held accountable; however, as you shall see, it is the only action for which
I was not penalized in any way.

I halt the narrative here to deliver some advice suggested by my
mistakes.

My first piece of advice is:  avoid the destruction of information by not
altering any information beyond that necessary to maintain
access and avoid detection.  Try to protect yourself from typographical
errors by backing up information.  My lack of consideration in this
important regard cost Professor Dhamir Mannai many hours
reconstructing the groups file.  Dhamir plays a major role in the
ensuing fracas, and turned out very sympathetic.  I must
emphasize that the computer security people with whom we have such
fun are often decent people.  Treat a system you have invaded as
you would wish someone to treat your system if they had done the
same to you.  Protect both the system and yourself.  Damage to the system
will have a significant effect on any criminal case which is filed
against you.  Even the harshest of judges is likely to respond to a
criminal case with a bewildered dismissal if no damage is alleged.
However, if there is any damage to a system, the police will most certainly
allege that you maliciously damaged the machine.  It is their job
to do so.

My second piece of advice is:  avoid hacking systems geographically
local to you, even by piggybacking multiple connections across the
country and back to mask your actions.  In any area there is a limited
number of people both capable of and motivated to hack.
When the local security gurus hear that a hacker is on the loose,
they will immediately check their mental list of people who fit the
profile.  They are in an excellent position to monitor their own network.
Expect them to do so.

I now return to my narrative.

Almost simultaneous with my activities, the Computer Emergency Response
Team was formed in the wake of the Morris Worm, and was met with an
almost palpable lack of computer crime worth prosecuting.
They began issuing grimly-worded advisories about the ghastly horrors
lurking about the Internet, and warned of such dangerous events as
the WANK (Worms Against Nuclear Killers) worm,  which displayed
an anti-nuclear message when a user logged on to an infected
machine.

To read the newspaper article concerning Dale and me, a person who
collects guest accounts is, if not Public Enemy Number One, at least
a major felon who can only be thwarted by the combined efforts of
a major university's police division, two computer science departments,
and Air Force Intelligence, which directly funds CERT.

Matt Crawford, at the University of Chicago, notified CERT of my
intrusions into their computer systems.  The slow machinery
of justice began to creak laboriously into motion.  As I had
taken very few precautions, they found me within two weeks.

As it happens, both the Penn State and University of Chicago
systems managers had publicly boasted about the impenetrability of
their systems, and perhaps this contributed to their rancor at discovering
that the nefarious computer criminal they had apprehended was a
Comparative Literature major who had failed his only computer science
course.


IV.  In the Belly of the Beast

When we arrived at the police station, the police left me in a room
alone for approximately half an hour.  My first response was to check
the door of the room.  It was unlocked.  I checked the barred
window, which was locked, but could be an escape if necessary.
Then, with nothing to do, I considered my options.  I considered
getting up and leaving, and saying that I had nothing to discuss
with them.  This was a sensible option at the outset, I thought,
but certainly not sensible now.  This was a repetition of
a mistake; I could have stopped talking to them at any time.

Finally, I assumed the lotus position on the table in order to collect my
thoughts.  When I had almost collected my thoughts, Anne Rego and Sam
Ricciotti returned to the room, accompanied by two men I took to be criminals
at first glance:  a scruffy, corpulent, bearded man I mentally tagged as a
public indecency charge; and a young man with the pale and flaccid ill-health
of a veal calf, perhaps a shoplifter.  However, the pair was Professor Robert
Owens of the computer science department and Daniel Ehrlich, Owens' student
flunky.

Professor Owens sent Ehrlich out of the room on some trivial
errand.  Ricciotti began the grilling.  First, he requested
that I sign a document waiving my Miranda rights.  He explained that it
was as much for my benefit as for theirs.  I laughed out loud.  However,
I thought that as I had done nothing wrong, I should have no fear of
talking to them, and I signed the fatal document.

I assumed that what I was going to say would be taken at
face value, and that my innocence was invulnerable armor.
Certainly I had made a mistake, but this could be explained, could it
not?  Despite my avowed radical politics, my fear of authority was
surpassed by a trust for apparent sincerity.

As they say, a con's the easiest mark there is.

I readily admitted to collecting guest accounts, as I found nothing
culpable in using a guest account, my reasoning being that if a public
building had not only been unlocked, but also a door in that
building had been clearly marked as for a "Guest," and that door opened
readily, then no one would have the gall to arrest someone for trespass, even
if other, untouched parts of the building were marked
"No Visitors."  Using a 'guest' account is no more computer crime than
using a restroom in a McDonald's is breaking-and-entering.

Ricciotti continued grilling me, and I gave him further information.
I fell prey to the temptation to explain to him what he clearly did
not understand.  If you are ever in a similar circumstance, do not do
so.  The opaque ignorance of a police officer is, like a well-
constructed security system, a very tempting challenge to a hacker.
However, unlike the security system, the ignorance of a police
officer is uncrackable.

If you attempt to explain the Internet to a police officer investigating
you for a crime, and the notion of leased WATS lines seems
a simple place to start, it will be seen as evidence of some vast,
bizarre conspiracy.  The gleam in the cop's eye is not one of
comprehension; it is merely the external evidence that a power fantasy
is running in the cop's brain.  "I," the cop thinks, "will definitely be
Cop of the Year!  I'm going to find out more about this Internet thing
and bust the people responsible."

Perhaps you will be lucky or unlucky enough to be busted by a cop
who has some understanding of technical issues.  Never having been
busted by a computer-literate cop, I have no opinion as to whether
this would be preferable.  However, having met more cops than I care to
remember, I can tell you that the chances are slim that you will meet a cop
capable of tying shoelaces in the morning.  The chances of meeting a cop
capable of understanding the Internet are nearly nonexistent.

Apparently, this is changing, but by no means as rapidly
as the volatile telecommunications scene.  At present, the cop who busts
you might have a Mac hooked up to NCIC and be able to use it clumsily;
or may be able to cope with the user interface of a BBS, but don't
bother trying to explain anything if the cop doesn't understand you.

If the cop understands you, you have no need to explain; if not, you
are wasting your time.  In either case, you are giving the police the
rope they need to hang you.

You have nothing to gain by talking to the police.  If you are not under
arrest, they can do nothing to you if you refuse to speak to them.  If you
must speak to them, insist on having an attorney present.  As edifying as it
is to get a first-hand glimpse of the entrenched ignorance of the law-
enforcement community, this is one area of knowledge where book-learning is
far preferable to hands-on experience.  Trust me on this one.

If you do hack, do not use your personal computing equipment and
do not do it from your home.  To do so is to invite them to confiscate every
electronic item in your house from your telephone to your microwave.  Expert
witnesses are willing to testify that anything taken could be used for illegal
purposes, and they will be correct.

Regardless of what they may say, police have no authority to offer
you anything for your cooperation; they have the power to tell the
magistrate and judge that you cooperated.  This and fifty cents will
get you a cup of coffee.

Eventually, the session turned into an informal debate with Professor
Owens, who showed an uncanny facility for specious argument and
proof by rephrasing and repeating.  The usual argument ensued,
and I will encapsulate rather than include it in its entirety.

"If a bike wasn't locked up, would that mean it was right to steal it or
take it for a joyride?"

"That argument would hold if a computer were a bike; and if the bike
weren't returned when I was done with it; and if, in fact, the bike
hadn't been in the same damn place the whole time you assert it was
stolen."

"How do you justify stealing the private information of others?"

"For one thing, I didn't look at anyone's private information.
In addition, I find the idea of stealing information so grotesque
as to be absurd.  By the way, how do you justify working for Penn State, an
institution that condoned the illegal sale of the Social Security
Numbers of its students?"

"Do you realize what you did is a crime?"  interjected Ricciotti.

"No, I do not, and after reading this law you've shown me, I still
do not believe that what I did violates this law.  Beyond that, what
happened to presumed innocent until proven guilty?"

The discussion continued in a predictable vein for about two hours,
when we adjourned until the next day.  Sam sternly advised me that as
this was a criminal investigation in progress, I was not to tell
anyone anything about it.  So, naturally, I immediately told
everyone I knew everything I knew about it.

With a rapidly mounting paranoia, I left the grim, cheerless
interrogation room and walked into the bustle of an autumn day
at Penn State, feeling strangely separate from the crowd around
me, as if I had been branded with a scarlet 'H.'

I took a circuitous route, often doubling back on myself, to detect
tails, and when I was sure I wasn't being followed, I headed straight
for a phone booth to call the Electronic Music Lab.

The phone on the other end was busy.  This could only mean one thing,
that Dale was online.  His only crime was that he borrowed an
account from the legitimate user, and used the Huang account
at the Engineering Computer Lab, but I realized after my discussion
with the police that they would certainly not see the matter as
I did.

I realized that the situation had the possibility to erupt into
a very ugly legal melee.  Even before Operation Sun-Devil, I realized
that cops have a fondness for tagging anything a conspiracy
if they feel it will garner headlines.  I rushed to the Lab.


V.  A Desperate Conference

"Get off the computer now!  I've been busted!"

"This had better not be a goddamn joke."

He rapidly disconnected from his session and turned off the computer.
We began to weigh options.  We tried to figure out the worst thing they
could do to me.  Shortly, we had a list of possibilities.  The police
could jail me, which seemed unlikely.  The police could simply forget
about the whole thing, which seemed very unlikely.  Anything between
those two poles was possible.  Anything could happen, and as I was
to find, anything would.  We planned believing that it was only
I who was in jeopardy.

If you are ever busted, you will witness the remarkable migration
habits of the fair-weather friend.  People who yesterday had
nothing better to do than sit around and drink your wine will
suddenly have pressing duties elsewhere.

If you are lucky, perhaps half a dozen people will consent to speak
to you.  If you are very lucky, three of them will be willing to be
seen with you in public.

Very shortly the police would begin going after everyone I knew for no other
reason than that they knew me.  I was very soon to be given yet another of the
blessings accorded to those in whom the authorities develop an interest.

I would discover my true friends.

I needed them.


VI.  The Second Interrogation

I agreed to come in for a second interview.

At this interview, I was greeted by two new cops.  The first cop,
with the face of an unsuccessful pugilist, was Jeffery Jones.
I detested him on sight.

The second, older cop, with brown hair and a mustache, was Wayne
Weaver, and had an affable, but stern demeanor, somewhat reminiscent
of a police officer in a fifties family sitcom.

As witness to this drama, a battered tape recorder sat between us
on the wooden table.  In my blithe naivete, I once again waived
my Miranda rights, this time on tape.

The interview began with a deranged series of accusations by Jeffery
Jones, in which were combined impossibilities, implausibilities,
inaccuracies and incongruities.  He accused me of everything
from international espionage to electronic funds transfer.  Shortly
he exhausted his vocabulary with a particularly difficult
two-syllable word and lapsed into silence.

Wayne filled the silence with a soft-spoken inquiry, seemingly
irrelevant to the preceding harangue.  I answered, and we began
a more sane dialogue.

Jeffery Jones remained mostly silent.  He twiddled his thumbs, studied
the intricacies of his watch, and investigated the gum stuck under the table.
Occasionally he would respond to a factual statement by rapidly turning,
pounding the table with his fists and shouting:  "We know you're lying!"

Finally, after one of Jeffery's outbursts, I offered to terminate the
interview if this silliness were to continue.  After a brief consultation
with Wayne, we reached an agreement of sorts and Jeff returned to a dumb,
stony silence.

I was convinced that Wayne and Jeff were pulling the good cop/bad cop
routine, having seen the mandatory five thousand hours of cop shows the
Nielsen people attribute to the average American.  This was, I thought,
standard Mutt and Jeff.  I was to change my opinion.  This was not good
cop/bad cop.  It was smart cop/dumb cop.  And, more frighteningly, it
was no act.

After some more or less idle banter, and a repetition of my previous
story, and a repetition of my refusal to answer certain other questions,
the interrogation began to turn ugly.

Frustrated by my refusal to answer, he suddenly announced that he knew
I was involved in a conspiracy, and made an offer to go easy on me if
I would tell him who else was involved in the conspiracy.

I refused point-blank, and said that it was despicable of him to
request that I do any such thing.  He began to apply pressure and
I will provide a reconstruction of the conversation.  As the police
have refused all requests by me to receive transcripts of interviews,
evidence and information regarding the case, I am forced to rely on
memory.

"These people are criminals.  You'd be doing the country a service
by giving us their names."

"What people are criminals?  I don't know any criminals."

"Don't give me that.  We just want their names.  We won't do
anything except ask them for information."

"Yeah, sure.  Like I said, I don't know any criminals.  I'm not a criminal,
and I won't turn in anyone for your little witch-hunt, because I don't
know any criminals, and I'd be lying if I gave you any names."

"You're not going to protect anyone.  We'll get them anyway."

"If you're going to get them, you don't need my help."

"We won't tell anyone that you told them about us."

"Fuck that.  I'll know I did it.  How does that affect the morality
of it, anyway?"

Dropping the moral argument, he went to the emotional argument:

"If you help us, we'll help you.  When you won't help us, you
stand alone.  Those people don't care about you, anyway."

"What people?  I don't know any people."

"Just people who could help us with our investigation.  It doesn't
mean that they're criminals."

"I don't know anything about any criminals I said."

"In fact, one of your friends turned you in.  Why should you take
this high moral ground when you're a criminal anyway, and they'd
do the same thing to you if they were in the situation you're in.
You just have us now, and if you won't stand with us, you stand
alone."

"I don't have any names.  And no one I knew turned me in."

This tactic, transparent as it was, instilled a worm of doubt in my mind.
That was its purpose.

This is the purpose of any of the blandishments, threats and lies
that the police will tell you in order to get names from you.  They
will attempt to make it appear as if you will not be harming the
people you tell them about.  Having been told that hackers are just
adolescent pranksters who will crack like eggs at the slightest
pressure and cough up a speech of tearful remorse and hundreds of
names, they will be astonished at your failure to give them names.

I will here insert a statement of ethics, rather than the merely
practical advice which I have heretofore given.  If you crack at the
slightest pressure, don't even bother playing cyberpunk.  If
your shiny new gadget with a Motorola 68040 chip and gee-whiz
lightning Weitek math co-processor is more important to you than
the lives of your friends, and you'd turn in your own grandmother
rather than have it confiscated, please fuck off.  The computer underground
does not need you and your lame calling-card and access code rip-offs.
Grow up and get a job at IBM doing the same thing a million
other people just like you are doing, buy the same car a million
other people just like you have, and go to live in the same suburb
that a million other people like you call home, and die quietly at
an old age in Florida.  Don't go down squealing like a pig,
deliberately and knowingly taking everyone you know with you.

If you run the thought-experiment of imagining yourself in this
situation, and wondering what you would do, and this description
seems very much like what meets you in the bathroom mirror, please
stop hacking now.

However, if you feel you must turn someone in to satisfy the cops,
I can only give the advice William S. Burroughs gives in _Junky_
to those in a similar situation:  give them names they already have, without
any accompanying information; give them the names of people who have left the
country permanently.  Be warned, however, that giving false information to the
police is a crime; stick to true, but entirely useless information.

Now, for those who do not swallow the moral argument for not finking,
I offer a practical argument.  If you tell the police about
others you know who have committed crimes, you have admitted
your association with criminals, bolstering their case
against you.  You have also added an additional charge against
yourself, that of conspiracy.  You have fucked over the very
friends you will sorely need for support in the near future,
because the investigation will drag on for months, leaving your life
in a shambles.  You will need friends, and if you have sent
them all up the river, you will have none.  Worse, you will
deserve it.  You have confessed to the very crimes you
are denying, making it difficult for you to stop giving them
names if you have second thoughts.  They have the goods on you.

In addition, any offers they make if you will give them names are legally
invalid and non-binding.  They can't do jack-shit for you and wouldn't if they
could.  The cop mind is still a human mind, and there is nothing more
despicable to the human mind than a traitor.

Do not allow yourself to become something that you can not tolerate being.
Like Judas, the traitor commits suicide both figuratively and literally.

I now retire from the soapbox and return to the confessional.

My motives were pure and my conscience was clean.  With a sense
of self-righteousness unbecoming in a person my age, I assumed that
my integrity was invulnerability, and that my refusal to give them
any names was going to prevent them from fucking over my friends.

I had neglected to protect my email.  I had not encrypted my
communications.  I had not carefully deleted any incriminating
information from my disks, and because of this I am as guilty
as the people who blithely rat out their friends.  I damaged
the lives of a number of people by my carelessness, a number of
people who had more at stake than I had, and all my good intentions
were not worth a damn.  I had one encrypted file, that a list
of compromised systems and account names, and that was DES encrypted
with a six-character alphanumeric.

As I revelled in my self-righteousness, Dan Ehrlich and Robert Owens
arrived with a two-foot high pile of hardcopy on which was printed
every file on my PSUVM accounts, including at least a year of email
and all my posts to the net, including those in groups such as
alt.drugs, and articles by other people.

Wayne assumed that any item on the list, even saved posts from other
people, was something that had been sent to me personally by its
author, and that these people were, thus, involved in some vast conspiracy.
While keeping the printed email out of my sight, he began listing
names and asking me for information about that person.  I answered,
for every person, that I knew nothing about that person except what
they knew.  He asked such questions as "What is Emily Postnews'
real name, and how is she involved in the conspiracy?"

Ehrlich and Owens had conveniently disappeared, so I couldn't expect them to
explain the situation to Wayne; and had, myself, given up any attempt to
explain, realizing that anything I said would simply reinforce the cops'
paranoid conspiracy theories.  By then, I was refusing to answer practically
every question put to me, and finally realized I was outgunned.  When I had
arrived, I was puffed up with bravado and certain that I could talk my way out
of this awful situation.  Having made rather a hash of it as a hacker, I
resorted to my old standby, my tongue, with which I had been able
to escape any previous situation.  However, not only had I not talked
my way out of being busted, I had talked my way further into it.

If you believe, from years of experience at social engineering,
that you will be able to talk your way out of being busted, I wish
you luck; but don't expect it to happen.  If you talk with the police, and
you are not under arrest at the time, expect that one or two of
your sentences will be able to be taken out of context and used
as a justification for issuing an arrest warrant.  If you talk with
the police and you are under arrest, the Miranda statement:  "Anything
you say can and will be held against you in a court of law," is perhaps
the only true statement in that litany of lies.

In any case, my bravado had collapsed.  I still pointedly
called the cops "Wayne" and "Jeff," but otherwise, resorted to
repeating mechanically that I knew nothing about nothing.

Owens and Ehrlich returned, and announced that they had discovered
an encrypted file on my account, called holy.nodes.  I bitterly regretted
the flippant name, and the arrogance of keeping such a file.

If you must have an encrypted list of passwords and accounts
sitting around, at least give it a name that makes it seem like some
sort of executable, so that you have plausible deniability.

They assured me that they could decrypt it within six hours on a
Cray Y-MP to which they had access.  I knew that the Computer Science
Department had access to a Cray at the John von Neuman Computer Center.
I made a brief attempt to calculate the rate of brute-force password
cracking on a Cray and couldn't do it in my head.  However, as
the password was only six alphanumeric characters, I realized that it
was quite possible that it could be cracked.  I believe now that
I should have called their bluff, but I gave them the key, yet another
in a series of stupid moves.

Shortly, they had a list of computer sites, accounts and passwords,
and Wayne began grilling me on those.  Owens was livid when he noted
that a machine at Lawrence-Berkeley Labs, shasta.lbl.gov, was in the
list.  This was when my trouble started.

You might recall that Lawrence-Berkeley Labs figures prominently in
Clifford Stoll's book _The Cuckoo's Egg_.  The Chaos Computer
Club had cracked a site there in the mistaken belief that it was Lawrence-
Livermore.  As it happens, I had merely noticed a guest account there,
logged in and done nothing further.  Of course, this was too
simple an explanation for a cop to believe it.

Owens had given the police a tiny bit of evidence to support the
bizarre structure of conspiracy theories they had built; and a paranoid
delusion, once validated in even the most inconsequential manner, becomes
unshakably firm.

Wayne returned to the interrogation with renewed vigor.  I continued
giving answers to the effect that I knew nothing.  He came to the name of
Raymond Gary [*], who had generously allowed me to use an old account on
PSUVM, that of a friend of his who had left the area.  I attempted to assure
them of his innocence.  This was another bad move.

It was a bad move because this immediately reinforces the conspiracy
theory, and the cops wish to have more information on that
person.  I obfuscated, and returned to the habit of repeating:  "Not to
the best of my recollection," as if I were in the Watergate hearings.

Another name surfaced, that of a person who had allowed me to use his
account because our respective machines could not manage a tolerable
talk connection.  This person, without his knowledge, joined the
conspiracy.  Once again, I foolishly tried to explain the situation.
This simply made it worse, as the cop did not understand a word
I was saying; and Owens was incapable of appreciating the difference
between violating the letter of the law and the spirit of the law.

Wayne repeatedly asked about my overseas friends, informed me that he knew
there were foreign governments involved, again told me that a friend of mine
had informed on me.  I was told lies so outrageous that I hesitate to put them
on paper.  I denied everything.

I made another lengthy attempt at explanation, trying to defuse the conspiracy
theory, and gave a speech on the difference between breaking into someone's
house and ripping off everything there, voyeuristically spying on people, and
temporarily borrowing an account simply to talk to someone because a network
link was not working.  I made an analogy between this and asking
someone who is driving a corporate vehicle to give a jump to a
disabled vehicle, and tried to explain that this was certainly not
the same as if the authorized user of the corporate vehicle had simply
handed a passerby the keys.  I again attempted to explain the Internet, leased
lines, the difference between FTP and mail, why everyone on the Internet
allowed anyone else to transfer files from, to and through their machines, and
once again failed to explain anything.

Directly following this tirade, delivered almost at a shout, Wayne
leaned over the desk and asked me:  "Who's Bubba?"

This was too much to tolerate.  My ability to take the situation
seriously, already very shaky, simply vanished in the face of
this absurdity.  I lost it entirely.  I laughed hysterically.

I asked, my anger finally getting the better of my amusement:  "What the
fuck kind of question is that?"

He repeated the question, not appreciating the humor inherent in
this absurd contretemps; I was beyond trying to maintain the appearance
of solemnity.  Everything, the battered table, the primitive
tape recorder, the stony-faced cops, the overweight computer security
guys, seemed entirely empty of meaning.  I could no longer accept as real that
I was in this dim room with a person asking me the question:  "Who's Bubba?"

I said:  "I have no idea.  You tell me."

Finally, Wayne came to Dale's name.  Dale did not use his last name
in any of the email he had sent to me, and I hoped that his name
was not in any file on any machine anywhere.  I recovered some of
my equilibrium, and refused to answer.

A number of references to "lab supplies" were made in the email, and
I was questioned as to the meaning of this phrase.  I answered that
it simply meant quarter-inch reels of tape for music.  They refused
to accept this explanation, and accused me of running a drug ring over
the computer network.

Veiled threats, repetitions of the question, rephrasings of it,
assurances that they were going to get everyone anyway, and similar
cop routines followed.

Finally, having had altogether too much of this nonsense, I
said:  "This interview's over.  I'm leaving."  As simply as that,
and as quickly, I got up and left.  I wish I could say that I did
not look back, but I did glance over my shoulder as I left.

"We'll be in touch," said Wayne.

"Yeah, sure," I said.


VII.  Thirty Pieces of Silver

I informed Dale of the ominous turn in the investigation, and
told him that the cops were now looking for him.  From a sort of fatalistic
curiosity, we logged into Shamir's account to watch the activities
of the computer security guys, and to confer with some of their
associates to find out what their motivations might be.  We had
decided that the possibility of a wiretap was slim, and that if
there were a wiretap, we were doomed anyway, so what the hell?

There is no conclusive evidence that there was a wiretap, but
the police would not have needed a warrant to tap university
phones, as they are on a private branch exchange, which does
not qualify for legal protection.  In addition, one bit of
circumstantial evidence strikes me as indicative of the possibility
of a wiretap, that being that when Dale called Shamir to explain
the situation, and left a message in his voice mail box, the
message directly following Dale's was from Wayne.

We frequented the library, researching every book dealing with the subject of
computer crime, reading the Pennsylvania State Criminal Code, photocopying and
transcribing important texts, and compiling a disk of information relevant to
the case, including any information that someone "on the outside" would need
to know if we were jailed.

I badly sprained my ankle in this period, but walked on it for three
miles, and it was not until later in the night that I even realized
there was anything wrong with it, so preoccupied was I by the bizarre
situation in which I was embroiled.  In addition, an ice storm developed,
leaving a thin layer of ice over sidewalks, roads and the skeletal
trees and bushes.  I must have seemed a ridiculous figure hobbling
across the ice on a cane, looking over my shoulder every few seconds;
and attempting to appear casual whenever a police car passed.

It seemed that wherever I went, there was a police car which slowed
to my pace, and it always seemed that people were watching me.  I
tried to convince myself that this was paranoia, that not everyone
could be following me, but the feeling continued to intensify, and
I realized that I had adopted the mentality of the cops,
that we were, essentially, part of the same societal process; symbiotic
and necessary to each other's existence.  The term 'paranoia' had no
meaning when applied to this situation; as there were, indeed, people
out to get me; people who were equally convinced that I was out to
get them.

I resolved to accept the situation, and abide by its unspoken rules.
As vast as the texts are which support the law, there is another
entity, The Law, which is infinite and can not be explained in
any number of words, codes or legislation.

Dale and I painstakingly weighed our options.

Finally, Dale decided that he was going to contact the police, and
called a friend of his in the police department to ask for assistance
in doing so, Stan Marks [*], who was also an electronic musician.
On occasion, Stan would visit us in the Lab, turning off his walkie-
talkie to avoid the irritation of the numerous trivial assignments
which comprise the day-to-day life of the university cop.
After conferring with Stan, he decided simply to call Wayne and
Jeff on the phone to arrange an interview.

I felt like shit.  The repercussions of my actions were spreading
like ripples on a pond, and were to disrupt the lives of several of
my dearest friends.  At the same time, I was enraged.  How
dare they do this?  What had I done that warranted this torturous
and ridiculous investigation?  Wasn't this investigation enough of
a punishment just in and of itself?

I wondered how many more innocent people would have to be fucked
over before the police would be satisfied, and wondered how many
innocent people, every day, are similarly fucked over in other
investigations.  How many would it take to satisfy the cops?
The answer is, simply, every living person.

If you believe that your past, however lily-white, would withstand
the scrutiny of an investigation of several months' duration, with
every document and communication subjected to minute investigation,
you are deluding yourself.  To the law-enforcement mentality, there
are no innocent people.  There are only undiscovered criminals.

Only if we are all jailed, cops and criminals alike, will the machinery lie
dormant, to rust its way to gentle oblivion; and only then will the ruins be
left undisturbed for the puzzlement of future archaeologists.

With these thoughts, I waited as Dale went to the police station,
with the realization that I was a traitor by inaction, by having
allowed this to happen.

I was guilty, but this guilt was not a matter of law.  My innocent
actions were those which were to be tried.

If you are ever busted, you will witness this curious inversion of
morality, as if by entering the world of cops you have walked
through a one-way mirror, in which your good actions are suddenly
and arbitrarily punished, and the evil you have done is rewarded.


VIII.  Third and Fourth Interrogations

I waited anxiously for Dale to return from his meeting.  He had
brought with him a professional tape recorder, in order to tape
the interview.  The cops were rather upset by this turn
of events, but had no choice but to allow him to tape.  While they
attempted to get their tape recorder to work, he offered to loan
them a pair of batteries, as theirs were dead.

The interrogation followed roughly the same twists and turns as
mine had, with more of an emphasis on the subject of "lab supplies."
Question followed question, and Dale insisted that his actions were innocent.

"Hell, if we'd have had a couple of nice women, none of this
would even have happened," he said.

When asked about the Huang account that Ron Gere had created for
him, he explained that Huang was a nom-de-plume, and certainly not
an alias for disguising crime.

The police persisted, and returned to the subject of "lab supplies",
and finally declared that they knew Dale and I were dealing in some
sort of contraband, but that they would be prepared to offer leniency
if he would give them names.  Dale was adamant in his refusal.

Finally, they said that they wanted him to make a drug buy for
them.

"Well, you'll have to introduce me to someone, because I sure
don't know anyone who does that kind of stuff."

Eventually, they set an appointment with him to speak with Ron
Schreffler, the university cop in charge of undercover narcotics
investigations.

He called to reschedule the appointment a few days later, and then,
eventually, cancelled it entirely, saying:  "I have nothing to talk
to him about."

Finally, they ceased following this tack, realizing that even in
Pennsylvania pursuing an entirely fruitless avenue of investigation
is seen very dimly by their superiors.  The topic of "lab supplies"
was never mentioned again, and certainly not in the arrest warrant
affidavit, as we were obviously innocent of any wrongdoing in that
area.

Warning Dale not to leave the area, they terminated the interview.

Shortly thereafter, there was a fourth and final interview, with
Dale and I present.  We discussed nothing of any significance, and
it was almost informal, as if we and the cops were cronies of some sort.
Only Jeffery Jones was excluded from this circle, as he was limited
largely to monosyllabic grunts and wild, paranoid accusations.  We
discovered that Wayne Weaver was a twenty-three year veteran, and
it struck me that if I had met him in other circumstances I could
have found him quite likable.  He was, if nothing else, a professional,
and acted in a professional manner even when he was beyond his
depth in the sea of information which Dale and I navigated with
ease.

I felt almost sympathetic toward him, and wondered how it was for
him to be involved in a case so complex and bizarre.  I still failed
to realize why he was acting toward us as he was, and realized that
he, similarly, had no idea what to make of us, who must have seemed
to him like remorseless, arrogant criminals.  Unlike my prejudiced
views of what a police officer should be, Wayne was a competent,
intelligent man doing the best he could in a situation beyond his
range of experience, and tried to behave in a conscientious manner.

I feel that Wayne was a good man, but that the very system
he upheld gave him no choice but to do evil, without realizing it.
I am frustrated still by the fact that no matter how much we could
discuss the situation, we could never understand each other in
fullness, because our world-views were so fundamentally different.
Unlike so many of the incompetent losers and petty sadists who
find police work a convenient alternative to criminality, Wayne
was that rarity, a good cop.

Still, without an understanding of the computer subculture, he could not but
see anything we might say to explain it to him as anything other than alien
and criminal, just as a prejudiced American finds a description of the customs
of some South Sea tribe shocking and bizarre.  Until we realize what
underlying assumptions we share with the rest of society, we shall be
divided, subculture from culture, criminals from police.

The ultimate goal of the computer underground is to create the circumstances
which will underlie its own dissolution, to enable the total and free
dissemination of all information, and thus to destroy itself by becoming
mainstream.  When everyone thinks nothing of doing in daylight what we are
forced to do under cover of darkness, then we shall have succeeded.

Until then, we can expect the Operation Sun-Devils to continue,
and the witch-hunts to extend to every corner of cyberspace.  The
public at large still holds an ignorant dread of computers, having
experienced oppression by those who use computers as a tool of
secrecy and intrusion, having been told that they are being audited
by the IRS because of "some discrepancies in the computer," that
their paycheck has been delayed because "the computer's down,"
that they can't receive their deceased spouse's life-insurance benefits
because "there's nothing about it in the computer."  The computer
has become both omnipresent and omnipotent in the eyes of many,
is blamed by incompetent people for their own failure, is used
to justify appalling rip-offs by banks and other major social
institutions, and in addition is not understood at all by the
majority of the population, especially those over thirty, those
who comprise both the law-enforcement mentality and aging hippies,
both deeply distrustful of anything new.

It is thus that such a paradox would exist as a hacker, and if
we are to be successful, we must be very careful to understand
the difference between secrecy and privacy.  We must understand
the difference between freedom of information and freedom from
intrusion.  We must understand the difference between invading
the inner sanctum of oppression and voyeurism, and realize that
even in our finest hours we too are fallible, and that in
negotiating these finely-hued gray areas, we are liable to
lose our path and take a fall.

In this struggle, we can not allow a justifiable anger to become
hatred.  We can not allow skepticism to become nihilism.  We can
not allow ourselves to harm innocents.  In adopting the
intrusive tactics of the oppressors, we must not allow ourselves
to perform the same actions that we detest in others.

Perhaps most importantly, we must use computers as tools to serve
humanity, and not allow humans to serve computers.  For the
non-living to serve the purposes of the living is a good and
necessary thing, but for the living to serve the purposes of
the non-living is an abomination.



 
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.