Страницы: - 1
ecretary equipped with a
large desk-mounted magnifying glass.
There is something weirdly disquieting about
the whole subject of "trashing" -- an unsuspected
and indeed rather disgusting mode of deep personal
vulnerability. Things that we pass by every day, that
we take utterly for granted, can be exploited with so
little work. Once discovered, the knowledge of these
vulnerabilities tend to spread.
Take the lowly subject of *manhole covers.* The
humble manhole cover reproduces many of the
dilemmas of computer-security in miniature.
Manhole covers are, of course, technological
artifacts, access-points to our buried urban
infrastructure. To the vast majority of us, manhole
covers are invisible. They are also vulnerable. For
many years now, the Secret Service has made a
point of caulking manhole covers along all routes of
the Presidential motorcade. This is, of course, to
deter terrorists from leaping out of underground
ambush or, more likely, planting remote-control car-
smashing bombs beneath the street.
Lately, manhole covers have seen more and
more criminal exploitation, especially in New York
City. ъecently, a telco in New York City discovered
that a cable television service had been sneaking
into telco manholes and installing cable service
alongside the phone-lines -- *without paying
royalties.* New York companies have also suffered
a general plague of (a) underground copper cable
theft; (b) dumping of garbage, including toxic waste,
and (c) hasty dumping of murder victims.
Industry complaints reached the ears of an
innovative New England industrial-security
company, and the result was a new product known
as "the Intimidator," a thick titanium-steel bolt with
a precisely machined head that requires a special
device to unscrew. All these "keys" have registered
serial numbers kept on file with the manufacturer.
There are now some thousands of these
"Intimidator" bolts being sunk into American
pavements wherever our President passes, like
some macabre parody of strewn roses. They are
also spreading as fast as steel dandelions around US
military bases and many centers of private industry.
Quite likely it has never occurred to you to peer
under a manhole cover, perhaps climb down and
walk around down there with a flashlight, just to see
what it's like. Formally speaking, this might be
trespassing, but if you didn't hurt anything, and
didn't make an absolute habit of it, nobody would
really care. The freedom to sneak under manholes
was likely a freedom you never intended to exercise.
You now are rather less likely to have that
freedom at all. You may never even have missed it
until you read about it here, but if you're in New
York City it's gone, and elsewhere it's likely going.
This is one of the things that crime, and the reaction
to crime, does to us.
The tenor of the meeting now changed as the
Electronic Frontier Foundation arrived. The EFF,
whose personnel and history will be examined in
detail in the next chapter, are a pioneering civil
liberties group who arose in direct response to the
Hacker Crackdown of 1990.
Now Mitchell Kapor, the Foundation's
president, and Michael Godwin, its chief attorney,
were confronting federal law enforcement *mano a
mano* for the first time ever. Ever alert to the
manifold uses of publicity, Mitch Kapor and Mike
Godwin had brought their own journalist in tow:
ъobert Draper, from Austin, whose recent well-
received book about ъOLLING STONE magazine
was still on the stands. Draper was on assignment
for TEXAS MONTHLY.
The Steve Jackson/EFF civil lawsuit against the
Chicago Computer Fraud and Abuse Task Force was
a matter of considerable regional interest in Texas.
There were now two Austinite journalists here on the
case. In fact, counting Godwin (a former Austinite
and former journalist) there were three of us. Lunch
was like Old Home Week.
Later, I took Draper up to my hotel room. We
had a long frank talk about the case, networking
earnestly like a miniature freelance-journo version
of the FCIC: privately confessing the numerous
blunders of journalists covering the story, and trying
hard to figure out who was who and what the hell was
really going on out there. I showed Draper
everything I had dug out of the Hilton trashcan. We
pondered the ethics of "trashing" for a while, and
agreed that they were dismal. We also agreed that
finding a SPъINT bill on your first time out was a
heck of a coincidence.
First I'd "trashed" -- and now, mere hours later,
I'd bragged to someone else. Having entered the
lifestyle of hackerdom, I was now, unsurprisingly,
following its logic. Having discovered something
remarkable through a surreptitious action, I of
course *had* to "brag," and to drag the passing
Draper into my iniquities. I felt I needed a witness.
Otherwise nobody would have believed what I'd
Back at the meeting, Thackeray cordially, if
rather tentatively, introduced Kapor and Godwin to
her colleagues. Papers were distributed. Kapor took
center stage. The brilliant Bostonian high-tech
entrepreneur, normally the hawk in his own
administration and quite an effective public
speaker, seemed visibly nervous, and frankly
admitted as much. He began by saying he
consided computer-intrusion to be morally wrong,
and that the EFF was not a "hacker defense fund,"
despite what had appeared in print. Kapor chatted
a bit about the basic motivations of his group,
emphasizing their good faith and willingness to
listen and seek common ground with law
enforcement -- when, er, possible.
Then, at Godwin's urging, Kapor suddenly
remarked that EFF's own Internet machine had
been "hacked" recently, and that EFF did not
consider this incident amusing.
After this surprising confession, things began to
loosen up quite rapidly. Soon Kapor was fielding
questions, parrying objections, challenging
definitions, and juggling paradigms with something
akin to his usual gusto.
Kapor seemed to score quite an effect with his
shrewd and skeptical analysis of the merits of telco
"Caller-ID" services. (On this topic, FCIC and EFF
have never been at loggerheads, and have no
particular established earthworks to defend.)
Caller-ID has generally been promoted as a privacy
service for consumers, a presentation Kapor
described as a "smokescreen," the real point of
Caller-ID being to *allow corporate customers to
build extensive commercial databases on
everybody who phones or faxes them.* Clearly, few
people in the room had considered this possibility,
except perhaps for two late-arrivals from US WEST
ъBOC security, who chuckled nervously.
Mike Godwin then made an extensive
presentation on "Civil Liberties Implications of
Computer Searches and Seizures." Now, at last, we
were getting to the real nitty-gritty here, real political
horse-trading. The audience listened with close
attention, angry mutters rising occasionally: "He's
trying to teach us our jobs!" "We've been thinking
about this for years! We think about these issues
every day!" "If I didn't seize the works, I'd be sued by
the guy's victims!" "I'm violating the law if I leave
ten thousand disks full of illegal *pirated software*
and *stolen codes!*" "It's our job to make sure
people don't trash the Constitution -- we're the
*defenders* of the Constitution!" "We seize stuff
when we know it will be forfeited anyway as
restitution for the victim!"
"If it's forfeitable, then don't get a search
warrant, get a forfeiture warrant," Godwin suggested
coolly. He further remarked that most suspects in
computer crime don't *want* to see their computers
vanish out the door, headed God knew where, for
who knows how long. They might not mind a search,
even an extensive search, but they want their
machines searched on-site.
"Are they gonna feed us?" somebody asked
"How about if you take copies of the data?"
"That'll never stand up in court."
"Okay, you make copies, give *them* the
copies, and take the originals."
Godwin championed bulletin-board systems as
repositories of First Amendment protected free
speech. He complained that federal computer-
crime training manuals gave boards a bad press,
suggesting that they are hotbeds of crime haunted
by pedophiles and crooks, whereas the vast majority
of the nation's thousands of boards are completely
innocuous, and nowhere near so romantically
People who run boards violently resent it when
their systems are seized, and their dozens (or
hundreds) of users look on in abject horror. Their
rights of free expression are cut short. Their right to
associate with other people is infringed. And their
privacy is violated as their private electronic mail
becomes police property.
Not a soul spoke up to defend the practice of
seizing boards. The issue passed in chastened
silence. Legal principles aside -- (and those
principles cannot be settled without laws passed or
court precedents) -- seizing bulletin boards has
become public-relations poison for American
And anyway, it's not entirely necessary. If you're
a cop, you can get 'most everything you need from a
pirate board, just by using an inside informant.
Plenty of vigilantes -- well, *concerned citizens* --
will inform police the moment they see a pirate
board hit their area (and will tell the police all about
it, in such technical detail, actually, that you kinda
wish they'd shut up). They will happily supply police
with extensive downloads or printouts. It's
*impossible* to keep this fluid electronic
information out of the hands of police.
Some people in the electronic community
become enraged at the prospect of cops
"monitoring" bulletin boards. This does have
touchy aspects, as Secret Service people in
particular examine bulletin boards with some
regularity. But to expect electronic police to be
deaf dumb and blind in regard to this particular
medium rather flies in the face of common sense.
Police watch television, listen to radio, read
newspapers and magazines; why should the new
medium of boards be different? Cops can exercise
the same access to electronic information as
everybody else. As we have seen, quite a few
computer police maintain *their own* bulletin
boards, including anti-hacker "sting" boards, which
have generally proven quite effective.
As a final clincher, their Mountie friends in
Canada (and colleagues in Ireland and Taiwan)
don't have First Amendment or American
constitutional restrictions, but they do have phone
lines, and can call any bulletin board in America
whenever they please. The same technological
determinants that play into the hands of hackers,
phone phreaks and software pirates can play into
the hands of police. "Technological determinants"
don't have *any* human allegiances. They're not
black or white, or Establishment or Underground, or
Godwin complained at length about what he
called "the Clever Hobbyist hypothesis" -- the
assumption that the "hacker" you're busting is
clearly a technical genius, and must therefore by
searched with extreme thoroughness. So: from the
law's point of view, why risk missing anything? Take
the works. Take the guy's computer. Take his books.
Take his notebooks. Take the electronic drafts of his
love letters. Take his Walkman. Take his wife's
computer. Take his dad's computer. Take his kid
sister's computer. Take his employer's computer.
Take his compact disks -- they *might* be CD-ъOM
disks, cunningly disguised as pop music. Take his
laser printer -- he might have hidden something
vital in the printer's 5meg of memory. Take his
software manuals and hardware documentation.
Take his science-fiction novels and his simulation-
gaming books. Take his Nintendo Game-Boy and
his Pac-Man arcade game. Take his answering
machine, take his telephone out of the wall. Take
anything remotely suspicious.
Godwin pointed out that most "hackers" are not,
in fact, clever genius hobbyists. Quite a few are
crooks and grifters who don't have much in the way
of technical sophistication; just some rule-of-thumb
rip-off techniques. The same goes for most fifteen-
year-olds who've downloaded a code-scanning
program from a pirate board. There's no real need
to seize everything in sight. It doesn't require an
entire computer system and ten thousand disks to
prove a case in court.
What if the computer is the instrumentality of a
crime? someone demanded.
Godwin admitted quietly that the doctrine of
seizing the instrumentality of a crime was pretty well
established in the American legal system.
The meeting broke up. Godwin and Kapor had
to leave. Kapor was testifying next morning before
the Massachusetts Department Of Public Utility,
about ISDN narrowband wide-area networking.
As soon as they were gone, Thackeray seemed
elated. She had taken a great risk with this. Her
colleagues had not, in fact, torn Kapor and Godwin's
heads off. She was very proud of them, and told
"Did you hear what Godwin said about
*instrumentality of a crime?*" she exulted, to
nobody in particular. "Wow, that means *Mitch isn't
going to sue me.*"
America's computer police are an interesting
group. As a social phenomenon they are far more
interesting, and far more important, than teenage
phone phreaks and computer hackers. First, they're
older and wiser; not dizzy hobbyists with leaky
morals, but seasoned adult professionals with all the
responsibilities of public service. And, unlike
hackers, they possess not merely *technical* power
alone, but heavy-duty legal and social authority.
And, very interestingly, they are just as much at
sea in cyberspace as everyone else. They are not
happy about this. Police are authoritarian by nature,
and prefer to obey rules and precedents. (Even
those police who secretly enjoy a fast ride in rough
territory will soberly disclaim any "cowboy" attitude.)
But in cyberspace there *are* no rules and
precedents. They are groundbreaking pioneers,
Cyberspace ъangers, whether they like it or not.
In my opinion, any teenager enthralled by
computers, fascinated by the ins and outs of
computer security, and attracted by the lure of
specialized forms of knowledge and power, would do
well to forget all about "hacking" and set his (or her)
sights on becoming a fed. Feds can trump hackers
at almost every single thing hackers do, including
gathering intelligence, undercover disguise,
trashing, phone-tapping, building dossiers,
networking, and infiltrating computer systems --
*criminal* computer systems. Secret Service agents
know more about phreaking, coding and carding
than most phreaks can find out in years, and when it
comes to viruses, break-ins, software bombs and
trojan horses, Feds have direct access to red-hot
confidential information that is only vague rumor in
And if it's an impressive public rep you're after,
there are few people in the world who can be so
chillingly impressive as a well-trained, well-armed
United States Secret Service agent.
Of course, a few personal sacrifices are
necessary in order to obtain that power and
knowledge. First, you'll have the galling discipline of
belonging to a large organization; but the world of
computer crime is still so small, and so amazingly
fast-moving, that it will remain spectacularly fluid for
years to come. The second sacrifice is that you'll
have to give up ripping people off. This is not a great
loss. Abstaining from the use of illegal drugs, also
necessary, will be a boon to your health.
A career in computer security is not a bad
choice for a young man or woman today. The field
will almost certainly expand drastically in years to
come. If you are a teenager today, by the time you
become a professional, the pioneers you have read
about in this book will be the grand old men and
women of the field, swamped by their many
disciples and successors. Of course, some of them,
like William P. Wood of the 1865 Secret Service,
may well be mangled in the whirring machinery of
legal controversy; but by the time you enter the
computer-crime field, it may have stabilized
somewhat, while remaining entertainingly
But you can't just have a badge. You have to win
it. First, there's the federal law enforcement
training. And it's hard -- it's a challenge. A real
challenge -- not for wimps and rodents.
Every Secret Service agent must complete
gruelling courses at the Federal Law Enforcement
Training Center. (In fact, Secret Service agents are
periodically re-trained during their entire careers.)
In order to get a glimpse of what this might be
like, I myself travelled to FLETC.
The Federal Law Enforcement Training Center
is a 1500-acre facility on Georgia's Atlantic coast. It's
a milieu of marshgrass, seabirds, damp, clinging
sea-breezes, palmettos, mosquitos, and bats. Until
1974, it was a Navy Air Base, and still features a
working runway, and some WWII vintage
blockhouses and officers' quarters. The Center has
since benefitted by a forty-million-dollar retrofit, but
there's still enough forest and swamp on the facility
for the Border Patrol to put in tracking practice.
As a town, "Glynco" scarcely exists. The nearest
real town is Brunswick, a few miles down Highway 17,
where I stayed at the aptly named Marshview
Holiday Inn. I had Sunday dinner at a seafood
restaurant called "Jinright's," where I feasted on
deep-fried alligator tail. This local favorite was a
heaped basket of bite-sized chunks of white, tender,
almost fluffy reptile meat, steaming in a peppered
batter crust. Alligator makes a culinary experience
that's hard to forget, especially when liberally basted
with homemade cocktail sauce from a Jinright
The crowded clientele were tourists, fishermen,
local black folks in their Sunday best, and white
Georgian locals who all seemed to bear an uncanny
resemblance to Georgia humorist Lewis Grizzard.
The 2,400 students from 75 federal agencies who
make up the FLETC population scarcely seem to
make a dent in the low-key local scene. The
students look like tourists, and the teachers seem to
have taken on much of the relaxed air of the Deep
South. My host was Mr. Carlton Fitzpatrick, the
Program Coordinator of the Financial Fraud
Institute. Carlton Fitzpatrick is a mustached, sinewy,
well-tanned Alabama native somewhere near his
late forties, with a fondness for chewing tobacco,
powerful computers, and salty, down-home homilies.
We'd met before, at FCIC in Arizona.
The Financial Fraud Institute is one of the nine
divisions at FLETC. Besides Financial Fraud, there's
Driver & Marine, Firearms, and Physical Training.
These are specialized pursuits. There are also five
general training divisions: Basic Training,
Operations, Enforcement Techniques, Legal
Division, and Behavioral Science.
Somewhere in this curriculum is everything
necessary to turn green college graduates into
federal agents. First they're given ID cards. Then
they get the rather miserable-looking blue coveralls
known as "smurf suits." The trainees are assigned a
barracks and a cafeteria, and immediately set on
FLETC's bone-grinding physical training rout