ime it would be a big hassle for Michigan Bell just
to bring up the case.  But if kept on the payroll, he might
at
least keep his fellow hackers at bay.

     There were uses for him.  For instance, a contrite
Control-C was featured on Michigan Bell internal posters,
sternly warning employees to shred their trash.   He'd
always gotten most of his best inside info from "trashing" -
-
raiding telco dumpsters, for useful data indiscreetly
thrown away.   He signed these posters, too.  Control-C had
become something like a Michigan Bell mascot.  And in
fact, Control-C *did* keep other hackers at bay.  Little
hackers were quite scared of Control-C and his heavy-duty
Legion of Doom friends.   And big hackers *were* his
friends and didn't want to screw up his cushy situation.

     No matter what one might say of LoD, they did stick
together.   When "Wasp," an apparently genuinely
malicious New York hacker, began crashing Bellcore
machines,  Control-C received swift volunteer help from
"the Mentor" and the Georgia LoD wing  made up of "The
Prophet," "Urvile," and "Leftist."   Using Mentor's Phoenix
Project board to coordinate, the Doomsters helped telco
security to trap Wasp, by luring him into a machine with a
tap and line-trace installed.  Wasp lost.  LoD won!  And
my, did they brag.

       Urvile, Prophet and Leftist were well-qualified for
this activity, probably more so even than the quite
accomplished Control-C.  The Georgia boys knew all about
phone switching-stations.  Though relative johnny-come-
latelies in the Legion of Doom, they were considered some
of LoD's heaviest guys, into the hairiest systems around.
They had the good fortune to live in or near Atlanta, home
of the sleepy and apparently tolerant BellSouth ъBOC.

     As ъBOC security went, BellSouth were "cake."   US
West (of Arizona, the ъockies and the Pacific Northwest)
were tough and aggressive, probably the heaviest ъBOC
around.  Pacific Bell, California's PacBell, were sleek,
high-
tech, and longtime veterans of the LA phone-phreak wars.
NYNEX had the misfortune to run the New York City area,
and were warily prepared for most anything.   Even
Michigan Bell, a division of the Ameritech ъBOC, at least
had the elementary sense to hire their own hacker as a
useful scarecrow.  But BellSouth, even though their
corporate P.ъ.  proclaimed them to have "Everything You
Expect From a Leader," were pathetic.

     When rumor about LoD's mastery of Georgia's
switching network got around to BellSouth through
Bellcore and telco security scuttlebutt, they at first
refused
to believe it.   If you paid serious attention to every
rumor
out and about these hacker kids, you would hear all kinds
of wacko saucer-nut nonsense:  that the National Security
Agency monitored all American phone calls, that the CIA
and DEA tracked traffic on bulletin-boards with word-
analysis programs, that the Condor could start World
War III from a payphone.

     If there were hackers into BellSouth switching-
stations, then how come nothing had happened?  Nothing
had been hurt.  BellSouth's machines weren't crashing.
BellSouth wasn't suffering especially badly from fraud.
BellSouth's customers weren't complaining.  BellSouth
was headquartered in Atlanta, ambitious metropolis of the
new high-tech Sunbelt; and BellSouth was upgrading its
network by leaps and bounds, digitizing the works left right
and center.   They could hardly be considered sluggish or
naive.  BellSouth's technical expertise was second to none,
thank you kindly.

     But then came the Florida business.

     On June 13, 1989, callers to the Palm Beach County
Probation Department, in Delray Beach, Florida,  found
themselves involved in a remarkable discussion with a
phone-sex worker named "Tina" in New York State.
Somehow, *any* call to this probation office near Miami
was instantly and magically transported across state lines,
at no extra charge to the user, to a pornographic phone-
sex hotline hundreds of miles away!

     This practical joke may seem utterly hilarious at first
hearing, and indeed there was a good deal of chuckling
about it in phone phreak circles, including the Autumn
1989 issue of *2600.*  But for Southern Bell  (the division
of
the BellSouth ъBOC supplying local service for Florida,
Georgia, North Carolina and South Carolina),  this was a
smoking gun.  For the first time ever,  a computer intruder
had broken into a BellSouth central office switching
station and re-programmed it!

     Or so BellSouth thought in June 1989.  Actually, LoD
members had been frolicking harmlessly in BellSouth
switches since September 1987.  The stunt of June 13 --
call-forwarding a number through manipulation of a
switching station -- was child's play for hackers as
accomplished as the Georgia wing of LoD.  Switching calls
interstate sounded like a big deal, but it took only four
lines of code to accomplish this.    An easy, yet more
discreet, stunt, would be to call-forward another number to
your own house.  If you were careful and considerate, and
changed the software back later, then not a soul would
know.  Except you.  And whoever you had bragged to about
it.

     As for BellSouth, what they didn't know wouldn't hurt
them.

     Except now somebody had blown the whole thing
wide open, and BellSouth knew.

     A now alerted and considerably paranoid BellSouth
began searching switches right and left for signs of
impropriety, in that hot summer of 1989.  No fewer than
forty-two BellSouth employees were put on 12-hour shifts,
twenty-four hours a day, for two solid months, poring over
records and monitoring computers for any sign of phony
access.  These forty-two overworked experts were known as
BellSouth's  "Intrusion Task Force."

       What the investigators found astounded them.
Proprietary telco databases had been manipulated:
phone numbers had been created out of thin air, with no
users' names and no addresses.  And perhaps worst of all,
no charges and no records of use.   The new digital
ъeMOB  (ъemote Observation)  diagnostic feature had
been extensively tampered with -- hackers had learned to
reprogram ъeMOB software, so that they could listen in
on any switch-routed call at their leisure!   They were
using
telco property to *spy!*

      The electrifying news went out throughout law
enforcement in 1989.  It had never really occurred to
anyone at BellSouth that their prized and brand-new
digital switching-stations could be *re-programmed.*
People seemed utterly amazed that anyone could have
the nerve.   Of course these switching stations were
"computers," and everybody knew hackers liked to "break
into computers:"   but telephone people's computers were
*different* from normal people's computers.

      The exact reason *why* these computers were
"different" was rather ill-defined.  It certainly wasn't the
extent of their security.  The security on these BellSouth
computers was lousy;  the AIMSX computers, for instance,
didn't even have passwords.   But there was no question
that BellSouth strongly *felt* that their computers were
very different indeed.  And if there were some criminals
out there who had not gotten that message, BellSouth was
determined to see that message taught.

     After all, a 5ESS switching station was no mere
bookkeeping system for some local chain of florists.
Public service depended on these stations.   Public
*safety* depended on these stations.

     And hackers, lurking in there call-forwarding or
ъeMobbing,  could spy on anybody in the local area!
They could spy on telco officials!  They could spy on police
stations!  They could spy on local offices of the Secret
Service....

     In 1989, electronic cops and hacker-trackers began
using scrambler-phones and secured lines.  It only made
sense.  There was no telling who was into those systems.
Whoever they were, they sounded scary.   This was some
new level of antisocial daring.  Could be West German
hackers, in the pay of the KGB.   That too had seemed a
weird and farfetched notion, until Clifford Stoll had poked
and prodded a sluggish Washington law-enforcement
bureaucracy into investigating a computer intrusion that
turned out to be exactly that -- *hackers, in the pay of the
KGB!*    Stoll, the  systems manager for an Internet lab in
Berkeley California, had ended up on the front page of the
*New York  Times,*  proclaimed a national  hero in the
first true story of international computer espionage.
Stoll's counterspy efforts, which he related in a
bestselling
book, *The Cuckoo's Egg,*  in 1989, had established the
credibility of 'hacking' as a possible threat to national
security.  The United States Secret Service doesn't mess
around when it suspects a possible action by a foreign
intelligence apparat.

     The Secret Service scrambler-phones and secured
lines put a tremendous kink in law enforcement's ability to
operate freely; to get the word out, cooperate, prevent
misunderstandings.   Nevertheless, 1989 scarcely seemed
the time for half-measures.  If the police and Secret
Service themselves were not operationally secure, then
how could they reasonably demand measures of security
from private enterprise?  At least, the inconvenience
made people aware of the seriousness  of the threat.

     If there was a final spur needed to get the police off
the dime, it came in the realization that the emergency
911 system was vulnerable.   The 911 system has its own
specialized software, but it is run on the same digital
switching systems as the rest of the telephone network.
911 is not physically different from normal telephony.  But
it is certainly culturally  different, because this is the
area
of telephonic cyberspace reserved for the police and
emergency services.

     Your average policeman may not know much about
hackers or phone-phreaks.  Computer people are weird;
even computer *cops*  are rather weird; the stuff they do is
hard to figure out.   But a threat to the 911 system is
anything but an abstract threat.  If the 911 system goes,
people can die.

     Imagine being in a car-wreck, staggering to a phone-
booth, punching 911 and hearing "Tina" pick up the
phone-sex line somewhere in New York!   The situation's
no longer comical, somehow.

      And was it possible?  No question.  Hackers had
attacked 911 systems before.  Phreaks can max-out 911
systems just by siccing a bunch of computer-modems on
them in tandem, dialling them over and over until they
clog.  That's very crude and low-tech, but it's still a
serious
business.

     The time had come for action.  It was time to take
stern measures with the underground.  It was time to start
picking up the dropped threads, the loose edges, the bits
of braggadocio here and there; it was time to get on the
stick and start putting serious casework together.  Hackers
weren't "invisible."  They *thought*  they were invisible;
but the truth was, they had just been tolerated too long.

     Under sustained police attention in the summer of
'89, the digital underground began to unravel as never
before.

     The first big break in the case came very early on:
July 1989, the following month.  The perpetrator of the
"Tina" switch was caught, and confessed.  His name was
"Fry Guy," a 16-year-old in Indiana.  Fry Guy had been a
very wicked young man.

     Fry Guy had earned his handle from a stunt involving
French fries.  Fry Guy had filched the log-in of a local
MacDonald's manager and had logged-on to the
MacDonald's mainframe on the Sprint Telenet system.
Posing as the manager, Fry Guy had altered MacDonald's
records, and given some teenage hamburger-flipping
friends of his, generous raises.  He had not been caught.

     Emboldened by success, Fry Guy moved on to credit-
card abuse.  Fry Guy was quite an accomplished talker;
with a gift for "social engineering."   If you can do
"social
engineering"  -- fast-talk, fake-outs, impersonation,
conning, scamming -- then card abuse comes easy.
(Getting away with it in the long run is another question).

     Fry Guy had run across "Urvile" of the Legion of
Doom on the ALTOS Chat board in Bonn, Germany.
ALTOS Chat was a sophisticated board, accessible
through globe-spanning computer networks like BITnet,
Tymnet, and Telenet.    ALTOS was much frequented by
members of Germany's  Chaos Computer Club.  Two
Chaos hackers who hung out on ALTOS, "Jaeger" and
"Pengo," had been the central villains of Clifford Stoll's
CUCKOO'S EGG case:  consorting in East Berlin with a
spymaster from the KGB, and breaking into American
computers for hire, through the Internet.

     When LoD members learned the story of Jaeger's
depredations from Stoll's book, they were rather less than
impressed, technically speaking.  On LoD's own favorite
board of the moment, "Black Ice," LoD members bragged
that they themselves could have done all the Chaos break-
ins in a week flat!  Nevertheless,  LoD were grudgingly
impressed by the Chaos rep, the sheer hairy-eyed daring
of hash-smoking anarchist hackers who had rubbed
shoulders with the fearsome big-boys of international
Communist espionage.  LoD members sometimes traded
bits of knowledge with friendly German hackers on ALTOS
-- phone numbers for vulnerable VAX/VMS computers in
Georgia, for instance.  Dutch and British phone phreaks,
and the Australian clique of "Phoenix," "Nom," and
"Electron," were ALTOS regulars, too.  In underground
circles, to hang out on ALTOS was considered the sign of
an elite dude, a sophisticated hacker of the international
digital jet-set.

     Fry Guy quickly learned how to raid information from
credit-card consumer-reporting agencies.  He had over a
hundred stolen credit-card numbers in his notebooks, and
upwards of a thousand swiped long-distance access codes.
He knew how to get onto Altos, and how to talk the talk of
the underground convincingly.  He now wheedled
knowledge of switching-station tricks from Urvile on the
ALTOS system.

     Combining these two forms of knowledge enabled
Fry Guy to bootstrap his way up to a new form of wire-
fraud.  First, he'd snitched credit card numbers from
credit-company computers.  The data he copied included
names, addresses and phone numbers of the random
card-holders.

     Then Fry Guy, impersonating a card-holder, called up
Western Union and asked for a cash advance on "his"
credit card.  Western Union, as a security guarantee,
would call the customer back, at home, to verify the
transaction.

     But, just as he had switched the Florida probation
office to "Tina" in New York,  Fry Guy switched the card-
holder's number to a local pay-phone.  There he would
lurk in wait, muddying his trail by routing and re-routing
the call, through switches as far away as Canada.   When
the call came through, he would boldly "social-engineer,"
or con, the Western Union people, pretending to be the
legitimate card-holder.  Since he'd answered the proper
phone number, the deception was not very hard.
Western Union's money was then shipped to a
confederate of Fry Guy's in his home town in Indiana.

     Fry Guy and his cohort, using LoD techniques, stole
six thousand dollars from Western Union between
December 1988 and July 1989.  They also dabbled in
ordering delivery of stolen goods through card-fraud.  Fry
Guy was intoxicated with success.  The sixteen-year-old
fantasized wildly to hacker rivals, boasting that he'd used
rip-off money to hire  himself a big limousine, and had
driven out-of-state with a groupie from his favorite heavy-
metal band, Motley Crue.

     Armed with knowledge, power, and a gratifying
stream of free money, Fry Guy now took it upon himself to
call local representatives of Indiana Bell security, to
brag,
boast, strut, and utter tormenting warnings that his
powerful friends in the notorious Legion of Doom could
crash the national telephone network.  Fry Guy even
named a date for the scheme:  the Fourth of July, a
national holiday.

     This egregious example of the begging-for-arrest
syndrome was shortly followed by Fry Guy's arrest.  After
the Indiana telephone company figured out who he was,
the Secret Service had DNъs -- Dialed Number
ъecorders -- installed on his home phone lines.  These
devices are not taps, and can't record the substance of
phone calls, but they do record the phone numbers of all
calls going in and out.   Tracing these numbers showed Fry
Guy's long-distance code fraud, his extensive ties to pirate
bulletin boards, and numerous personal calls to his LoD
friends in Atlanta.   By July 11, 1989, Prophet, Urvile and
Leftist also had Secret Service DNъ "pen registers"
installed on their own lines.

     The Secret Service showed up in force at Fry Guy's
house on July 22, 1989, to the horror of his unsuspecting
parents.  The raiders were led by a special agent from the
Secret Service's Indianapolis office.   However, the raiders
were accompanied and advised by Timothy M. Foley of
the Secret Service's Chicago office (a gentleman about
whom we will soon be hearing a great deal).

     Following federal computer-crime techniques that
had been standard since the early 1980s, the Secret
Service searched the house thoroughly, and seized all of
Fry Guy's electronic equipment and notebooks.   All Fry
Guy's equipment went out the door in the custody of the
Secret Service, which put a swift end to his depredations.

     The USSS interrogated Fry Guy at length.  His case
was put in the charge of Deborah Daniels, the federal US
Attorney for the Southern District of Indiana.  Fry Guy was
charged with eleven counts of computer fraud,
unauthorized computer access, and wire fraud.   The
evidence was thorough and irrefutable.  For his part, Fry
Guy blamed his corruption on the Legion of Doom and
offered to testify against them.

     Fry Guy insisted that the Legion intended to crash
the phone system on a national holiday.   And when AT&T
crashed on Martin Luther King Day, 1990, this lent a
credence to his claim that genuinely alarmed telco
security and the Secret Service.

     Fry Guy eventually pled guilty on May 31, 1990.  On
September 14, he was sentenced to forty-four months'
probation and  four hundred hours' community service.
He could have had it much worse; but it made sense to
prosecutors to take it easy on this teenage minor, while
zeroing in on the notorious kingpins of the Legion of
Doom.

     But the case against LoD had nagging flaws.
Despite the best effort of investigators, it was impossible
to prove that the Legion had crashed the phone system on
January 15, because they, in fact, hadn't done so.  The
investigations of 1989 did show that certain members of
the Legion of Doom had achieved unprecedented power
over the telco switching stations, and that they were in
active conspiracy to obtain more power yet.  Investigators
were privately convinced that the Legion of Doom
intended to do awful things with this knowledge, but mere
evil intent was not enough to put them in jail.

        And although the Atlanta Three -- Prophet, Leftist,
and especially Urvile -- had taught Fry Guy plenty, they
were not themselves credit-card fraudsters.  The only
thing they'd "stolen" was long-distance service -- and since
they'd done much of that through phone-switch
manipulation, there was no easy way to judge how much
they'd "stolen," or whether this practice was even "theft"
of
any easily recognizable kind.

       Fry Guy's theft of long-distance codes had cost the
phone companies plenty.  The theft of long-distance
service may be a fairly theoretical "loss,"  but it costs
genuine money and genuine time to delete al