Страницы: - 1
dly *none of my
business.* To have gotten this knowledge at all was
a sordid act and to use it would be to inflict a sordid
To do all these awful things would require
exactly zero high-tech expertise. All it would take
was the willingness to do it and a certain amount of
I went back downstairs. The hard-working FCIC,
who had labored forty-five minutes over their
schedule, were through for the day, and adjourned
to the hotel bar. We all had a beer.
I had a chat with a guy about "Isis," or rather
IACIS, the International Association of Computer
Investigation Specialists. They're into "computer
forensics," the techniques of picking computer-
systems apart without destroying vital evidence.
IACIS, currently run out of Oregon, is comprised of
investigators in the U.S., Canada, Taiwan and
Ireland. "Taiwan and Ireland?" I said. Are *Taiwan*
and *Ireland* really in the forefront of this stuff?
Well not exactly, my informant admitted. They just
happen to have been the first ones to have caught
on by word of mouth. Still, the international angle
counts, because this is obviously an international
problem. Phone-lines go everywhere.
There was a Mountie here from the ъoyal
Canadian Mounted Police. He seemed to be having
quite a good time. Nobody had flung this Canadian
out because he might pose a foreign security risk.
These are cyberspace cops. They still worry a lot
about "jurisdictions," but mere geography is the
least of their troubles.
NASA had failed to show. NASA suffers a lot
from computer intrusions, in particular from
Australian raiders and a well-trumpeted Chaos
Computer Club case, and in 1990 there was a brief
press flurry when it was revealed that one of NASA's
Houston branch-exchanges had been systematically
ripped off by a gang of phone-phreaks. But the
NASA guys had had their funding cut. They were
Air Force OSI, its Office of Special
Investigations, is the *only* federal entity dedicated
full-time to computer security. They'd been
expected to show up in force, but some of them had
cancelled -- a Pentagon budget pinch.
As the empties piled up, the guys began joshing
around and telling war-stories. "These are cops,"
Thackeray said tolerantly. "If they're not talking
shop they talk about women and beer."
I heard the story about the guy who, asked for "a
copy" of a computer disk, *photocopied the label on
it.* He put the floppy disk onto the glass plate of a
photocopier. The blast of static when the copier
worked completely erased all the real information
on the disk.
Some other poor souls threw a whole bag of
confiscated diskettes into the squad-car trunk next
to the police radio. The powerful radio signal
blasted them, too.
We heard a bit about Dave Geneson, the first
computer prosecutor, a mainframe-runner in Dade
County, turned lawyer. Dave Geneson was one guy
who had hit the ground running, a signal virtue in
making the transition to computer-crime. It was
generally agreed that it was easier to learn the world
of computers first, then police or prosecutorial work.
You could take certain computer people and train
'em to successful police work -- but of course they
had to have the *cop mentality.* They had to have
street smarts. Patience. Persistence. And
discretion. You've got to make sure they're not hot-
shots, show-offs, "cowboys."
Most of the folks in the bar had backgrounds in
military intelligence, or drugs, or homicide. It was
rudely opined that "military intelligence" was a
contradiction in terms, while even the grisly world of
homicide was considered cleaner than drug
enforcement. One guy had been 'way undercover
doing dope-work in Europe for four years straight.
"I'm almost recovered now," he said deadpan, with
the acid black humor that is pure cop. "Hey, now I
can say *fucker* without putting *mother* in front
"In the cop world," another guy said earnestly,
"everything is good and bad, black and white. In the
computer world everything is gray."
One guy -- a founder of the FCIC, who'd been
with the group since it was just the Colluquy --
described his own introduction to the field. He'd
been a Washington DC homicide guy called in on a
"hacker" case. From the word "hacker," he naturally
assumed he was on the trail of a knife-wielding
marauder, and went to the computer center
expecting blood and a body. When he finally
figured out what was happening there (after loudly
demanding, in vain, that the programmers "speak
English"), he called headquarters and told them he
was clueless about computers. They told him
nobody else knew diddly either, and to get the hell
back to work.
So, he said, he had proceeded by comparisons.
By analogy. By metaphor. "Somebody broke in to
your computer, huh?" Breaking and entering; I can
understand that. How'd he get in? "Over the phone-
lines." Harassing phone-calls, I can understand
that! What we need here is a tap and a trace!
It worked. It was better than nothing. And it
worked a lot faster when he got hold of another cop
who'd done something similar. And then the two of
them got another, and another, and pretty soon the
Colluquy was a happening thing. It helped a lot that
everybody seemed to know Carlton Fitzpatrick, the
data-processing trainer in Glynco.
The ice broke big-time in Memphis in '86. The
Colluquy had attracted a bunch of new guys -- Secret
Service, FBI, military, other feds, heavy guys.
Nobody wanted to tell anybody anything. They
suspected that if word got back to the home office
they'd all be fired. They passed an uncomfortably
The formalities got them nowhere. But after the
formal session was over, the organizers brought in a
case of beer. As soon as the participants knocked it
off with the bureaucratic ranks and turf-fighting,
everything changed. "I bared my soul," one veteran
reminisced proudly. By nightfall they were building
pyramids of empty beer-cans and doing everything
but composing a team fight song.
FCIC were not the only computer-crime people
around. There was DATTA (District Attorneys'
Technology Theft Association), though they mostly
specialized in chip theft, intellectual property, and
black-market cases. There was HTCIA (High Tech
Computer Investigators Association), also out in
Silicon Valley, a year older than FCIC and featuring
brilliant people like Donald Ingraham. There was
LEETAC (Law Enforcement Electronic Technology
Assistance Committee) in Florida, and computer-
crime units in Illinois and Maryland and Texas and
Ohio and Colorado and Pennsylvania. But these
were local groups. FCIC were the first to really
network nationally and on a federal level.
FCIC people live on the phone lines. Not on
bulletin board systems -- they know very well what
boards are, and they know that boards aren't secure.
Everyone in the FCIC has a voice-phone bill like you
wouldn't believe. FCIC people have been tight with
the telco people for a long time. Telephone
cyberspace is their native habitat.
FCIC has three basic sub-tribes: the trainers,
the security people, and the investigators. That's
why it's called an "Investigations Committee" with
no mention of the term "computer-crime" -- the
dreaded "C-word." FCIC, officially, is "an
association of agencies rather than individuals;"
unofficially, this field is small enough that the
influence of individuals and individual expertise is
paramount. Attendance is by invitation only, and
most everyone in FCIC considers himself a prophet
without honor in his own house.
Again and again I heard this, with different
terms but identical sentiments. "I'd been sitting in
the wilderness talking to myself." "I was totally
isolated." "I was desperate." "FCIC is the best thing
there is about computer crime in America." "FCIC
is what really works." "This is where you hear real
people telling you what's really happening out there,
not just lawyers picking nits." "We taught each
other everything we knew."
The sincerity of these statements convinces me
that this is true. FCIC is the real thing and it is
invaluable. It's also very sharply at odds with the
rest of the traditions and power structure in
American law enforcement. There probably hasn't
been anything around as loose and go-getting as the
FCIC since the start of the U.S. Secret Service in the
1860s. FCIC people are living like twenty-first-
century people in a twentieth-century environment,
and while there's a great deal to be said for that,
there's also a great deal to be said against it, and
those against it happen to control the budgets.
I listened to two FCIC guys from Jersey compare
life histories. One of them had been a biker in a
fairly heavy-duty gang in the 1960s. "Oh, did you
know so-and-so?" said the other guy from Jersey.
"Big guy, heavyset?"
"Yeah, I knew him."
"Yeah, he was one of ours. He was our plant in
"ъeally? Wow! Yeah, I knew him. Helluva guy."
Thackeray reminisced at length about being
tear-gassed blind in the November 1969 antiwar
protests in Washington Circle, covering them for
her college paper. "Oh yeah, I was there," said
another cop. "Glad to hear that tear gas hit
somethin'. Haw haw haw." He'd been so blind
himself, he confessed, that later that day he'd
arrested a small tree.
FCIC are an odd group, sifted out by
coincidence and necessity, and turned into a new
kind of cop. There are a lot of specialized cops in
the world -- your bunco guys, your drug guys, your
tax guys, but the only group that matches FCIC for
sheer isolation are probably the child-pornography
people. Because they both deal with conspirators
who are desperate to exchange forbidden data and
also desperate to hide; and because nobody else in
law enforcement even wants to hear about it.
FCIC people tend to change jobs a lot. They
tend not to get the equipment and training they
want and need. And they tend to get sued quite
As the night wore on and a band set up in the
bar, the talk grew darker. Nothing ever gets done in
government, someone opined, until there's a
*disaster.* Computing disasters are awful, but
there's no denying that they greatly help the
credibility of FCIC people. The Internet Worm, for
instance. "For years we'd been warning about that --
but it's nothing compared to what's coming." They
expect horrors, these people. They know that
nothing will really get done until there is a horror.
Next day we heard an extensive briefing from a
guy who'd been a computer cop, gotten into hot
water with an Arizona city council, and now installed
computer networks for a living (at a considerable
rise in pay). He talked about pulling fiber-optic
Even a single computer, with enough
peripherals, is a literal "network" -- a bunch of
machines all cabled together, generally with a
complexity that puts stereo units to shame. FCIC
people invent and publicize methods of seizing
computers and maintaining their evidence. Simple
things, sometimes, but vital rules of thumb for street
cops, who nowadays often stumble across a busy
computer in the midst of a drug investigation or a
white-collar bust. For instance: Photograph the
system before you touch it. Label the ends of all the
cables before you detach anything. "Park" the heads
on the disk drives before you move them. Get the
diskettes. Don't put the diskettes in magnetic fields.
Don't write on diskettes with ballpoint pens. Get the
manuals. Get the printouts. Get the handwritten
notes. Copy data before you look at it, and then
examine the copy instead of the original.
Now our lecturer distributed copied diagrams of
a typical LAN or "Local Area Network", which
happened to be out of Connecticut. *One hundred
and fifty-nine* desktop computers, each with its own
peripherals. Three "file servers." Five "star
couplers" each with thirty-two ports. One sixteen-
port coupler off in the corner office. All these
machines talking to each other, distributing
electronic mail, distributing software, distributing,
quite possibly, criminal evidence. All linked by high-
capacity fiber-optic cable. A bad guy -- cops talk a
lot about "bad guys" -- might be lurking on PC #47
or #123 and distributing his ill doings onto some
dupe's "personal" machine in another office -- or
another floor -- or, quite possibly, two or three miles
away! Or, conceivably, the evidence might be
"data-striped" -- split up into meaningless slivers
stored, one by one, on a whole crowd of different disk
The lecturer challenged us for solutions. I for
one was utterly clueless. As far as I could figure, the
Cossacks were at the gate; there were probably more
disks in this single building than were seized during
the entirety of Operation Sundevil.
"Inside informant," somebody said. ъight.
There's always the human angle, something easy to
forget when contemplating the arcane recesses of
high technology. Cops are skilled at getting people
to talk, and computer people, given a chair and
some sustained attention, will talk about their
computers till their throats go raw. There's a case on
record of a single question -- "How'd you do it?" --
eliciting a forty-five-minute videotaped confession
from a computer criminal who not only completely
incriminated himself but drew helpful diagrams.
Computer people talk. Hackers *brag.* Phone-
phreaks talk *pathologically* -- why else are they
stealing phone-codes, if not to natter for ten hours
straight to their friends on an opposite seaboard?
Computer-literate people do in fact possess an
arsenal of nifty gadgets and techniques that would
allow them to conceal all kinds of exotic
skullduggery, and if they could only *shut up* about
it, they could probably get away with all manner of
amazing information-crimes. But that's just not how
it works -- or at least, that's not how it's worked *so
Most every phone-phreak ever busted has
swiftly implicated his mentors, his disciples, and his
friends. Most every white-collar computer-criminal,
smugly convinced that his clever scheme is
bulletproof, swiftly learns otherwise when, for the
first time in his life, an actual no-kidding policeman
leans over, grabs the front of his shirt, looks him
right in the eye and says: "All right, *asshole* -- you
and me are going downtown!" All the hardware in
the world will not insulate your nerves from these
actual real-life sensations of terror and guilt.
Cops know ways to get from point A to point Z
without thumbing through every letter in some
smart-ass bad-guy's alphabet. Cops know how to
cut to the chase. Cops know a lot of things other
people don't know.
Hackers know a lot of things other people don't
know, too. Hackers know, for instance, how to sneak
into your computer through the phone-lines. But
cops can show up *right on your doorstep* and
carry off *you* and your computer in separate steel
boxes. A cop interested in hackers can grab them
and grill them. A hacker interested in cops has to
depend on hearsay, underground legends, and what
cops are willing to publicly reveal. And the Secret
Service didn't get named "the *Secret* Service"
because they blab a lot.
Some people, our lecturer informed us, were
under the mistaken impression that it was
"impossible" to tap a fiber-optic line. Well, he
announced, he and his son had just whipped up a
fiber-optic tap in his workshop at home. He passed
it around the audience, along with a circuit-covered
LAN plug-in card so we'd all recognize one if we saw
it on a case. We all had a look.
The tap was a classic "Goofy Prototype" -- a
thumb-length rounded metal cylinder with a pair of
plastic brackets on it. From one end dangled three
thin black cables, each of which ended in a tiny
black plastic cap. When you plucked the safety-cap
off the end of a cable, you could see the glass fiber -
- no thicker than a pinhole.
Our lecturer informed us that the metal
cylinder was a "wavelength division multiplexer."
Apparently, what one did was to cut the fiber-optic
cable, insert two of the legs into the cut to complete
the network again, and then read any passing data
on the line by hooking up the third leg to some kind
of monitor. Sounded simple enough. I wondered
why nobody had thought of it before. I also
wondered whether this guy's son back at the
workshop had any teenage friends.
We had a break. The guy sitting next to me was
wearing a giveaway baseball cap advertising the Uzi
submachine gun. We had a desultory chat about
the merits of Uzis. Long a favorite of the Secret
Service, it seems Uzis went out of fashion with the
advent of the Persian Gulf War, our Arab allies
taking some offense at Americans toting Israeli
weapons. Besides, I was informed by another
expert, Uzis jam. The equivalent weapon of choice
today is the Heckler & Koch, manufactured in
The guy with the Uzi cap was a forensic
photographer. He also did a lot of photographic
surveillance work in computer crime cases. He
used to, that is, until the firings in Phoenix. He was
now a private investigator and, with his wife, ran a
photography salon specializing in weddings and
portrait photos. At -- one must repeat -- a
considerable rise in income.
He was still FCIC. If you were FCIC, and you
needed to talk to an expert about forensic
photography, well, there he was, willing and able. If
he hadn't shown up, people would have missed him.
Our lecturer had raised the point that
preliminary investigation of a computer system is
vital before any seizure is undertaken. It's vital to
understand how many machines are in there, what
kinds there are, what kind of operating system they
use, how many people use them, where the actual
data itself is stored. To simply barge into an office
demanding "all the computers" is a recipe for swift
This entails some discreet inquiries beforehand.
In fact, what it entails is basically undercover work.
An intelligence operation. *Spying,* not to put too
fine a point on it.
In a chat after the lecture, I asked an attendee
whether "trashing" might work.
I received a swift briefing on the theory and
practice of "trash covers." Police "trash covers," like
"mail covers" or like wiretaps, require the agreement
of a judge. This obtained, the "trashing" work of cops
is just like that of hackers, only more so and much
better organized. So much so, I was informed, that
mobsters in Phoenix make extensive use of locked
garbage cans picked up by a specialty high-security
In one case, a tiger team of Arizona cops had
trashed a local residence for four months. Every
week they showed up on the municipal garbage
truck, disguised as garbagemen, and carried the
contents of the suspect cans off to a shade tree,
where they combed through the garbage -- a messy
task, especially considering that one of the
occupants was undergoing kidney dialysis. All
useful documents were cleaned, dried and
examined. A discarded typewriter-ribbon was an
especially valuable source of data, as its long one-
strike ribbon of film contained the contents of every
letter mailed out of the house. The letters were
neatly retyped by a police s