THE HACKER CRACKDOWN

Law and Disorder on the Electronic Frontier

by Bruce Sterling

CHRONOLOGY OF THE HACKER CRACKDOWN

1865 U. S. Secret Service (USSS) founded. 

1876 Alexander Graham Bell invents telephone. 

1878 First teenage males flung off phone system by enraged authorities. 

1939 "Futurian" science-fiction group raided by Secret Service. 

1971 Yippie phone phreaks start YIPL/TAP magazine. 

1972 RAMPARTS magazine seized in blue-box rip-off scandal. 

1978 Ward Christenson and Randy Suess create first personal computer bulletin board system. 

1982 William Gibson coins term "cyberspace. "

1982 "414 Gang" raided. 

1983-1983 AT&T dismantled in divestiture. 

1984 Congress passes Comprehensive Crime Control Act giving USSS jurisdiction over credit card fraud and computer fraud. 

1984 "Legion of Doom" formed. 

1984. 2600: THE HACKER QUARTERLY founded. 

1984. WHOLE EARTH SOFTWARE CATALOG published. 

1985. First police "sting" bulletin board systems established. 

1985. Whole Earth 'Lectronic Link computer conference (WELL) goeson-line. 

1986 Computer Fraud and Abuse Act passed. 

1986 Electronic Communications Privacy Act passed. 

1987 Chicago prosecutors form Computer Fraud and Abuse Task Force. 

1988

July. Secret Service covertly videotapes "SummerCon" hacker convention. 

September. "Prophet" cracks BellSouth AIMSX computer network and downloads E911 Document to his own computer and to Jolnet. 

September. AT&T Corporate Information Security informed of Prophet'saction. 

October. Bellcore Security informed of Prophet's action. 

1989

January. Prophet uploads E911 Document to Knight Lightning. 

February 25. Knight Lightning publishes E911 Document in PHRACK electronic newsletter. 

May. Chicago Task Force raids and arrests "Kyrie. "

June. "NuPrometheus League" distributes Apple Computer proprietarysoftware. 

June 13. Florida probation office crossed with phone-sex line in switching-station stunt. 

July. "Fry Guy" raided by USSS and Chicago Computer Fraud and Abuse Task Force. 

July. Secret Service raids "Prophet, " "Leftist, " and "Urvile" inGeorgia. 

1990

January 15. Martin Luther King Day Crash strikes AT&T long-distance network nationwide. 

January 18-19. Chicago Task Force raids Knight Lightning in St. Louis. 

January 24. USSS and New York State Police raid "Phiber Optik, " "Acid Phreak, " and "Scorpion" in New York City. 

February 1. USSS raids "Terminus" in Maryland. 

February 3. Chicago Task Force raids Richard Andrews' home. 

February 6. Chicago Task Force raids Richard Andrews' business. 

February 6. USSS arrests Terminus, Prophet, Leftist, and Urvile. 

February 9. Chicago Task Force arrests Knight Lightning. 

February 20. AT&T Security shuts down public-access "attctc" computer in Dallas. 

February 21. Chicago Task Force raids Robert Izenberg in Austin. 

March 1. Chicago Task Force raids Steve Jackson Games, Inc. , "Mentor, " and "Erik Bloodaxe" in Austin. 

May 7, 8, 9. 

USSS and Arizona Organized Crime and Racketeering Bureau conduct"Operation Sundevil" raids in Cincinnatti, Detroit, Los Angeles, Miami, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, andSan Francisco. 

May. FBI interviews John Perry Barlow re NuPrometheus case. 

June. Mitch Kapor and Barlow found Electronic Frontier Foundation; Barlow publishes CRIME AND PUZZLEMENT manifesto. 

July 24-27. Trial of Knight Lightning. 

1991

February. CPSR Roundtable in Washington, D. C. 

March 25-28. Computers, Freedom and Privacy conference in SanFrancisco. 

May 1. Electronic Frontier Foundation, Steve Jackson, and others file suit against members of Chicago Task Force. 

July 1-2. Switching station phone software crash affects Washington, Los Angeles, Pittsburgh, San Francisco. 

September 17. AT&T phone crash affects New York City and threeairports. 

Introduction

This is a book about cops, and wild teenage whiz-kids, and lawyers, and hairy-eyed anarchists, and industrial technicians, and hippies, andhigh-tech millionaires, and game hobbyists, and computer securityexperts, and Secret Service agents, and grifters, and thieves. 

This book is about the electronic frontier of the 1990s. It concernsactivities that take place inside computers and over telephone lines. 

A science fiction writer coined the useful term "cyberspace" in 1982, but the territory in question, the electronic frontier, is about ahundred and thirty years old. Cyberspace is the "place" where atelephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk. Not inside the other person's phone, in some other city. THE PLACE BETWEEN the phones. The indefiniteplace OUT THERE, where the two of you, two human beings, actually meetand communicate. 

Although it is not exactly "real, " "cyberspace" is a genuine place. Things happen there that have very genuine consequences. This "place"is not "real, " but it is serious, it is earnest. Tens of thousands ofpeople have dedicated their lives to it, to the public service ofpublic communication by wire and electronics. 

People have worked on this "frontier" for generations now. Some peoplebecame rich and famous from their efforts there. Some just played init, as hobbyists. Others soberly pondered it, and wrote about it, andregulated it, and negotiated over it in international forums, and suedone another about it, in gigantic, epic court battles that lasted foryears. And almost since the beginning, some people have committedcrimes in this place. 

But in the past twenty years, this electrical "space, " which was oncethin and dark and one-dimensional--little more than a narrowspeaking-tube, stretching from phone to phone--has flung itself openlike a gigantic jack-in-the-box. Light has flooded upon it, the eerielight of the glowing computer screen. This dark electric netherworldhas become a vast flowering electronic landscape. Since the 1960s, theworld of the telephone has cross-bred itself with computers andtelevision, and though there is still no substance to cyberspace, nothing you can handle, it has a strange kind of physicality now. Itmakes good sense today to talk of cyberspace as a place all its own. 

Because people live in it now. Not just a few people, not just a fewtechnicians and eccentrics, but thousands of people, quite normalpeople. And not just for a little while, either, but for hoursstraight, over weeks, and months, and years. Cyberspace today is a"Net, " a "Matrix, " international in scope and growing swiftly andsteadily. It's growing in size, and wealth, and political importance. 

People are making entire careers in modern cyberspace. Scientists andtechnicians, of course; they've been there for twenty years now. Butincreasingly, cyberspace is filling with journalists and doctors andlawyers and artists and clerks. Civil servants make their careersthere now, "on-line" in vast government data-banks; and so do spies, industrial, political, and just plain snoops; and so do police, atleast a few of them. And there are children living there now. 

People have met there and been married there. There are entire livingcommunities in cyberspace today; chattering, gossiping, planning, conferring and scheming, leaving one another voice-mail and electronicmail, giving one another big weightless chunks of valuable data, bothlegitimate and illegitimate. They busily pass one another computersoftware and the occasional festering computer virus. 

We do not really understand how to live in cyberspace yet. We arefeeling our way into it, blundering about. That is not surprising. Our lives in the physical world, the "real" world, are also far fromperfect, despite a lot more practice. Human lives, real lives, areimperfect by their nature, and there are human beings in cyberspace. The way we live in cyberspace is a funhouse mirror of the way we livein the real world. We take both our advantages and our troubles withus. 

This book is about trouble in cyberspace. Specifically, this book isabout certain strange events in the year 1990, an unprecedented andstartling year for the the growing world of computerized communications. 

In 1990 there came a nationwide crackdown on illicit computer hackers, with arrests, criminal charges, one dramatic show-trial, several guiltypleas, and huge confiscations of data and equipment all over the USA. 

The Hacker Crackdown of 1990 was larger, better organized, moredeliberate, and more resolute than any previous effort in the brave newworld of computer crime. The U. S. Secret Service, private telephonesecurity, and state and local law enforcement groups across the countryall joined forces in a determined attempt to break the back ofAmerica's electronic underground. It was a fascinating effort, withvery mixed results. 

The Hacker Crackdown had another unprecedented effect; it spurred thecreation, within "the computer community, " of the Electronic FrontierFoundation, a new and very odd interest group, fiercely dedicated tothe establishment and preservation of electronic civil liberties. Thecrackdown, remarkable in itself, has created a melee of debate overelectronic crime, punishment, freedom of the press, and issues ofsearch and seizure. Politics has entered cyberspace. Where people go, politics follow. 

This is the story of the people of cyberspace. 

PART ONE: CRASHING THE SYSTEM

On January 15, 1990, AT&T's long-distance telephone switching systemcrashed. 

This was a strange, dire, huge event. Sixty thousand people lost theirtelephone service completely. During the nine long hours of franticeffort that it took to restore service, some seventy million telephonecalls went uncompleted. 

Losses of service, known as "outages" in the telco trade, are a knownand accepted hazard of the telephone business. Hurricanes hit, andphone cables get snapped by the thousands. Earthquakes wrench throughburied fiber-optic lines. Switching stations catch fire and burn tothe ground. These things do happen. There are contingency plans forthem, and decades of experience in dealing with them. But the Crash ofJanuary 15 was unprecedented. It was unbelievably huge, and itoccurred for no apparent physical reason. 

The crash started on a Monday afternoon in a single switching-stationin Manhattan. But, unlike any merely physical damage, it spread andspread. Station after station across America collapsed in a chainreaction, until fully half of AT&T's network had gone haywire and theremaining half was hard-put to handle the overflow. 

Within nine hours, AT&T software engineers more or less understood whathad caused the crash. Replicating the problem exactly, poring oversoftware line by line, took them a couple of weeks. But because it washard to understand technically, the full truth of the matter and itsimplications were not widely and thoroughly aired and explained. Theroot cause of the crash remained obscure, surrounded by rumor and fear. 

The crash was a grave corporate embarrassment. The "culprit" was a bugin AT&T's own software--not the sort of admission thetelecommunications giant wanted to make, especially in the face ofincreasing competition. Still, the truth WAS told, in the bafflingtechnical terms necessary to explain it. 

Somehow the explanation failed to persuade American law enforcementofficials and even telephone corporate security personnel. Thesepeople were not technical experts or software wizards, and they hadtheir own suspicions about the cause of this disaster. 

The police and telco security had important sources of informationdenied to mere software engineers. They had informants in the computerunderground and years of experience in dealing with high-tech rascalitythat seemed to grow ever more sophisticated. For years they had beenexpecting a direct and savage attack against the American nationaltelephone system. And with the Crash of January 15--the first month ofa new, high-tech decade--their predictions, fears, and suspicionsseemed at last to have entered the real world. A world where thetelephone system had not merely crashed, but, quite likely, BEENcrashed--by "hackers. "

The crash created a large dark cloud of suspicion that would colorcertain people's assumptions and actions for months. The fact that ittook place in the realm of software was suspicious on its face. Thefact that it occurred on Martin Luther King Day, still the mostpolitically touchy of American holidays, made it more suspicious yet. 

The Crash of January 15 gave the Hacker Crackdown its sense of edgeand its sweaty urgency. It made people, powerful people in positionsof public authority, willing to believe the worst. And, most fatally, it helped to give investigators a willingness to take extreme measuresand the determination to preserve almost total secrecy. 

An obscure software fault in an aging switching system in New York wasto lead to a chain reaction of legal and constitutional trouble allacross the country. 

#

Like the crash in the telephone system, this chain reaction was readyand waiting to happen. During the 1980s, the American legal system wasextensively patched to deal with the novel issues of computer crime. There was, for instance, the Electronic Communications Privacy Act of1986 (eloquently described as "a stinking mess" by a prominent lawenforcement official). And there was the draconian Computer Fraud andAbuse Act of 1986, passed unanimously by the United States Senate, which later would reveal a large number of flaws. Extensive, well-meant efforts had been made to keep the legal system up to date. But in the day-to-day grind of the real world, even the most elegantsoftware tends to crumble and suddenly reveal its hidden bugs. 

Like the advancing telephone system, the American legal system wascertainly not ruined by its temporary crash; but for those caught underthe weight of the collapsing system, life became a series of blackoutsand anomalies. 

In order to understand why these weird events occurred, both in theworld of technology and in the world of law, it's not enough tounderstand the merely technical problems. We will get to those; butfirst and foremost, we must try to understand the telephone, and thebusiness of telephones, and the community of human beings thattelephones have created. 

#

Technologies have life cycles, like cities do, like institutions do, like laws and governments do. 

The first stage of any technology is the Question Mark, often known asthe "Golden Vaporware" stage. At this early point, the technology isonly a phantom, a mere gleam in the inventor's eye. One such inventorwas a speech teacher and electrical tinkerer named Alexander GrahamBell. 

Bell's early inventions, while ingenious, failed to move the world. In1863, the teenage Bell and his brother Melville made an artificialtalking mechanism out of wood, rubber, gutta-percha, and tin. Thisweird device had a rubber-covered "tongue" made of movable woodensegments, with vibrating rubber "vocal cords, " and rubber "lips" and"cheeks. " While Melville puffed a bellows into a tin tube, imitatingthe lungs, young Alec Bell would manipulate the "lips, " "teeth, " and"tongue, " causing the thing to emit high-pitched falsetto gibberish. 

Another would-be technical breakthrough was the Bell "phonautograph" of1874, actually made out of a human cadaver's ear. Clamped into placeon a tripod, this grisly gadget drew sound-wave images on smoked glassthrough a thin straw glued to its vibrating earbones. 

By 1875, Bell had learned to produce audible sounds--ugly shrieks andsquawks--by using magnets, diaphragms, and electrical current. 

Most "Golden Vaporware" technologies go nowhere. 

But the second stage of technology is the Rising Star, or, the "GoofyPrototype, " stage. The telephone, Bell's most ambitious gadget yet, reached this stage on March 10, 1876. On that great day, AlexanderGraham Bell became the first person to transmit intelligible humanspeech electrically. As it happened, young Professor Bell, industriously tinkering in his Boston lab, had spattered his trouserswith acid. His assistant, Mr. Watson, heard his cry for help--overBell's experimental audio-telegraph. This was an event withoutprecedent. 

Technologies in their "Goofy Prototype" stage rarely work very well. They're experimental, and therefore half-baked and rather frazzled. The prototype may be attractive and novel, and it does look as if itought to be good for something-or-other. But nobody, including theinventor, is quite sure what. Inventors, and speculators, and punditsmay have very firm ideas about its potential use, but those ideas areoften very wrong. 

The natural habitat of the Goofy Prototype is in trade shows and in thepopular press. Infant technologies need publicity and investment moneylike a tottering calf need milk. This was very true of Bell's machine. To raise research and development money, Bell toured with his device asa stage attraction. 

Contemporary press reports of the stage debut of the telephone showedpleased astonishment mixed with considerable dread. Bell's stagetelephone was a large wooden box with a crude speaker-nozzle, the wholecontraption about the size and shape of an overgrown Brownie camera. Its buzzing steel soundplate, pumped up by powerful electromagnets, wasloud enough to fill an auditorium. Bell's assistant Mr. Watson, whocould manage on the keyboards fairly well, kicked in by playing theorgan from distant rooms, and, later, distant cities. This feat wasconsidered marvellous, but very eerie indeed. 

Bell's original notion for the telephone, an idea promoted for a coupleof years, was that it would become a mass medium. We might recognizeBell's idea today as something close to modern "cable radio. "Telephones at a central source would transmit music, Sunday sermons, and important public speeches to a paying network of wired-upsubscribers. 

At the time, most people thought this notion made good sense. In fact, Bell's idea was workable. In Hungary, this philosophy of thetelephone was successfully put into everyday practice. In Budapest, for decades, from 1893 until after World War I, there was agovernment-run information service called "Telefon Hirmondo-. "Hirmondo- was a centralized source of news and entertainment andculture, including stock reports, plays, concerts, and novels readaloud. At certain hours of the day, the phone would ring, you wouldplug in a loudspeaker for the use of the family, and Telefon Hirmondo-would be on the air--or rather, on the phone. 

Hirmondo- is dead tech today, but Hirmondo- might be considered aspiritual ancestor of the modern telephone-accessed computer dataservices, such as CompuServe, GEnie or Prodigy. The principle behindHirmondo- is also not too far from computer "bulletin-board systems" orBBS's, which arrived in the late 1970s, spread rapidly across America, and will figure largely in this book. 

We are used to using telephones for individual person-to-person speech, because we are used to the Bell system. But this was just onepossibility among many. Communication networks are very flexible andprotean, especially when their hardware becomes sufficiently advanced. They can be put to all kinds of uses. And they have been--and theywill be. 

Bell's telephone was bound for glory, but this was a combination ofpolitical decisions, canny infighting in court, inspired industrialleadership, receptive local conditions and outright good luck. Muchthe same is true of communications systems today. 

As Bell and his backers struggled to install their newfangled system inthe real world of nineteenth-century New England, they had to fightagainst skepticism and industrial rivalry. There was already a strongelectrical communications network present in America: the telegraph. The head of the Western Union telegraph system dismissed Bell'sprototype as "an electrical toy" and refused to buy the rights toBell's patent. The telephone, it seemed, might be all right as aparlor entertainment--but not for serious business. 

Telegrams, unlike mere telephones, left a permanent physical record oftheir messages. Telegrams, unlike telephones, could be answeredwhenever the recipient had time and convenience. And the telegram hada much longer distance-range than Bell's early telephone. Thesefactors made telegraphy seem a much more sound and businessliketechnology--at least to some. 

The telegraph system was huge, and well-entrenched. In 1876, theUnited States had 214, 000 miles of telegraph wire, and 8500 telegraphoffices. There were specialized telegraphs for businesses and stocktraders, government, police and fire departments. And Bell's "toy" wasbest known as a stage-magic musical device. 

The third stage of technology is known as the "Cash Cow" stage. In the"cash cow" stage, a technology finds its place in the world, andmatures, and becomes settled and productive. After a year or so, Alexander Graham Bell and his capitalist backers concluded that eeriemusic piped from nineteenth-century cyberspace was not the realselling-point of his invention. Instead, the telephone was aboutspeech--individual, personal speech, the human voice, humanconversation and human interaction. The telephone was not to bemanaged from any centralized broadcast center. It was to be apersonal, intimate technology. 

When you picked up a telephone, you were not absorbing the cold outputof a machine--you were speaking to another human being. Once peoplerealized this, their instinctive dread of the telephone as an eerie, unnatural device, swiftly vanished. A "telephone call" was not a"call" from a "telephone" itself, but a call from another human being, someone you would generally know and recognize. The real point was notwhat the machine could do for you (or to you), but what you yourself, aperson and citizen, could do THROUGH the machine. This decision on thepart of the young Bell Company was absolutely vital. 

The first telephone networks went up around Boston--mostly among thetechnically curious and the well-to-do (much the same segment of theAmerican populace that, a hundred years later, would be buying personalcomputers). Entrenched backers of the telegraph continued to scoff. 

But in January 1878, a disaster made the telephone famous. A traincrashed in Tarriffville, Connecticut. Forward-looking doctors in thenearby city of Hartford had had Bell's "speaking telephone" installed. An alert local druggist was able to telephone an entire community oflocal doctors, who rushed to the site to give aid. The disaster, asdisasters do, aroused intense press coverage. The phone had proven itsusefulness in the real world. 

After Tarriffville, the telephone network spread like crabgrass. By1890 it was all over New England. By '93, out to Chicago. By '97, into Minnesota, Nebraska and Texas. By 1904 it was all over thecontinent. 

The telephone had become a mature technology. Professor Bell (nowgenerally known as "Dr. Bell" despite his lack of a formal degree)became quite wealthy. He lost interest in the tedious day-to-daybusiness muddle of the booming telephone network, and gratefullyreturned his attention to creatively hacking-around in his variouslaboratories, which were now much larger, better-ventilated, andgratifyingly better-equipped. Bell was never to have another greatinventive success, though his speculations and prototypes anticipatedfiber-optic transmission, manned flight, sonar, hydrofoil ships, tetrahedral construction, and Montessori education. The "decibel, " thestandard scientific measure of sound intensity, was named after Bell. 

Not all Bell's vaporware notions were inspired. He was fascinated byhuman eugenics. He also spent many years developing a weird personalsystem of astrophysics in which gravity did not exist. 

Bell was a definite eccentric. He was something of a hypochondriac, and throughout his life he habitually stayed up until four A. M. , refusing to rise before noon. But Bell had accomplished a great feat;he was an idol of millions and his influence, wealth, and greatpersonal charm, combined with his eccentricity, made him something of aloose cannon on deck. Bell maintained a thriving scientific salon inhis winter mansion in Washington, D. C. , which gave him considerablebackstage influence in governmental and scientific circles. He was amajor financial backer of the the magazines Science and NationalGeographic, both still flourishing today as important organs of theAmerican scientific establishment. 

Bell's companion Thomas Watson, similarly wealthy and similarly odd, became the ardent political disciple of a 19th-century science-fictionwriter and would-be social reformer, Edward Bellamy. Watson also trodthe boards briefly as a Shakespearian actor. 

There would never be another Alexander Graham Bell, but in years tocome there would be surprising numbers of people like him. Bell was aprototype of the high-tech entrepreneur. High-tech entrepreneurs willplay a very prominent role in this book: not merely as technicians andbusinessmen, but as pioneers of the technical frontier, who can carrythe power and prestige they derive from high-technology into thepolitical and social arena. 

Like later entrepreneurs, Bell was fierce in defense of his owntechnological territory. As the telephone began to flourish, Bell wassoon involved in violent lawsuits in the defense of his patents. Bell's Boston lawyers were excellent, however, and Bell himself, as anelocution teacher and gifted public speaker, was a devastatinglyeffective legal witness. In the eighteen years of Bell's patents, theBell company was involved in six hundred separate lawsuits. The legalrecords printed filled 149 volumes. The Bell Company won every singlesuit. 

After Bell's exclusive patents expired, rival telephone companiessprang up all over America. Bell's company, American Bell Telephone, was soon in deep trouble. In 1907, American Bell Telephone fell intothe hands of the rather sinister J. P. Morgan financial cartel, robber-baron speculators who dominated Wall Street. 

At this point, history might have taken a different turn. Americanmight well have been served forever by a patchwork of locally ownedtelephone companies. Many state politicians and local businessmenconsidered this an excellent solution. 

But the new Bell holding company, American Telephone and Telegraph orAT&T, put in a new man at the helm, a visionary industrialist namedTheodore Vail. Vail, a former Post Office manager, understood largeorganizations and had an innate feeling for the nature of large-scalecommunications. Vail quickly saw to it that AT&T seized thetechnological edge once again. The Pupin and Campbell "loading coil, "and the deForest "audion, " are both extinct technology today, but in1913 they gave Vail's company the best LONG-DISTANCE lines ever built. By controlling long-distance--the links between, and over, and abovethe smaller local phone companies--AT&T swiftly gained the whip-handover them, and was soon devouring them right and left. 

Vail plowed the profits back into research and development, startingthe Bell tradition of huge-scale and brilliant industrial research. 

Technically and financially, AT&T gradually steamrollered theopposition. Independent telephone companies never became entirelyextinct, and hundreds of them flourish today. But Vail's AT&T becamethe supreme communications company. At one point, Vail's AT&T boughtWestern Union itself, the very company that had derided Bell'stelephone as a "toy. " Vail thoroughly reformed Western Union'shidebound business along his modern principles; but when the federalgovernment grew anxious at this centralization of power, Vail politelygave Western Union back. 

This centralizing process was not unique. Very similar events hadhappened in American steel, oil, and railroads. But AT&T, unlike theother companies, was to remain supreme. The monopoly robber-barons ofthose other industries were humbled and shattered by governmenttrust-busting. 

Vail, the former Post Office official, was quite willing to accommodatethe US government; in fact he would forge an active alliance with it. AT&T would become almost a wing of the American government, almostanother Post Office--though not quite. AT&T would willingly submit tofederal regulation, but in return, it would use the government'sregulators as its own police, who would keep out competitors and assurethe Bell system's profits and preeminence. 

This was the second birth--the political birth--of the Americantelephone system. Vail's arrangement was to persist, with vastsuccess, for many decades, until 1982. His system was an odd kind ofAmerican industrial socialism. It was born at about the same time asLeninist Communism, and it lasted almost as long--and, it must beadmitted, to considerably better effect. 

Vail's system worked. Except perhaps for aerospace, there has been notechnology more thoroughly dominated by Americans than the telephone. The telephone was seen from the beginning as a quintessentiallyAmerican technology. Bell's policy, and the policy of Theodore Vail, was a profoundly democratic policy of UNIVERSAL ACCESS. Vail's famouscorporate slogan, "One Policy, One System, Universal Service, " was apolitical slogan, with a very American ring to it. 

The American telephone was not to become the specialized tool ofgovernment or business, but a general public utility. At first, it wastrue, only the wealthy could afford private telephones, and Bell'scompany pursued the business markets primarily. The American phonesystem was a capitalist effort, meant to make money; it was not acharity. But from the first, almost all communities with telephoneservice had public telephones. And many stores--especiallydrugstores--offered public use of their phones. You might not own atelephone--but you could always get into the system, if you reallyneeded to. 

There was nothing inevitable about this decision to make telephones"public" and "universal. " Vail's system involved a profound act oftrust in the public. This decision was a political one, informed bythe basic values of the American republic. The situation might havebeen very different; and in other countries, under other systems, itcertainly was. 

Joseph Stalin, for instance, vetoed plans for a Soviet phone systemsoon after the Bolshevik revolution. Stalin was certain that publiclyaccessible telephones would become instruments of anti-Sovietcounterrevolution and conspiracy. (He was probably right. ) Whentelephones did arrive in the Soviet Union, they would be instruments ofParty authority, and always heavily tapped. (Alexander Solzhenitsyn'sprison-camp novel The First Circle describes efforts to develop a phonesystem more suited to Stalinist purposes. )

France, with its tradition of rational centralized government, hadfought bitterly even against the electric telegraph, which seemed tothe French entirely too anarchical and frivolous. For decades, nineteenth-century France communicated via the "visual telegraph, " anation-spanning, government-owned semaphore system of huge stone towersthat signalled from hilltops, across vast distances, with bigwindmill-like arms. In 1846, one Dr. Barbay, a semaphore enthusiast, memorably uttered an early version of what might be called "thesecurity expert's argument" against the open media. 

"No, the electric telegraph is not a sound invention. It will alwaysbe at the mercy of the slightest disruption, wild youths, drunkards, bums, etc. . . . The electric telegraph meets those destructive elementswith only a few meters of wire over which supervision is impossible. Asingle man could, without being seen, cut the telegraph wires leadingto Paris, and in twenty-four hours cut in ten different places thewires of the same line, without being arrested. The visual telegraph, on the contrary, has its towers, its high walls, its gates well-guardedfrom inside by strong armed men. Yes, I declare, substitution of theelectric telegraph for the visual one is a dreadful measure, a trulyidiotic act. "

Dr. Barbay and his high-security stone machines were eventuallyunsuccessful, but his argument--that communication exists for thesafety and convenience of the state, and must be carefully protectedfrom the wild boys and the gutter rabble who might want to crash thesystem--would be heard again and again. 

When the French telephone system finally did arrive, its snarledinadequacy was to be notorious. Devotees of the American Bell Systemoften recommended a trip to France, for skeptics. 

In Edwardian Britain, issues of class and privacy were a ball-and-chainfor telephonic progress. It was considered outrageous that anyone--anywild fool off the street--could simply barge bellowing into one'soffice or home, preceded only by the ringing of a telephone bell. InBritain, phones were tolerated for the use of business, but privatephones tended be stuffed away into closets, smoking rooms, or servants'quarters. Telephone operators were resented in Britain because theydid not seem to "know their place. " And no one of breeding would printa telephone number on a business card; this seemed a crass attempt tomake the acquaintance of strangers. 

But phone access in America was to become a popular right; somethinglike universal suffrage, only more so. American women could not yetvote when the phone system came through; yet from the beginningAmerican women doted on the telephone. This "feminization" of theAmerican telephone was often commented on by foreigners. Phones inAmerica were not censored or stiff or formalized; they were social, private, intimate, and domestic. In America, Mother's Day is by farthe busiest day of the year for the phone network. 

The early telephone companies, and especially AT&T, were among theforemost employers of American women. They employed the daughters ofthe American middle-class in great armies: in 1891, eight thousandwomen; by 1946, almost a quarter of a million. Women seemed to enjoytelephone work; it was respectable, it was steady, it paid fairly wellas women's work went, and--not least--it seemed a genuine contributionto the social good of the community. Women found Vail's ideal ofpublic service attractive. This was especially true in rural areas, where women operators, running extensive rural party-lines, enjoyedconsiderable social power. The operator knew everyone on theparty-line, and everyone knew her. 

Although Bell himself was an ardent suffragist, the telephone companydid not employ women for the sake of advancing female liberation. AT&Tdid this for sound commercial reasons. The first telephone operatorsof the Bell system were not women, but teenage American boys. Theywere telegraphic messenger boys (a group about to be renderedtechnically obsolescent), who swept up around the phone office, dunnedcustomers for bills, and made phone connections on the switchboard, allon the cheap. 

Within the very first year of operation, 1878, Bell's company learneda sharp lesson about combining teenage boys and telephone switchboards. Putting teenage boys in charge of the phone system brought swift andconsistent disaster. Bell's chief engineer described them as "WildIndians. " The boys were openly rude to customers. They talked back tosubscribers, saucing off, uttering facetious remarks, and generallygiving lip. The rascals took Saint Patrick's Day off withoutpermission. And worst of all they played clever tricks with theswitchboard plugs: disconnecting calls, crossing lines so thatcustomers found themselves talking to strangers, and so forth. 

This combination of power, technical mastery, and effective anonymityseemed to act like catnip on teenage boys. 

This wild-kid-on-the-wires phenomenon was not confined to the USA; fromthe beginning, the same was true of the British phone system. An earlyBritish commentator kindly remarked: "No doubt boys in their teensfound the work not a little irksome, and it is also highly probablethat under the early conditions of employment the adventurous andinquisitive spirits of which the average healthy boy of that age ispossessed, were not always conducive to the best attention being givento the wants of the telephone subscribers. "

So the boys were flung off the system--or at least, deprived of controlof the switchboard. But the "adventurous and inquisitive spirits" ofthe teenage boys would be heard from in the world of telephony, againand again. 

The fourth stage in the technological life-cycle is death: "the Dog, "dead tech. The telephone has so far avoided this fate. On thecontrary, it is thriving, still spreading, still evolving, and atincreasing speed. 

The telephone has achieved a rare and exalted state for a technologicalartifact: it has become a HOUSEHOLD OBJECT. The telephone, like theclock, like pen and paper, like kitchen utensils and running water, hasbecome a technology that is visible only by its absence. The telephoneis technologically transparent. The global telephone system is thelargest and most complex machine in the world, yet it is easy to use. More remarkable yet, the telephone is almost entirely physically safefor the user. 

For the average citizen in the 1870s, the telephone was weirder, moreshocking, more "high-tech" and harder to comprehend, than the mostoutrageous stunts of advanced computing for us Americans in the 1990s. In trying to understand what is happening to us today, with ourbulletin-board systems, direct overseas dialling, fiber-optictransmissions, computer viruses, hacking stunts, and a vivid tangle ofnew laws and new crimes, it is important to realize that our societyhas been through a similar challenge before--and that, all in all, wedid rather well by it. 

Bell's stage telephone seemed bizarre at first. But the sensations ofweirdness vanished quickly, once people began to hear the familiarvoices of relatives and friends, in their own homes on their owntelephones. The telephone changed from a fearsome high-tech totem toan everyday pillar of human community. 

This has also happened, and is still happening, to computer networks. Computer networks such as NSFnet, BITnet, USENET, JANET, aretechnically advanced, intimidating, and much harder to use thantelephones. Even the popular, commercial computer networks, such asGEnie, Prodigy, and CompuServe, cause much head-scratching and havebeen described as "user-hateful. " Nevertheless they too are changingfrom fancy high-tech items into everyday sources of human community. 

The words "community" and "communication" have the same root. Whereveryou put a communications network, you put a community as well. Andwhenever you TAKE AWAY that network--confiscate it, outlaw it, crashit, raise its price beyond affordability--then you hurt that community. 

Communities will fight to defend themselves. People will fight harderand more bitterly to defend their communities, than they will fight todefend their own individual selves. And this is very true of the"electronic community" that arose around computer networks in the1980s--or rather, the VARIOUS electronic communities, in telephony, lawenforcement, computing, and the digital underground that, by the year1990, were raiding, rallying, arresting, suing, jailing, fining andissuing angry manifestos. 

None of the events of 1990 were entirely new. Nothing happened in 1990that did not have some kind of earlier and more understandableprecedent. What gave the Hacker Crackdown its new sense of gravity andimportance was the feeling--the COMMUNITY feeling--that the politicalstakes had been raised; that trouble in cyberspace was no longer meremischief or inconclusive skirmishing, but a genuine fight over genuineissues, a fight for community survival and the shape of the future. 

These electronic communities, having flourished throughout the 1980s, were becoming aware of themselves, and increasingly, becoming aware ofother, rival communities. Worries were sprouting up right and left, with complaints, rumors, uneasy speculations. But it would take acatalyst, a shock, to make the new world evident. Like Bell's greatpublicity break, the Tarriffville Rail Disaster of January 1878, itwould take a cause celebre. 

That cause was the AT&T Crash of January 15, 1990. After the Crash, the wounded and anxious telephone community would come out fightinghard. 

#

The community of telephone technicians, engineers, operators andresearchers is the oldest community in cyberspace. These are theveterans, the most developed group, the richest, the most respectable, in most ways the most powerful. Whole generations have come and gonesince Alexander Graham Bell's day, but the community he foundedsurvives; people work for the phone system today whosegreat-grandparents worked for the phone system. Its specialtymagazines, such as Telephony, AT&T Technical Journal, TelephoneEngineer and Management, are decades old; they make computerpublications like Macworld and PC Week look like amateurjohnny-come-latelies. 

And the phone companies take no back seat in high-technology, either. Other companies' industrial researchers may have won new markets; butthe researchers of Bell Labs have won SEVEN NOBEL PRIZES. One potentdevice that Bell Labs originated, the transistor, has created entireGROUPS of industries. Bell Labs are world-famous for generating "apatent a day, " and have even made vital discoveries in astronomy, physics and cosmology. 

Throughout its seventy-year history, "Ma Bell" was not so much acompany as a way of life. Until the cataclysmic divestiture of the1980s, Ma Bell was perhaps the ultimate maternalist mega-employer. TheAT&T corporate image was the "gentle giant, " "the voice with a smile, "a vaguely socialist-realist world of cleanshaven linemen in shinyhelmets and blandly pretty phone-girls in headsets and nylons. BellSystem employees were famous as rock-ribbed Kiwanis and Rotary members, Little-League enthusiasts, school-board people. 

During the long heyday of Ma Bell, the Bell employee corps werenurtured top-to-bottom on a corporate ethos of public service. Therewas good money in Bell, but Bell was not ABOUT money; Bell used publicrelations, but never mere marketeering. People went into the BellSystem for a good life, and they had a good life. But it was not meremoney that led Bell people out in the midst of storms and earthquakesto fight with toppled phone-poles, to wade in flooded manholes, to pullthe red-eyed graveyard-shift over collapsing switching-systems. TheBell ethic was the electrical equivalent of the postman's: neitherrain, nor snow, nor gloom of night would stop these couriers. 

It is easy to be cynical about this, as it is easy to be cynical aboutany political or social system; but cynicism does not change the factthat thousands of people took these ideals very seriously. And somestill do. 

The Bell ethos was about public service; and that was gratifying; butit was also about private POWER, and that was gratifying too. As acorporation, Bell was very special. Bell was privileged. Bell hadsnuggled up close to the state. In fact, Bell was as close togovernment as you could get in America and still make a whole lot oflegitimate money. 

But unlike other companies, Bell was above and beyond the vulgarcommercial fray. Through its regional operating companies, Bell wasomnipresent, local, and intimate, all over America; but the centralivory towers at its corporate heart were the tallest and the ivoriestaround. 

There were other phone companies in America, to be sure; the so-calledindependents. Rural cooperatives, mostly; small fry, mostly tolerated, sometimes warred upon. For many decades, "independent" American phonecompanies lived in fear and loathing of the official Bell monopoly (orthe "Bell Octopus, " as Ma Bell's nineteenth-century enemies describedher in many angry newspaper manifestos). Some few of these independententrepreneurs, while legally in the wrong, fought so bitterly againstthe Octopus that their illegal phone networks were cast into the streetby Bell agents and publicly burned. 

The pure technical sweetness of the Bell System gave its operators, inventors and engineers a deeply satisfying sense of power and mastery. They had devoted their lives to improving this vast nation-spanningmachine; over years, whole human lives, they had watched it improve andgrow. It was like a great technological temple. They were an elite, and they knew it--even if others did not; in fact, they felt even morepowerful BECAUSE others did not understand. 

The deep attraction of this sensation of elite technical power shouldnever be underestimated. "Technical power" is not for everybody; formany people it simply has no charm at all. But for some people, itbecomes the core of their lives. For a few, it is overwhelming, obsessive; it becomes something close to an addiction. People--especially clever teenage boys whose lives are otherwise mostlypowerless and put-upon--love this sensation of secret power, and arewilling to do all sorts of amazing things to achieve it. The technicalPOWER of electronics has motivated many strange acts detailed in thisbook, which would otherwise be inexplicable. 

So Bell had power beyond mere capitalism. The Bell service ethosworked, and was often propagandized, in a rather saccharine fashion. Over the decades, people slowly grew tired of this. And then, openlyimpatient with it. By the early 1980s, Ma Bell was to find herselfwith scarcely a real friend in the world. Vail's industrial socialismhad become hopelessly out-of-fashion politically. Bell would bepunished for that. And that punishment would fall harshly upon thepeople of the telephone community. 

#

In 1983, Ma Bell was dismantled by federal court action. The pieces ofBell are now separate corporate entities. The core of the companybecame AT&T Communications, and also AT&T Industries (formerly WesternElectric, Bell's manufacturing arm). AT&T Bell Labs became BellCommunications Research, Bellcore. Then there are the Regional BellOperating Companies, or RBOCs, pronounced "arbocks. "

Bell was a titan and even these regional chunks are giganticenterprises: Fortune 50 companies with plenty of wealth and powerbehind them. But the clean lines of "One Policy, One System, UniversalService" have been shattered, apparently forever. 

The "One Policy" of the early Reagan Administration was to shatter asystem that smacked of noncompetitive socialism. Since that time, there has been no real telephone "policy" on the federal level. Despite the breakup, the remnants of Bell have never been set free tocompete in the open marketplace. 

The RBOCs are still very heavily regulated, but not from the top. Instead, they struggle politically, economically and legally, in whatseems an endless turmoil, in a patchwork of overlapping federal andstate jurisdictions. Increasingly, like other major Americancorporations, the RBOCs are becoming multinational, acquiring importantcommercial interests in Europe, Latin America, and the Pacific Rim. But this, too, adds to their legal and political predicament. 

The people of what used to be Ma Bell are not happy about their fate. They feel ill-used. They might have been grudgingly willing to make afull transition to the free market; to become just companies amid othercompanies. But this never happened. Instead, AT&T and the RBOCS ("theBaby Bells") feel themselves wrenched from side to side by stateregulators, by Congress, by the FCC, and especially by the federalcourt of Judge Harold Greene, the magistrate who ordered the Bellbreakup and who has been the de facto czar of Americantelecommunications ever since 1983. 

Bell people feel that they exist in a kind of paralegal limbo today. They don't understand what's demanded of them. If it's "service, " whyaren't they treated like a public service? And if it's money, then whyaren't they free to compete for it? No one seems to know, really. Those who claim to know keep changing their minds. Nobody inauthority seems willing to grasp the nettle for once and all. 

Telephone people from other countries are amazed by the Americantelephone system today. Not that it works so well; for nowadays eventhe French telephone system works, more or less. They are amazed thatthe American telephone system STILL works AT ALL, under these strangeconditions. 

Bell's "One System" of long-distance service is now only about eightypercent of a system, with the remainder held by Sprint, MCI, and themidget long-distance companies. Ugly wars over dubious corporatepractices such as "slamming" (an underhanded method of snitchingclients from rivals) break out with some regularity in the realm oflong-distance service. The battle to break Bell's long-distancemonopoly was long and ugly, and since the breakup the battlefield hasnot become much prettier. AT&T's famous shame-and-blameadvertisements, which emphasized the shoddy work and purported ethicalshadiness of their competitors, were much remarked on for their studiedpsychological cruelty. 

There is much bad blood in this industry, and much long-treasuredresentment. AT&T's post-breakup corporate logo, a striped sphere, isknown in the industry as the "Death Star" (a reference from the movieStar Wars, in which the "Death Star" was the spherical high-techfortress of the harsh-breathing imperial ultra-baddie, Darth Vader. )Even AT&T employees are less than thrilled by the Death Star. Apopular (though banned) T-shirt among AT&T employees bears theold-fashioned Bell logo of the Bell System, plus the newfangled stripedsphere, with the before-and-after comments: "This is your brain--Thisis your brain on drugs!" AT&T made a very well-financed and determinedeffort to break into the personal computer market; it was disastrous, and telco computer experts are derisively known by their competitors as"the pole-climbers. " AT&T and the Baby Bell arbocks still seem to havefew friends. 

Under conditions of sharp commercial competition, a crash like that ofJanuary 15, 1990 was a major embarrassment to AT&T. It was a directblow against their much-treasured reputation for reliability. Withindays of the crash AT&T's Chief Executive Officer, Bob Allen, officiallyapologized, in terms of deeply pained humility:

"AT&T had a major service disruption last Monday. We didn't live up toour own standards of quality, and we didn't live up to yours. It's assimple as that. And that's not acceptable to us. Or to you. . . . Weunderstand how much people have come to depend upon AT&T service, soour AT&T Bell Laboratories scientists and our network engineers aredoing everything possible to guard against a recurrence. . . . We knowthere's no way to make up for the inconvenience this problem may havecaused you. "

Mr Allen's "open letter to customers" was printed in lavish ads allover the country: in the Wall Street Journal, USA Today, New YorkTimes, Los Angeles Times, Chicago Tribune, Philadelphia Inquirer, SanFrancisco Chronicle Examiner, Boston Globe, Dallas Morning News, Detroit Free Press, Washington Post, Houston Chronicle, Cleveland PlainDealer, Atlanta Journal Constitution, Minneapolis Star Tribune, St. Paul Pioneer Press Dispatch, Seattle Times/Post Intelligencer, TacomaNews Tribune, Miami Herald, Pittsburgh Press, St. Louis Post Dispatch, Denver Post, Phoenix Republic Gazette and Tampa Tribune. 

In another press release, AT&T went to some pains to suggest that this"software glitch" might have happened just as easily to MCI, although, in fact, it hadn't. (MCI's switching software was quite different fromAT&T's--though not necessarily any safer. ) AT&T also announced theirplans to offer a rebate of service on Valentine's Day to make up forthe loss during the Crash. 

"Every technical resource available, including Bell Labs scientists andengineers, has been devoted to assuring it will not occur again, " thepublic was told. They were further assured that "The chances of arecurrence are small--a problem of this magnitude never occurredbefore. "

In the meantime, however, police and corporate security maintainedtheir own suspicions about "the chances of recurrence" and the realreason why a "problem of this magnitude" had appeared, seemingly out ofnowhere. Police and security knew for a fact that hackers ofunprecedented sophistication were illegally entering, andreprogramming, certain digital switching stations. Rumors of hidden"viruses" and secret "logic bombs" in the switches ran rampant in theunderground, with much chortling over AT&T's predicament, and idlespeculation over what unsung hacker genius was responsible for it. Some hackers, including police informants, were trying hard to fingerone another as the true culprits of the Crash. 

Telco people found little comfort in objectivity when they contemplatedthese possibilities. It was just too close to the bone for them; itwas embarrassing; it hurt so much, it was hard even to talk about. 

There has always been thieving and misbehavior in the phone system. There has always been trouble with the rival independents, and in thelocal loops. But to have such trouble in the core of the system, thelong-distance switching stations, is a horrifying affair. To telcopeople, this is all the difference between finding roaches in yourkitchen and big horrid sewer-rats in your bedroom. 

From the outside, to the average citizen, the telcos still seemgigantic and impersonal. The American public seems to regard them assomething akin to Soviet apparats. Even when the telcos do their bestcorporate-citizen routine, subsidizing magnet high-schools andsponsoring news-shows on public television, they seem to win littleexcept public suspicion. 

But from the inside, all this looks very different. There's harshcompetition. A legal and political system that seems baffled andbored, when not actively hostile to telco interests. There's a loss ofmorale, a deep sensation of having somehow lost the upper hand. Technological change has caused a loss of data and revenue to other, newer forms of transmission. There's theft, and new forms of theft, ofgrowing scale and boldness and sophistication. With all these factors, it was no surprise to see the telcos, large and small, break out in alitany of bitter complaint. 

In late '88 and throughout 1989, telco representatives grew shrill intheir complaints to those few American law enforcement officials whomake it their business to try to understand what telephone people aretalking about. Telco security officials had discovered thecomputer-hacker underground, infiltrated it thoroughly, and becomedeeply alarmed at its growing expertise. Here they had found a targetthat was not only loathsome on its face, but clearly ripe forcounterattack. 

Those bitter rivals: AT&T, MCI and Sprint--and a crowd of Baby Bells:PacBell, Bell South, Southwestern Bell, NYNEX, USWest, as well as theBell research consortium Bellcore, and the independent long-distancecarrier Mid-American--all were to have their role in the great hackerdragnet of 1990. After years of being battered and pushed around, thetelcos had, at least in a small way, seized the initiative again. After years of turmoil, telcos and government officials were once againto work smoothly in concert in defense of the System. Optimismblossomed; enthusiasm grew on all sides; the prospective taste ofvengeance was sweet. 

#

From the beginning--even before the crackdown had a name--secrecy was abig problem. There were many good reasons for secrecy in the hackercrackdown. Hackers and code-thieves were wily prey, slinking back totheir bedrooms and basements and destroying vital incriminatingevidence at the first hint of trouble. Furthermore, the crimesthemselves were heavily technical and difficult to describe, even topolice--much less to the general public. 

When such crimes HAD been described intelligibly to the public, in thepast, that very publicity had tended to INCREASE the crimes enormously. Telco officials, while painfully aware of the vulnerabilities of theirsystems, were anxious not to publicize those weaknesses. Experienceshowed them that those weaknesses, once discovered, would be pitilesslyexploited by tens of thousands of people--not only by professionalgrifters and by underground hackers and phone phreaks, but by manyotherwise more-or-less honest everyday folks, who regarded stealingservice from the faceless, soulless "Phone Company" as a kind ofharmless indoor sport. When it came to protecting their interests, telcos had long since given up on general public sympathy for "theVoice with a Smile. " Nowadays the telco's "Voice" was very likely tobe a computer's; and the American public showed much less of the properrespect and gratitude due the fine public service bequeathed them byDr. Bell and Mr. Vail. The more efficient, high-tech, computerized, and impersonal the telcos became, it seemed, the more they were met bysullen public resentment and amoral greed. 

Telco officials wanted to punish the phone-phreak underground, in aspublic and exemplary a manner as possible. They wanted to make direexamples of the worst offenders, to seize the ringleaders andintimidate the small fry, to discourage and frighten the wackyhobbyists, and send the professional grifters to jail. To do all this, publicity was vital. 

Yet operational secrecy was even more so. If word got out that anationwide crackdown was coming, the hackers might simply vanish;destroy the evidence, hide their computers, go to earth, and wait forthe campaign to blow over. Even the young hackers were crafty andsuspicious, and as for the professional grifters, they tended to splitfor the nearest state-line at the first sign of trouble. For thecrackdown to work well, they would all have to be caught red-handed, swept upon suddenly, out of the blue, from every corner of the compass. 

And there was another strong motive for secrecy. In the worst-casescenario, a blown campaign might leave the telcos open to a devastatinghacker counter-attack. If there were indeed hackers loose in Americawho had caused the January 15 Crash--if there were truly giftedhackers, loose in the nation's long-distance switching systems, andenraged or frightened by the crackdown--then they might reactunpredictably to an attempt to collar them. Even if caught, they mighthave talented and vengeful friends still running around loose. Conceivably, it could turn ugly. Very ugly. In fact, it was hard toimagine just how ugly things might turn, given that possibility. 

Counter-attack from hackers was a genuine concern for the telcos. Inpoint of fact, they would never suffer any such counter-attack. But inmonths to come, they would be at some pains to publicize this notionand to utter grim warnings about it. 

Still, that risk seemed well worth running. Better to run the risk ofvengeful attacks, than to live at the mercy of potential crashers. Anycop would tell you that a protection racket had no real future. 

And publicity was such a useful thing. Corporate security officers, including telco security, generally work under conditions of greatdiscretion. And corporate security officials do not make money fortheir companies. Their job is to PREVENT THE LOSS of money, which ismuch less glamorous than actually winning profits. 

If you are a corporate security official, and you do your jobbrilliantly, then nothing bad happens to your company at all. Becauseof this, you appear completely superfluous. This is one of the manyunattractive aspects of security work. It's rare that these folks havethe chance to draw some healthy attention to their own efforts. 

Publicity also served the interest of their friends in law enforcement. Public officials, including law enforcement officials, thrive byattracting favorable public interest. A brilliant prosecution in amatter of vital public interest can make the career of a prosecutingattorney. And for a police officer, good publicity opens the purses ofthe legislature; it may bring a citation, or a promotion, or at least arise in status and the respect of one's peers. 

But to have both publicity and secrecy is to have one's cake and eat ittoo. In months to come, as we will show, this impossible act was tocause great pain to the agents of the crackdown. But early on, itseemed possible--maybe even likely--that the crackdown couldsuccessfully combine the best of both worlds. The ARREST of hackerswould be heavily publicized. The actual DEEDS of the hackers, whichwere technically hard to explain and also a security risk, would beleft decently obscured. The THREAT hackers posed would be heavilytrumpeted; the likelihood of their actually committing such fearsomecrimes would be left to the public's imagination. The spread of thecomputer underground, and its growing technical sophistication, wouldbe heavily promoted; the actual hackers themselves, mostlybespectacled middle-class white suburban teenagers, would be denied anypersonal publicity. 

It does not seem to have occurred to any telco official that thehackers accused would demand a day in court; that journalists wouldsmile upon the hackers as "good copy;" that wealthy high-techentrepreneurs would offer moral and financial support to crackdownvictims; that constitutional lawyers would show up with briefcases, frowning mightily. This possibility does not seem to have ever enteredthe game-plan. 

And even if it had, it probably would not have slowed the ferociouspursuit of a stolen phone-company document, mellifluously known as"Control Office Administration of Enhanced 911 Services for SpecialServices and Major Account Centers. "

In the chapters to follow, we will explore the worlds of police and thecomputer underground, and the large shadowy area where they overlap. But first, we must explore the battleground. Before we leave the worldof the telcos, we must understand what a switching system actually isand how your telephone actually works. 

#

To the average citizen, the idea of the telephone is represented by, well, a TELEPHONE: a device that you talk into. To a telcoprofessional, however, the telephone itself is known, in lordlyfashion, as a "subset. " The "subset" in your house is a mere adjunct, a distant nerve ending, of the central switching stations, which areranked in levels of heirarchy, up to the long-distance electronicswitching stations, which are some of the largest computers on earth. 

Let us imagine that it is, say, 1925, before the introduction ofcomputers, when the phone system was simpler and somewhat easier tograsp. Let's further imagine that you are Miss Leticia Luthor, afictional operator for Ma Bell in New York City of the 20s. 

Basically, you, Miss Luthor, ARE the "switching system. " You aresitting in front of a large vertical switchboard, known as a"cordboard, " made of shiny wooden panels, with ten thousandmetal-rimmed holes punched in them, known as jacks. The engineerswould have put more holes into your switchboard, but ten thousand is asmany as you can reach without actually having to get up out of yourchair. 

Each of these ten thousand holes has its own little electric lightbulb, known as a "lamp, " and its own neatly printed number code. 

With the ease of long habit, you are scanning your board for lit-upbulbs. This is what you do most of the time, so you are used to it. 

A lamp lights up. This means that the phone at the end of that linehas been taken off the hook. Whenever a handset is taken off the hook, that closes a circuit inside the phone which then signals the localoffice, i. E. You, automatically. There might be somebody calling, orthen again the phone might be simply off the hook, but this does notmatter to you yet. The first thing you do, is record that number inyour logbook, in your fine American public-school handwriting. Thiscomes first, naturally, since it is done for billing purposes. 

You now take the plug of your answering cord, which goes directly toyour headset, and plug it into the lit-up hole. "Operator, " youannounce. 

In operator's classes, before taking this job, you have been issued alarge pamphlet full of canned operator's responses for all kinds ofcontingencies, which you had to memorize. You have also been trainedin a proper non-regional, non-ethnic pronunciation and tone of voice. You rarely have the occasion to make any spontaneous remark to acustomer, and in fact this is frowned upon (except out on the rurallines where people have time on their hands and get up to all kinds ofmischief). 

A tough-sounding user's voice at the end of the line gives you anumber. Immediately, you write that number down in your logbook, nextto the caller's number, which you just wrote earlier. You then lookand see if the number this guy wants is in fact on your switchboard, which it generally is, since it's generally a local call. Longdistance costs so much that people use it sparingly. 

Only then do you pick up a calling-cord from a shelf at the base of theswitchboard. This is a long elastic cord mounted on a kind of reel sothat it will zip back in when you unplug it. There are a lot of cordsdown there, and when a bunch of them are out at once they look like anest of snakes. Some of the girls think there are bugs living in thosecable-holes. They're called "cable mites" and are supposed to biteyour hands and give you rashes. You don't believe this, yourself. 

Gripping the head of your calling-cord, you slip the tip of it deftlyinto the sleeve of the jack for the called person. Not all the way in, though. You just touch it. If you hear a clicking sound, that meansthe line is busy and you can't put the call through. If the line isbusy, you have to stick the calling-cord into a "busy-tone jack, " whichwill give the guy a busy-tone. This way you don't have to talk to himyourself and absorb his natural human frustration. 

But the line isn't busy. So you pop the cord all the way in. Relaycircuits in your board make the distant phone ring, and if somebodypicks it up off the hook, then a phone conversation starts. You canhear this conversation on your answering cord, until you unplug it. Infact you could listen to the whole conversation if you wanted, but thisis sternly frowned upon by management, and frankly, when you'veoverheard one, you've pretty much heard 'em all. 

You can tell how long the conversation lasts by the glow of thecalling-cord's lamp, down on the calling-cord's shelf. When it's over, you unplug and the calling-cord zips back into place. 

Having done this stuff a few hundred thousand times, you become quitegood at it. In fact you're plugging, and connecting, anddisconnecting, ten, twenty, forty cords at a time. It's a manualhandicraft, really, quite satisfying in a way, rather like weaving onan upright loom. 

Should a long-distance call come up, it would be different, but not allthat different. Instead of connecting the call through your own localswitchboard, you have to go up the hierarchy, onto the long-distancelines, known as "trunklines. " Depending on how far the call goes, itmay have to work its way through a whole series of operators, which cantake quite a while. The caller doesn't wait on the line while thiscomplex process is negotiated across the country by the gaggle ofoperators. Instead, the caller hangs up, and you call him backyourself when the call has finally worked its way through. 

After four or five years of this work, you get married, and you have toquit your job, this being the natural order of womanhood in theAmerican 1920s. The phone company has to train somebody else--maybetwo people, since the phone system has grown somewhat in the meantime. And this costs money. 

In fact, to use any kind of human being as a switching system is a veryexpensive proposition. Eight thousand Leticia Luthors would be badenough, but a quarter of a million of them is a military-scaleproposition and makes drastic measures in automation financiallyworthwhile. 

Although the phone system continues to grow today, the number of humanbeings employed by telcos has been dropping steadily for years. Phone"operators" now deal with nothing but unusual contingencies, allroutine operations having been shrugged off onto machines. Consequently, telephone operators are considerably less machine-likenowadays, and have been known to have accents and actual character intheir voices. When you reach a human operator today, the operators arerather more "human" than they were in Leticia's day--but on the otherhand, human beings in the phone system are much harder to reach in thefirst place. 

Over the first half of the twentieth century, "electromechanical"switching systems of growing complexity were cautiously introduced intothe phone system. In certain backwaters, some of these hybrid systemsare still in use. But after 1965, the phone system began to gocompletely electronic, and this is by far the dominant mode today. Electromechanical systems have "crossbars, " and "brushes, " and otherlarge moving mechanical parts, which, while faster and cheaper thanLeticia, are still slow, and tend to wear out fairly quickly. 

But fully electronic systems are inscribed on silicon chips, and arelightning-fast, very cheap, and quite durable. They are much cheaperto maintain than even the best electromechanical systems, and they fitinto half the space. And with every year, the silicon chip growssmaller, faster, and cheaper yet. Best of all, automated electronicswork around the clock and don't have salaries or health insurance. 

There are, however, quite serious drawbacks to the use ofcomputer-chips. When they do break down, it is a daunting challenge tofigure out what the heck has gone wrong with them. A broken cordboardgenerally had a problem in it big enough to see. A broken chip hasinvisible, microscopic faults. And the faults in bad software can beso subtle as to be practically theological. 

If you want a mechanical system to do something new, then you musttravel to where it is, and pull pieces out of it, and wire in newpieces. This costs money. However, if you want a chip to do somethingnew, all you have to do is change its software, which is easy, fast anddirt-cheap. You don't even have to see the chip to change its program. Even if you did see the chip, it wouldn't look like much. A chip withprogram X doesn't look one whit different from a chip with program Y. 

With the proper codes and sequences, and access to specializedphone-lines, you can change electronic switching systems all overAmerica from anywhere you please. 

And so can other people. If they know how, and if they want to, theycan sneak into a microchip via the special phonelines and diddle withit, leaving no physical trace at all. If they broke into theoperator's station and held Leticia at gunpoint, that would be veryobvious. If they broke into a telco building and went after anelectromechanical switch with a toolbelt, that would at least leavemany traces. But people can do all manner of amazing things tocomputer switches just by typing on a keyboard, and keyboards areeverywhere today. The extent of this vulnerability is deep, dark, broad, almost mind-boggling, and yet this is a basic, primal fact oflife about any computer on a network. 

Security experts over the past twenty years have insisted, with growingurgency, that this basic vulnerability of computers represents anentirely new level of risk, of unknown but obviously dire potential tosociety. And they are right. 

An electronic switching station does pretty much everything Letitiadid, except in nanoseconds and on a much larger scale. Compared toMiss Luthor's ten thousand jacks, even a primitive 1ESS switchingcomputer, 60s vintage, has a 128, 000 lines. And the current AT&Tsystem of choice is the monstrous fifth-generation 5ESS. 

An Electronic Switching Station can scan every line on its "board" in atenth of a second, and it does this over and over, tirelessly, aroundthe clock. Instead of eyes, it uses "ferrod scanners" to check thecondition of local lines and trunks. Instead of hands, it has "signaldistributors, " "central pulse distributors, " "magnetic latchingrelays, " and "reed switches, " which complete and break the calls. Instead of a brain, it has a "central processor. " Instead of aninstruction manual, it has a program. Instead of a handwritten logbookfor recording and billing calls, it has magnetic tapes. And it neverhas to talk to anybody. Everything a customer might say to it is doneby punching the direct-dial tone buttons on your subset. 

Although an Electronic Switching Station can't talk, it does need aninterface, some way to relate to its, er, employers. This interface isknown as the "master control center. " (This interface might be betterknown simply as "the interface, " since it doesn't actually "control"phone calls directly. However, a term like "Master Control Center" isjust the kind of rhetoric that telco maintenance engineers--andhackers--find particularly satisfying. )

Using the master control center, a phone engineer can test local andtrunk lines for malfunctions. He (rarely she) can check various alarmdisplays, measure traffic on the lines, examine the records oftelephone usage and the charges for those calls, and change theprogramming. 

And, of course, anybody else who gets into the master control center byremote control can also do these things, if he (rarely she) has managedto figure them out, or, more likely, has somehow swiped the knowledgefrom people who already know. 

In 1989 and 1990, one particular RBOC, BellSouth, which feltparticularly troubled, spent a purported $1. 2 million on computersecurity. Some think it spent as much as two million, if you count allthe associated costs. Two million dollars is still very littlecompared to the great cost-saving utility of telephonic computersystems. 

Unfortunately, computers are also stupid. Unlike human beings, computers possess the truly profound stupidity of the inanimate. 

In the 1960s, in the first shocks of spreading computerization, therewas much easy talk about the stupidity of computers--how they could"only follow the program" and were rigidly required to do "only whatthey were told. " There has been rather less talk about the stupidityof computers since they began to achieve grandmaster status in chesstournaments, and to manifest many other impressive forms of apparentcleverness. 

Nevertheless, computers STILL are profoundly brittle and stupid; theyare simply vastly more subtle in their stupidity and brittleness. Thecomputers of the 1990s are much more reliable in their components thanearlier computer systems, but they are also called upon to do far morecomplex things, under far more challenging conditions. 

On a basic mathematical level, every single line of a software programoffers a chance for some possible screwup. Software does not sit stillwhen it works; it "runs, " it interacts with itself and with its owninputs and outputs. By analogy, it stretches like putty into millionsof possible shapes and conditions, so many shapes that they can neverall be successfully tested, not even in the lifespan of the universe. Sometimes the putty snaps. 

The stuff we call "software" is not like anything that human society isused to thinking about. Software is something like a machine, andsomething like mathematics, and something like language, and somethinglike thought, and art, and information. . . . But software is not in factany of those other things. The protean quality of software is one ofthe great sources of its fascination. It also makes software verypowerful, very subtle, very unpredictable, and very risky. 

Some software is bad and buggy. Some is "robust, " even "bulletproof. "The best software is that which has been tested by thousands of usersunder thousands of different conditions, over years. It is then knownas "stable. " This does NOT mean that the software is now flawless, free of bugs. It generally means that there are plenty of bugs in it, but the bugs are well-identified and fairly well understood. 

There is simply no way to assure that software is free of flaws. Though software is mathematical in nature, it cannot by "proven" like amathematical theorem; software is more like language, with inherentambiguities, with different definitions, different assumptions, different levels of meaning that can conflict. 

Human beings can manage, more or less, with human language because wecan catch the gist of it. 

Computers, despite years of effort in "artificial intelligence, " haveproven spectacularly bad in "catching the gist" of anything at all. The tiniest bit of semantic grit may still bring the mightiest computertumbling down. One of the most hazardous things you can do to acomputer program is try to improve it--to try to make it safer. Software "patches" represent new, untried un-"stable" software, whichis by definition riskier. 

The modern telephone system has come to depend, utterly andirretrievably, upon software. And the System Crash of January 15, 1990, was caused by an IMPROVEMENT in software. Or rather, anATTEMPTED improvement. 

As it happened, the problem itself--the problem per se--took this form. A piece of telco software had been written in C language, a standardlanguage of the telco field. Within the C software was a long "do . . . While" construct. The "do . . . While" construct contained a "switch"statement. The "switch" statement contained an "if" clause. The "if"clause contained a "break. " The "break" was SUPPOSED to "break" the"if clause. " Instead, the "break" broke the "switch" statement. 

That was the problem, the actual reason why people picking up phones onJanuary 15, 1990, could not talk to one another. 

Or at least, that was the subtle, abstract, cyberspatial seed of theproblem. This is how the problem manifested itself from the realm ofprogramming into the realm of real life. 

The System 7 software for AT&T's 4ESS switching station, the "Generic44E14 Central Office Switch Software, " had been extensively tested, andwas considered very stable. By the end of 1989, eighty of AT&T'sswitching systems nationwide had been programmed with the new software. Cautiously, thirty-four stations were left to run the slower, less-capable System 6, because AT&T suspected there might be shakedownproblems with the new and unprecedently sophisticated System 7 network. 

The stations with System 7 were programmed to switch over to a backupnet in case of any problems. In mid-December 1989, however, a newhigh-velocity, high-security software patch was distributed to each ofthe 4ESS switches that would enable them to switch over even morequickly, making the System 7 network that much more secure. 

Unfortunately, every one of these 4ESS switches was now in possessionof a small but deadly flaw. 

In order to maintain the network, switches must monitor the conditionof other switches--whether they are up and running, whether they havetemporarily shut down, whether they are overloaded and in need ofassistance, and so forth. The new software helped control thisbookkeeping function by monitoring the status calls from other switches. 

It only takes four to six seconds for a troubled 4ESS switch to riditself of all its calls, drop everything temporarily, and re-boot itssoftware from scratch. Starting over from scratch will generally ridthe switch of any software problems that may have developed in thecourse of running the system. Bugs that arise will be simply wiped outby this process. It is a clever idea. This process of automaticallyre-booting from scratch is known as the "normal fault recoveryroutine. " Since AT&T's software is in fact exceptionally stable, systems rarely have to go into "fault recovery" in the first place; butAT&T has always boasted of its "real world" reliability, and thistactic is a belt-and-suspenders routine. 

The 4ESS switch used its new software to monitor its fellow switches asthey recovered from faults. As other switches came back on line afterrecovery, they would send their "OK" signals to the switch. The switchwould make a little note to that effect in its "status map, "recognizing that the fellow switch was back and ready to go, and shouldbe sent some calls and put back to regular work. 

Unfortunately, while it was busy bookkeeping with the status map, thetiny flaw in the brand-new software came into play. The flaw causedthe 4ESS switch to interact, subtly but drastically, with incomingtelephone calls from human users. If--and only if--two incomingphone-calls happened to hit the switch within a hundredth of a second, then a small patch of data would be garbled by the flaw. 

But the switch had been programmed to monitor itself constantly for anypossible damage to its data. When the switch perceived that its datahad been somehow garbled, then it too would go down, for swift repairsto its software. It would signal its fellow switches not to send anymore work. It would go into the fault-recovery mode for four to sixseconds. And then the switch would be fine again, and would send outits "OK, ready for work" signal. 

However, the "OK, ready for work" signal was the VERY THING THAT HADCAUSED THE SWITCH TO GO DOWN IN THE FIRST PLACE. And ALL the System 7switches had the same flaw in their status-map software. As soon asthey stopped to make the bookkeeping note that their fellow switch was"OK, " then they too would become vulnerable to the slight chance thattwo phone-calls would hit them within a hundredth of a second. 

At approximately 2:25 P. M. EST on Monday, January 15, one of AT&T's4ESS toll switching systems in New York City had an actual, legitimate, minor problem. It went into fault recovery routines, announced "I'mgoing down, " then announced, "I'm back, I'm OK. " And this cheerymessage then blasted throughout the network to many of its fellow 4ESSswitches. 

Many of the switches, at first, completely escaped trouble. Theselucky switches were not hit by the coincidence of two phone callswithin a hundredth of a second. Their software did not fail--at first. But three switches--in Atlanta, St. Louis, and Detroit--were unlucky, and were caught with their hands full. And they went down. And theycame back up, almost immediately. And they too began to broadcast thelethal message that they, too, were "OK" again, activating the lurkingsoftware bug in yet other switches. 

As more and more switches did have that bit of bad luck and collapsed, the call-traffic became more and more densely packed in the remainingswitches, which were groaning to keep up with the load. And of course, as the calls became more densely packed, the switches were MUCH MORELIKELY to be hit twice within a hundredth of a second. 

It only took four seconds for a switch to get well. There was noPHYSICAL damage of any kind to the switches, after all. Physically, they were working perfectly. This situation was "only" a softwareproblem. 

But the 4ESS switches were leaping up and down every four to sixseconds, in a virulent spreading wave all over America, in utter, manic, mechanical stupidity. They kept KNOCKING one another down withtheir contagious "OK" messages. 

It took about ten minutes for the chain reaction to cripple thenetwork. Even then, switches would periodically luck-out and manage toresume their normal work. Many calls--millions of them--were managingto get through. But millions weren't. 

The switching stations that used System 6 were not directly affected. Thanks to these old-fashioned switches, AT&T's national system avoidedcomplete collapse. This fact also made it clear to engineers thatSystem 7 was at fault. 

Bell Labs engineers, working feverishly in New Jersey, Illinois, andOhio, first tried their entire repertoire of standard network remedieson the malfunctioning System 7. None of the remedies worked, ofcourse, because nothing like this had ever happened to any phone systembefore. 

By cutting out the backup safety network entirely, they were able toreduce the frenzy of "OK" messages by about half. The system thenbegan to recover, as the chain reaction slowed. By 11:30 P. M. OnMonday January 15, sweating engineers on the midnight shift breathed asigh of relief as the last switch cleared-up. 

By Tuesday they were pulling all the brand-new 4ESS software andreplacing it with an earlier version of System 7. 

If these had been human operators, rather than computers at work, someone would simply have eventually stopped screaming. It would havebeen OBVIOUS that the situation was not "OK, " and common sense wouldhave kicked in. Humans possess common sense--at least to some extent. Computers simply don't. 

On the other hand, computers can handle hundreds of calls per second. Humans simply can't. If every single human being in America worked forthe phone company, we couldn't match the performance of digitalswitches: direct-dialling, three-way calling, speed-calling, call-waiting, Caller ID, all the rest of the cornucopia of digitalbounty. Replacing computers with operators is simply not an option anymore. 

And yet we still, anachronistically, expect humans to be running ourphone system. It is hard for us to understand that we have sacrificedhuge amounts of initiative and control to senseless yet powerfulmachines. When the phones fail, we want somebody to be responsible. We want somebody to blame. 

When the Crash of January 15 happened, the American populace was simplynot prepared to understand that enormous landslides in cyberspace, likethe Crash itself, can happen, and can be nobody's fault in particular. It was easier to believe, maybe even in some odd way more reassuring tobelieve, that some evil person, or evil group, had done this to us. "Hackers" had done it. With a virus. A trojan horse. A softwarebomb. A dirty plot of some kind. People believed this, responsiblepeople. In 1990, they were looking hard for evidence to confirm theirheartfelt suspicions. 

And they would look in a lot of places. 

Come 1991, however, the outlines of an apparent new reality would beginto emerge from the fog. 

On July 1 and 2, 1991, computer-software collapses in telephoneswitching stations disrupted service in Washington DC, Pittsburgh, LosAngeles and San Francisco. Once again, seemingly minor maintenanceproblems had crippled the digital System 7. About twelve millionpeople were affected in the Crash of July 1, 1991. 

Said the New York Times Service: "Telephone company executives andfederal regulators said they were not ruling out the possibility ofsabotage by computer hackers, but most seemed to think the problemsstemmed from some unknown defect in the software running the networks. "

And sure enough, within the week, a red-faced software company, DSCCommunications Corporation of Plano, Texas, owned up to "glitches" inthe "signal transfer point" software that DSC had designed for BellAtlantic and Pacific Bell. The immediate cause of the July 1 Crash wasa single mistyped character: one tiny typographical flaw in one singleline of the software. One mistyped letter, in one single line, haddeprived the nation's capital of phone service. It was notparticularly surprising that this tiny flaw had escaped attention: atypical System 7 station requires TEN MILLION lines of code. 

On Tuesday, September 17, 1991, came the most spectacular outage yet. This case had nothing to do with software failures--at least, notdirectly. Instead, a group of AT&T's switching stations in New YorkCity had simply run out of electrical power and shut down cold. Theirback-up batteries had failed. Automatic warning systems were supposedto warn of the loss of battery power, but those automatic systems hadfailed as well. 

This time, Kennedy, La Guardia, and Newark airports all had their voiceand data communications cut. This horrifying event was particularlyironic, as attacks on airport computers by hackers had long been astandard nightmare scenario, much trumpeted by computer-securityexperts who feared the computer underground. There had even been aHollywood thriller about sinister hackers ruining airportcomputers--DIE HARD II. 

Now AT&T itself had crippled airports with computer malfunctions--notjust one airport, but three at once, some of the busiest in the world. 

Air traffic came to a standstill throughout the Greater New York area, causing more than 500 flights to be cancelled, in a spreading wave allover America and even into Europe. Another 500 or so flights weredelayed, affecting, all in all, about 85, 000 passengers. (One of thesepassengers was the chairman of the Federal Communications Commission. )

Stranded passengers in New York and New Jersey were further infuriatedto discover that they could not even manage to make a long distancephone call, to explain their delay to loved ones or businessassociates. Thanks to the crash, about four and a half milliondomestic calls, and half a million international calls, failed to getthrough. 

The September 17 NYC Crash, unlike the previous ones, involved not awhisper of "hacker" misdeeds. On the contrary, by 1991, AT&T itselfwas suffering much of the vilification that had formerly been directedat hackers. Congressmen were grumbling. So were state and federalregulators. And so was the press. 

For their part, ancient rival MCI took out snide full-page newspaperads in New York, offering their own long-distance services for the"next time that AT&T goes down. "

"You wouldn't find a classy company like AT&T using such advertising, "protested AT&T Chairman Robert Allen, unconvincingly. Once again, outcame the full-page AT&T apologies in newspapers, apologies for "aninexcusable culmination of both human and mechanical failure. " (Thistime, however, AT&T offered no discount on later calls. Unkind criticssuggested that AT&T were worried about setting any precedent forrefunding the financial losses caused by telephone crashes. )

Industry journals asked publicly if AT&T was "asleep at the switch. "The telephone network, America's purported marvel of high-techreliability, had gone down three times in 18 months. Fortune magazinelisted the Crash of September 17 among the "Biggest Business Goofs of1991, " cruelly parodying AT&T's ad campaign in an article entitled"AT&T Wants You Back (Safely On the Ground, God Willing). "

Why had those New York switching systems simply run out of power?Because no human being had attended to the alarm system. Why did thealarm systems blare automatically, without any human being noticing?Because the three telco technicians who SHOULD have been listening wereabsent from their stations in the power-room, on another floor of thebuilding--attending a training class. A training class about the alarmsystems for the power room!

"Crashing the System" was no longer "unprecedented" by late 1991. Onthe contrary, it no longer even seemed an oddity. By 1991, it wasclear that all the policemen in the world could no longer "protect" thephone system from crashes. By far the worst crashes the system hadever had, had been inflicted, by the system, upon ITSELF. And thistime nobody was making cocksure statements that this was an anomaly, something that would never happen again. By 1991 the System'sdefenders had met their nebulous Enemy, and the Enemy was--the System. 

PART TWO: THE DIGITAL UNDERGROUND

The date was May 9, 1990. The Pope was touring Mexico City. Hustlersfrom the Medellin Cartel were trying to buy black-market Stingermissiles in Florida. On the comics page, Doonesbury character Andy wasdying of AIDS. And then . . . A highly unusual item whose novelty andcalculated rhetoric won it headscratching attention in newspapers allover America. 

The US Attorney's office in Phoenix, Arizona, had issued a pressrelease announcing a nationwide law enforcement crackdown against"illegal computer hacking activities. " The sweep was officially knownas "Operation Sundevil. "

Eight paragraphs in the press release gave the bare facts: twenty-sevensearch warrants carried out on May 8, with three arrests, and a hundredand fifty agents on the prowl in "twelve" cities across America. (Different counts in local press reports yielded "thirteen, ""fourteen, " and "sixteen" cities. ) Officials estimated that criminallosses of revenue to telephone companies "may run into millions ofdollars. " Credit for the Sundevil investigations was taken by the USSecret Service, Assistant US Attorney Tim Holtzen of Phoenix, and theAssistant Attorney General of Arizona, Gail Thackeray. 

The prepared remarks of Garry M. Jenkins, appearing in a U. S. Department of Justice press release, were of particular interest. Mr. Jenkins was the Assistant Director of the US Secret Service, and thehighest-ranking federal official to take any direct public role in thehacker crackdown of 1990. 

"Today, the Secret Service is sending a clear message to those computerhackers who have decided to violate the laws of this nation in themistaken belief that they can successfully avoid detection by hidingbehind the relative anonymity of their computer terminals. ( . . . )"Underground groups have been formed for the purpose of exchanginginformation relevant to their criminal activities. These groups oftencommunicate with each other through message systems between computerscalled 'bulletin boards. ' "Our experience shows that many computerhacker suspects are no longer misguided teenagers, mischievouslyplaying games with their computers in their bedrooms. Some are nowhigh tech computer operators using computers to engage in unlawfulconduct. "

Who were these "underground groups" and "high-tech operators?" Wherehad they come from? What did they want? Who WERE they? Were they"mischievous?" Were they dangerous? How had "misguided teenagers"managed to alarm the United States Secret Service? And just howwidespread was this sort of thing?

Of all the major players in the Hacker Crackdown: the phone companies, law enforcement, the civil libertarians, and the "hackers"themselves--the "hackers" are by far the most mysterious, by far thehardest to understand, by far the WEIRDEST. 

Not only are "hackers" novel in their activities, but they come in avariety of odd subcultures, with a variety of languages, motives andvalues. 

The earliest proto-hackers were probably those unsung mischievoustelegraph boys who were summarily fired by the Bell Company in 1878. 

Legitimate "hackers, " those computer enthusiasts who areindependent-minded but law-abiding, generally trace their spiritualancestry to elite technical universities, especially M. I. T. AndStanford, in the 1960s. 

But the genuine roots of the modern hacker UNDERGROUND can probably betraced most successfully to a now much-obscured hippie anarchistmovement known as the Yippies. The Yippies, who took their name fromthe largely fictional "Youth International Party, " carried out a loudand lively policy of surrealistic subversion and outrageous politicalmischief. Their basic tenets were flagrant sexual promiscuity, openand copious drug use, the political overthrow of any powermonger overthirty years of age, and an immediate end to the war in Vietnam, by anymeans necessary, including the psychic levitation of the Pentagon. 

The two most visible Yippies were Abbie Hoffman and Jerry Rubin. Rubineventually became a Wall Street broker. Hoffman, ardently sought byfederal authorities, went into hiding for seven years, in Mexico, France, and the United States. While on the lam, Hoffman continued towrite and publish, with help from sympathizers in the Americananarcho-leftist underground. Mostly, Hoffman survived through false IDand odd jobs. Eventually he underwent facial plastic surgery andadopted an entirely new identity as one "Barry Freed. " Aftersurrendering himself to authorities in 1980, Hoffman spent a year inprison on a cocaine conviction. 

Hoffman's worldview grew much darker as the glory days of the 1960sfaded. In 1989, he purportedly committed suicide, under odd and, tosome, rather suspicious circumstances. 

Abbie Hoffman is said to have caused the Federal Bureau ofInvestigation to amass the single largest investigation file everopened on an individual American citizen. (If this is true, it isstill questionable whether the FBI regarded Abbie Hoffman a seriouspublic threat--quite possibly, his file was enormous simply becauseHoffman left colorful legendry wherever he went). He was a giftedpublicist, who regarded electronic media as both playground and weapon. He actively enjoyed manipulating network TV and other gullible, image-hungry media, with various weird lies, mindboggling rumors, impersonation scams, and other sinister distortions, all absolutelyguaranteed to upset cops, Presidential candidates, and federal judges. Hoffman's most famous work was a book self-reflexively known as STEALTHIS BOOK, which publicized a number of methods by which young, penniless hippie agitators might live off the fat of a system supportedby humorless drones. STEAL THIS BOOK, whose title urged readers todamage the very means of distribution which had put it into theirhands, might be described as a spiritual ancestor of a computer virus. 

Hoffman, like many a later conspirator, made extensive use ofpay-phones for his agitation work--in his case, generally through theuse of cheap brass washers as coin-slugs. 

During the Vietnam War, there was a federal surtax imposed on telephoneservice; Hoffman and his cohorts could, and did, argue that insystematically stealing phone service they were engaging in civildisobedience: virtuously denying tax funds to an illegal and immoralwar. 

But this thin veil of decency was soon dropped entirely. Ripping-offthe System found its own justification in deep alienation and a basicoutlaw contempt for conventional bourgeois values. Ingenious, vaguelypoliticized varieties of rip-off, which might be described as "anarchyby convenience, " became very popular in Yippie circles, and becauserip-off was so useful, it was to survive the Yippie movement itself. 

In the early 1970s, it required fairly limited expertise and ingenuityto cheat payphones, to divert "free" electricity and gas service, or torob vending machines and parking meters for handy pocket change. Italso required a conspiracy to spread this knowledge, and the gall andnerve actually to commit petty theft, but the Yippies had thesequalifications in plenty. In June 1971, Abbie Hoffman and a telephoneenthusiast sarcastically known as "Al Bell" began publishing anewsletter called Youth International Party Line. This newsletter wasdedicated to collating and spreading Yippie rip-off techniques, especially of phones, to the joy of the freewheeling underground andthe insensate rage of all straight people. As a political tactic, phone-service theft ensured that Yippie advocates would always haveready access to the long-distance telephone as a medium, despite theYippies' chronic lack of organization, discipline, money, or even asteady home address. 

PARTY LINE was run out of Greenwich Village for a couple of years, then"Al Bell" more or less defected from the faltering ranks of Yippiedom, changing the newsletter's name to TAP or Technical Assistance Program. After the Vietnam War ended, the steam began leaking rapidly out ofAmerican radical dissent. But by this time, "Bell" and his dozen or socore contributors had the bit between their teeth, and had begun toderive tremendous gut-level satisfaction from the sensation of pureTECHNICAL POWER. 

TAP articles, once highly politicized, became pitilessly jargonized andtechnical, in homage or parody to the Bell System's own technicaldocuments, which TAP studied closely, gutted, and reproduced withoutpermission. The TAP elite revelled in gloating possession of thespecialized knowledge necessary to beat the system. 

"Al Bell" dropped out of the game by the late 70s, and "Tom Edison"took over; TAP readers (some 1400 of them, all told) now began to showmore interest in telex switches and the growing phenomenon of computersystems. 

In 1983, "Tom Edison" had his computer stolen and his house set on fireby an arsonist. This was an eventually mortal blow to TAP (though thelegendary name was to be resurrected in 1990 by a young Kentuckiancomputer-outlaw named "Predat0r. ")

#

Ever since telephones began to make money, there have been peoplewilling to rob and defraud phone companies. The legions of petty phonethieves vastly outnumber those "phone phreaks" who "explore thesystem" for the sake of the intellectual challenge. The New Yorkmetropolitan area (long in the vanguard of American crime) claims over150, 000 physical attacks on pay telephones every year! Studiedcarefully, a modern payphone reveals itself as a little fortress, carefully designed and redesigned over generations, to resistcoin-slugs, zaps of electricity, chunks of coin-shaped ice, prybars, magnets, lockpicks, blasting caps. Public pay-phones must survive in aworld of unfriendly, greedy people, and a modern payphone is asexquisitely evolved as a cactus. 

Because the phone network pre-dates the computer network, the scofflawsknown as "phone phreaks" pre-date the scofflaws known as "computerhackers. " In practice, today, the line between "phreaking" and"hacking" is very blurred, just as the distinction between telephonesand computers has blurred. The phone system has been digitized, andcomputers have learned to "talk" over phone-lines. What's worse--andthis was the point of the Mr. Jenkins of the Secret Service--somehackers have learned to steal, and some thieves have learned to hack. 

Despite the blurring, one can still draw a few useful behavioraldistinctions between "phreaks" and "hackers. " Hackers are intenselyinterested in the "system" per se, and enjoy relating to machines. "Phreaks" are more social, manipulating the system in a rough-and-readyfashion in order to get through to other human beings, fast, cheap andunder the table. 

Phone phreaks love nothing so much as "bridges, " illegal conferencecalls of ten or twelve chatting conspirators, seaboard to seaboard, lasting for many hours--and running, of course, on somebody else'stab, preferably a large corporation's. 

As phone-phreak conferences wear on, people drop out (or simply leavethe phone off the hook, while they sashay off to work or school orbabysitting), and new people are phoned up and invited to join in, fromsome other continent, if possible. Technical trivia, boasts, brags, lies, head-trip deceptions, weird rumors, and cruel gossip are allfreely exchanged. 

The lowest rung of phone-phreaking is the theft of telephone accesscodes. Charging a phone call to somebody else's stolen number is, ofcourse, a pig-easy way of stealing phone service, requiring practicallyno technical expertise. This practice has been very widespread, especially among lonely people without much money who are far fromhome. Code theft has flourished especially in college dorms, militarybases, and, notoriously, among roadies for rock bands. Of late, codetheft has spread very rapidly among Third Worlders in the US, who pileup enormous unpaid long-distance bills to the Caribbean, South America, and Pakistan. 

The simplest way to steal phone-codes is simply to look over a victim'sshoulder as he punches-in his own code-number on a public payphone. This technique is known as "shoulder-surfing, " and is especially commonin airports, bus terminals, and train stations. The code is then soldby the thief for a few dollars. The buyer abusing the code has nocomputer expertise, but calls his Mom in New York, Kingston or Caracasand runs up a huge bill with impunity. The losses from this primitivephreaking activity are far, far greater than the monetary losses causedby computer-intruding hackers. 

In the mid-to-late 1980s, until the introduction of sterner telcosecurity measures, COMPUTERIZED code theft worked like a charm, and wasvirtually omnipresent throughout the digital underground, among phreaksand hackers alike. This was accomplished through programming one'scomputer to try random code numbers over the telephone until one ofthem worked. Simple programs to do this were widely available in theunderground; a computer running all night was likely to come up with adozen or so useful hits. This could be repeated week after week untilone had a large library of stolen codes. 

Nowadays, the computerized dialling of hundreds of numbers can bedetected within hours and swiftly traced. If a stolen code isrepeatedly abused, this too can be detected within a few hours. Butfor years in the 1980s, the publication of stolen codes was a kind ofelementary etiquette for fledgling hackers. The simplest way toestablish your bona-fides as a raider was to steal a code throughrepeated random dialling and offer it to the "community" for use. Codes could be both stolen, and used, simply and easily from the safetyof one's own bedroom, with very little fear of detection or punishment. 

Before computers and their phone-line modems entered American homes ingigantic numbers, phone phreaks had their own specialtelecommunications hardware gadget, the famous "blue box. " This frauddevice (now rendered increasingly useless by the digital evolution ofthe phone system) could trick switching systems into granting freeaccess to long-distance lines. It did this by mimicking the system'sown signal, a tone of 2600 hertz. 

Steven Jobs and Steve Wozniak, the founders of Apple Computer, Inc. , once dabbled in selling blue-boxes in college dorms in California. Formany, in the early days of phreaking, blue-boxing was scarcelyperceived as "theft, " but rather as a fun (if sneaky) way to use excessphone capacity harmlessly. After all, the long-distance lines wereJUST SITTING THERE. . . . Whom did it hurt, really? If you're notDAMAGING the system, and you're not USING UP ANY TANGIBLE RESOURCE, and if nobody FINDS OUT what you did, then what real harm have youdone? What exactly HAVE you "stolen, " anyway? If a tree falls in theforest and nobody hears it, how much is the noise worth? Even now thisremains a rather dicey question. 

Blue-boxing was no joke to the phone companies, however. Indeed, whenRamparts magazine, a radical publication in California, printed thewiring schematics necessary to create a mute box in June 1972, themagazine was seized by police and Pacific Bell phone-company officials. The mute box, a blue-box variant, allowed its user to receivelong-distance calls free of charge to the caller. This device wasclosely described in a Ramparts article wryly titled "Regulating thePhone Company In Your Home. " Publication of this article was held to bein violation of Californian State Penal Code section 502. 7, whichoutlaws ownership of wire-fraud devices and the selling of "plans orinstructions for any instrument, apparatus, or device intended to avoidtelephone toll charges. "

Issues of Ramparts were recalled or seized on the newsstands, and theresultant loss of income helped put the magazine out of business. Thiswas an ominous precedent for free-expression issues, but the telco'scrushing of a radical-fringe magazine passed without serious challengeat the time. Even in the freewheeling California 1970s, it was widelyfelt that there was something sacrosanct about what the phone companyknew; that the telco had a legal and moral right to protect itself byshutting off the flow of such illicit information. Most telcoinformation was so "specialized" that it would scarcely be understoodby any honest member of the public. If not published, it would not bemissed. To print such material did not seem part of the legitimaterole of a free press. 

In 1990 there would be a similar telco-inspired attack on theelectronic phreak/hacking "magazine" Phrack. The Phrack legal casebecame a central issue in the Hacker Crackdown, and gave rise to greatcontroversy. Phrack would also be shut down, for a time, at least, but this time both the telcos and their law-enforcement allies wouldpay a much larger price for their actions. The Phrack case will beexamined in detail, later. 

Phone-phreaking as a social practice is still very much alive at thismoment. Today, phone-phreaking is thriving much more vigorously thanthe better-known and worse-feared practice of "computer hacking. " Newforms of phreaking are spreading rapidly, following new vulnerabilitiesin sophisticated phone services. 

Cellular phones are especially vulnerable; their chips can bere-programmed to present a false caller ID and avoid billing. Doing soalso avoids police tapping, making cellular-phone abuse a favoriteamong drug-dealers. "Call-sell operations" using pirate cellularphones can, and have, been run right out of the backs of cars, whichmove from "cell" to "cell" in the local phone system, retailing stolenlong-distance service, like some kind of demented electronic version ofthe neighborhood ice-cream truck. 

Private branch-exchange phone systems in large corporations can bepenetrated; phreaks dial-up a local company, enter its internalphone-system, hack it, then use the company's own PBX system to dialback out over the public network, causing the company to be stuck withthe resulting long-distance bill. This technique is known as"diverting. " "Diverting" can be very costly, especially because phreakstend to travel in packs and never stop talking. Perhaps the worstby-product of this "PBX fraud" is that victim companies and telcos havesued one another over the financial responsibility for the stolencalls, thus enriching not only shabby phreaks but well-paid lawyers. 

"Voice-mail systems" can also be abused; phreaks can seize their ownsections of these sophisticated electronic answering machines, and usethem for trading codes or knowledge of illegal techniques. Voice-mailabuse does not hurt the company directly, but finding supposedly emptyslots in your company's answering machine all crammed with phreakseagerly chattering and hey-duding one another in impenetrable jargoncan cause sensations of almost mystical repulsion and dread. 

Worse yet, phreaks have sometimes been known to react truculently toattempts to "clean up" the voice-mail system. Rather than humblyacquiescing to being thrown out of their playground, they may very wellcall up the company officials at work (or at home) and loudly demandfree voice-mail addresses of their very own. Such bullying is takenvery seriously by spooked victims. 

Acts of phreak revenge against straight people are rare, but voice-mailsystems are especially tempting and vulnerable, and an infestation ofangry phreaks in one's voice-mail system is no joke. They can eraselegitimate messages; or spy on private messages; or harass users withrecorded taunts and obscenities. They've even been known to seizecontrol of voice-mail security, and lock out legitimate users, or evenshut down the system entirely. 

Cellular phone-calls, cordless phones, and ship-to-shore telephony canall be monitored by various forms of radio; this kind of "passivemonitoring" is spreading explosively today. Technically eavesdroppingon other people's cordless and cellular phone-calls is thefastest-growing area in phreaking today. This practice stronglyappeals to the lust for power and conveys gratifying sensations oftechnical superiority over the eavesdropping victim. Monitoring isrife with all manner of tempting evil mischief. Simple prurientsnooping is by far the most common activity. But credit-card numbersunwarily spoken over the phone can be recorded, stolen and used. Andtapping people's phone-calls (whether through active telephone taps orpassive radio monitors) does lend itself conveniently to activitieslike blackmail, industrial espionage, and political dirty tricks. 

It should be repeated that telecommunications fraud, the theft of phoneservice, causes vastly greater monetary losses than the practice ofentering into computers by stealth. Hackers are mostly young suburbanAmerican white males, and exist in their hundreds--but "phreaks" comefrom both sexes and from many nationalities, ages and ethnicbackgrounds, and are flourishing in the thousands. 

#

The term "hacker" has had an unfortunate history. This book, TheHacker Crackdown, has little to say about "hacking" in its finer, original sense. The term can signify the free-wheeling intellectualexploration of the highest and deepest potential of computer systems. Hacking can describe the determination to make access to computers andinformation as free and open as possible. Hacking can involve theheartfelt conviction that beauty can be found in computers, that thefine aesthetic in a perfect program can liberate the mind and spirit. This is "hacking" as it was defined in Steven Levy's much-praisedhistory of the pioneer computer milieu, Hackers, published in 1984. 

Hackers of all kinds are absolutely soaked through with heroicanti-bureaucratic sentiment. Hackers long for recognition as apraiseworthy cultural archetype, the postmodern electronic equivalentof the cowboy and mountain man. Whether they deserve such a reputationis something for history to decide. But many hackers--including thoseoutlaw hackers who are computer intruders, and whose activities aredefined as criminal--actually attempt to LIVE UP TO this techno-cowboyreputation. And given that electronics and telecommunications arestill largely unexplored territories, there is simply NO TELLING whathackers might uncover. 

For some people, this freedom is the very breath of oxygen, theinventive spontaneity that makes life worth living and that flings opendoors to marvellous possibility and individual empowerment. But formany people --and increasingly so--the hacker is an ominous figure, asmart-aleck sociopath ready to burst out of his basement wilderness andsavage other people's lives for his own anarchical convenience. 

Any form of power without responsibility, without direct and formalchecks and balances, is frightening to people--and reasonably so. Itshould be frankly admitted that hackers ARE frightening, and that thebasis of this fear is not irrational. 

Fear of hackers goes well beyond the fear of merely criminal activity. 

Subversion and manipulation of the phone system is an act withdisturbing political overtones. In America, computers and telephonesare potent symbols of organized authority and the technocratic businesselite. 

But there is an element in American culture that has always stronglyrebelled against these symbols; rebelled against all large industrialcomputers and all phone companies. A certain anarchical tinge deep inthe American soul delights in causing confusion and pain to allbureaucracies, including technological ones. 

There is sometimes malice and vandalism in this attitude, but it is adeep and cherished part of the American national character. Theoutlaw, the rebel, the rugged individual, the pioneer, the sturdyJeffersonian yeoman, the private citizen resisting interference in hispursuit of happiness--these are figures that all Americans recognize, and that many will strongly applaud and defend. 

Many scrupulously law-abiding citizens today do cutting-edge work withelectronics--work that has already had tremendous social influence andwill have much more in years to come. In all truth, these talented, hardworking, law-abiding, mature, adult people are far more disturbingto the peace and order of the current status quo than any scofflawgroup of romantic teenage punk kids. These law-abiding hackers havethe power, ability, and willingness to influence other people's livesquite unpredictably. They have means, motive, and opportunity tomeddle drastically with the American social order. When corralled intogovernments, universities, or large multinational companies, and forcedto follow rulebooks and wear suits and ties, they at least have someconventional halters on their freedom of action. But when loosedalone, or in small groups, and fired by imagination and theentrepreneurial spirit, they can move mountains--causing landslidesthat will likely crash directly into your office and living room. 

These people, as a class, instinctively recognize that a public, politicized attack on hackers will eventually spread to them--that theterm "hacker, " once demonized, might be used to knock their hands offthe levers of power and choke them out of existence. There are hackerstoday who fiercely and publicly resist any besmirching of the nobletitle of hacker. Naturally and understandably, they deeply resent theattack on their values implicit in using the word "hacker" as a synonymfor computer-criminal. 

This book, sadly but in my opinion unavoidably, rather adds to thedegradation of the term. It concerns itself mostly with "hacking" inits commonest latter-day definition, i. E. , intruding into computersystems by stealth and without permission. The term "hacking" is usedroutinely today by almost all law enforcement officials with anyprofessional interest in computer fraud and abuse. American policedescribe almost any crime committed with, by, through, or against acomputer as hacking. 

Most importantly, "hacker" is what computer-intruders choose to callTHEMSELVES. Nobody who "hacks" into systems willingly describeshimself (rarely, herself) as a "computer intruder, " "computertrespasser, " "cracker, " "wormer, " "darkside hacker" or "high techstreet gangster. " Several other demeaning terms have been invented inthe hope that the press and public will leave the original sense of theword alone. But few people actually use these terms. (I exempt theterm "cyberpunk, " which a few hackers and law enforcement peopleactually do use. The term "cyberpunk" is drawn from literary criticismand has some odd and unlikely resonances, but, like hacker, cyberpunktoo has become a criminal pejorative today. )

In any case, breaking into computer systems was hardly alien to theoriginal hacker tradition. The first tottering systems of the 1960srequired fairly extensive internal surgery merely to functionday-by-day. Their users "invaded" the deepest, most arcane recesses oftheir operating software almost as a matter of routine. "Computersecurity" in these early, primitive systems was at best anafterthought. What security there was, was entirely physical, for itwas assumed that anyone allowed near this expensive, arcane hardwarewould be a fully qualified professional expert. 

In a campus environment, though, this meant that grad students, teaching assistants, undergraduates, and eventually, all manner ofdropouts and hangers-on ended up accessing and often running the works. 

Universities, even modern universities, are not in the business ofmaintaining security over information. On the contrary, universities, as institutions, pre-date the "information economy" by many centuriesand are not-for-profit cultural entities, whose reason for existence(purportedly) is to discover truth, codify it through techniques ofscholarship, and then teach it. Universities are meant to PASS THETORCH OF CIVILIZATION, not just download data into student skulls, andthe values of the academic community are strongly at odds with those ofall would-be information empires. Teachers at all levels, fromkindergarten up, have proven to be shameless and persistent softwareand data pirates. Universities do not merely "leak information" butvigorously broadcast free thought. 

This clash of values has been fraught with controversy. Many hackersof the 1960s remember their professional apprenticeship as a longguerilla war against the uptight mainframe-computer "informationpriesthood. " These computer-hungry youngsters had to struggle hard foraccess to computing power, and many of them were not above certain, er, shortcuts. But, over the years, this practice freed computing from thesterile reserve of lab-coated technocrats and was largely responsiblefor the explosive growth of computing in general society--especiallyPERSONAL computing. 

Access to technical power acted like catnip on certain of theseyoungsters. Most of the basic techniques of computer intrusion:password cracking, trapdoors, backdoors, trojan horses--were inventedin college environments in the 1960s, in the early days of networkcomputing. Some off-the-cuff experience at computer intrusion was tobe in the informal resume of most "hackers" and many future industrygiants. Outside of the tiny cult of computer enthusiasts, few peoplethought much about the implications of "breaking into" computers. This sort of activity had not yet been publicized, much lesscriminalized. 

In the 1960s, definitions of "property" and "privacy" had not yet beenextended to cyberspace. Computers were not yet indispensable tosociety. There were no vast databanks of vulnerable, proprietaryinformation stored in computers, which might be accessed, copiedwithout permission, erased, altered, or sabotaged. The stakes were lowin the early days--but they grew every year, exponentially, ascomputers themselves grew. 

By the 1990s, commercial and political pressures had becomeoverwhelming, and they broke the social boundaries of the hackingsubculture. Hacking had become too important to be left to thehackers. Society was now forced to tackle the intangible nature ofcyberspace-as-property, cyberspace as privately-owned unreal-estate. In the new, severe, responsible, high-stakes context of the"Information Society" of the 1990s, "hacking" was called into question. 

What did it mean to break into a computer without permission and useits computational power, or look around inside its files withouthurting anything? What were computer-intruding hackers, anyway--howshould society, and the law, best define their actions? Were they justBROWSERS, harmless intellectual explorers? Were they VOYEURS, snoops, invaders of privacy? Should they be sternly treated as potentialAGENTS OF ESPIONAGE, or perhaps as INDUSTRIAL SPIES? Or were they bestdefined as TRESPASSERS, a very common teenage misdemeanor? Was hackingTHEFT OF SERVICE? (After all, intruders were getting someone else'scomputer to carry out their orders, without permission and withoutpaying). Was hacking FRAUD? Maybe it was best described asIMPERSONATION. The commonest mode of computer intrusion was (and is)to swipe or snoop somebody else's password, and then enter the computerin the guise of another person--who is commonly stuck with the blameand the bills. 

Perhaps a medical metaphor was better--hackers should be defined as"sick, " as COMPUTER ADDICTS unable to control their irresponsible, compulsive behavior. 

But these weighty assessments meant little to the people who wereactually being judged. From inside the underground world of hackingitself, all these perceptions seem quaint, wrongheaded, stupid, ormeaningless. The most important self-perception of undergroundhackers--from the 1960s, right through to the present day--is that theyare an ELITE. The day-to-day struggle in the underground is not oversociological definitions--who cares?--but for power, knowledge, andstatus among one's peers. 

When you are a hacker, it is your own inner conviction of your elitestatus that enables you to break, or let us say "transcend, " the rules. It is not that ALL rules go by the board. The rules habitually brokenby hackers are UNIMPORTANT rules--the rules of dopey greedhead telcobureaucrats and pig-ignorant government pests. 

Hackers have their OWN rules, which separate behavior which is cool andelite, from behavior which is rodentlike, stupid and losing. These"rules, " however, are mostly unwritten and enforced by peer pressureand tribal feeling. Like all rules that depend on the unspokenconviction that everybody else is a good old boy, these rules are ripefor abuse. The mechanisms of hacker peer-pressure, "teletrials" andostracism, are rarely used and rarely work. Back-stabbing slander, threats, and electronic harassment are also freely employed indown-and-dirty intrahacker feuds, but this rarely forces a rival out ofthe scene entirely. The only real solution for the problem of anutterly losing, treacherous and rodentlike hacker is to TURN HIM IN TOTHE POLICE. Unlike the Mafia or Medellin Cartel, the hacker elitecannot simply execute the bigmouths, creeps and troublemakers amongtheir ranks, so they turn one another in with astonishing frequency. 

There is no tradition of silence or OMERTA in the hacker underworld. Hackers can be shy, even reclusive, but when they do talk, hackers tendto brag, boast and strut. Almost everything hackers do is INVISIBLE;if they don't brag, boast, and strut about it, then NOBODY WILL EVERKNOW. If you don't have something to brag, boast, and strut about, then nobody in the underground will recognize you and favor you withvital cooperation and respect. 

The way to win a solid reputation in the underground is by tellingother hackers things that could only have been learned by exceptionalcunning and stealth. Forbidden knowledge, therefore, is the basiccurrency of the digital underground, like seashells among TrobriandIslanders. Hackers hoard this knowledge, and dwell upon itobsessively, and refine it, and bargain with it, and talk and talkabout it. 

Many hackers even suffer from a strange obsession to TEACH--to spreadthe ethos and the knowledge of the digital underground. They'll dothis even when it gains them no particular advantage and presents agrave personal risk. 

And when that risk catches up with them, they will go right on teachingand preaching--to a new audience this time, their interrogators fromlaw enforcement. Almost every hacker arrested tells everything heknows--all about his friends, his mentors, his disciples--legends, threats, horror stories, dire rumors, gossip, hallucinations. This is, of course, convenient for law enforcement--except when law enforcementbegins to believe hacker legendry. 

Phone phreaks are unique among criminals in their willingness to callup law enforcement officials--in the office, at their homes--and givethem an extended piece of their mind. It is hard not to interpret thisas BEGGING FOR ARREST, and in fact it is an act of incrediblefoolhardiness. Police are naturally nettled by these acts of chutzpahand will go well out of their way to bust these flaunting idiots. Butit can also be interpreted as a product of a world-view so elitist, soclosed and hermetic, that electronic police are simply not perceived as"police, " but rather as ENEMY PHONE PHREAKS who should be scolded intobehaving "decently. "

Hackers at their most grandiloquent perceive themselves as the elitepioneers of a new electronic world. Attempts to make them obey thedemocratically established laws of contemporary American society areseen as repression and persecution. After all, they argue, ifAlexander Graham Bell had gone along with the rules of the WesternUnion telegraph company, there would have been no telephones. If Jobsand Wozniak had believed that IBM was the be-all and end-all, therewould have been no personal computers. If Benjamin Franklin and ThomasJefferson had tried to "work within the system" there would have beenno United States. 

Not only do hackers privately believe this as an article of faith, butthey have been known to write ardent manifestos about it. Here aresome revealing excerpts from an especially vivid hacker manifesto: "TheTechno-Revolution" by "Dr. Crash, " which appeared in electronic formin Phrack Volume 1, Issue 6, Phile 3. 

"To fully explain the true motives behind hacking, we must first take aquick look into the past. In the 1960s, a group of MIT students builtthe first modern computer system. This wild, rebellious group of youngmen were the first to bear the name 'hackers. ' The systems that theydeveloped were intended to be used to solve world problems and tobenefit all of mankind. "As we can see, this has not been the case. The computer system has been solely in the hands of big businesses andthe government. The wonderful device meant to enrich life has become aweapon which dehumanizes people. To the government and largebusinesses, people are no more than disk space, and the governmentdoesn't use computers to arrange aid for the poor, but to controlnuclear death weapons. The average American can only have access to asmall microcomputer which is worth only a fraction of what they pay forit. The businesses keep the true state-of-the-art equipment away fromthe people behind a steel wall of incredibly high prices andbureaucracy. It is because of this state of affairs that hacking wasborn. ( . . . ) "Of course, the government doesn't want the monopoly oftechnology broken, so they have outlawed hacking and arrest anyone whois caught. ( . . . ) The phone company is another example of technologyabused and kept from people with high prices. ( . . . ) "Hackers oftenfind that their existing equipment, due to the monopoly tactics ofcomputer companies, is inefficient for their purposes. Due to theexorbitantly high prices, it is impossible to legally purchase thenecessary equipment. This need has given still another segment of thefight: Credit Carding. Carding is a way of obtaining the necessarygoods without paying for them. It is again due to the companies'stupidity that Carding is so easy, and shows that the world'sbusinesses are in the hands of those with considerably less technicalknow-how than we, the hackers. ( . . . ) "Hacking must continue. Wemust train newcomers to the art of hacking. (. . . . ) And whatever youdo, continue the fight. Whether you know it or not, if you are ahacker, you are a revolutionary. Don't worry, you're on the rightside. "

The defense of "carding" is rare. Most hackers regard credit-cardtheft as "poison" to the underground, a sleazy and immoral effort that, worse yet, is hard to get away with. Nevertheless, manifestosadvocating credit-card theft, the deliberate crashing of computersystems, and even acts of violent physical destruction such asvandalism and arson do exist in the underground. These boasts andthreats are taken quite seriously by the police. And not every hackeris an abstract, Platonic computer-nerd. Some few are quite experiencedat picking locks, robbing phone-trucks, and breaking and enteringbuildings. 

Hackers vary in their degree of hatred for authority and the violenceof their rhetoric. But, at a bottom line, they are scofflaws. Theydon't regard the current rules of electronic behavior as respectableefforts to preserve law and order and protect public safety. Theyregard these laws as immoral efforts by soulless corporations toprotect their profit margins and to crush dissidents. "Stupid" people, including police, businessmen, politicians, and journalists, simplyhave no right to judge the actions of those possessed of genius, techno-revolutionary intentions, and technical expertise. 

#

Hackers are generally teenagers and college kids not engaged in earninga living. They often come from fairly well-to-do middle-classbackgrounds, and are markedly anti-materialistic (except, that is, whenit comes to computer equipment). Anyone motivated by greed for meremoney (as opposed to the greed for power, knowledge and status) isswiftly written-off as a narrow-minded breadhead whose interests canonly be corrupt and contemptible. Having grown up in the 1970s and1980s, the young Bohemians of the digital underground regard straightsociety as awash in plutocratic corruption, where everyone from thePresident down is for sale and whoever has the gold makes the rules. 

Interestingly, there's a funhouse-mirror image of this attitude on theother side of the conflict. The police are also one of the mostmarkedly anti-materialistic groups in American society, motivated notby mere money but by ideals of service, justice, esprit-de-corps, and, of course, their own brand of specialized knowledge and power. Remarkably, the propaganda war between cops and hackers has alwaysinvolved angry allegations that the other side is trying to make asleazy buck. Hackers consistently sneer that anti-phreak prosecutorsare angling for cushy jobs as telco lawyers and that computer-crimepolice are aiming to cash in later as well-paid computer-securityconsultants in the private sector. 

For their part, police publicly conflate all hacking crimes withrobbing payphones with crowbars. Allegations of "monetary losses" fromcomputer intrusion are notoriously inflated. The act of illicitlycopying a document from a computer is morally equated with directlyrobbing a company of, say, half a million dollars. The teenagecomputer intruder in possession of this "proprietary" document hascertainly not sold it for such a sum, would likely have little idea howto sell it at all, and quite probably doesn't even understand what hehas. He has not made a cent in profit from his felony but is stillmorally equated with a thief who has robbed the church poorbox and litout for Brazil. 

Police want to believe that all hackers are thieves. It is a tortuousand almost unbearable act for the American justice system to put peoplein jail because they want to learn things which are forbidden for themto know. In an American context, almost any pretext for punishment isbetter than jailing people to protect certain restricted kinds ofinformation. Nevertheless, POLICING INFORMATION is part and parcel ofthe struggle against hackers. 

This dilemma is well exemplified by the remarkable activities of"Emmanuel Goldstein, " editor and publisher of a print magazine known as2600: The Hacker Quarterly. Goldstein was an English major at LongIsland's State University of New York in the '70s, when he becameinvolved with the local college radio station. His growing interest inelectronics caused him to drift into Yippie TAP circles and thus intothe digital underground, where he became a self-described techno-rat. His magazine publishes techniques of computer intrusion and telephone"exploration" as well as gloating exposes of telco misdeeds andgovernmental failings. 

Goldstein lives quietly and very privately in a large, crumblingVictorian mansion in Setauket, New York. The seaside house isdecorated with telco decals, chunks of driftwood, and the basicbric-a-brac of a hippie crash-pad. He is unmarried, mildly unkempt, and survives mostly on TV dinners and turkey-stuffing eaten straightout of the bag. Goldstein is a man of considerable charm and fluency, with a brief, disarming smile and the kind of pitiless, stubborn, thoroughly recidivist integrity that America's electronic police findgenuinely alarming. 

Goldstein took his nom-de-plume, or "handle, " from a character inOrwell's 1984, which may be taken, correctly, as a symptom of thegravity of his sociopolitical worldview. He is not himself apracticing computer intruder, though he vigorously abets these actions, especially when they are pursued against large corporations orgovernmental agencies. Nor is he a thief, for he loudly scorns meretheft of phone service, in favor of "exploring and manipulating thesystem. " He is probably best described and understood as a DISSIDENT. 

Weirdly, Goldstein is living in modern America under conditions verysimilar to those of former East European intellectual dissidents. Inother words, he flagrantly espouses a value-system that is deeply andirrevocably opposed to the system of those in power and the police. The values in 2600 are generally expressed in terms that are ironic, sarcastic, paradoxical, or just downright confused. But there's nomistaking their radically anti-authoritarian tenor. 2600 holds thattechnical power and specialized knowledge, of any kind obtainable, belong by right in the hands of those individuals brave and bold enoughto discover them--by whatever means necessary. Devices, laws, orsystems that forbid access, and the free spread of knowledge, areprovocations that any free and self-respecting hacker shouldrelentlessly attack. The "privacy" of governments, corporations andother soulless technocratic organizations should never be protected atthe expense of the liberty and free initiative of the individualtechno-rat. 

However, in our contemporary workaday world, both governments andcorporations are very anxious indeed to police information which issecret, proprietary, restricted, confidential, copyrighted, patented, hazardous, illegal, unethical, embarrassing, or otherwise sensitive. This makes Goldstein persona non grata, and his philosophy a threat. 

Very little about the conditions of Goldstein's daily life wouldastonish, say, Vaclav Havel. (We may note in passing that PresidentHavel once had his word-processor confiscated by the Czechoslovakpolice. ) Goldstein lives by SAMIZDAT, acting semi-openly as adata-center for the underground, while challenging the powers-that-beto abide by their own stated rules: freedom of speech and the FirstAmendment. 

Goldstein thoroughly looks and acts the part of techno-rat, withshoulder-length ringlets and a piratical black fisherman's-cap set at arakish angle. He often shows up like Banquo's ghost at meetings ofcomputer professionals, where he listens quietly, half-smiling andtaking thorough notes. 

Computer professionals generally meet publicly, and find it verydifficult to rid themselves of Goldstein and his ilk withoutextralegal and unconstitutional actions. Sympathizers, many of themquite respectable people with responsible jobs, admire Goldstein'sattitude and surreptitiously pass him information. An unknown butpresumably large proportion of Goldstein's 2, 000-plus readership aretelco security personnel and police, who are forced to subscribe to2600 to stay abreast of new developments in hacking. They thus findthemselves PAYING THIS GUY'S RENT while grinding their teeth inanguish, a situation that would have delighted Abbie Hoffman (one ofGoldstein's few idols). 

Goldstein is probably the best-known public representative of thehacker underground today, and certainly the best-hated. Police regardhim as a Fagin, a corrupter of youth, and speak of him with untemperedloathing. He is quite an accomplished gadfly. After the Martin LutherKing Day Crash of 1990, Goldstein, for instance, adeptly rubbed saltinto the wound in the pages of 2600. "Yeah, it was fun for the phonephreaks as we watched the network crumble, " he admitted cheerfully. "But it was also an ominous sign of what's to come. . . . Some AT&Tpeople, aided by well-meaning but ignorant media, were spreading thenotion that many companies had the same software and therefore couldface the same problem someday. Wrong. This was entirely an AT&Tsoftware deficiency. Of course, other companies could face entirelyDIFFERENT software problems. But then, so too could AT&T. "

After a technical discussion of the system's failings, the Long Islandtechno-rat went on to offer thoughtful criticism to the giganticmultinational's hundreds of professionally qualified engineers. "Whatwe don't know is how a major force in communications like AT&T could beso sloppy. What happened to backups? Sure, computer systems go downall the time, but people making phone calls are not the same as peoplelogging on to computers. We must make that distinction. It's notacceptable for the phone system or any other essential service to 'godown. ' If we continue to trust technology without understanding it, wecan look forward to many variations on this theme. 

"AT&T owes it to its customers to be prepared to INSTANTLY switch toanother network if something strange and unpredictable startsoccurring. The news here isn't so much the failure of a computerprogram, but the failure of AT&T's entire structure. "

The very idea of this. . . . This PERSON. . . . Offering "advice" about"AT&T's entire structure" is more than some people can easily bear. How dare this near-criminal dictate what is or isn't "acceptable"behavior from AT&T? Especially when he's publishing, in the very sameissue, detailed schematic diagrams for creating variousswitching-network signalling tones unavailable to the public. 

"See what happens when you drop a 'silver box' tone or two down yourlocal exchange or through different long distance service carriers, "advises 2600 contributor "Mr. Upsetter" in "How To Build a Signal Box. ""If you experiment systematically and keep good records, you willsurely discover something interesting. "

This is, of course, the scientific method, generally regarded as apraiseworthy activity and one of the flowers of modern civilization. One can indeed learn a great deal with this sort of structuredintellectual activity. Telco employees regard this mode of"exploration" as akin to flinging sticks of dynamite into their pond tosee what lives on the bottom. 

2600 has been published consistently since 1984. It has also run abulletin board computer system, printed 2600 T-shirts, taken faxcalls. . . . The Spring 1991 issue has an interesting announcement onpage 45: "We just discovered an extra set of wires attached to our faxline and heading up the pole. (They've since been clipped. ) Your faxesto us and to anyone else could be monitored. " In the worldview of 2600, the tiny band of techno-rat brothers (rarely, sisters) are a besiegedvanguard of the truly free and honest. The rest of the world is amaelstrom of corporate crime and high-level governmental corruption, occasionally tempered with well-meaning ignorance. To read a fewissues in a row is to enter a nightmare akin to Solzhenitsyn's, somewhat tempered by the fact that 2600 is often extremely funny. 

Goldstein did not become a target of the Hacker Crackdown, though heprotested loudly, eloquently, and publicly about it, and it addedconsiderably to his fame. It was not that he is not regarded asdangerous, because he is so regarded. Goldstein has had brushes withthe law in the past: in 1985, a 2600 bulletin board computer wasseized by the FBI, and some software on it was formally declared "aburglary tool in the form of a computer program. " But Goldstein escapeddirect repression in 1990, because his magazine is printed on paper, and recognized as subject to Constitutional freedom of the pressprotection. As was seen in the Ramparts case, this is far from anabsolute guarantee. Still, as a practical matter, shutting down 2600by court-order would create so much legal hassle that it is simplyunfeasible, at least for the present. Throughout 1990, both Goldsteinand his magazine were peevishly thriving. 

Instead, the Crackdown of 1990 would concern itself with thecomputerized version of forbidden data. The crackdown itself, firstand foremost, was about BULLETIN BOARD SYSTEMS. Bulletin BoardSystems, most often known by the ugly and un-pluralizable acronym"BBS, " are the life-blood of the digital underground. Boards were alsocentral to law enforcement's tactics and strategy in the HackerCrackdown. 

A "bulletin board system" can be formally defined as a computer whichserves as an information and message-passing center for usersdialing-up over the phone-lines through the use of modems. A "modem, "or modulator-demodulator, is a device which translates the digitalimpulses of computers into audible analog telephone signals, and viceversa. Modems connect computers to phones and thus to each other. 

Large-scale mainframe computers have been connected since the 1960s, but PERSONAL computers, run by individuals out of their homes, werefirst networked in the late 1970s. The "board" created by WardChristensen and Randy Suess in February 1978, in Chicago, Illinois, isgenerally regarded as the first personal-computer bulletin board systemworthy of the name. 

Boards run on many different machines, employing many different kindsof software. Early boards were crude and buggy, and their managers, known as "system operators" or "sysops, " were hard-working technicalexperts who wrote their own software. But like most everything else inthe world of electronics, boards became faster, cheaper, better-designed, and generally far more sophisticated throughout the1980s. They also moved swiftly out of the hands of pioneers and intothose of the general public. By 1985 there were something in theneighborhood of 4, 000 boards in America. By 1990 it was calculated, vaguely, that there were about 30, 000 boards in the US, with uncountedthousands overseas. 

Computer bulletin boards are unregulated enterprises. Running a boardis a rough-and-ready, catch-as-catch-can proposition. Basically, anybody with a computer, modem, software and a phone-line can start aboard. With second-hand equipment and public-domain free software, theprice of a board might be quite small--less than it would take topublish a magazine or even a decent pamphlet. Entrepreneurs eagerlysell bulletin-board software, and will coach nontechnical amateursysops in its use. 

Boards are not "presses. " They are not magazines, or libraries, orphones, or CB radios, or traditional cork bulletin boards down at thelocal laundry, though they have some passing resemblance to thoseearlier media. Boards are a new medium--they may even be a LARGENUMBER of new media. 

Consider these unique characteristics: boards are cheap, yet they canhave a national, even global reach. Boards can be contacted fromanywhere in the global telephone network, at NO COST to the personrunning the board--the caller pays the phone bill, and if the caller islocal, the call is free. Boards do not involve an editorial eliteaddressing a mass audience. The "sysop" of a board is not an exclusivepublisher or writer--he is managing an electronic salon, whereindividuals can address the general public, play the part of thegeneral public, and also exchange private mail with other individuals. And the "conversation" on boards, though fluid, rapid, and highlyinteractive, is not spoken, but written. It is also relativelyanonymous, sometimes completely so. 

And because boards are cheap and ubiquitous, regulations and licensingrequirements would likely be practically unenforceable. It wouldalmost be easier to "regulate, " "inspect, " and "license" the content ofprivate mail--probably more so, since the mail system is operated bythe federal government. Boards are run by individuals, independently, entirely at their own whim. 

For the sysop, the cost of operation is not the primary limitingfactor. Once the investment in a computer and modem has been made, theonly steady cost is the charge for maintaining a phone line (or severalphone lines). The primary limits for sysops are time and energy. Boards require upkeep. New users are generally "validated"--they mustbe issued individual passwords, and called at home by voice-phone, sothat their identity can be verified. Obnoxious users, who exist inplenty, must be chided or purged. Proliferating messages must bedeleted when they grow old, so that the capacity of the system is notoverwhelmed. And software programs (if such things are kept on theboard) must be examined for possible computer viruses. If there is afinancial charge to use the board (increasingly common, especially inlarger and fancier systems) then accounts must be kept, and users mustbe billed. And if the board crashes--a very common occurrence--thenrepairs must be made. 

Boards can be distinguished by the amount of effort spent in regulatingthem. First, we have the completely open board, whose sysop is offchugging brews and watching re-runs while his users generallydegenerate over time into peevish anarchy and eventual silence. Secondcomes the supervised board, where the sysop breaks in every once in awhile to tidy up, calm brawls, issue announcements, and rid thecommunity of dolts and troublemakers. Third is the heavily supervisedboard, which sternly urges adult and responsible behavior and swiftlyedits any message considered offensive, impertinent, illegal orirrelevant. And last comes the completely edited "electronicpublication, " which is presented to a silent audience which is notallowed to respond directly in any way. 

Boards can also be grouped by their degree of anonymity. There is thecompletely anonymous board, where everyone usespseudonyms--"handles"--and even the sysop is unaware of the user's trueidentity. The sysop himself is likely pseudonymous on a board of thistype. Second, and rather more common, is the board where the sysopknows (or thinks he knows) the true names and addresses of all users, but the users don't know one another's names and may not know his. Third is the board where everyone has to use real names, androleplaying and pseudonymous posturing are forbidden. 

Boards can be grouped by their immediacy. "Chat-lines" are boardslinking several users together over several different phone-linessimultaneously, so that people exchange messages at the very momentthat they type. (Many large boards feature "chat" capabilities alongwith other services. ) Less immediate boards, perhaps with a singlephoneline, store messages serially, one at a time. And some boards areonly open for business in daylight hours or on weekends, which greatlyslows response. A NETWORK of boards, such as "FidoNet, " can carryelectronic mail from board to board, continent to continent, acrosshuge distances--but at a relative snail's pace, so that a message cantake several days to reach its target audience and elicit a reply. 

Boards can be grouped by their degree of community. Some boardsemphasize the exchange of private, person-to-person electronic mail. Others emphasize public postings and may even purge people who "lurk, "merely reading posts but refusing to openly participate. Some boardsare intimate and neighborly. Others are frosty and highly technical. Some are little more than storage dumps for software, where users"download" and "upload" programs, but interact among themselves littleif at all. 

Boards can be grouped by their ease of access. Some boards areentirely public. Others are private and restricted only to personalfriends of the sysop. Some boards divide users by status. On theseboards, some users, especially beginners, strangers or children, willbe restricted to general topics, and perhaps forbidden to post. Favored users, though, are granted the ability to post as they please, and to stay "on-line" as long as they like, even to the disadvantage ofother people trying to call in. High-status users can be given accessto hidden areas in the board, such as off-color topics, privatediscussions, and/or valuable software. Favored users may even become"remote sysops" with the power to take remote control of the boardthrough their own home computers. Quite often "remote sysops" end updoing all the work and taking formal control of the enterprise, despitethe fact that it's physically located in someone else's house. Sometimes several "co-sysops" share power. 

And boards can also be grouped by size. Massive, nationwide commercialnetworks, such as CompuServe, Delphi, GEnie and Prodigy, are run onmainframe computers and are generally not considered "boards, " thoughthey share many of their characteristics, such as electronic mail, discussion topics, libraries of software, and persistent and growingproblems with civil-liberties issues. Some private boards have as manyas thirty phone-lines and quite sophisticated hardware. And then thereare tiny boards. 

Boards vary in popularity. Some boards are huge and crowded, whereusers must claw their way in against a constant busy-signal. Othersare huge and empty--there are few things sadder than a formerlyflourishing board where no one posts any longer, and the deadconversations of vanished users lie about gathering digital dust. Someboards are tiny and intimate, their telephone numbers intentionallykept confidential so that only a small number can log on. 

And some boards are UNDERGROUND. 

Boards can be mysterious entities. The activities of their users canbe hard to differentiate from conspiracy. Sometimes they AREconspiracies. Boards have harbored, or have been accused of harboring, all manner of fringe groups, and have abetted, or been accused ofabetting, every manner of frowned-upon, sleazy, radical, and criminalactivity. There are Satanist boards. Nazi boards. Pornographicboards. Pedophile boards. Drug-dealing boards. Anarchist boards. Communist boards. Gay and Lesbian boards (these exist in greatprofusion, many of them quite lively with well-established histories). Religious cult boards. Evangelical boards. Witchcraft boards, hippieboards, punk boards, skateboarder boards. Boards for UFO believers. There may well be boards for serial killers, airline terrorists andprofessional assassins. There is simply no way to tell. Boards springup, flourish, and disappear in large numbers, in most every corner ofthe developed world. Even apparently innocuous public boards can, andsometimes do, harbor secret areas known only to a few. And even on thevast, public, commercial services, private mail is very private--andquite possibly criminal. 

Boards cover most every topic imaginable and some that are hard toimagine. They cover a vast spectrum of social activity. However, allboard users do have something in common: their possession of computersand phones. Naturally, computers and phones are primary topics ofconversation on almost every board. 

And hackers and phone phreaks, those utter devotees of computers andphones, live by boards. They swarm by boards. They are bred byboards. By the late 1980s, phone-phreak groups and hacker groups, united by boards, had proliferated fantastically. 

As evidence, here is a list of hacker groups compiled by the editors ofPhrack on August 8, 1988. 

 The Administration. Advanced Telecommunications, Inc. ALIAS. American Tone Travelers. Anarchy Inc. Apple Mafia. The Association. Atlantic Pirates Guild. 

 Bad Ass Mother Fuckers. Bellcore. Bell Shock Force. Black Bag. 

 Camorra. C&M Productions. Catholics Anonymous. Chaos Computer Club. Chief Executive Officers. Circle Of Death. Circle Of Deneb. Club X. Coalition of Hi-Tech Pirates. Coast-To-Coast. Corrupt Computing. Cult Of The Dead Cow. Custom Retaliations. 

 Damage Inc. D&B Communications. The Danger Gang. Dec Hunters. Digital Gang. DPAK. 

 Eastern Alliance. The Elite Hackers Guild. Elite Phreakers and Hackers Club. The Elite Society Of America. EPG. Executives Of Crime. Extasyy Elite. 

 Fargo 4A. Farmers Of Doom. The Federation. Feds R Us. First Class. Five O. Five Star. Force Hackers. The 414s. 

 Hack-A-Trip. Hackers Of America. High Mountain Hackers. High Society. The Hitchhikers. 

 IBM Syndicate. The Ice Pirates. Imperial Warlords. Inner Circle. Inner Circle II. Insanity Inc. International Computer Underground Bandits. 

 Justice League of America. 

 Kaos Inc. Knights Of Shadow. Knights Of The Round Table. 

 League Of Adepts. Legion Of Doom. Legion Of Hackers. Lords Of Chaos. Lunatic Labs, Unlimited. 

 Master Hackers. MAD! The Marauders. MD/PhD. 

 Metal Communications, Inc. MetalliBashers, Inc. MBI. Metro Communications. Midwest Pirates Guild. 

 NASA Elite. The NATO Association. Neon Knights. Nihilist Order. 

 Order Of The Rose. OSS. 

 Pacific Pirates Guild. Phantom Access Associates. PHido PHreaks. The Phirm. Phlash. PhoneLine Phantoms. Phone Phreakers Of America. Phortune 500. 

 Phreak Hack Delinquents. Phreak Hack Destroyers. 

 Phreakers, Hackers, And Laundromat Employees Gang (PHALSE Gang). Phreaks Against Geeks. Phreaks Against Phreaks Against Geeks. Phreaks and Hackers of America. Phreaks Anonymous World Wide. Project Genesis. The Punk Mafia. 

 The Racketeers. Red Dawn Text Files. Roscoe Gang. 

 SABRE. Secret Circle of Pirates. Secret Service. 707 Club. Shadow Brotherhood. Sharp Inc. 65C02 Elite. 

 Spectral Force. Star League. Stowaways. Strata-Crackers. 

 Team Hackers '86. Team Hackers '87. 

 TeleComputist Newsletter Staff. Tribunal Of Knowledge. 

 Triple Entente. Turn Over And Die Syndrome (TOADS). 

 300 Club. 1200 Club. 2300 Club. 2600 Club. 2601 Club. 

 2AF. 

 The United Soft WareZ Force. United Technical Underground. 

 Ware Brigade. The Warelords. WASP. 

Contemplating this list is an impressive, almost humbling business. As a cultural artifact, the thing approaches poetry. 

Underground groups--subcultures--can be distinguished from independentcultures by their habit of referring constantly to the parent society. Undergrounds by their nature constantly must maintain a membrane ofdifferentiation. Funny/distinctive clothes and hair, specializedjargon, specialized ghettoized areas in cities, different hours ofrising, working, sleeping. . . . The digital underground, whichspecializes in information, relies very heavily on language todistinguish itself. As can be seen from this list, they make heavy useof parody and mockery. It's revealing to see who they choose to mock. 

First, large corporations. We have the Phortune 500, The ChiefExecutive Officers, Bellcore, IBM Syndicate, SABRE (a computerizedreservation service maintained by airlines). The common use of "Inc. "is telling--none of these groups are actual corporations, but takeclear delight in mimicking them. 

Second, governments and police. NASA Elite, NATO Association. "Feds RUs" and "Secret Service" are fine bits of fleering boldness. OSS--theOffice of Strategic Services was the forerunner of the CIA. 

Third, criminals. Using stigmatizing pejoratives as a perverse badgeof honor is a time-honored tactic for subcultures: punks, gangs, delinquents, mafias, pirates, bandits, racketeers. 

Specialized orthography, especially the use of "ph" for "f" and "z" forthe plural "s, " are instant recognition symbols. So is the use of thenumeral "0" for the letter "O"--computer-software orthography generallyfeatures a slash through the zero, making the distinction obvious. 

Some terms are poetically descriptive of computer intrusion: theStowaways, the Hitchhikers, the PhoneLine Phantoms, Coast-to-Coast. Others are simple bravado and vainglorious puffery. (Note theinsistent use of the terms "elite" and "master. ") Some terms areblasphemous, some obscene, others merely cryptic--anything to puzzle, offend, confuse, and keep the straights at bay. 

Many hacker groups further re-encrypt their names by the use ofacronyms: United Technical Underground becomes UTU, Farmers of Doombecome FoD, the United SoftWareZ Force becomes, at its own insistence, "TuSwF, " and woe to the ignorant rodent who capitalizes the wrongletters. 

It should be further recognized that the members of these groups arethemselves pseudonymous. If you did, in fact, run across the"PhoneLine Phantoms, " you would find them to consist of "CarrierCulprit, " "The Executioner, " "Black Majik, " "Egyptian Lover, " "SolidState, " and "Mr Icom. " "Carrier Culprit" will likely be referred to byhis friends as "CC, " as in, "I got these dialups from CC of PLP. "

It's quite possible that this entire list refers to as few as athousand people. It is not a complete list of undergroundgroups--there has never been such a list, and there never will be. Groups rise, flourish, decline, share membership, maintain a cloud ofwannabes and casual hangers-on. People pass in and out, areostracized, get bored, are busted by police, or are cornered by telcosecurity and presented with huge bills. Many "underground groups" aresoftware pirates, "warez d00dz, " who might break copy protection andpirate programs, but likely wouldn't dare to intrude on acomputer-system. 

It is hard to estimate the true population of the digital underground. There is constant turnover. Most hackers start young, come and go, then drop out at age 22--the age of college graduation. And a largemajority of "hackers" access pirate boards, adopt a handle, swipesoftware and perhaps abuse a phone-code or two, while never actuallyjoining the elite. 

Some professional informants, who make it their business to retailknowledge of the underground to paymasters in private corporatesecurity, have estimated the hacker population at as high as fiftythousand. This is likely highly inflated, unless one counts everysingle teenage software pirate and petty phone-booth thief. My bestguess is about 5, 000 people. Of these, I would guess that as few as ahundred are truly "elite" --active computer intruders, skilled enoughto penetrate sophisticated systems and truly to worry corporatesecurity and law enforcement. 

Another interesting speculation is whether this group is growing ornot. Young teenage hackers are often convinced that hackers exist invast swarms and will soon dominate the cybernetic universe. Older andwiser veterans, perhaps as wizened as 24 or 25 years old, are convincedthat the glory days are long gone, that the cops have the underground'snumber now, and that kids these days are dirt-stupid and just want toplay Nintendo. 

My own assessment is that computer intrusion, as a non-profit act ofintellectual exploration and mastery, is in slow decline, at least inthe United States; but that electronic fraud, especiallytelecommunication crime, is growing by leaps and bounds. 

One might find a useful parallel to the digital underground in the drugunderground. There was a time, now much-obscured by historicalrevisionism, when Bohemians freely shared joints at concerts, and hip, small-scale marijuana dealers might turn people on just for the sake ofenjoying a long stoned conversation about the Doors and Allen Ginsberg. Now drugs are increasingly verboten, except in a high-stakes, highly-criminal world of highly addictive drugs. Over years ofdisenchantment and police harassment, a vaguely ideological, free-wheeling drug underground has relinquished the business ofdrug-dealing to a far more savage criminal hard-core. This is not apleasant prospect to contemplate, but the analogy is fairly compelling. 

What does an underground board look like? What distinguishes it from astandard board? It isn't necessarily the conversation--hackers oftentalk about common board topics, such as hardware, software, sex, science fiction, current events, politics, movies, personal gossip. Underground boards can best be distinguished by their files, or"philes, " pre-composed texts which teach the techniques and ethos ofthe underground. These are prized reservoirs of forbidden knowledge. Some are anonymous, but most proudly bear the handle of the "hacker"who has created them, and his group affiliation, if he has one. 

Here is a partial table-of-contents of philes from an undergroundboard, somewhere in the heart of middle America, circa 1991. Thedescriptions are mostly self-explanatory. 

 BANKAMER. ZIP 5406 06-11-91 Hacking Bank America CHHACK. ZIP 4481 06-11-91 Chilton Hacking CITIBANK. ZIP 4118 06-11-91 Hacking Citibank CREDIMTC. ZIP 3241 06-11-91 Hacking Mtc Credit Company DIGEST. ZIP 5159 06-11-91 Hackers Digest HACK. ZIP 14031 06-11-91 How To Hack HACKBAS. ZIP 5073 06-11-91 Basics Of Hacking HACKDICT. ZIP 42774 06-11-91 Hackers Dictionary HACKER. ZIP 57938 06-11-91 Hacker Info HACKERME. ZIP 3148 06-11-91 Hackers Manual HACKHAND. ZIP 4814 06-11-91 Hackers Handbook HACKTHES. ZIP 48290 06-11-91 Hackers Thesis HACKVMS. ZIP 4696 06-11-91 Hacking Vms Systems MCDON. ZIP 3830 06-11-91 Hacking Macdonalds (Home Of The Archs) P500UNIX. ZIP 15525 06-11-91 Phortune 500 Guide To Unix RADHACK. ZIP 8411 06-11-91 Radio Hacking TAOTRASH. DOC 4096 12-25-89 Suggestions For Trashing TECHHACK. ZIP 5063 06-11-91 Technical Hacking

The files above are do-it-yourself manuals about computer intrusion. The above is only a small section of a much larger library of hackingand phreaking techniques and history. We now move into a different andperhaps surprising area. 

 +------------+ |Anarchy| +------------+

 ANARC. ZIP 3641 06-11-91 Anarchy Files ANARCHST. ZIP 63703 06-11-91 Anarchist Book ANARCHY. ZIP 2076 06-11-91 Anarchy At Home ANARCHY3. ZIP 6982 06-11-91 Anarchy No 3 ANARCTOY. ZIP 2361 06-11-91 Anarchy Toys ANTIMODM. ZIP 2877 06-11-91 Anti-modem Weapons ATOM. ZIP 4494 06-11-91 How To Make An Atom Bomb BARBITUA. ZIP 3982 06-11-91 Barbiturate Formula BLCKPWDR. ZIP 2810 06-11-91 Black Powder Formulas BOMB. ZIP 3765 06-11-91 How To Make Bombs BOOM. ZIP 2036 06-11-91 Things That Go Boom CHLORINE. ZIP 1926 06-11-91 Chlorine Bomb COOKBOOK. ZIP 1500 06-11-91 Anarchy Cook Book DESTROY. ZIP 3947 06-11-91 Destroy Stuff DUSTBOMB. ZIP 2576 06-11-91 Dust Bomb ELECTERR. ZIP 3230 06-11-91 Electronic Terror EXPLOS1. ZIP 2598 06-11-91 Explosives 1 EXPLOSIV. ZIP 18051 06-11-91 More Explosives EZSTEAL. ZIP 4521 06-11-91 Ez-stealing FLAME. ZIP 2240 06-11-91 Flame Thrower FLASHLT. ZIP 2533 06-11-91 Flashlight Bomb FMBUG. ZIP 2906 06-11-91 How To Make An Fm Bug OMEEXPL. ZIP 2139 06-11-91 Home Explosives HOW2BRK. ZIP 3332 06-11-91 How To Break In LETTER. ZIP 2990 06-11-91 Letter Bomb LOCK. ZIP 2199 06-11-91 How To Pick Locks MRSHIN. ZIP 3991 06-11-91 Briefcase Locks NAPALM. ZIP 3563 06-11-91 Napalm At Home NITRO. ZIP 3158 06-11-91 Fun With Nitro PARAMIL. ZIP 2962 06-11-91 Paramilitary Info PICKING. ZIP 3398 06-11-91 Picking Locks PIPEBOMB. ZIP 2137 06-11-91 Pipe Bomb POTASS. ZIP 3987 06-11-91 Formulas With Potassium PRANK. TXT 11074 08-03-90 More Pranks To Pull On Idiots! REVENGE. ZIP 4447 06-11-91 Revenge Tactics ROCKET. ZIP 2590 06-11-91 Rockets For Fun SMUGGLE. ZIP 3385 06-11-91 How To Smuggle

HOLY COW! The damned thing is full of stuff about bombs!

What are we to make of this?

First, it should be acknowledged that spreading knowledge aboutdemolitions to teenagers is a highly and deliberately antisocial act. It is not, however, illegal. 

Second, it should be recognized that most of these philes were in factWRITTEN by teenagers. Most adult American males who can remember theirteenage years will recognize that the notion of building a flamethrowerin your garage is an incredibly neat-o idea. ACTUALLY, building aflamethrower in your garage, however, is fraught with discouragingdifficulty. Stuffing gunpowder into a booby-trapped flashlight, so asto blow the arm off your high-school vice-principal, can be a thing ofdark beauty to contemplate. Actually committing assault by explosiveswill earn you the sustained attention of the federal Bureau of Alcohol, Tobacco and Firearms. 

Some people, however, will actually try these plans. A determinedlymurderous American teenager can probably buy or steal a handgun farmore easily than he can brew fake "napalm" in the kitchen sink. Nevertheless, if temptation is spread before people, a certain numberwill succumb, and a small minority will actually attempt these stunts. A large minority of that small minority will either fail or, quitelikely, maim themselves, since these "philes" have not been checked foraccuracy, are not the product of professional experience, and are oftenhighly fanciful. But the gloating menace of these philes is not to beentirely dismissed. 

Hackers may not be "serious" about bombing; if they were, we would hearfar more about exploding flashlights, homemade bazookas, and gymteachers poisoned by chlorine and potassium. However, hackers are VERYserious about forbidden knowledge. They are possessed not merely bycuriosity, but by a positive LUST TO KNOW. The desire to know whatothers don't is scarcely new. But the INTENSITY of this desire, asmanifested by these young technophilic denizens of the Information Age, may in fact BE new, and may represent some basic shift in socialvalues--a harbinger of what the world may come to, as society lays moreand more value on the possession, assimilation and retailing ofINFORMATION as a basic commodity of daily life. 

There have always been young men with obsessive interests in thesetopics. Never before, however, have they been able to network soextensively and easily, and to propagandize their interests withimpunity to random passers-by. High-school teachers will recognizethat there's always one in a crowd, but when the one in a crowd escapescontrol by jumping into the phone-lines, and becomes a hundred suchkids all together on a board, then trouble is brewing visibly. Theurge of authority to DO SOMETHING, even something drastic, is hard toresist. And in 1990, authority did something. In fact authority did agreat deal. 

#

The process by which boards create hackers goes something like this. Ayoungster becomes interested in computers--usually, computer games. Hehears from friends that "bulletin boards" exist where games can beobtained for free. (Many computer games are "freeware, " notcopyrighted--invented simply for the love of it and given away to thepublic; some of these games are quite good. ) He bugs his parents for amodem, or quite often, uses his parents' modem. 

The world of boards suddenly opens up. Computer games can be quiteexpensive, real budget-breakers for a kid, but pirated games, strippedof copy protection, are cheap or free. They are also illegal, but itis very rare, almost unheard of, for a small-scale software pirate tobe prosecuted. Once "cracked" of its copy protection, the program, being digital data, becomes infinitely reproducible. Even theinstructions to the game, any manuals that accompany it, can bereproduced as text files, or photocopied from legitimate sets. Otherusers on boards can give many useful hints in game-playing tactics. And a youngster with an infinite supply of free computer games cancertainly cut quite a swath among his modem-less friends. 

And boards are pseudonymous. No one need know that you're fourteenyears old--with a little practice at subterfuge, you can talk to adultsabout adult things, and be accepted and taken seriously! You can evenpretend to be a girl, or an old man, or anybody you can imagine. Ifyou find this kind of deception gratifying, there is ample opportunityto hone your ability on boards. 

But local boards can grow stale. And almost every board maintains alist of phone-numbers to other boards, some in distant, tempting, exotic locales. Who knows what they're up to, in Oregon or Alaska orFlorida or California? It's very easy to find out--just order themodem to call through its software--nothing to this, just typing on akeyboard, the same thing you would do for most any computer game. Themachine reacts swiftly and in a few seconds you are talking to a bunchof interesting people on another seaboard. 

And yet the BILLS for this trivial action can be staggering! Just bygoing tippety-tap with your fingers, you may have saddled your parentswith four hundred bucks in long-distance charges, and gotten chewed outbut good. That hardly seems fair. 

How horrifying to have made friends in another state and to be deprivedof their company--and their software--just because telephone companiesdemand absurd amounts of money! How painful, to be restricted toboards in one's own AREA CODE--what the heck is an "area code" anyway, and what makes it so special? A few grumbles, complaints, and innocentquestions of this sort will often elicit a sympathetic reply fromanother board user--someone with some stolen codes to hand. You dithera while, knowing this isn't quite right, then you make up your mind totry them anyhow--AND THEY WORK! Suddenly you're doing something evenyour parents can't do. Six months ago you were just some kid--now, you're the Crimson Flash of Area Code 512! You're bad--you'renationwide!

Maybe you'll stop at a few abused codes. Maybe you'll decide thatboards aren't all that interesting after all, that it's wrong, notworth the risk --but maybe you won't. The next step is to pick up yourown repeat-dialling program--to learn to generate your own stolencodes. (This was dead easy five years ago, much harder to get awaywith nowadays, but not yet impossible. ) And these dialling programs arenot complex or intimidating--some are as small as twenty lines ofsoftware. 

Now, you too can share codes. You can trade codes to learn othertechniques. If you're smart enough to catch on, and obsessive enoughto want to bother, and ruthless enough to start seriously bendingrules, then you'll get better, fast. You start to develop a rep. Youmove up to a heavier class of board--a board with a bad attitude, thekind of board that naive dopes like your classmates and your formerself have never even heard of! You pick up the jargon of phreaking andhacking from the board. You read a few of those anarchy philes--andman, you never realized you could be a real OUTLAW without ever leavingyour bedroom. 

You still play other computer games, but now you have a new and biggergame. This one will bring you a different kind of status thandestroying even eight zillion lousy space invaders. 

Hacking is perceived by hackers as a "game. " This is not an entirelyunreasonable or sociopathic perception. You can win or lose athacking, succeed or fail, but it never feels "real. " It's not simplythat imaginative youngsters sometimes have a hard time telling"make-believe" from "real life. " Cyberspace is NOT REAL! "Real"things are physical objects like trees and shoes and cars. Hackingtakes place on a screen. Words aren't physical, numbers (eventelephone numbers and credit card numbers) aren't physical. Sticks andstones may break my bones, but data will never hurt me. ComputersSIMULATE reality, like computer games that simulate tank battles ordogfights or spaceships. Simulations are just make-believe, and thestuff in computers is NOT REAL. 

Consider this: if "hacking" is supposed to be so serious and real-lifeand dangerous, then how come NINE-YEAR-OLD KIDS have computers andmodems? You wouldn't give a nine year old his own car, or his ownrifle, or his own chainsaw--those things are "real. "

People underground are perfectly aware that the "game" is frowned uponby the powers that be. Word gets around about busts in theunderground. Publicizing busts is one of the primary functions ofpirate boards, but they also promulgate an attitude about them, andtheir own idiosyncratic ideas of justice. The users of undergroundboards won't complain if some guy is busted for crashing systems, spreading viruses, or stealing money by wire-fraud. They may shaketheir heads with a sneaky grin, but they won't openly defend thesepractices. But when a kid is charged with some theoretical amount oftheft: $233, 846. 14, for instance, because he sneaked into a computerand copied something, and kept it in his house on a floppy disk--thisis regarded as a sign of near-insanity from prosecutors, a sign thatthey've drastically mistaken the immaterial game of computing for theirreal and boring everyday world of fatcat corporate money. 

It's as if big companies and their suck-up lawyers think that computingbelongs to them, and they can retail it with price stickers, as if itwere boxes of laundry soap! But pricing "information" is like tryingto price air or price dreams. Well, anybody on a pirate board knowsthat computing can be, and ought to be, FREE. Pirate boards are littleindependent worlds in cyberspace, and they don't belong to anybody butthe underground. Underground boards aren't "brought to you by Procter& Gamble. "

To log on to an underground board can mean to experience liberation, toenter a world where, for once, money isn't everything and adults don'thave all the answers. 

Let's sample another vivid hacker manifesto. Here are some excerptsfrom "The Conscience of a Hacker, " by "The Mentor, " from Phrack VolumeOne, Issue 7, Phile 3. 

"I made a discovery today. I found a computer. Wait a second, this iscool. It does what I want it to. If it makes a mistake, it's becauseI screwed it up. Not because it doesn't like me. ( . . . ) "And then ithappened . . . A door opened to a world . . . Rushing through the phoneline like heroin through an addict's veins, an electronic pulse is sentout, a refuge from day-to-day incompetencies is sought . . . A board isfound. 'This is it . . . This is where I belong . . . ' "I know everyonehere . . . Even if I've never met them, never talked to them, may neverhear from them again . . . I know you all . . . ( . . . )

"This is our world now . . . The world of the electron and the switch, the beauty of the baud. We make use of a service already existingwithout paying for what could be dirt-cheap if it wasn't run byprofiteering gluttons, and you call us criminals. We explore . . . Andyou call us criminals. We seek after knowledge . . . And you call uscriminals. We exist without skin color, without nationality, withoutreligious bias . . . And you call us criminals. You build atomic bombs, you wage wars, you murder, cheat and lie to us and try to make usbelieve that it's for our own good, yet we're the criminals. 

"Yes, I am a criminal. My crime is that of curiosity. My crime isthat of judging people by what they say and think, not what they looklike. My crime is that of outsmarting you, something that you willnever forgive me for. "

#

There have been underground boards almost as long as there have beenboards. One of the first was 8BBS, which became a stronghold of theWest Coast phone-phreak elite. After going on-line in March 1980, 8BBSsponsored "Susan Thunder, " and "Tuc, " and, most notoriously, "theCondor. " "The Condor" bore the singular distinction of becoming themost vilified American phreak and hacker ever. Angry undergroundassociates, fed up with Condor's peevish behavior, turned him in topolice, along with a heaping double-helping of outrageous hackerlegendry. As a result, Condor was kept in solitary confinement forseven months, for fear that he might start World War Three bytriggering missile silos from the prison payphone. (Having served histime, Condor is now walking around loose; WWIII has thus farconspicuously failed to occur. )

The sysop of 8BBS was an ardent free-speech enthusiast who simply feltthat ANY attempt to restrict the expression of his users wasunconstitutional and immoral. Swarms of the technically curiousentered 8BBS and emerged as phreaks and hackers, until, in 1982, afriendly 8BBS alumnus passed the sysop a new modem which had beenpurchased by credit-card fraud. Police took this opportunity to seizethe entire board and remove what they considered an attractive nuisance. 

Plovernet was a powerful East Coast pirate board that operated in bothNew York and Florida. Owned and operated by teenage hacker "QuasiMoto, " Plovernet attracted five hundred eager users in 1983. "EmmanuelGoldstein" was one-time co-sysop of Plovernet, along with "Lex Luthor, "founder of the "Legion of Doom" group. Plovernet bore the signalhonor of being the original home of the "Legion of Doom, " about whichthe reader will be hearing a great deal, soon. 

"Pirate-80, " or "P-80, " run by a sysop known as "Scan-Man, " got intothe game very early in Charleston, and continued steadily for years. P-80 flourished so flagrantly that even its most hardened users becamenervous, and some slanderously speculated that "Scan Man" must haveties to corporate security, a charge he vigorously denied. 

"414 Private" was the home board for the first GROUP to attractconspicuous trouble, the teenage "414 Gang, " whose intrusions intoSloan-Kettering Cancer Center and Los Alamos military computers were tobe a nine-days-wonder in 1982. 

At about this time, the first software piracy boards began to open up, trading cracked games for the Atari 800 and the Commodore C64. Naturally these boards were heavily frequented by teenagers. And withthe 1983 release of the hacker-thriller movie War Games, the sceneexploded. It seemed that every kid in America had demanded and gottena modem for Christmas. Most of these dabbler wannabes put their modemsin the attic after a few weeks, and most of the remainder minded theirP's and Q's and stayed well out of hot water. But some stubborn andtalented diehards had this hacker kid in War Games figured for ahappening dude. They simply could not rest until they had contactedthe underground--or, failing that, created their own. 

In the mid-80s, underground boards sprang up like digital fungi. ShadowSpawn Elite. Sherwood Forest I, II, and III. Digital Logic DataService in Florida, sysoped by no less a man than "Digital Logic"himself; Lex Luthor of the Legion of Doom was prominent on this board, since it was in his area code. Lex's own board, "Legion of Doom, "started in 1984. The Neon Knights ran a network of Apple-hackerboards: Neon Knights North, South, East and West. Free World II wasrun by "Major Havoc. " Lunatic Labs is still in operation as of thiswriting. Dr. Ripco in Chicago, an anything-goes anarchist board withan extensive and raucous history, was seized by Secret Service agentsin 1990 on Sundevil day, but up again almost immediately, with newmachines and scarcely diminished vigor. 

The St. Louis scene was not to rank with major centers of Americanhacking such as New York and L. A. But St. Louis did rejoice inpossession of "Knight Lightning" and "Taran King, " two of the foremostJOURNALISTS native to the underground. Missouri boards like MetalShop, Metal Shop Private, Metal Shop Brewery, may not have been theheaviest boards around in terms of illicit expertise. But they becameboards where hackers could exchange social gossip and try to figure outwhat the heck was going on nationally--and internationally. Gossipfrom Metal Shop was put into the form of news files, then assembledinto a general electronic publication, Phrack, a portmanteau titlecoined from "phreak" and "hack. " The Phrack editors were as obsessivelycurious about other hackers as hackers were about machines. 

Phrack, being free of charge and lively reading, began to circulatethroughout the underground. As Taran King and Knight Lightning lefthigh school for college, Phrack began to appear on mainframe machineslinked to BITNET, and, through BITNET to the "Internet, " that loose butextremely potent not-for-profit network where academic, governmentaland corporate machines trade data through the UNIX TCP/IP protocol. (The "Internet Worm" of November 2-3, 1988, created by Cornell gradstudent Robert Morris, was to be the largest and best-publicizedcomputer-intrusion scandal to date. Morris claimed that his ingenious"worm" program was meant to harmlessly explore the Internet, but due tobad programming, the Worm replicated out of control and crashed somesix thousand Internet computers. Smaller-scale and less ambitiousInternet hacking was a standard for the underground elite. )

Most any underground board not hopelessly lame and out-of-it wouldfeature a complete run of Phrack--and, possibly, the lesser-knownstandards of the underground: the Legion of Doom Technical Journal, theobscene and raucous Cult of the Dead Cow files, P/HUN magazine, Pirate, the Syndicate Reports, and perhaps the highly anarcho-politicalActivist Times Incorporated. 

Possession of Phrack on one's board was prima facie evidence of a badattitude. Phrack was seemingly everywhere, aiding, abetting, andspreading the underground ethos. And this did not escape the attentionof corporate security or the police. 

We now come to the touchy subject of police and boards. Police, do, infact, own boards. In 1989, there were police-sponsored boards inCalifornia, Colorado, Florida, Georgia, Idaho, Michigan, Missouri, Texas, and Virginia: boards such as "Crime Bytes, " "Crimestoppers, ""All Points" and "Bullet-N-Board. " Police officers, as privatecomputer enthusiasts, ran their own boards in Arizona, California, Colorado, Connecticut, Florida, Missouri, Maryland, New Mexico, NorthCarolina, Ohio, Tennessee and Texas. Police boards have often provedhelpful in community relations. Sometimes crimes are reported onpolice boards. 

Sometimes crimes are COMMITTED on police boards. This has sometimeshappened by accident, as naive hackers blunder onto police boards andblithely begin offering telephone codes. Far more often, however, itoccurs through the now almost-traditional use of "sting boards. " Thefirst police sting-boards were established in 1985: "UndergroundTunnel" in Austin, Texas, whose sysop Sgt. Robert Ansley called himself"Pluto"--"The Phone Company" in Phoenix, Arizona, run by Ken MacLeod ofthe Maricopa County Sheriff's office--and Sgt. Dan Pasquale's board inFremont, California. Sysops posed as hackers, and swiftly garneredcoteries of ardent users, who posted codes and loaded pirate softwarewith abandon, and came to a sticky end. 

Sting boards, like other boards, are cheap to operate, very cheap bythe standards of undercover police operations. Once accepted by thelocal underground, sysops will likely be invited into other pirateboards, where they can compile more dossiers. And when the sting isannounced and the worst offenders arrested, the publicity is generallygratifying. The resultant paranoia in the underground--perhaps morejustly described as a "deterrence effect"--tends to quell locallawbreaking for quite a while. 

Obviously police do not have to beat the underbrush for hackers. Onthe contrary, they can go trolling for them. Those caught can begrilled. Some become useful informants. They can lead the way topirate boards all across the country. 

And boards all across the country showed the sticky fingerprints ofPhrack, and of that loudest and most flagrant of all undergroundgroups, the "Legion of Doom. "

The term "Legion of Doom" came from comic books. The Legion of Doom, aconspiracy of costumed super-villains headed by the chrome-domedcriminal ultra-mastermind Lex Luthor, gave Superman a lot of four-colorgraphic trouble for a number of decades. Of course, Superman, thatexemplar of Truth, Justice, and the American Way, always won in thelong run. This didn't matter to the hacker Doomsters--"Legion of Doom"was not some thunderous and evil Satanic reference, it was not meant tobe taken seriously. "Legion of Doom" came from funny-books and wassupposed to be funny. 

"Legion of Doom" did have a good mouthfilling ring to it, though. Itsounded really cool. Other groups, such as the "Farmers of Doom, "closely allied to LoD, recognized this grandiloquent quality, and madefun of it. There was even a hacker group called "Justice League ofAmerica, " named after Superman's club of true-blue crimefightingsuperheros. 

But they didn't last; the Legion did. 

The original Legion of Doom, hanging out on Quasi Moto's Plovernetboard, were phone phreaks. They weren't much into computers. "LexLuthor" himself (who was under eighteen when he formed the Legion) wasa COSMOS expert, COSMOS being the "Central System for MainframeOperations, " a telco internal computer network. Lex would eventuallybecome quite a dab hand at breaking into IBM mainframes, but althougheveryone liked Lex and admired his attitude, he was not considered atruly accomplished computer intruder. Nor was he the "mastermind" ofthe Legion of Doom--LoD were never big on formal leadership. As aregular on Plovernet and sysop of his "Legion of Doom BBS, " Lex was theLegion's cheerleader and recruiting officer. 

Legion of Doom began on the ruins of an earlier phreak group, TheKnights of Shadow. Later, LoD was to subsume the personnel of thehacker group "Tribunal of Knowledge. " People came and went constantlyin LoD; groups split up or formed offshoots. 

Early on, the LoD phreaks befriended a few computer-intrusionenthusiasts, who became the associated "Legion of Hackers. " Then thetwo groups conflated into the "Legion of Doom/Hackers, " or LoD/H. Whenthe original "hacker" wing, Messrs. "Compu-Phreak" and "Phucked Agent04, " found other matters to occupy their time, the extra "/H" slowlyatrophied out of the name; but by this time the phreak wing, Messrs. Lex Luthor, "Blue Archer, " "Gary Seven, " "Kerrang Khan, " "Master ofImpact, " "Silver Spy, " "The Marauder, " and "The Videosmith, " had pickedup a plethora of intrusion expertise and had become a force to bereckoned with. 

LoD members seemed to have an instinctive understanding that the way toreal power in the underground lay through covert publicity. LoD wereflagrant. Not only was it one of the earliest groups, but the memberstook pains to widely distribute their illicit knowledge. Some LoDmembers, like "The Mentor, " were close to evangelical about it. Legionof Doom Technical Journal began to show up on boards throughout theunderground. 

LoD Technical Journal was named in cruel parody of the ancient andhonored AT&T Technical Journal. The material in these two publicationswas quite similar--much of it, adopted from public journals anddiscussions in the telco community. And yet, the predatory attitude ofLoD made even its most innocuous data seem deeply sinister; an outrage;a clear and present danger. 

To see why this should be, let's consider the following (invented)paragraphs, as a kind of thought experiment. 

(A) "W. Fred Brown, AT&T Vice President for Advanced TechnicalDevelopment, testified May 8 at a Washington hearing of the NationalTelecommunications and Information Administration (NTIA), regardingBellcore's GARDEN project. GARDEN (Generalized Automatic RemoteDistributed Electronic Network) is a telephone-switch programming toolthat makes it possible to develop new telecom services, includinghold-on-hold and customized message transfers, from any keypadterminal, within seconds. The GARDEN prototype combines centrex lineswith a minicomputer using UNIX operating system software. "

(B) "Crimson Flash 512 of the Centrex Mobsters reports: D00dz, youwouldn't believe this GARDEN bullshit Bellcore's just come up with!Now you don't even need a lousy Commodore to reprogram a switch--justlog on to GARDEN as a technician, and you can reprogram switches rightoff the keypad in any public phone booth! You can give yourselfhold-on-hold and customized message transfers, and best of all, thething is run off (notoriously insecure) centrex lines using--getthis--standard UNIX software! Ha ha ha ha!"

Message (A), couched in typical techno-bureaucratese, appears tediousand almost unreadable. (A) scarcely seems threatening or menacing. Message (B), on the other hand, is a dreadful thing, prima facieevidence of a dire conspiracy, definitely not the kind of thing youwant your teenager reading. 

The INFORMATION, however, is identical. It is PUBLIC information, presented before the federal government in an open hearing. It is not"secret. " It is not "proprietary. " It is not even "confidential. " Onthe contrary, the development of advanced software systems is a matterof great public pride to Bellcore. 

However, when Bellcore publicly announces a project of this kind, itexpects a certain attitude from the public--something along the linesof GOSH WOW, YOU GUYS ARE GREAT, KEEP THAT UP, WHATEVER ITIS--certainly not cruel mimickry, one-upmanship and outrageousspeculations about possible security holes. 

Now put yourself in the place of a policeman confronted by an outragedparent, or telco official, with a copy of Version (B). Thiswell-meaning citizen, to his horror, has discovered a localbulletin-board carrying outrageous stuff like (B), which his son isexamining with a deep and unhealthy interest. If (B) were printed in abook or magazine, you, as an American law enforcement officer, wouldknow that it would take a hell of a lot of trouble to do anything aboutit; but it doesn't take technical genius to recognize that if there's acomputer in your area harboring stuff like (B), there's going to betrouble. 

In fact, if you ask around, any computer-literate cop will tell youstraight out that boards with stuff like (B) are the SOURCE of trouble. And the WORST source of trouble on boards are the ringleaders inventingand spreading stuff like (B). If it weren't for these jokers, therewouldn't BE any trouble. 

And Legion of Doom were on boards like nobody else. Plovernet. TheLegion of Doom Board. The Farmers of Doom Board. Metal Shop. OSUNY. Blottoland. Private Sector. Atlantis. Digital Logic. Hell PhrozenOver. 

LoD members also ran their own boards. "Silver Spy" started his ownboard, "Catch-22, " considered one of the heaviest around. So did"Mentor, " with his "Phoenix Project. " When they didn't run boardsthemselves, they showed up on other people's boards, to brag, boast, and strut. And where they themselves didn't go, their philes went, carrying evil knowledge and an even more evil attitude. 

As early as 1986, the police were under the vague impression thatEVERYONE in the underground was Legion of Doom. LoD was never thatlarge--considerably smaller than either "Metal Communications" or "TheAdministration, " for instance--but LoD got tremendous press. Especially in Phrack, which at times read like an LoD fan magazine; andPhrack was everywhere, especially in the offices of telco security. You couldn't GET busted as a phone phreak, a hacker, or even a lousycodes kid or warez dood, without the cops asking if you were LoD. 

This was a difficult charge to deny, as LoD never distributedmembership badges or laminated ID cards. If they had, they wouldlikely have died out quickly, for turnover in their membership wasconsiderable. LoD was less a high-tech street-gang than an ongoingstate-of-mind. LoD was the Gang That Refused to Die. By 1990, LoD hadRULED for ten years, and it seemed WEIRD to police that they werecontinually busting people who were only sixteen years old. All theseteenage small-timers were pleading the tiresome hacker litany of "justcurious, no criminal intent. " Somewhere at the center of thisconspiracy there had to be some serious adult masterminds, not thisseemingly endless supply of myopic suburban white kids with high SATsand funny haircuts. 

There was no question that most any American hacker arrested would"know" LoD. They knew the handles of contributors to LoD Tech Journal, and were likely to have learned their craft through LoD boards and LoDactivism. But they'd never met anyone from LoD. Even some of therotating cadre who were actually and formally "in LoD" knew one anotheronly by board-mail and pseudonyms. This was a highly unconventionalprofile for a criminal conspiracy. Computer networking, and the rapidevolution of the digital underground, made the situation very diffuseand confusing. 

Furthermore, a big reputation in the digital underground did notcoincide with one's willingness to commit "crimes. " Instead, reputationwas based on cleverness and technical mastery. As a result, it oftenseemed that the HEAVIER the hackers were, the LESS likely they were tohave committed any kind of common, easily prosecutable crime. Therewere some hackers who could really steal. And there were hackers whocould really hack. But the two groups didn't seem to overlap much, ifat all. For instance, most people in the underground looked up to"Emmanuel Goldstein" of 2600 as a hacker demigod. But Goldstein'spublishing activities were entirely legal--Goldstein just printed dodgystuff and talked about politics, he didn't even hack. When you cameright down to it, Goldstein spent half his time complaining thatcomputer security WASN'T STRONG ENOUGH and ought to be drasticallyimproved across the board!

Truly heavy-duty hackers, those with serious technical skills who hadearned the respect of the underground, never stole money or abusedcredit cards. Sometimes they might abuse phone-codes--but often, theyseemed to get all the free phone-time they wanted without leaving atrace of any kind. 

The best hackers, the most powerful and technically accomplished, werenot professional fraudsters. They raided computers habitually, butwouldn't alter anything, or damage anything. They didn't even stealcomputer equipment--most had day-jobs messing with hardware, and couldget all the cheap secondhand equipment they wanted. The hottesthackers, unlike the teenage wannabes, weren't snobs about fancy orexpensive hardware. Their machines tended to be raw second-handdigital hot-rods full of custom add-ons that they'd cobbled togetherout of chickenwire, memory chips and spit. Some were adults, computersoftware writers and consultants by trade, and making quite goodlivings at it. Some of them ACTUALLY WORKED FOR THE PHONE COMPANY--andfor those, the "hackers" actually found under the skirts of Ma Bell, there would be little mercy in 1990. 

It has long been an article of faith in the underground that the "best"hackers never get caught. They're far too smart, supposedly. Theynever get caught because they never boast, brag, or strut. Thesedemigods may read underground boards (with a condescending smile), butthey never say anything there. The "best" hackers, according tolegend, are adult computer professionals, such as mainframe systemadministrators, who already know the ins and outs of their particularbrand of security. Even the "best" hacker can't break in to just anycomputer at random: the knowledge of security holes is too specialized, varying widely with different software and hardware. But if people areemployed to run, say, a UNIX mainframe or a VAX/VMS machine, then theytend to learn security from the inside out. Armed with this knowledge, they can look into most anybody else's UNIX or VMS without much troubleor risk, if they want to. And, according to hacker legend, of coursethey want to, so of course they do. They just don't make a big deal ofwhat they've done. So nobody ever finds out. 

It is also an article of faith in the underground that professionaltelco people "phreak" like crazed weasels. OF COURSE they spy onMadonna's phone calls--I mean, WOULDN'T YOU? Of course they givethemselves free long-distance--why the hell should THEY pay, they'rerunning the whole shebang!

It has, as a third matter, long been an article of faith that anyhacker caught can escape serious punishment if he confesses HOW HE DIDIT. Hackers seem to believe that governmental agencies and largecorporations are blundering about in cyberspace like eyeless jellyfishor cave salamanders. They feel that these large but patheticallystupid organizations will proffer up genuine gratitude, and perhapseven a security post and a big salary, to the hot-shot intruder whowill deign to reveal to them the supreme genius of his modus operandi. 

In the case of longtime LoD member "Control-C, " this actually happened, more or less. Control-C had led Michigan Bell a merry chase, and whencaptured in 1987, he turned out to be a bright and apparentlyphysically harmless young fanatic, fascinated by phones. There was nochance in hell that Control-C would actually repay the enormous andlargely theoretical sums in long-distance service that he hadaccumulated from Michigan Bell. He could always be indicted for fraudor computer-intrusion, but there seemed little real point in this--hehadn't physically damaged any computer. He'd just plead guilty, andhe'd likely get the usual slap-on-the-wrist, and in the meantime itwould be a big hassle for Michigan Bell just to bring up the case. Butif kept on the payroll, he might at least keep his fellow hackers atbay. 

There were uses for him. For instance, a contrite Control-C wasfeatured on Michigan Bell internal posters, sternly warning employeesto shred their trash. He'd always gotten most of his best inside infofrom "trashing"--raiding telco dumpsters, for useful data indiscreetlythrown away. He signed these posters, too. Control-C had becomesomething like a Michigan Bell mascot. And in fact, Control-C DID keepother hackers at bay. Little hackers were quite scared of Control-Cand his heavy-duty Legion of Doom friends. And big hackers WERE hisfriends and didn't want to screw up his cushy situation. 

No matter what one might say of LoD, they did stick together. When"Wasp, " an apparently genuinely malicious New York hacker, begancrashing Bellcore machines, Control-C received swift volunteer helpfrom "the Mentor" and the Georgia LoD wing made up of "The Prophet, ""Urvile, " and "Leftist. " Using Mentor's Phoenix Project board tocoordinate, the Doomsters helped telco security to trap Wasp, by luringhim into a machine with a tap and line-trace installed. Wasp lost. LoD won! And my, did they brag. 

Urvile, Prophet and Leftist were well-qualified for this activity, probably more so even than the quite accomplished Control-C. TheGeorgia boys knew all about phone switching-stations. Though relativejohnny-come-latelies in the Legion of Doom, they were considered someof LoD's heaviest guys, into the hairiest systems around. They had thegood fortune to live in or near Atlanta, home of the sleepy andapparently tolerant BellSouth RBOC. 

As RBOC security went, BellSouth were "cake. " US West (of Arizona, theRockies and the Pacific Northwest) were tough and aggressive, probablythe heaviest RBOC around. Pacific Bell, California's PacBell, weresleek, high-tech, and longtime veterans of the LA phone-phreak wars. NYNEX had the misfortune to run the New York City area, and were warilyprepared for most anything. Even Michigan Bell, a division of theAmeritech RBOC, at least had the elementary sense to hire their ownhacker as a useful scarecrow. But BellSouth, even though theircorporate P. R. Proclaimed them to have "Everything You Expect From aLeader, " were pathetic. 

When rumor about LoD's mastery of Georgia's switching network gotaround to BellSouth through Bellcore and telco security scuttlebutt, they at first refused to believe it. If you paid serious attention toevery rumor out and about these hacker kids, you would hear all kindsof wacko saucer-nut nonsense: that the National Security Agencymonitored all American phone calls, that the CIA and DEA trackedtraffic on bulletin-boards with word-analysis programs, that the Condorcould start World War III from a payphone. 

If there were hackers into BellSouth switching-stations, then how comenothing had happened? Nothing had been hurt. BellSouth's machinesweren't crashing. BellSouth wasn't suffering especially badly fromfraud. BellSouth's customers weren't complaining. BellSouth washeadquartered in Atlanta, ambitious metropolis of the new high-techSunbelt; and BellSouth was upgrading its network by leaps and bounds, digitizing the works left right and center. They could hardly beconsidered sluggish or naive. BellSouth's technical expertise wassecond to none, thank you kindly. But then came the Florida business. 

On June 13, 1989, callers to the Palm Beach County ProbationDepartment, in Delray Beach, Florida, found themselves involved in aremarkable discussion with a phone-sex worker named "Tina" in New YorkState. Somehow, ANY call to this probation office near Miami wasinstantly and magically transported across state lines, at no extracharge to the user, to a pornographic phone-sex hotline hundreds ofmiles away!

This practical joke may seem utterly hilarious at first hearing, andindeed there was a good deal of chuckling about it in phone phreakcircles, including the Autumn 1989 issue of 2600. But for SouthernBell (the division of the BellSouth RBOC supplying local service forFlorida, Georgia, North Carolina and South Carolina), this was asmoking gun. For the first time ever, a computer intruder had brokeninto a BellSouth central office switching station and re-programmed it!

Or so BellSouth thought in June 1989. Actually, LoD members had beenfrolicking harmlessly in BellSouth switches since September 1987. Thestunt of June 13--call-forwarding a number through manipulation of aswitching station--was child's play for hackers as accomplished as theGeorgia wing of LoD. Switching calls interstate sounded like a bigdeal, but it took only four lines of code to accomplish this. An easy, yet more discreet, stunt, would be to call-forward another number toyour own house. If you were careful and considerate, and changed thesoftware back later, then not a soul would know. Except you. Andwhoever you had bragged to about it. 

As for BellSouth, what they didn't know wouldn't hurt them. 

Except now somebody had blown the whole thing wide open, and BellSouthknew. 

A now alerted and considerably paranoid BellSouth began searchingswitches right and left for signs of impropriety, in that hot summer of1989. No fewer than forty-two BellSouth employees were put on 12-hourshifts, twenty-four hours a day, for two solid months, poring overrecords and monitoring computers for any sign of phony access. Theseforty-two overworked experts were known as BellSouth's "Intrusion TaskForce. "

What the investigators found astounded them. Proprietary telcodatabases had been manipulated: phone numbers had been created out ofthin air, with no users' names and no addresses. And perhaps worst ofall, no charges and no records of use. The new digital ReMOB (RemoteObservation) diagnostic feature had been extensively tamperedwith--hackers had learned to reprogram ReMOB software, so that theycould listen in on any switch-routed call at their leisure! They wereusing telco property to SPY!

The electrifying news went out throughout law enforcement in 1989. Ithad never really occurred to anyone at BellSouth that their prized andbrand-new digital switching-stations could be RE-PROGRAMMED. Peopleseemed utterly amazed that anyone could have the nerve. Of coursethese switching stations were "computers, " and everybody knew hackersliked to "break into computers:" but telephone people's computers wereDIFFERENT from normal people's computers. 

The exact reason WHY these computers were "different" was ratherill-defined. It certainly wasn't the extent of their security. Thesecurity on these BellSouth computers was lousy; the AIMSX computers, for instance, didn't even have passwords. But there was no questionthat BellSouth strongly FELT that their computers were very differentindeed. And if there were some criminals out there who had not gottenthat message, BellSouth was determined to see that message taught. 

After all, a 5ESS switching station was no mere bookkeeping system forsome local chain of florists. Public service depended on thesestations. Public SAFETY depended on these stations. 

And hackers, lurking in there call-forwarding or ReMobbing, could spyon anybody in the local area! They could spy on telco officials! Theycould spy on police stations! They could spy on local offices of theSecret Service. . . . 

In 1989, electronic cops and hacker-trackers began usingscrambler-phones and secured lines. It only made sense. There was notelling who was into those systems. Whoever they were, they soundedscary. This was some new level of antisocial daring. Could be WestGerman hackers, in the pay of the KGB. That too had seemed a weird andfarfetched notion, until Clifford Stoll had poked and prodded asluggish Washington law-enforcement bureaucracy into investigating acomputer intrusion that turned out to be exactly that--HACKERS, IN THEPAY OF THE KGB! Stoll, the systems manager for an Internet lab inBerkeley California, had ended up on the front page of the New NorkTimes, proclaimed a national hero in the first true story ofinternational computer espionage. Stoll's counterspy efforts, which herelated in a bestselling book, The Cuckoo's Egg, in 1989, hadestablished the credibility of 'hacking' as a possible threat tonational security. The United States Secret Service doesn't messaround when it suspects a possible action by a foreign intelligenceapparat. 

The Secret Service scrambler-phones and secured lines put a tremendouskink in law enforcement's ability to operate freely; to get the wordout, cooperate, prevent misunderstandings. Nevertheless, 1989 scarcelyseemed the time for half-measures. If the police and Secret Servicethemselves were not operationally secure, then how could theyreasonably demand measures of security from private enterprise? Atleast, the inconvenience made people aware of the seriousness of thethreat. 

If there was a final spur needed to get the police off the dime, itcame in the realization that the emergency 911 system was vulnerable. The 911 system has its own specialized software, but it is run on thesame digital switching systems as the rest of the telephone network. 911 is not physically different from normal telephony. But it iscertainly culturally different, because this is the area of telephoniccyberspace reserved for the police and emergency services. 

Your average policeman may not know much about hackers orphone-phreaks. Computer people are weird; even computer COPS arerather weird; the stuff they do is hard to figure out. But a threat tothe 911 system is anything but an abstract threat. If the 911 systemgoes, people can die. 

Imagine being in a car-wreck, staggering to a phone-booth, punching 911and hearing "Tina" pick up the phone-sex line somewhere in New York!The situation's no longer comical, somehow. 

And was it possible? No question. Hackers had attacked 911 systemsbefore. Phreaks can max-out 911 systems just by siccing a bunch ofcomputer-modems on them in tandem, dialling them over and over untilthey clog. That's very crude and low-tech, but it's still a seriousbusiness. 

The time had come for action. It was time to take stern measures withthe underground. It was time to start picking up the dropped threads, the loose edges, the bits of braggadocio here and there; it was time toget on the stick and start putting serious casework together. Hackersweren't "invisible. " They THOUGHT they were invisible; but the truthwas, they had just been tolerated too long. 

Under sustained police attention in the summer of '89, the digitalunderground began to unravel as never before. 

The first big break in the case came very early on: July 1989, thefollowing month. The perpetrator of the "Tina" switch was caught, andconfessed. His name was "Fry Guy, " a 16-year-old in Indiana. Fry Guyhad been a very wicked young man. 

Fry Guy had earned his handle from a stunt involving French fries. FryGuy had filched the log-in of a local MacDonald's manager and hadlogged-on to the MacDonald's mainframe on the Sprint Telenet system. Posing as the manager, Fry Guy had altered MacDonald's records, andgiven some teenage hamburger-flipping friends of his, generous raises. He had not been caught. 

Emboldened by success, Fry Guy moved on to credit-card abuse. Fry Guywas quite an accomplished talker; with a gift for "social engineering. "If you can do "social engineering"--fast-talk, fake-outs, impersonation, conning, scamming--then card abuse comes easy. (Gettingaway with it in the long run is another question). 

Fry Guy had run across "Urvile" of the Legion of Doom on the ALTOS Chatboard in Bonn, Germany. ALTOS Chat was a sophisticated board, accessible through globe-spanning computer networks like BITnet, Tymnet, and Telenet. ALTOS was much frequented by members of Germany'sChaos Computer Club. Two Chaos hackers who hung out on ALTOS, "Jaeger"and "Pengo, " had been the central villains of Clifford Stoll's Cuckoo'sEgg case: consorting in East Berlin with a spymaster from the KGB, andbreaking into American computers for hire, through the Internet. 

When LoD members learned the story of Jaeger's depredations fromStoll's book, they were rather less than impressed, technicallyspeaking. On LoD's own favorite board of the moment, "Black Ice, " LoDmembers bragged that they themselves could have done all the Chaosbreak-ins in a week flat! Nevertheless, LoD were grudgingly impressedby the Chaos rep, the sheer hairy-eyed daring of hash-smoking anarchisthackers who had rubbed shoulders with the fearsome big-boys ofinternational Communist espionage. LoD members sometimes traded bitsof knowledge with friendly German hackers on ALTOS--phone numbers forvulnerable VAX/VMS computers in Georgia, for instance. Dutch andBritish phone phreaks, and the Australian clique of "Phoenix, " "Nom, "and "Electron, " were ALTOS regulars, too. In underground circles, tohang out on ALTOS was considered the sign of an elite dude, asophisticated hacker of the international digital jet-set. 

Fry Guy quickly learned how to raid information from credit-cardconsumer-reporting agencies. He had over a hundred stolen credit-cardnumbers in his notebooks, and upwards of a thousand swipedlong-distance access codes. He knew how to get onto Altos, and how totalk the talk of the underground convincingly. He now wheedledknowledge of switching-station tricks from Urvile on the ALTOS system. 

Combining these two forms of knowledge enabled Fry Guy to bootstrap hisway up to a new form of wire-fraud. First, he'd snitched credit cardnumbers from credit-company computers. The data he copied includednames, addresses and phone numbers of the random card-holders. 

Then Fry Guy, impersonating a card-holder, called up Western Union andasked for a cash advance on "his" credit card. Western Union, as asecurity guarantee, would call the customer back, at home, to verifythe transaction. 

But, just as he had switched the Florida probation office to "Tina" inNew York, Fry Guy switched the card-holder's number to a localpay-phone. There he would lurk in wait, muddying his trail by routingand re-routing the call, through switches as far away as Canada. Whenthe call came through, he would boldly "social-engineer, " or con, theWestern Union people, pretending to be the legitimate card-holder. Since he'd answered the proper phone number, the deception was not veryhard. Western Union's money was then shipped to a confederate of FryGuy's in his home town in Indiana. 

Fry Guy and his cohort, using LoD techniques, stole six thousanddollars from Western Union between December 1988 and July 1989. Theyalso dabbled in ordering delivery of stolen goods through card-fraud. Fry Guy was intoxicated with success. The sixteen-year-old fantasizedwildly to hacker rivals, boasting that he'd used rip-off money to hirehimself a big limousine, and had driven out-of-state with a groupiefrom his favorite heavy-metal band, Motley Crue. 

Armed with knowledge, power, and a gratifying stream of free money, FryGuy now took it upon himself to call local representatives of IndianaBell security, to brag, boast, strut, and utter tormenting warningsthat his powerful friends in the notorious Legion of Doom could crashthe national telephone network. Fry Guy even named a date for thescheme: the Fourth of July, a national holiday. 

This egregious example of the begging-for-arrest syndrome was shortlyfollowed by Fry Guy's arrest. After the Indiana telephone companyfigured out who he was, the Secret Service had DNRs--Dialed NumberRecorders--installed on his home phone lines. These devices are nottaps, and can't record the substance of phone calls, but they do recordthe phone numbers of all calls going in and out. Tracing these numbersshowed Fry Guy's long-distance code fraud, his extensive ties to piratebulletin boards, and numerous personal calls to his LoD friends inAtlanta. By July 11, 1989, Prophet, Urvile and Leftist also had SecretService DNR "pen registers" installed on their own lines. 

The Secret Service showed up in force at Fry Guy's house on July 22, 1989, to the horror of his unsuspecting parents. The raiders were ledby a special agent from the Secret Service's Indianapolis office. However, the raiders were accompanied and advised by Timothy M. Foleyof the Secret Service's Chicago office (a gentleman about whom we willsoon be hearing a great deal). 

Following federal computer-crime techniques that had been standardsince the early 1980s, the Secret Service searched the housethoroughly, and seized all of Fry Guy's electronic equipment andnotebooks. All Fry Guy's equipment went out the door in the custody ofthe Secret Service, which put a swift end to his depredations. 

The USSS interrogated Fry Guy at length. His case was put in thecharge of Deborah Daniels, the federal US Attorney for the SouthernDistrict of Indiana. Fry Guy was charged with eleven counts ofcomputer fraud, unauthorized computer access, and wire fraud. Theevidence was thorough and irrefutable. For his part, Fry Guy blamedhis corruption on the Legion of Doom and offered to testify againstthem. 

Fry Guy insisted that the Legion intended to crash the phone system ona national holiday. And when AT&T crashed on Martin Luther King Day, 1990, this lent a credence to his claim that genuinely alarmed telcosecurity and the Secret Service. 

Fry Guy eventually pled guilty on May 31, 1990. On September 14, hewas sentenced to forty-four months' probation and four hundred hours'community service. He could have had it much worse; but it made senseto prosecutors to take it easy on this teenage minor, while zeroing inon the notorious kingpins of the Legion of Doom. 

But the case against LoD had nagging flaws. Despite the best effort ofinvestigators, it was impossible to prove that the Legion had crashedthe phone system on January 15, because they, in fact, hadn't done so. The investigations of 1989 did show that certain members of the Legionof Doom had achieved unprecedented power over the telco switchingstations, and that they were in active conspiracy to obtain more poweryet. Investigators were privately convinced that the Legion of Doomintended to do awful things with this knowledge, but mere evil intentwas not enough to put them in jail. 

And although the Atlanta Three--Prophet, Leftist, and especiallyUrvile--had taught Fry Guy plenty, they were not themselves credit-cardfraudsters. The only thing they'd "stolen" was long-distanceservice--and since they'd done much of that through phone-switchmanipulation, there was no easy way to judge how much they'd "stolen, "or whether this practice was even "theft" of any easily recognizablekind. 

Fry Guy's theft of long-distance codes had cost the phone companiesplenty. The theft of long-distance service may be a fairly theoretical"loss, " but it costs genuine money and genuine time to delete all thosestolen codes, and to re-issue new codes to the innocent owners of thosecorrupted codes. The owners of the codes themselves are victimized, and lose time and money and peace of mind in the hassle. And thenthere were the credit-card victims to deal with, too, and WesternUnion. When it came to rip-off, Fry Guy was far more of a thief thanLoD. It was only when it came to actual computer expertise that FryGuy was small potatoes. 

The Atlanta Legion thought most "rules" of cyberspace were for rodentsand losers, but they DID have rules. THEY NEVER CRASHED ANYTHING, ANDTHEY NEVER TOOK MONEY. These were rough rules-of-thumb, and ratherdubious principles when it comes to the ethical subtleties ofcyberspace, but they enabled the Atlanta Three to operate with arelatively clear conscience (though never with peace of mind). 

If you didn't hack for money, if you weren't robbing people of actualfunds--money in the bank, that is--then nobody REALLY got hurt, inLoD's opinion. "Theft of service" was a bogus issue, and "intellectualproperty" was a bad joke. But LoD had only elitist contempt forrip-off artists, "leechers, " thieves. They considered themselvesclean. In their opinion, if you didn't smash-up or crash any systems--(well, not on purpose, anyhow--accidents can happen, just ask RobertMorris) then it was very unfair to call you a "vandal" or a "cracker. "When you were hanging out on-line with your "pals" in telco security, you could face them down from the higher plane of hacker morality. Andyou could mock the police from the supercilious heights of yourhacker's quest for pure knowledge. 

But from the point of view of law enforcement and telco security, however, Fry Guy was not really dangerous. The Atlanta Three WEREdangerous. It wasn't the crimes they were committing, but the DANGER, the potential hazard, the sheer TECHNICAL POWER LoD had accumulated, that had made the situation untenable. Fry Guy was not LoD. He'dnever laid eyes on anyone in LoD; his only contacts with them had beenelectronic. Core members of the Legion of Doom tended to meetphysically for conventions every year or so, to get drunk, give eachother the hacker high-sign, send out for pizza and ravage hotel suites. Fry Guy had never done any of this. Deborah Daniels assessed Fry Guyaccurately as "an LoD wannabe. "

Nevertheless Fry Guy's crimes would be directly attributed to LoD inmuch future police propaganda. LoD would be described as "a closelyknit group" involved in "numerous illegal activities" including"stealing and modifying individual credit histories, " and "fraudulentlyobtaining money and property. " Fry Guy did this, but the Atlanta Threedidn't; they simply weren't into theft, but rather intrusion. Thiscaused a strange kink in the prosecution's strategy. LoD were accusedof "disseminating information about attacking computers to othercomputer hackers in an effort to shift the focus of law enforcement tothose other hackers and away from the Legion of Doom. "

This last accusation (taken directly from a press release by theChicago Computer Fraud and Abuse Task Force) sounds particularlyfar-fetched. One might conclude at this point that investigators wouldhave been well-advised to go ahead and "shift their focus" from the"Legion of Doom. " Maybe they SHOULD concentrate on "those otherhackers"--the ones who were actually stealing money and physicalobjects. 

But the Hacker Crackdown of 1990 was not a simple policing action. Itwasn't meant just to walk the beat in cyberspace--it was a CRACKDOWN, adeliberate attempt to nail the core of the operation, to send a direand potent message that would settle the hash of the digitalunderground for good. 

By this reasoning, Fry Guy wasn't much more than the electronicequivalent of a cheap streetcorner dope dealer. As long as themasterminds of LoD were still flagrantly operating, pushing theirmountains of illicit knowledge right and left, and whipping upenthusiasm for blatant lawbreaking, then there would be an INFINITESUPPLY of Fry Guys. 

Because LoD were flagrant, they had left trails everywhere, to bepicked up by law enforcement in New York, Indiana, Florida, Texas, Arizona, Missouri, even Australia. But 1990's war on the Legion ofDoom was led out of Illinois, by the Chicago Computer Fraud and AbuseTask Force. 

#

The Computer Fraud and Abuse Task Force, led by federal prosecutorWilliam J. Cook, had started in 1987 and had swiftly become one of themost aggressive local "dedicated computer-crime units. " Chicago was anatural home for such a group. The world's first computerbulletin-board system had been invented in Illinois. The state ofIllinois had some of the nation's first and sternest computer crimelaws. Illinois State Police were markedly alert to the possibilitiesof white-collar crime and electronic fraud. 

And William J. Cook in particular was a rising star in electroniccrime-busting. He and his fellow federal prosecutors at the U. S. Attorney's office in Chicago had a tight relation with the SecretService, especially go-getting Chicago-based agent Timothy Foley. While Cook and his Department of Justice colleagues plotted strategy, Foley was their man on the street. 

Throughout the 1980s, the federal government had given prosecutors anarmory of new, untried legal tools against computer crime. Cook andhis colleagues were pioneers in the use of these new statutes in thereal-life cut-and-thrust of the federal courtroom. 

On October 2, 1986, the US Senate had passed the "Computer Fraud andAbuse Act" unanimously, but there were pitifully few convictions underthis statute. Cook's group took their name from this statute, sincethey were determined to transform this powerful but rather theoreticalAct of Congress into a real-life engine of legal destruction againstcomputer fraudsters and scofflaws. 

It was not a question of merely discovering crimes, investigating them, and then trying and punishing their perpetrators. The Chicago unit, like most everyone else in the business, already KNEW who the bad guyswere: the Legion of Doom and the writers and editors of Phrack. Thetask at hand was to find some legal means of putting these charactersaway. 

This approach might seem a bit dubious, to someone not acquainted withthe gritty realities of prosecutorial work. But prosecutors don't putpeople in jail for crimes they have committed; they put people in jailfor crimes they have committed THAT CAN BE PROVED IN COURT. Chicagofederal police put Al Capone in prison for income-tax fraud. Chicagois a big town, with a rough-and-ready bare-knuckle tradition on bothsides of the law. 

Fry Guy had broken the case wide open and alerted telco security to thescope of the problem. But Fry Guy's crimes would not put the AtlantaThree behind bars--much less the wacko underground journalists ofPhrack. So on July 22, 1989, the same day that Fry Guy was raided inIndiana, the Secret Service descended upon the Atlanta Three. 

This was likely inevitable. By the summer of 1989, law enforcementwere closing in on the Atlanta Three from at least six directions atonce. First, there were the leads from Fry Guy, which had led to theDNR registers being installed on the lines of the Atlanta Three. TheDNR evidence alone would have finished them off, sooner or later. 

But second, the Atlanta lads were already well-known to Control-C andhis telco security sponsors. LoD's contacts with telco security hadmade them overconfident and even more boastful than usual; they feltthat they had powerful friends in high places, and that they were beingopenly tolerated by telco security. But BellSouth's Intrusion TaskForce were hot on the trail of LoD and sparing no effort or expense. 

The Atlanta Three had also been identified by name and listed on theextensive anti-hacker files maintained, and retailed for pay, byprivate security operative John Maxfield of Detroit. Maxfield, who hadextensive ties to telco security and many informants in theunderground, was a bete noire of the Phrack crowd, and the dislike wasmutual. 

The Atlanta Three themselves had written articles for Phrack. Thisboastful act could not possibly escape telco and law enforcementattention. 

"Knightmare, " a high-school age hacker from Arizona, was a close friendand disciple of Atlanta LoD, but he had been nabbed by the formidableArizona Organized Crime and Racketeering Unit. Knightmare was on someof LoD's favorite boards--"Black Ice" in particular--and was privy totheir secrets. And to have Gail Thackeray, the Assistant AttorneyGeneral of Arizona, on one's trail was a dreadful peril for any hacker. 

And perhaps worst of all, Prophet had committed a major blunder bypassing an illicitly copied BellSouth computer-file to KnightLightning, who had published it in Phrack. This, as we will see, wasan act of dire consequence for almost everyone concerned. 

On July 22, 1989, the Secret Service showed up at the Leftist's house, where he lived with his parents. A massive squad of some twentyofficers surrounded the building: Secret Service, federal marshals, local police, possibly BellSouth telco security; it was hard to tell inthe crush. Leftist's dad, at work in his basement office, firstnoticed a muscular stranger in plain clothes crashing through the backyard with a drawn pistol. As more strangers poured into the house, Leftist's dad naturally assumed there was an armed robbery in progress. 

Like most hacker parents, Leftist's mom and dad had only the vaguestnotions of what their son had been up to all this time. Leftist had aday-job repairing computer hardware. His obsession with computersseemed a bit odd, but harmless enough, and likely to produce awell-paying career. The sudden, overwhelming raid left Leftist'sparents traumatized. 

The Leftist himself had been out after work with his co-workers, surrounding a couple of pitchers of margaritas. As he came trucking ontequila-numbed feet up the pavement, toting a bag full of floppy-disks, he noticed a large number of unmarked cars parked in his driveway. Allthe cars sported tiny microwave antennas. 

The Secret Service had knocked the front door off its hinges, almostflattening his mom. 

Inside, Leftist was greeted by Special Agent James Cool of the USSecret Service, Atlanta office. Leftist was flabbergasted. He'd nevermet a Secret Service agent before. He could not imagine that he'd everdone anything worthy of federal attention. He'd always figured that ifhis activities became intolerable, one of his contacts in telcosecurity would give him a private phone-call and tell him to knock itoff. 

But now Leftist was pat-searched for weapons by grim professionals, andhis bag of floppies was quickly seized. He and his parents were allshepherded into separate rooms and grilled at length as a score ofofficers scoured their home for anything electronic. 

Leftist was horrified as his treasured IBM AT personal computer withits forty-meg hard disk, and his recently purchased 80386 IBM-clonewith a whopping hundred-meg hard disk, both went swiftly out the doorin Secret Service custody. They also seized all his disks, all hisnotebooks, and a tremendous booty in dogeared telco documents thatLeftist had snitched out of trash dumpsters. 

Leftist figured the whole thing for a big misunderstanding. He'd neverbeen into MILITARY computers. He wasn't a SPY or a COMMUNIST. He wasjust a good ol' Georgia hacker, and now he just wanted all these peopleout of the house. But it seemed they wouldn't go until he made somekind of statement. 

And so, he levelled with them. 

And that, Leftist said later from his federal prison camp in Talladega, Alabama, was a big mistake. The Atlanta area was unique, in that ithad three members of the Legion of Doom who actually occupied more orless the same physical locality. Unlike the rest of LoD, who tended toassociate by phone and computer, Atlanta LoD actually WERE "tightlyknit. " It was no real surprise that the Secret Service agentsapprehending Urvile at the computer-labs at Georgia Tech, woulddiscover Prophet with him as well. 

Urvile, a 21-year-old Georgia Tech student in polymer chemistry, posedquite a puzzling case for law enforcement. Urvile--also known as"Necron 99, " as well as other handles, for he tended to change hiscover-alias about once a month--was both an accomplished hacker and afanatic simulation-gamer. 

Simulation games are an unusual hobby; but then hackers are unusualpeople, and their favorite pastimes tend to be somewhat out of theordinary. The best-known American simulation game is probably"Dungeons & Dragons, " a multi-player parlor entertainment played withpaper, maps, pencils, statistical tables and a variety of oddly-shapeddice. Players pretend to be heroic characters exploring awholly-invented fantasy world. The fantasy worlds of simulation gamingare commonly pseudo-medieval, involving swords andsorcery--spell-casting wizards, knights in armor, unicorns and dragons, demons and goblins. 

Urvile and his fellow gamers preferred their fantasies highlytechnological. They made use of a game known as "G. U. R. P. S. , " the"Generic Universal Role Playing System, " published by a company calledSteve Jackson Games (SJG). 

"G. U. R. P. S. " served as a framework for creating a wide variety ofartificial fantasy worlds. Steve Jackson Games published asmorgasboard of books, full of detailed information and gaming hints, which were used to flesh-out many different fantastic backgrounds forthe basic GURPS framework. Urvile made extensive use of two SJG bookscalled GURPS High-Tech and GURPS Special Ops. 

In the artificial fantasy-world of GURPS Special Ops, players entered amodern fantasy of intrigue and international espionage. On beginningthe game, players started small and powerless, perhaps as minor-leagueCIA agents or penny-ante arms dealers. But as players persistedthrough a series of game sessions (game sessions generally lasted forhours, over long, elaborate campaigns that might be pursued for monthson end) then they would achieve new skills, new knowledge, new power. They would acquire and hone new abilities, such as marksmanship, karate, wiretapping, or Watergate burglary. They could also winvarious kinds of imaginary booty, like Berettas, or martini shakers, orfast cars with ejection seats and machine-guns under the headlights. 

As might be imagined from the complexity of these games, Urvile'sgaming notes were very detailed and extensive. Urvile was a"dungeon-master, " inventing scenarios for his fellow gamers, giantsimulated adventure-puzzles for his friends to unravel. Urvile's gamenotes covered dozens of pages with all sorts of exotic lunacy, allabout ninja raids on Libya and break-ins on encrypted Red Chinesesupercomputers. His notes were written on scrap-paper and kept inloose-leaf binders. 

The handiest scrap paper around Urvile's college digs were the manypounds of BellSouth printouts and documents that he had snitched out oftelco dumpsters. His notes were written on the back of misappropriatedtelco property. Worse yet, the gaming notes were chaoticallyinterspersed with Urvile's hand-scrawled records involving ACTUALCOMPUTER INTRUSIONS that he had committed. 

Not only was it next to impossible to tell Urvile's fantasy game-notesfrom cyberspace "reality, " but Urvile himself barely made thisdistinction. It's no exaggeration to say that to Urvile it was ALL agame. Urvile was very bright, highly imaginative, and quite carelessof other people's notions of propriety. His connection to "reality"was not something to which he paid a great deal of attention. 

Hacking was a game for Urvile. It was an amusement he was carryingout, it was something he was doing for fun. And Urvile was anobsessive young man. He could no more stop hacking than he could stopin the middle of a jigsaw puzzle, or stop in the middle of reading aStephen Donaldson fantasy trilogy. (The name "Urvile" came from abest-selling Donaldson novel. )

Urvile's airy, bulletproof attitude seriously annoyed hisinterrogators. First of all, he didn't consider that he'd doneanything wrong. There was scarcely a shred of honest remorse in him. On the contrary, he seemed privately convinced that his policeinterrogators were operating in a demented fantasy-world all their own. Urvile was too polite and well-behaved to say this straight-out, buthis reactions were askew and disquieting. 

For instance, there was the business about LoD's ability to monitorphone-calls to the police and Secret Service. Urvile agreed that thiswas quite possible, and posed no big problem for LoD. In fact, he andhis friends had kicked the idea around on the "Black Ice" board, muchas they had discussed many other nifty notions, such as buildingpersonal flame-throwers and jury-rigging fistfulls of blasting-caps. They had hundreds of dial-up numbers for government agencies thatthey'd gotten through scanning Atlanta phones, or had pulled fromraided VAX/VMS mainframe computers. 

Basically, they'd never gotten around to listening in on the copsbecause the idea wasn't interesting enough to bother with. Besides, ifthey'd been monitoring Secret Service phone calls, obviously they'dnever have been caught in the first place. Right?

The Secret Service was less than satisfied with this rapier-like hackerlogic. 

Then there was the issue of crashing the phone system. No problem, Urvile admitted sunnily. Atlanta LoD could have shut down phoneservice all over Atlanta any time they liked. EVEN THE 911 SERVICE?Nothing special about that, Urvile explained patiently. Bring theswitch to its knees, with say the UNIX "makedir" bug, and 911 goes downtoo as a matter of course. The 911 system wasn't very interesting, frankly. It might be tremendously interesting to cops (for odd reasonsof their own), but as technical challenges went, the 911 service wasyawnsville. 

So of course the Atlanta Three could crash service. They probablycould have crashed service all over BellSouth territory, if they'dworked at it for a while. But Atlanta LoD weren't crashers. Onlylosers and rodents were crashers. LoD were ELITE. 

Urvile was privately convinced that sheer technical expertise could winhim free of any kind of problem. As far as he was concerned, elitestatus in the digital underground had placed him permanently beyond theintellectual grasp of cops and straights. Urvile had a lot to learn. 

Of the three LoD stalwarts, Prophet was in the most direct trouble. Prophet was a UNIX programming expert who burrowed in and out of theInternet as a matter of course. He'd started his hacking career ataround age 14, meddling with a UNIX mainframe system at the Universityof North Carolina. 

Prophet himself had written the handy Legion of Doom file "UNIX Use andSecurity From the Ground Up. " UNIX (pronounced "you-nicks") is apowerful, flexible computer operating-system, for multi-user, multi-tasking computers. In 1969, when UNIX was created in Bell Labs, such computers were exclusive to large corporations and universities, but today UNIX is run on thousands of powerful home machines. UNIX wasparticularly well-suited to telecommunications programming, and hadbecome a standard in the field. Naturally, UNIX also became a standardfor the elite hacker and phone phreak. Lately, Prophet had not been soactive as Leftist and Urvile, but Prophet was a recidivist. In 1986, when he was eighteen, Prophet had been convicted of "unauthorizedaccess to a computer network" in North Carolina. He'd been discoveredbreaking into the Southern Bell Data Network, a UNIX-based internaltelco network supposedly closed to the public. He'd gotten a typicalhacker sentence: six months suspended, 120 hours community service, and three years' probation. 

After that humiliating bust, Prophet had gotten rid of most of histonnage of illicit phreak and hacker data, and had tried to gostraight. He was, after all, still on probation. But by the autumnof 1988, the temptations of cyberspace had proved too much for youngProphet, and he was shoulder-to-shoulder with Urvile and Leftist intosome of the hairiest systems around. 

In early September 1988, he'd broken into BellSouth's centralizedautomation system, AIMSX or "Advanced Information Management System. "AIMSX was an internal business network for BellSouth, where telcoemployees stored electronic mail, databases, memos, and calendars, anddid text processing. Since AIMSX did not have public dial-ups, it wasconsidered utterly invisible to the public, and was not well-secured--itdidn't even require passwords. Prophet abused an account known as"waa1, " the personal account of an unsuspecting telco employee. Disguised as the owner of waa1, Prophet made about ten visits to AIMSX. 

Prophet did not damage or delete anything in the system. His presencein AIMSX was harmless and almost invisible. But he could not restcontent with that. 

One particular piece of processed text on AIMSX was a telco documentknown as "Bell South Standard Practice 660-225-104SV Control OfficeAdministration of Enhanced 911 Services for Special Services and MajorAccount Centers dated March 1988. "

Prophet had not been looking for this document. It was merely oneamong hundreds of similar documents with impenetrable titles. However, having blundered over it in the course of his illicit wanderingsthrough AIMSX, he decided to take it with him as a trophy. It mightprove very useful in some future boasting, bragging, and struttingsession. So, some time in September 1988, Prophet ordered the AIMSXmainframe computer to copy this document (henceforth called simplycalled "the E911 Document") and to transfer this copy to his homecomputer. 

No one noticed that Prophet had done this. He had "stolen" the E911Document in some sense, but notions of property in cyberspace can betricky. BellSouth noticed nothing wrong, because BellSouth still hadtheir original copy. They had not been "robbed" of the documentitself. Many people were supposed to copy this document--specifically, people who worked for the nineteen BellSouth "special services andmajor account centers, " scattered throughout the Southeastern UnitedStates. That was what it was for, why it was present on a computernetwork in the first place: so that it could be copied and read--bytelco employees. But now the data had been copied by someone whowasn't supposed to look at it. 

Prophet now had his trophy. But he further decided to store yetanother copy of the E911 Document on another person's computer. Thisunwitting person was a computer enthusiast named Richard Andrews wholived near Joliet, Illinois. Richard Andrews was a UNIX programmer bytrade, and ran a powerful UNIX board called "Jolnet, " in the basementof his house. 

Prophet, using the handle "Robert Johnson, " had obtained an account onRichard Andrews' computer. And there he stashed the E911 Document, bystoring it in his own private section of Andrews' computer. 

Why did Prophet do this? If Prophet had eliminated the E911 Documentfrom his own computer, and kept it hundreds of miles away, on anothermachine, under an alias, then he might have been fairly safe fromdiscovery and prosecution--although his sneaky action had certainly putthe unsuspecting Richard Andrews at risk. 

But, like most hackers, Prophet was a pack-rat for illicit data. Whenit came to the crunch, he could not bear to part from his trophy. WhenProphet's place in Decatur, Georgia was raided in July 1989, there wasthe E911 Document, a smoking gun. And there was Prophet in the handsof the Secret Service, doing his best to "explain. "

Our story now takes us away from the Atlanta Three and their raids ofthe Summer of 1989. We must leave Atlanta Three "cooperating fully"with their numerous investigators. And all three of them didcooperate, as their Sentencing Memorandum from the US District Court ofthe Northern Division of Georgia explained--just before all three ofthem were sentenced to various federal prisons in November 1990. 

We must now catch up on the other aspects of the war on the Legion ofDoom. The war on the Legion was a war on a network--in fact, a networkof three networks, which intertwined and interrelated in a complexfashion. The Legion itself, with Atlanta LoD, and their hanger-on FryGuy, were the first network. The second network was Phrack magazine, with its editors and contributors. 

The third network involved the electronic circle around a hacker knownas "Terminus. "

The war against these hacker networks was carried out by a lawenforcement network. Atlanta LoD and Fry Guy were pursued by USSSagents and federal prosecutors in Atlanta, Indiana, and Chicago. "Terminus" found himself pursued by USSS and federal prosecutors fromBaltimore and Chicago. And the war against Phrack was almost entirelya Chicago operation. 

The investigation of Terminus involved a great deal of energy, mostlyfrom the Chicago Task Force, but it was to be the least-known andleast-publicized of the Crackdown operations. Terminus, who lived inMaryland, was a UNIX programmer and consultant, fairly well-known(under his given name) in the UNIX community, as an acknowledged experton AT&T minicomputers. Terminus idolized AT&T, especially Bellcore, and longed for public recognition as a UNIX expert; his highestambition was to work for Bell Labs. 

But Terminus had odd friends and a spotted history. Terminus had oncebeen the subject of an admiring interview in Phrack (Volume II, Issue14, Phile 2--dated May 1987). In this article, Phrack co-editor TaranKing described "Terminus" as an electronics engineer, 5'9", brown-haired, born in 1959--at 28 years old, quite mature for a hacker. 

Terminus had once been sysop of a phreak/hack underground board called"MetroNet, " which ran on an Apple II. Later he'd replaced "MetroNet"with an underground board called "MegaNet, " specializing in IBMs. Inhis younger days, Terminus had written one of the very first and mostelegant code-scanning programs for the IBM-PC. This program had beenwidely distributed in the underground. Uncounted legions of PC-owningphreaks and hackers had used Terminus's scanner program to rip-offtelco codes. This feat had not escaped the attention of telcosecurity; it hardly could, since Terminus's earlier handle, "TerminalTechnician, " was proudly written right on the program. 

When he became a full-time computer professional (specializing intelecommunications programming), he adopted the handle Terminus, meantto indicate that he had "reached the final point of being a proficienthacker. " He'd moved up to the UNIX-based "Netsys" board on an AT&Tcomputer, with four phone lines and an impressive 240 megs of storage. "Netsys" carried complete issues of Phrack, and Terminus was quitefriendly with its publishers, Taran King and Knight Lightning. 

In the early 1980s, Terminus had been a regular on Plovernet, Pirate-80, Sherwood Forest and Shadowland, all well-known pirateboards, all heavily frequented by the Legion of Doom. As it happened, Terminus was never officially "in LoD, " because he'd never been giventhe official LoD high-sign and back-slap by Legion maven Lex Luthor. Terminus had never physically met anyone from LoD. But that scarcelymattered much--the Atlanta Three themselves had never been officiallyvetted by Lex, either. 

As far as law enforcement was concerned, the issues were clear. Terminus was a full-time, adult computer professional with particularskills at AT&T software and hardware--but Terminus reeked of theLegion of Doom and the underground. 

On February 1, 1990--half a month after the Martin Luther King DayCrash--USSS agents Tim Foley from Chicago, and Jack Lewis from theBaltimore office, accompanied by AT&T security officer Jerry Dalton, travelled to Middle Town, Maryland. There they grilled Terminus in hishome (to the stark terror of his wife and small children), and, intheir customary fashion, hauled his computers out the door. 

The Netsys machine proved to contain a plethora of arcane UNIXsoftware--proprietary source code formally owned by AT&T. Softwaresuch as: UNIX System Five Release 3. 2; UNIX SV Release 3. 1; UUCPcommunications software; KORN SHELL; RFS; IWB; WWB; DWB; the C++programming language; PMON; TOOL CHEST; QUEST; DACT, and S FIND. 

In the long-established piratical tradition of the underground, Terminus had been trading this illicitly-copied software with a smallcircle of fellow UNIX programmers. Very unwisely, he had stored sevenyears of his electronic mail on his Netsys machine, which documentedall the friendly arrangements he had made with his various colleagues. 

Terminus had not crashed the AT&T phone system on January 15. He was, however, blithely running a not-for-profit AT&T software-piracy ring. This was not an activity AT&T found amusing. AT&T security officerJerry Dalton valued this "stolen" property at over three hundredthousand dollars. 

AT&T's entry into the tussle of free enterprise had been complicated bythe new, vague groundrules of the information economy. Until thebreak-up of Ma Bell, AT&T was forbidden to sell computer hardware orsoftware. Ma Bell was the phone company; Ma Bell was not allowed touse the enormous revenue from telephone utilities, in order to financeany entry into the computer market. 

AT&T nevertheless invented the UNIX operating system. And somehow AT&Tmanaged to make UNIX a minor source of income. Weirdly, UNIX was notsold as computer software, but actually retailed under an obscureregulatory exemption allowing sales of surplus equipment and scrap. Any bolder attempt to promote or retail UNIX would have aroused angrylegal opposition from computer companies. Instead, UNIX was licensedto universities, at modest rates, where the acids of academic freedomate away steadily at AT&T's proprietary rights. 

Come the breakup, AT&T recognized that UNIX was a potential gold-mine. By now, large chunks of UNIX code had been created that were notAT&T's, and were being sold by others. An entire rival UNIX-basedoperating system had arisen in Berkeley, California (one of theworld's great founts of ideological hackerdom). Today, "hackers"commonly consider "Berkeley UNIX" to be technically superior to AT&T's"System V UNIX, " but AT&T has not allowed mere technical elegance tointrude on the real-world business of marketing proprietary software. AT&T has made its own code deliberately incompatible with other folks'UNIX, and has written code that it can prove is copyrightable, even ifthat code happens to be somewhat awkward--"kludgey. " AT&T UNIX userlicenses are serious business agreements, replete with very clearcopyright statements and non-disclosure clauses. 

AT&T has not exactly kept the UNIX cat in the bag, but it kept a gripon its scruff with some success. By the rampant, explosive standardsof software piracy, AT&T UNIX source code is heavily copyrighted, well-guarded, well-licensed. UNIX was traditionally run only onmainframe machines, owned by large groups of suit-and-tieprofessionals, rather than on bedroom machines where people can get upto easy mischief. 

And AT&T UNIX source code is serious high-level programming. Thenumber of skilled UNIX programmers with any actual motive to swipe UNIXsource code is small. It's tiny, compared to the tens of thousandsprepared to rip-off, say, entertaining PC games like "Leisure SuitLarry. "

But by 1989, the warez-d00d underground, in the persons of Terminus andhis friends, was gnawing at AT&T UNIX. And the property in questionwas not sold for twenty bucks over the counter at the local branch ofBabbage's or Egghead's; this was massive, sophisticated, multi-line, multi-author corporate code worth tens of thousands of dollars. 

It must be recognized at this point that Terminus's purported ring ofUNIX software pirates had not actually made any money from theirsuspected crimes. The $300, 000 dollar figure bandied about for thecontents of Terminus's computer did not mean that Terminus was inactual illicit possession of three hundred thousand of AT&T's dollars. Terminus was shipping software back and forth, privately, person toperson, for free. He was not making a commercial business of piracy. He hadn't asked for money; he didn't take money. He lived quitemodestly. 

AT&T employees--as well as freelance UNIX consultants, likeTerminus--commonly worked with "proprietary" AT&T software, both in theoffice and at home on their private machines. AT&T rarely sentsecurity officers out to comb the hard disks of its consultants. Cheapfreelance UNIX contractors were quite useful to AT&T; they didn't havehealth insurance or retirement programs, much less union membership inthe Communication Workers of America. They were humble digitaldrudges, wandering with mop and bucket through the Great TechnologicalTemple of AT&T; but when the Secret Service arrived at their homes, itseemed they were eating with company silverware and sleeping on companysheets! Outrageously, they behaved as if the things they worked withevery day belonged to them!

And these were no mere hacker teenagers with their hands full oftrash-paper and their noses pressed to the corporate windowpane. Theseguys were UNIX wizards, not only carrying AT&T data in their machinesand their heads, but eagerly networking about it, over machines thatwere far more powerful than anything previously imagined in privatehands. How do you keep people disposable, yet assure their awestruckrespect for your property? It was a dilemma. 

Much UNIX code was public-domain, available for free. Much"proprietary" UNIX code had been extensively re-written, perhapsaltered so much that it became an entirely new product--or perhaps not. Intellectual property rights for software developers were, and are, extraordinarily complex and confused. And software "piracy, " like theprivate copying of videos, is one of the most widely practiced "crimes"in the world today. 

The USSS were not experts in UNIX or familiar with the customs of itsuse. The United States Secret Service, considered as a body, did nothave one single person in it who could program in a UNIXenvironment--no, not even one. The Secret Service WERE makingextensive use of expert help, but the "experts" they had chosen wereAT&T and Bellcore security officials, the very victims of the purportedcrimes under investigation, the very people whose interest in AT&T's"proprietary" software was most pronounced. 

On February 6, 1990, Terminus was arrested by Agent Lewis. Eventually, Terminus would be sent to prison for his illicit use of a piece of AT&Tsoftware. 

The issue of pirated AT&T software would bubble along in the backgroundduring the war on the Legion of Doom. Some half-dozen of Terminus'son-line acquaintances, including people in Illinois, Texas andCalifornia, were grilled by the Secret Service in connection with theillicit copying of software. Except for Terminus, however, none werecharged with a crime. None of them shared his peculiar prominence inthe hacker underground. 

But that did not mean that these people would, or could, stay out oftrouble. The transferral of illicit data in cyberspace is hazy andill-defined business, with paradoxical dangers for everyone concerned:hackers, signal carriers, board owners, cops, prosecutors, even randompassers-by. Sometimes, well-meant attempts to avert trouble or punishwrongdoing bring more trouble than would simple ignorance, indifferenceor impropriety. 

Terminus's "Netsys" board was not a common-or-garden bulletin boardsystem, though it had most of the usual functions of a board. Netsyswas not a stand-alone machine, but part of the globe-spanning "UUCP"cooperative network. The UUCP network uses a set of Unix softwareprograms called "Unix-to-Unix Copy, " which allows Unix systems to throwdata to one another at high speed through the public telephone network. UUCP is a radically decentralized, not-for-profit network of UNIXcomputers. There are tens of thousands of these UNIX machines. Someare small, but many are powerful and also link to other networks. UUCPhas certain arcane links to major networks such as JANET, EasyNet, BITNET, JUNET, VNET, DASnet, PeaceNet and FidoNet, as well as thegigantic Internet. (The so-called "Internet" is not actually a networkitself, but rather an "internetwork" connections standard that allowsseveral globe-spanning computer networks to communicate with oneanother. Readers fascinated by the weird and intricate tangles ofmodern computer networks may enjoy John S. Quarterman's authoritative719-page explication, The Matrix, Digital Press, 1990. )

A skilled user of Terminus' UNIX machine could send and receiveelectronic mail from almost any major computer network in the world. Netsys was not called a "board" per se, but rather a "node. " "Nodes"were larger, faster, and more sophisticated than mere "boards, " and forhackers, to hang out on internationally-connected "nodes" was quite thestep up from merely hanging out on local "boards. "

Terminus's Netsys node in Maryland had a number of direct links toother, similar UUCP nodes, run by people who shared his interests andat least something of his free-wheeling attitude. One of these nodeswas Jolnet, owned by Richard Andrews, who, like Terminus, was anindependent UNIX consultant. Jolnet also ran UNIX, and could becontacted at high speed by mainframe machines from all over the world. Jolnet was quite a sophisticated piece of work, technically speaking, but it was still run by an individual, as a private, not-for-profithobby. Jolnet was mostly used by other UNIX programmers--for mail, storage, and access to networks. Jolnet supplied access network accessto about two hundred people, as well as a local junior college. 

Among its various features and services, Jolnet also carried Phrackmagazine. 

For reasons of his own, Richard Andrews had become suspicious of a newuser called "Robert Johnson. " Richard Andrews took it upon himself tohave a look at what "Robert Johnson" was storing in Jolnet. AndAndrews found the E911 Document. 

"Robert Johnson" was the Prophet from the Legion of Doom, and the E911Document was illicitly copied data from Prophet's raid on the BellSouthcomputers. 

The E911 Document, a particularly illicit piece of digital property, was about to resume its long, complex, and disastrous career. 

It struck Andrews as fishy that someone not a telephone employee shouldhave a document referring to the "Enhanced 911 System. " Besides, thedocument itself bore an obvious warning. 

"WARNING: NOT FOR USE OR DISCLOSURE OUTSIDE BELLSOUTH OR ANY OF ITSSUBSIDIARIES EXCEPT UNDER WRITTEN AGREEMENT. "

These standard nondisclosure tags are often appended to all sorts ofcorporate material. Telcos as a species are particularly notorious forstamping most everything in sight as "not for use or disclosure. "Still, this particular piece of data was about the 911 System. Thatsounded bad to Rich Andrews. 

Andrews was not prepared to ignore this sort of trouble. He thought itwould be wise to pass the document along to a friend and acquaintanceon the UNIX network, for consultation. So, around September 1988, Andrews sent yet another copy of the E911 Document electronically to anAT&T employee, one Charles Boykin, who ran a UNIX-based node called"attctc" in Dallas, Texas. 

"Attctc" was the property of AT&T, and was run from AT&T's CustomerTechnology Center in Dallas, hence the name "attctc. " "Attctc" wasbetter-known as "Killer, " the name of the machine that the system wasrunning on. "Killer" was a hefty, powerful, AT&T 3B2 500 model, amulti-user, multi-tasking UNIX platform with 32 meg of memory and amind-boggling 3. 2 Gigabytes of storage. When Killer had first arrivedin Texas, in 1985, the 3B2 had been one of AT&T's great white hopes forgoing head-to-head with IBM for the corporate computer-hardware market. "Killer" had been shipped to the Customer Technology Center in theDallas Infomart, essentially a high-technology mall, and there it sat, a demonstration model. 

Charles Boykin, a veteran AT&T hardware and digital communicationsexpert, was a local technical backup man for the AT&T 3B2 system. As adisplay model in the Infomart mall, "Killer" had little to do, and itseemed a shame to waste the system's capacity. So Boykin ingeniouslywrote some UNIX bulletin-board software for "Killer, " and plugged themachine in to the local phone network. "Killer's" debut in late 1985made it the first publicly available UNIX site in the state of Texas. Anyone who wanted to play was welcome. 

The machine immediately attracted an electronic community. It joinedthe UUCP network, and offered network links to over eighty othercomputer sites, all of which became dependent on Killer for their linksto the greater world of cyberspace. And it wasn't just for the bigguys; personal computer users also stored freeware programs for theAmiga, the Apple, the IBM and the Macintosh on Killer's vast 3, 200 megarchives. At one time, Killer had the largest library of public-domainMacintosh software in Texas. 

Eventually, Killer attracted about 1, 500 users, all busilycommunicating, uploading and downloading, getting mail, gossipping, andlinking to arcane and distant networks. 

Boykin received no pay for running Killer. He considered it goodpublicity for the AT&T 3B2 system (whose sales were somewhat less thanstellar), but he also simply enjoyed the vibrant community his skillhad created. He gave away the bulletin-board UNIX software he hadwritten, free of charge. 

In the UNIX programming community, Charlie Boykin had the reputation ofa warm, open-hearted, level-headed kind of guy. In 1989, a group ofTexan UNIX professionals voted Boykin "System Administrator of theYear. " He was considered a fellow you could trust for good advice. 

In September 1988, without warning, the E911 Document came plunginginto Boykin's life, forwarded by Richard Andrews. Boykin immediatelyrecognized that the Document was hot property. He was not avoice-communications man, and knew little about the ins and outs of theBaby Bells, but he certainly knew what the 911 System was, and he wasangry to see confidential data about it in the hands of a nogoodnik. This was clearly a matter for telco security. So, on September 21, 1988, Boykin made yet ANOTHER copy of the E911 Document and passed thisone along to a professional acquaintance of his, one Jerome Dalton, from AT&T Corporate Information Security. Jerry Dalton was the veryfellow who would later raid Terminus's house. 

From AT&T's security division, the E911 Document went to Bellcore. 

Bellcore (or BELL COmmunications REsearch) had once been the centrallaboratory of the Bell System. Bell Labs employees had invented theUNIX operating system. Now Bellcore was a quasi-independent, jointlyowned company that acted as the research arm for all seven of the BabyBell RBOCs. Bellcore was in a good position to co-ordinate securitytechnology and consultation for the RBOCs, and the gentleman in chargeof this effort was Henry M. Kluepfel, a veteran of the Bell System whohad worked there for twenty-four years. 

On October 13, 1988, Dalton passed the E911 Document to HenryKluepfel. Kluepfel, a veteran expert witness in telecommunicationsfraud and computer-fraud cases, had certainly seen worse trouble thanthis. He recognized the document for what it was: a trophy from ahacker break-in. 

However, whatever harm had been done in the intrusion was presumablyold news. At this point there seemed little to be done. Kluepfel madea careful note of the circumstances and shelved the problem for thetime being. 

Whole months passed. 

February 1989 arrived. The Atlanta Three were living it up in BellSouth's switches, and had not yet met their comeuppance. The Legionwas thriving. So was Phrack magazine. A good six months had passedsince Prophet's AIMSX break-in. Prophet, as hackers will, grew wearyof sitting on his laurels. "Knight Lightning" and "Taran King, " theeditors of Phrack, were always begging Prophet for material they couldpublish. Prophet decided that the heat must be off by this time, andthat he could safely brag, boast, and strut. 

So he sent a copy of the E911 Document--yet another one--from RichAndrews' Jolnet machine to Knight Lightning's BITnet account at theUniversity of Missouri. Let's review the fate of the document so far. 

0. The original E911 Document. This in the AIMSX system on a mainframe computer in Atlanta, available to hundreds of people, but all of them, presumably, BellSouth employees. An unknown number of them may have their own copies of this document, but they are all professionals and all trusted by the phone company. 

1. Prophet's illicit copy, at home on his own computer in Decatur, Georgia. 

2. Prophet's back-up copy, stored on Rich Andrew's Jolnet machine in the basement of Rich Andrews' house near Joliet Illinois. 

3. Charles Boykin's copy on "Killer" in Dallas, Texas, sent by Rich Andrews from Joliet. 

4. Jerry Dalton's copy at AT&T Corporate Information Security in New Jersey, sent from Charles Boykin in Dallas. 

5. Henry Kluepfel's copy at Bellcore security headquarters in New Jersey, sent by Dalton. 

6. Knight Lightning's copy, sent by Prophet from Rich Andrews' machine, and now in Columbia, Missouri. 

We can see that the "security" situation of this proprietary document, once dug out of AIMSX, swiftly became bizarre. Without any moneychanging hands, without any particular special effort, this data hadbeen reproduced at least six times and had spread itself all over thecontinent. By far the worst, however, was yet to come. 

In February 1989, Prophet and Knight Lightning bargained electronicallyover the fate of this trophy. Prophet wanted to boast, but, at thesame time, scarcely wanted to be caught. 

For his part, Knight Lightning was eager to publish as much of thedocument as he could manage. Knight Lightning was a fledglingpolitical-science major with a particular interest infreedom-of-information issues. He would gladly publish most anythingthat would reflect glory on the prowess of the underground andembarrass the telcos. However, Knight Lightning himself had contactsin telco security, and sometimes consulted them on material he'dreceived that might be too dicey for publication. 

Prophet and Knight Lightning decided to edit the E911 Document so asto delete most of its identifying traits. First of all, its large "NOTFOR USE OR DISCLOSURE" warning had to go. Then there were othermatters. For instance, it listed the office telephone numbers ofseveral BellSouth 911 specialists in Florida. If these phone numberswere published in Phrack, the BellSouth employees involved would verylikely be hassled by phone phreaks, which would anger BellSouth no end, and pose a definite operational hazard for both Prophet and Phrack. 

So Knight Lightning cut the Document almost in half, removing the phonenumbers and some of the touchier and more specific information. Hepassed it back electronically to Prophet; Prophet was still nervous, so Knight Lightning cut a bit more. They finally agreed that it wasready to go, and that it would be published in Phrack under thepseudonym, "The Eavesdropper. "

And this was done on February 25, 1989. 

The twenty-fourth issue of Phrack featured a chatty interview withco-ed phone-phreak "Chanda Leir, " three articles on BITNET and itslinks to other computer networks, an article on 800 and 900 numbers by"Unknown User, " "VaxCat's" article on telco basics (slyly entitled"Lifting Ma Bell's Veil of Secrecy, )" and the usual "Phrack World News. "

The News section, with painful irony, featured an extended account ofthe sentencing of "Shadowhawk, " an eighteen-year-old Chicago hacker whohad just been put in federal prison by William J. Cook himself. 

And then there were the two articles by "The Eavesdropper. " The firstwas the edited E911 Document, now titled "Control Office AdministrationOf Enhanced 911 Services for Special Services and Major AccountCenters. " Eavesdropper's second article was a glossary of termsexplaining the blizzard of telco acronyms and buzzwords in the E911Document. 

The hapless document was now distributed, in the usual Phrack routine, to a good one hundred and fifty sites. Not a hundred and fifty PEOPLE, mind you--a hundred and fifty SITES, some of these sites linked to UNIXnodes or bulletin board systems, which themselves had readerships oftens, dozens, even hundreds of people. 

This was February 1989. Nothing happened immediately. Summer came, and the Atlanta crew were raided by the Secret Service. Fry Guy wasapprehended. Still nothing whatever happened to Phrack. Six moreissues of Phrack came out, 30 in all, more or less on a monthlyschedule. Knight Lightning and co-editor Taran King went untouched. 

Phrack tended to duck and cover whenever the heat came down. Duringthe summer busts of 1987--(hacker busts tended to cluster in summer, perhaps because hackers were easier to find at home than incollege)--Phrack had ceased publication for several months, and laidlow. Several LoD hangers-on had been arrested, but nothing hadhappened to the Phrack crew, the premiere gossips of the underground. In 1988, Phrack had been taken over by a new editor, "Crimson Death, " araucous youngster with a taste for anarchy files. 1989, however, looked like a bounty year for the underground. Knight Lightning andhis co-editor Taran King took up the reins again, and Phrack flourishedthroughout 1989. Atlanta LoD went down hard in the summer of 1989, butPhrack rolled merrily on. Prophet's E911 Document seemed unlikely tocause Phrack any trouble. By January 1990, it had been available inPhrack for almost a year. Kluepfel and Dalton, officers of Bellcoreand AT&T security, had possessed the document for sixteen months--infact, they'd had it even before Knight Lightning himself, and had donenothing in particular to stop its distribution. They hadn't even toldRich Andrews or Charles Boykin to erase the copies from their UNIXnodes, Jolnet and Killer. 

But then came the monster Martin Luther King Day Crash of January 15, 1990. 

A flat three days later, on January 18, four agents showed up at KnightLightning's fraternity house. One was Timothy Foley, the secondBarbara Golden, both of them Secret Service agents from the Chicagooffice. Also along was a University of Missouri security officer, andReed Newlin, a security man from Southwestern Bell, the RBOC havingjurisdiction over Missouri. 

Foley accused Knight Lightning of causing the nationwide crash of thephone system. 

Knight Lightning was aghast at this allegation. On the face of it, thesuspicion was not entirely implausible--though Knight Lightning knewthat he himself hadn't done it. Plenty of hot-dog hackers had braggedthat they could crash the phone system, however. "Shadowhawk, " forinstance, the Chicago hacker whom William Cook had recently put injail, had several times boasted on boards that he could "shut downAT&T's public switched network. "

And now this event, or something that looked just like it, had actuallytaken place. The Crash had lit a fire under the Chicago Task Force. And the former fence-sitters at Bellcore and AT&T were now ready toroll. The consensus among telco security--already horrified by theskill of the BellSouth intruders --was that the digital underground wasout of hand. LoD and Phrack must go. And in publishing Prophet's E911Document, Phrack had provided law enforcement with what appeared to bea powerful legal weapon. 

Foley confronted Knight Lightning about the E911 Document. 

Knight Lightning was cowed. He immediately began "cooperating fully"in the usual tradition of the digital underground. 

He gave Foley a complete run of Phrack, printed out in a set ofthree-ring binders. He handed over his electronic mailing list ofPhrack subscribers. Knight Lightning was grilled for four hours byFoley and his cohorts. Knight Lightning admitted that Prophet hadpassed him the E911 Document, and he admitted that he had known it wasstolen booty from a hacker raid on a telephone company. KnightLightning signed a statement to this effect, and agreed, in writing, tocooperate with investigators. 

Next day--January 19, 1990, a Friday --the Secret Service returned witha search warrant, and thoroughly searched Knight Lightning's upstairsroom in the fraternity house. They took all his floppy disks, though, interestingly, they left Knight Lightning in possession of both hiscomputer and his modem. (The computer had no hard disk, and in Foley'sjudgement was not a store of evidence. ) But this was a very minorbright spot among Knight Lightning's rapidly multiplying troubles. Bythis time, Knight Lightning was in plenty of hot water, not only withfederal police, prosecutors, telco investigators, and universitysecurity, but with the elders of his own campus fraternity, who wereoutraged to think that they had been unwittingly harboring a federalcomputer-criminal. 

On Monday, Knight Lightning was summoned to Chicago, where he wasfurther grilled by Foley and USSS veteran agent Barbara Golden, thistime with an attorney present. And on Tuesday, he was formallyindicted by a federal grand jury. 

The trial of Knight Lightning, which occurred on July 24-27, 1990, wasthe crucial show-trial of the Hacker Crackdown. We will examine thetrial at some length in Part Four of this book. 

In the meantime, we must continue our dogged pursuit of the E911Document. 

It must have been clear by January 1990 that the E911 Document, in theform Phrack had published it back in February 1989, had gone off at thespeed of light in at least a hundred and fifty different directions. To attempt to put this electronic genie back in the bottle was flatlyimpossible. 

And yet, the E911 Document was STILL stolen property, formally andlegally speaking. Any electronic transference of this document, byanyone unauthorized to have it, could be interpreted as an act of wirefraud. Interstate transfer of stolen property, including electronicproperty, was a federal crime. 

The Chicago Computer Fraud and Abuse Task Force had been assured thatthe E911 Document was worth a hefty sum of money. In fact, they had aprecise estimate of its worth from BellSouth security personnel:$79, 449. A sum of this scale seemed to warrant vigorous prosecution. Even if the damage could not be undone, at least this large sum offereda good legal pretext for stern punishment of the thieves. It seemedlikely to impress judges and juries. And it could be used in court tomop up the Legion of Doom. 

The Atlanta crowd was already in the bag, by the time the Chicago TaskForce had gotten around to Phrack. But the Legion was a hydra-headedthing. In late 89, a brand-new Legion of Doom board, "PhoenixProject, " had gone up in Austin, Texas. Phoenix Project was sysoped byno less a man than the Mentor himself, ably assisted by University ofTexas student and hardened Doomster "Erik Bloodaxe. "

As we have seen from his Phrack manifesto, the Mentor was a hackerzealot who regarded computer intrusion as something close to a moralduty. Phoenix Project was an ambitious effort, intended to revive thedigital underground to what Mentor considered the full flower of theearly 80s. The Phoenix board would also boldly bring elite hackersface-to-face with the telco "opposition. " On "Phoenix, " America'scleverest hackers would supposedly shame the telco squareheads out oftheir stick-in-the-mud attitudes, and perhaps convince them that theLegion of Doom elite were really an all-right crew. The premiere of"Phoenix Project" was heavily trumpeted by Phrack, and "Phoenix Project"carried a complete run of Phrack issues, including the E911 Document asPhrack had published it. 

Phoenix Project was only one of many--possibly hundreds--of nodes andboards all over America that were in guilty possession of the E911Document. But Phoenix was an outright, unashamed Legion of Doom board. Under Mentor's guidance, it was flaunting itself in the face of telcosecurity personnel. Worse yet, it was actively trying to WIN THEM OVERas sympathizers for the digital underground elite. "Phoenix" had nocards or codes on it. Its hacker elite considered Phoenix at leasttechnically legal. But Phoenix was a corrupting influence, wherehacker anarchy was eating away like digital acid at the underbelly ofcorporate propriety. 

The Chicago Computer Fraud and Abuse Task Force now prepared to descendupon Austin, Texas. 

Oddly, not one but TWO trails of the Task Force's investigation ledtoward Austin. The city of Austin, like Atlanta, had made itself abulwark of the Sunbelt's Information Age, with a strong universityresearch presence, and a number of cutting-edge electronics companies, including Motorola, Dell, CompuAdd, IBM, Sematech and MCC. 

Where computing machinery went, hackers generally followed. Austinboasted not only "Phoenix Project, " currently LoD's most flagrantunderground board, but a number of UNIX nodes. 

One of these nodes was "Elephant, " run by a UNIX consultant namedRobert Izenberg. Izenberg, in search of a relaxed Southern lifestyleand a lowered cost-of-living, had recently migrated to Austin from NewJersey. In New Jersey, Izenberg had worked for an independentcontracting company, programming UNIX code for AT&T itself. "Terminus"had been a frequent user on Izenberg's privately owned Elephant node. 

Having interviewed Terminus and examined the records on Netsys, theChicago Task Force were now convinced that they had discovered anunderground gang of UNIX software pirates, who were demonstrably guiltyof interstate trafficking in illicitly copied AT&T source code. Izenberg was swept into the dragnet around Terminus, theself-proclaimed ultimate UNIX hacker. 

Izenberg, in Austin, had settled down into a UNIX job with a Texanbranch of IBM. Izenberg was no longer working as a contractor forAT&T, but he had friends in New Jersey, and he still logged on to AT&TUNIX computers back in New Jersey, more or less whenever it pleasedhim. Izenberg's activities appeared highly suspicious to the TaskForce. Izenberg might well be breaking into AT&T computers, swipingAT&T software, and passing it to Terminus and other possibleconfederates, through the UNIX node network. And this data was worth, not merely $79, 499, but hundreds of thousands of dollars!

On February 21, 1990, Robert Izenberg arrived home from work at IBM tofind that all the computers had mysteriously vanished from his Austinapartment. Naturally he assumed that he had been robbed. His"Elephant" node, his other machines, his notebooks, his disks, histapes, all gone! However, nothing much else seemed disturbed--theplace had not been ransacked. The puzzle becaming much stranger somefive minutes later. Austin U. S. Secret Service Agent Al Soliz, accompanied by University of Texas campus-security officer LarryCoutorie and the ubiquitous Tim Foley, made their appearance atIzenberg's door. They were in plain clothes: slacks, polo shirts. They came in, and Tim Foley accused Izenberg of belonging to the Legionof Doom. 

Izenberg told them that he had never heard of the "Legion of Doom. " Andwhat about a certain stolen E911 Document, that posed a direct threatto the police emergency lines? Izenberg claimed that he'd never heardof that, either. 

His interrogators found this difficult to believe. Didn't he knowTerminus?

Who?

They gave him Terminus's real name. Oh yes, said Izenberg. He knewTHAT guy all right--he was leading discussions on the Internet aboutAT&T computers, especially the AT&T 3B2. 

AT&T had thrust this machine into the marketplace, but, like many ofAT&T's ambitious attempts to enter the computing arena, the 3B2 projecthad something less than a glittering success. Izenberg himself hadbeen a contractor for the division of AT&T that supported the 3B2. Theentire division had been shut down. 

Nowadays, the cheapest and quickest way to get help with this fractiouspiece of machinery was to join one of Terminus's discussion groups onthe Internet, where friendly and knowledgeable hackers would help youfor free. Naturally the remarks within this group were less thanflattering about the Death Star . . . Was THAT the problem?

Foley told Izenberg that Terminus had been acquiring hot softwarethrough his, Izenberg's, machine. 

Izenberg shrugged this off. A good eight megabytes of data flowedthrough his UUCP site every day. UUCP nodes spewed data like firehoses. Elephant had been directly linked to Netsys--not surprising, since Terminus was a 3B2 expert and Izenberg had been a 3B2 contractor. Izenberg was also linked to "attctc" and the University of Texas. Terminus was a well-known UNIX expert, and might have been up to allmanner of hijinks on Elephant. Nothing Izenberg could do about that. That was physically impossible. Needle in a haystack. 

In a four-hour grilling, Foley urged Izenberg to come clean and admitthat he was in conspiracy with Terminus, and a member of the Legion ofDoom. 

Izenberg denied this. He was no weirdo teenage hacker--he wasthirty-two years old, and didn't even have a "handle. " Izenberg was aformer TV technician and electronics specialist who had drifted intoUNIX consulting as a full-grown adult. Izenberg had never metTerminus, physically. He'd once bought a cheap high-speed modem fromhim, though. 

Foley told him that this modem (a Telenet T2500 which ran at 19. 2kilobaud, and which had just gone out Izenberg's door in Secret Servicecustody) was likely hot property. Izenberg was taken aback to hearthis; but then again, most of Izenberg's equipment, like that of mostfreelance professionals in the industry, was discounted, passedhand-to-hand through various kinds of barter and gray-market. Therewas no proof that the modem was stolen, and even if it were, Izenberghardly saw how that gave them the right to take every electronic itemin his house. 

Still, if the United States Secret Service figured they needed hiscomputer for national security reasons--or whatever--then Izenbergwould not kick. He figured he would somehow make the sacrifice of histwenty thousand dollars' worth of professional equipment, in the spiritof full cooperation and good citizenship. 

Robert Izenberg was not arrested. Izenberg was not charged with anycrime. His UUCP node--full of some 140 megabytes of the files, mail, and data of himself and his dozen or so entirely innocent users--wentout the door as "evidence. " Along with the disks and tapes, Izenberghad lost about 800 megabytes of data. 

Six months would pass before Izenberg decided to phone the SecretService and ask how the case was going. That was the first time thatRobert Izenberg would ever hear the name of William Cook. As ofJanuary 1992, a full two years after the seizure, Izenberg, still notcharged with any crime, would be struggling through the morass of thecourts, in hope of recovering his thousands of dollars' worth of seizedequipment. 

In the meantime, the Izenberg case received absolutely no presscoverage. The Secret Service had walked into an Austin home, removed aUNIX bulletin-board system, and met with no operational difficultieswhatsoever. 

Except that word of a crackdown had percolated through the Legion ofDoom. "The Mentor" voluntarily shut down "The Phoenix Project. " Itseemed a pity, especially as telco security employees had, in fact, shown up on Phoenix, just as he had hoped--along with the usual motleycrowd of LoD heavies, hangers-on, phreaks, hackers and wannabes. Therewas "Sandy" Sandquist from US SPRINT security, and some guy named HenryKluepfel, from Bellcore itself! Kluepfel had been trading friendlybanter with hackers on Phoenix since January 30th (two weeks after theMartin Luther King Day Crash). The presence of such a stellar telcoofficial seemed quite the coup for Phoenix Project. 

Still, Mentor could judge the climate. Atlanta in ruins, Phrack indeep trouble, something weird going on with UNIX nodes--discretion wasadvisable. Phoenix Project went off-line. 

Kluepfel, of course, had been monitoring this LoD bulletin board forhis own purposes--and those of the Chicago unit. As far back as June1987, Kluepfel had logged on to a Texas underground board called"Phreak Klass 2600. " There he'd discovered an Chicago youngster named"Shadowhawk, " strutting and boasting about rifling AT&T computer files, and bragging of his ambitions to riddle AT&T's Bellcore computers withtrojan horse programs. Kluepfel had passed the news to Cook inChicago, Shadowhawk's computers had gone out the door in Secret Servicecustody, and Shadowhawk himself had gone to jail. 

Now it was Phoenix Project's turn. Phoenix Project postured about"legality" and "merely intellectual interest, " but it reeked of theunderground. It had Phrack on it. It had the E911 Document. It had alot of dicey talk about breaking into systems, including some bold andreckless stuff about a supposed "decryption service" that Mentor andfriends were planning to run, to help crack encrypted passwords off ofhacked systems. 

Mentor was an adult. There was a bulletin board at his place of work, as well. Kleupfel logged onto this board, too, and discovered it to becalled "Illuminati. " It was run by some company called Steve JacksonGames. 

On March 1, 1990, the Austin crackdown went into high gear. 

On the morning of March 1--a Thursday--21-year-old University of Texasstudent "Erik Bloodaxe, " co-sysop of Phoenix Project and an avowedmember of the Legion of Doom, was wakened by a police revolver levelledat his head. 

Bloodaxe watched, jittery, as Secret Service agents appropriated his300 baud terminal and, rifling his files, discovered his treasuredsource-code for Robert Morris's notorious Internet Worm. But Bloodaxe, a wily operator, had suspected that something of the like might becoming. All his best equipment had been hidden away elsewhere. Theraiders took everything electronic, however, including his telephone. They were stymied by his hefty arcade-style Pac-Man game, and left itin place, as it was simply too heavy to move. 

Bloodaxe was not arrested. He was not charged with any crime. A goodtwo years later, the police still had what they had taken from him, however. 

The Mentor was less wary. The dawn raid rousted him and his wife frombed in their underwear, and six Secret Service agents, accompanied byan Austin policeman and Henry Kluepfel himself, made a rich haul. Offwent the works, into the agents' white Chevrolet minivan: an IBM PC-ATclone with 4 meg of RAM and a 120-meg hard disk; a Hewlett-PackardLaserJet II printer; a completely legitimate and highly expensiveSCO-Xenix 286 operating system; Pagemaker disks and documentation; andthe Microsoft Word word-processing program. Mentor's wife had herincomplete academic thesis stored on the hard-disk; that went, too, andso did the couple's telephone. As of two years later, all thisproperty remained in police custody. 

Mentor remained under guard in his apartment as agents prepared to raidSteve Jackson Games. The fact that this was a business headquartersand not a private residence did not deter the agents. It was stillvery early; no one was at work yet. The agents prepared to break downthe door, but Mentor, eavesdropping on the Secret Service walkie-talkietraffic, begged them not to do it, and offered his key to the building. 

The exact details of the next events are unclear. The agents would notlet anyone else into the building. Their search warrant, whenproduced, was unsigned. Apparently they breakfasted from the local"Whataburger, " as the litter from hamburgers was later found inside. They also extensively sampled a bag of jellybeans kept by an SJGemployee. Someone tore a "Dukakis for President" sticker from the wall. 

SJG employees, diligently showing up for the day's work, were met atthe door and briefly questioned by U. S. Secret Service agents. Theemployees watched in astonishment as agents wielding crowbars andscrewdrivers emerged with captive machines. They attacked outdoorstorage units with boltcutters. The agents wore blue nylonwindbreakers with "SECRET SERVICE" stencilled across the back, withrunning-shoes and jeans. 

Jackson's company lost three computers, several hard-disks, hundred offloppy disks, two monitors, three modems, a laser printer, variouspowercords, cables, and adapters (and, oddly, a small bag of screws, bolts and nuts). The seizure of Illuminati BBS deprived SJG of all theprograms, text files, and private e-mail on the board. The loss of twoother SJG computers was a severe blow as well, since it caused the lossof electronically stored contracts, financial projections, addressdirectories, mailing lists, personnel files, business correspondence, and, not least, the drafts of forthcoming games and gaming books. 

No one at Steve Jackson Games was arrested. No one was accused of anycrime. No charges were filed. Everything appropriated was officiallykept as "evidence" of crimes never specified. 

After the Phrack show-trial, the Steve Jackson Games scandal was themost bizarre and aggravating incident of the Hacker Crackdown of 1990. This raid by the Chicago Task Force on a science-fiction gamingpublisher was to rouse a swarming host of civil liberties issues, andgave rise to an enduring controversy that was still re-complicatingitself, and growing in the scope of its implications, a full two yearslater. 

The pursuit of the E911 Document stopped with the Steve Jackson Gamesraid. As we have seen, there were hundreds, perhaps thousands ofcomputer users in America with the E911 Document in their possession. Theoretically, Chicago had a perfect legal right to raid any of thesepeople, and could have legally seized the machines of anybody whosubscribed to Phrack. However, there was no copy of the E911 Documenton Jackson's Illuminati board. And there the Chicago raiders stoppeddead; they have not raided anyone since. 

It might be assumed that Rich Andrews and Charlie Boykin, who hadbrought the E911 Document to the attention of telco security, might bespared any official suspicion. But as we have seen, the willingness to"cooperate fully" offers little, if any, assurance against federalanti-hacker prosecution. 

Richard Andrews found himself in deep trouble, thanks to the E911Document. Andrews lived in Illinois, the native stomping grounds ofthe Chicago Task Force. On February 3 and 6, both his home and hisplace of work were raided by USSS. His machines went out the door, too, and he was grilled at length (though not arrested). Andrewsproved to be in purportedly guilty possession of: UNIX SVR 3. 2; UNIXSVR 3. 1; UUCP; PMON; WWB; IWB; DWB; NROFF; KORN SHELL '88; C++; andQUEST, among other items. Andrews had received this proprietarycode--which AT&T officially valued at well over $250, 000--through theUNIX network, much of it supplied to him as a personal favor byTerminus. Perhaps worse yet, Andrews admitted to returning the favor, by passing Terminus a copy of AT&T proprietary STARLAN source code. 

Even Charles Boykin, himself an AT&T employee, entered some very hotwater. By 1990, he'd almost forgotten about the E911 problem he'dreported in September 88; in fact, since that date, he'd passed twomore security alerts to Jerry Dalton, concerning matters that Boykinconsidered far worse than the E911 Document. 

But by 1990, year of the crackdown, AT&T Corporate Information Securitywas fed up with "Killer. " This machine offered no direct income toAT&T, and was providing aid and comfort to a cloud of suspicious yokelsfrom outside the company, some of them actively malicious toward AT&T, its property, and its corporate interests. Whatever goodwill andpublicity had been won among Killer's 1, 500 devoted users wasconsidered no longer worth the security risk. On February 20, 1990, Jerry Dalton arrived in Dallas and simply unplugged the phone jacks, tothe puzzled alarm of Killer's many Texan users. Killer wentpermanently off-line, with the loss of vast archives of programs andhuge quantities of electronic mail; it was never restored to service. AT&T showed no particular regard for the "property" of these 1, 500people. Whatever "property" the users had been storing on AT&T'scomputer simply vanished completely. 

Boykin, who had himself reported the E911 problem, now found himselfunder a cloud of suspicion. In a weird private-security replay of theSecret Service seizures, Boykin's own home was visited by AT&T Securityand his own machines were carried out the door. 

However, there were marked special features in the Boykin case. Boykin's disks and his personal computers were swiftly examined by hiscorporate employers and returned politely in just two days--(unlikeSecret Service seizures, which commonly take months or years). Boykinwas not charged with any crime or wrongdoing, and he kept his job withAT&T (though he did retire from AT&T in September 1991, at the age of52). 

It's interesting to note that the US Secret Service somehow failed toseize Boykin's "Killer" node and carry AT&T's own computer out thedoor. Nor did they raid Boykin's home. They seemed perfectly willingto take the word of AT&T Security that AT&T's employee, and AT&T's"Killer" node, were free of hacker contraband and on the up-and-up. 

It's digital water-under-the-bridge at this point, as Killer's 3, 200megabytes of Texan electronic community were erased in 1990, and"Killer" itself was shipped out of the state. 

But the experiences of Andrews and Boykin, and the users of theirsystems, remained side issues. They did not begin to assume thesocial, political, and legal importance that gathered, slowly butinexorably, around the issue of the raid on Steve Jackson Games. 

#

We must now turn our attention to Steve Jackson Games itself, andexplain what SJG was, what it really did, and how it had managed toattract this particularly odd and virulent kind of trouble. The readermay recall that this is not the first but the second time that thecompany has appeared in this narrative; a Steve Jackson game calledGURPS was a favorite pastime of Atlanta hacker Urvile, and Urvile'sscience-fictional gaming notes had been mixed up promiscuously withnotes about his actual computer intrusions. 

First, Steve Jackson Games, Inc. , was NOT a publisher of "computergames. " SJG published "simulation games, " parlor games that were playedon paper, with pencils, and dice, and printed guidebooks full of rulesand statistics tables. There were no computers involved in the gamesthemselves. When you bought a Steve Jackson Game, you did not receiveany software disks. What you got was a plastic bag with some cardboardgame tokens, maybe a few maps or a deck of cards. Most of theirproducts were books. 

However, computers WERE deeply involved in the Steve Jackson Gamesbusiness. Like almost all modern publishers, Steve Jackson and hisfifteen employees used computers to write text, to keep accounts, andto run the business generally. They also used a computer to run theirofficial bulletin board system for Steve Jackson Games, a board calledIlluminati. On Illuminati, simulation gamers who happened to owncomputers and modems could associate, trade mail, debate the theory andpractice of gaming, and keep up with the company's news and its productannouncements. 

Illuminati was a modestly popular board, run on a small computer withlimited storage, only one phone-line, and no ties to large-scalecomputer networks. It did, however, have hundreds of users, many ofthem dedicated gamers willing to call from out-of-state. 

Illuminati was NOT an "underground" board. It did not feature hints oncomputer intrusion, or "anarchy files, " or illicitly posted credit cardnumbers, or long-distance access codes. Some of Illuminati's users, however, were members of the Legion of Doom. And so was one of SteveJackson's senior employees--the Mentor. The Mentor wrote for Phrack, and also ran an underground board, Phoenix Project--but the Mentor wasnot a computer professional. The Mentor was the managing editor ofSteve Jackson Games and a professional game designer by trade. TheseLoD members did not use Illuminati to help their HACKING activities. They used it to help their GAME-PLAYING activities--and they were evenmore dedicated to simulation gaming than they were to hacking. 

"Illuminati" got its name from a card-game that Steve Jackson himself, the company's founder and sole owner, had invented. This multi-playercard-game was one of Mr Jackson's best-known, most successful, mosttechnically innovative products. "Illuminati" was a game of paranoiacconspiracy in which various antisocial cults warred covertly todominate the world. "Illuminati" was hilarious, and great fun to play, involving flying saucers, the CIA, the KGB, the phone companies, the KuKlux Klan, the South American Nazis, the cocaine cartels, the BoyScouts, and dozens of other splinter groups from the twisted depths ofMr. Jackson's professionally fervid imagination. For the uninitiated, any public discussion of the "Illuminati" card-game sounded, by turns, utterly menacing or completely insane. 

And then there was SJG's "Car Wars, " in which souped-up armoredhot-rods with rocket-launchers and heavy machine-guns did battle on theAmerican highways of the future. The lively Car Wars discussion on theIlluminati board featured many meticulous, painstaking discussions ofthe effects of grenades, land-mines, flamethrowers and napalm. Itsounded like hacker anarchy files run amuck. 

Mr Jackson and his co-workers earned their daily bread by supplyingpeople with make-believe adventures and weird ideas. The more far-out, the better. 

Simulation gaming is an unusual pastime, but gamers have not generallyhad to beg the permission of the Secret Service to exist. Wargames androle-playing adventures are an old and honored pastime, much favored byprofessional military strategists. Once little-known, these games arenow played by hundreds of thousands of enthusiasts throughout NorthAmerica, Europe and Japan. Gaming-books, once restricted to hobbyoutlets, now commonly appear in chain-stores like B. Dalton's andWaldenbooks, and sell vigorously. 

Steve Jackson Games, Inc. , of Austin, Texas, was a games company of themiddle rank. In 1989, SJG grossed about a million dollars. Jacksonhimself had a good reputation in his industry as a talented andinnovative designer of rather unconventional games, but his company wassomething less than a titan of the field--certainly not like themultimillion-dollar TSR Inc. , or Britain's gigantic "Games Workshop. "SJG's Austin headquarters was a modest two-story brick office-suite, cluttered with phones, photocopiers, fax machines and computers. Itbustled with semi-organized activity and was littered with glossypromotional brochures and dog-eared science-fiction novels. Attachedto the offices was a large tin-roofed warehouse piled twenty feet highwith cardboard boxes of games and books. Despite the weird imaginingsthat went on within it, the SJG headquarters was quite a quotidian, everyday sort of place. It looked like what it was: a publishers'digs. 

Both "Car Wars" and "Illuminati" were well-known, popular games. Butthe mainstay of the Jackson organization was their Generic UniversalRole-Playing System, "G. U. R. P. S. " The GURPS system was consideredsolid and well-designed, an asset for players. But perhaps the mostpopular feature of the GURPS system was that it allowed gaming-mastersto design scenarios that closely resembled well-known books, movies, and other works of fantasy. Jackson had licensed and adapted worksfrom many science fiction and fantasy authors. There was GURPS Conan, GURPS Riverworld, GURPS Horseclans, GURPS Witch World, names eminentlyfamiliar to science-fiction readers. And there was GURPS Special Ops, from the world of espionage fantasy and unconventional warfare. 

And then there was GURPS Cyberpunk. 

"Cyberpunk" was a term given to certain science fiction writers who hadentered the genre in the 1980s. "Cyberpunk, " as the label implies, hadtwo general distinguishing features. First, its writers had acompelling interest in information technology, an interest closely akinto science fiction's earlier fascination with space travel. Andsecond, these writers were "punks, " with all the distinguishingfeatures that that implies: Bohemian artiness, youth run wild, an airof deliberate rebellion, funny clothes and hair, odd politics, afondness for abrasive rock and roll; in a word, trouble. 

The "cyberpunk" SF writers were a small group of mostlycollege-educated white middle-class litterateurs, scattered through theUS and Canada. Only one, Rudy Rucker, a professor of computer sciencein Silicon Valley, could rank with even the humblest computer hacker. But, except for Professor Rucker, the "cyberpunk" authors were notprogrammers or hardware experts; they considered themselves artists(as, indeed, did Professor Rucker). However, these writers all ownedcomputers, and took an intense and public interest in the socialramifications of the information industry. 

The cyberpunks had a strong following among the global generation thathad grown up in a world of computers, multinational networks, and cabletelevision. Their outlook was considered somewhat morbid, cynical, anddark, but then again, so was the outlook of their generational peers. As that generation matured and increased in strength and influence, sodid the cyberpunks. As science-fiction writers went, they were doingfairly well for themselves. By the late 1980s, their work hadattracted attention from gaming companies, including Steve JacksonGames, which was planning a cyberpunk simulation for the flourishingGURPS gaming-system. 

The time seemed ripe for such a product, which had already been provenin the marketplace. The first games-company out of the gate, with aproduct boldly called "Cyberpunk" in defiance of possibleinfringement-of-copyright suits, had been an upstart group called R. Talsorian. Talsorian's Cyberpunk was a fairly decent game, but themechanics of the simulation system left a lot to be desired. Commercially, however, the game did very well. 

The next cyberpunk game had been the even more successful Shadowrun byFASA Corporation. The mechanics of this game were fine, but thescenario was rendered moronic by sappy fantasy elements like elves, trolls, wizards, and dragons--all highly ideologically-incorrect, according to the hard-edged, high-tech standards of cyberpunk sciencefiction. 

Other game designers were champing at the bit. Prominent among themwas the Mentor, a gentleman who, like most of his friends in the Legionof Doom, was quite the cyberpunk devotee. Mentor reasoned that thetime had come for a REAL cyberpunk gaming-book--one that the princes ofcomputer-mischief in the Legion of Doom could play without laughingthemselves sick. This book, GURPS Cyberpunk, would reek of culturallyon-line authenticity. 

Mentor was particularly well-qualified for this task. Naturally, heknew far more about computer-intrusion and digital skullduggery thanany previously published cyberpunk author. Not only that, but he wasgood at his work. A vivid imagination, combined with an instinctivefeeling for the working of systems and, especially, the loopholeswithin them, are excellent qualities for a professional game designer. 

By March 1st, GURPS Cyberpunk was almost complete, ready to print andship. Steve Jackson expected vigorous sales for this item, which, hehoped, would keep the company financially afloat for several months. GURPS Cyberpunk, like the other GURPS "modules, " was not a "game" likea Monopoly set, but a BOOK: a bound paperback book the size of aglossy magazine, with a slick color cover, and pages full of text, illustrations, tables and footnotes. It was advertised as a game, andwas used as an aid to game-playing, but it was a book, with an ISBNnumber, published in Texas, copyrighted, and sold in bookstores. 

And now, that book, stored on a computer, had gone out the door in thecustody of the Secret Service. 

The day after the raid, Steve Jackson visited the local Secret Serviceheadquarters with a lawyer in tow. There he confronted Tim Foley(still in Austin at that time) and demanded his book back. But therewas trouble. GURPS Cyberpunk, alleged a Secret Service agent toastonished businessman Steve Jackson, was "a manual for computer crime. "

"It's science fiction, " Jackson said. 

"No, this is real. "

This statement was repeated several times, by several agents. Jackson's ominously accurate game had passed from pure, obscure, small-scale fantasy into the impure, highly publicized, large-scalefantasy of the Hacker Crackdown. 

No mention was made of the real reason for the search. According totheir search warrant, the raiders had expected to find the E911Document stored on Jackson's bulletin board system. But that warrantwas sealed; a procedure that most law enforcement agencies will useonly when lives are demonstrably in danger. The raiders' true motiveswere not discovered until the Jackson search-warrant was unsealed byhis lawyers, many months later. The Secret Service, and the ChicagoComputer Fraud and Abuse Task Force, said absolutely nothing to SteveJackson about any threat to the police 911 System. They said nothingabout the Atlanta Three, nothing about Phrack or Knight Lightning, nothing about Terminus. 

Jackson was left to believe that his computers had been seized becausehe intended to publish a science fiction book that law enforcementconsidered too dangerous to see print. 

This misconception was repeated again and again, for months, to anever-widening public audience. It was not the truth of the case; butas months passed, and this misconception was publicly printed again andagain, it became one of the few publicly known "facts" about themysterious Hacker Crackdown. The Secret Service had seized a computerto stop the publication of a cyberpunk science fiction book. 

The second section of this book, "The Digital Underground, " is almostfinished now. We have become acquainted with all the major figures ofthis case who actually belong to the underground milieu of computerintrusion. We have some idea of their history, their motives, theirgeneral modus operandi. We now know, I hope, who they are, where theycame from, and more or less what they want. In the next section ofthis book, "Law and Order, " we will leave this milieu and directlyenter the world of America's computer-crime police. 

At this point, however, I have another figure to introduce: myself. 

My name is Bruce Sterling. I live in Austin, Texas, where I am ascience fiction writer by trade: specifically, a CYBERPUNK sciencefiction writer. 

Like my "cyberpunk" colleagues in the U. S. And Canada, I've never beenentirely happy with this literary label--especially after it became asynonym for computer criminal. But I did once edit a book of storiesby my colleagues, called Mirrorshades: the Cyberpunk Anthology, andI've long been a writer of literary-critical cyberpunk manifestos. Iam not a "hacker" of any description, though I do have readers in thedigital underground. 

When the Steve Jackson Games seizure occurred, I naturally took anintense interest. If "cyberpunk" books were being banned by federalpolice in my own home town, I reasonably wondered whether I myselfmight be next. Would my computer be seized by the Secret Service? Atthe time, I was in possession of an aging Apple IIe without so much asa hard disk. If I were to be raided as an author of computer-crimemanuals, the loss of my feeble word-processor would likely provoke moresnickers than sympathy. 

I'd known Steve Jackson for many years. We knew one another ascolleagues, for we frequented the same local science-fictionconventions. I'd played Jackson games, and recognized his cleverness;but he certainly had never struck me as a potential mastermind ofcomputer crime. 

I also knew a little about computer bulletin-board systems. In themid-1980s I had taken an active role in an Austin board called"SMOF-BBS, " one of the first boards dedicated to science fiction. Ihad a modem, and on occasion I'd logged on to Illuminati, which alwayslooked entertainly wacky, but certainly harmless enough. 

At the time of the Jackson seizure, I had no experience whatsoever withunderground boards. But I knew that no one on Illuminati talked aboutbreaking into systems illegally, or about robbing phone companies. Illuminati didn't even offer pirated computer games. Steve Jackson, like many creative artists, was markedly touchy about theft ofintellectual property. 

It seemed to me that Jackson was either seriously suspected of somecrime--in which case, he would be charged soon, and would have his dayin court--or else he was innocent, in which case the Secret Servicewould quickly return his equipment, and everyone would have a goodlaugh. I rather expected the good laugh. The situation was notwithout its comic side. The raid, known as the "Cyberpunk Bust" in thescience fiction community, was winning a great deal of free nationalpublicity both for Jackson himself and the "cyberpunk" science fictionwriters generally. 

Besides, science fiction people are used to being misinterpreted. Science fiction is a colorful, disreputable, slipshod occupation, fullof unlikely oddballs, which, of course, is why we like it. Weirdnesscan be an occupational hazard in our field. People who wear Halloweencostumes are sometimes mistaken for monsters. 

Once upon a time--back in 1939, in New York City--science fiction andthe U. S. Secret Service collided in a comic case of mistaken identity. This weird incident involved a literary group quite famous in sciencefiction, known as "the Futurians, " whose membership included suchfuture genre greats as Isaac Asimov, Frederik Pohl, and Damon Knight. The Futurians were every bit as offbeat and wacky as any of theirspiritual descendants, including the cyberpunks, and were given tocommunal living, spontaneous group renditions of light opera, andmidnight fencing exhibitions on the lawn. The Futurians didn't havebulletin board systems, but they did have the technological equivalentin 1939--mimeographs and a private printing press. These were insteady use, producing a stream of science-fiction fan magazines, literary manifestos, and weird articles, which were picked up inink-sticky bundles by a succession of strange, gangly, spotty young menin fedoras and overcoats. 

The neighbors grew alarmed at the antics of the Futurians and reportedthem to the Secret Service as suspected counterfeiters. In the winterof 1939, a squad of USSS agents with drawn guns burst into "FuturianHouse, " prepared to confiscate the forged currency and illicit printingpresses. There they discovered a slumbering science fiction fan namedGeorge Hahn, a guest of the Futurian commune who had just arrived inNew York. George Hahn managed to explain himself and his group, andthe Secret Service agents left the Futurians in peace henceforth. (Alas, Hahn died in 1991, just before I had discovered this astonishinghistorical parallel, and just before I could interview him for thisbook. )

But the Jackson case did not come to a swift and comic end. No quickanswers came his way, or mine; no swift reassurances that all was rightin the digital world, that matters were well in hand after all. Quitethe opposite. In my alternate role as a sometime pop-sciencejournalist, I interviewed Jackson and his staff for an article in aBritish magazine. The strange details of the raid left me moreconcerned than ever. Without its computers, the company had beenfinancially and operationally crippled. Half the SJG workforce, agroup of entirely innocent people, had been sorrowfully fired, deprivedof their livelihoods by the seizure. It began to dawn on me thatauthors--American writers--might well have their computers seized, under sealed warrants, without any criminal charge; and that, as SteveJackson had discovered, there was no immediate recourse for this. Thiswas no joke; this wasn't science fiction; this was real. 

I determined to put science fiction aside until I had discovered whathad happened and where this trouble had come from. It was time toenter the purportedly real world of electronic free expression andcomputer crime. Hence, this book. Hence, the world of the telcos; andthe world of the digital underground; and next, the world of the police. 

PART THREE: LAW AND ORDER

Of the various anti-hacker activities of 1990, "Operation Sundevil" hadby far the highest public profile. The sweeping, nationwide computerseizures of May 8, 1990 were unprecedented in scope and highly, ifrather selectively, publicized. 

Unlike the efforts of the Chicago Computer Fraud and Abuse Task Force, "Operation Sundevil" was not intended to combat "hacking" in the senseof computer intrusion or sophisticated raids on telco switchingstations. Nor did it have anything to do with hacker misdeeds withAT&T's software, or with Southern Bell's proprietary documents. 

Instead, "Operation Sundevil" was a crackdown on those traditionalscourges of the digital underground: credit-card theft and telephonecode abuse. The ambitious activities out of Chicago, and the somewhatlesser-known but vigorous anti-hacker actions of the New York StatePolice in 1990, were never a part of "Operation Sundevil" per se, whichwas based in Arizona. 

Nevertheless, after the spectacular May 8 raids, the public, misled bypolice secrecy, hacker panic, and a puzzled national press-corps, conflated all aspects of the nationwide crackdown in 1990 under theblanket term "Operation Sundevil. " "Sundevil" is still the best-knownsynonym for the crackdown of 1990. But the Arizona organizers of"Sundevil" did not really deserve this reputation--any more, forinstance, than all hackers deserve a reputation as "hackers. "

There was some justice in this confused perception, though. For onething, the confusion was abetted by the Washington office of the SecretService, who responded to Freedom of Information Act requests on"Operation Sundevil" by referring investigators to the publicly knowncases of Knight Lightning and the Atlanta Three. And "Sundevil" wascertainly the largest aspect of the Crackdown, the most deliberate andthe best-organized. As a crackdown on electronic fraud, "Sundevil"lacked the frantic pace of the war on the Legion of Doom; on thecontrary, Sundevil's targets were picked out with cool deliberationover an elaborate investigation lasting two full years. 

And once again the targets were bulletin board systems. 

Boards can be powerful aids to organized fraud. Underground boardscarry lively, extensive, detailed, and often quite flagrant"discussions" of lawbreaking techniques and lawbreaking activities. "Discussing" crime in the abstract, or "discussing" the particulars ofcriminal cases, is not illegal--but there are stern state and federallaws against coldbloodedly conspiring in groups in order to commitcrimes. 

In the eyes of police, people who actively conspire to break the laware not regarded as "clubs, " "debating salons, " "users' groups, " or"free speech advocates. " Rather, such people tend to find themselvesformally indicted by prosecutors as "gangs, " "racketeers, " "corruptorganizations" and "organized crime figures. "

What's more, the illicit data contained on outlaw boards goes wellbeyond mere acts of speech and/or possible criminal conspiracy. As wehave seen, it was common practice in the digital underground to postpurloined telephone codes on boards, for any phreak or hacker who caredto abuse them. Is posting digital booty of this sort supposed to beprotected by the First Amendment? Hardly--though the issue, like mostissues in cyberspace, is not entirely resolved. Some theorists arguethat to merely RECITE a number publicly is not illegal--only its USE isillegal. But anti-hacker police point out that magazines andnewspapers (more traditional forms of free expression) never publishstolen telephone codes (even though this might well raise theircirculation). 

Stolen credit card numbers, being riskier and more valuable, were lessoften publicly posted on boards--but there is no question that someunderground boards carried "carding" traffic, generally exchangedthrough private mail. 

Underground boards also carried handy programs for "scanning" telephonecodes and raiding credit card companies, as well as the usual obnoxiousgalaxy of pirated software, cracked passwords, blue-box schematics, intrusion manuals, anarchy files, porn files, and so forth. 

But besides their nuisance potential for the spread of illicitknowledge, bulletin boards have another vitally interesting aspect forthe professional investigator. Bulletin boards are cram-full ofEVIDENCE. All that busy trading of electronic mail, all those hackerboasts, brags and struts, even the stolen codes and cards, can be neat, electronic, real-time recordings of criminal activity. As aninvestigator, when you seize a pirate board, you have scored a coup aseffective as tapping phones or intercepting mail. However, you havenot actually tapped a phone or intercepted a letter. The rules ofevidence regarding phone-taps and mail interceptions are old, stern andwell-understood by police, prosecutors and defense attorneys alike. The rules of evidence regarding boards are new, waffling, andunderstood by nobody at all. 

Sundevil was the largest crackdown on boards in world history. On May7, 8, and 9, 1990, about forty-two computer systems were seized. Ofthose forty-two computers, about twenty-five actually were runningboards. (The vagueness of this estimate is attributable to thevagueness of (a) what a "computer system" is, and (b) what it actuallymeans to "run a board" with one--or with two computers, or with three. )

About twenty-five boards vanished into police custody in May 1990. Aswe have seen, there are an estimated 30, 000 boards in America today. If we assume that one board in a hundred is up to no good with codesand cards (which rather flatters the honesty of the board-usingcommunity), then that would leave 2, 975 outlaw boards untouched bySundevil. Sundevil seized about one tenth of one percent of allcomputer bulletin boards in America. Seen objectively, this issomething less than a comprehensive assault. In 1990, Sundevil'sorganizers--the team at the Phoenix Secret Service office, and theArizona Attorney General's office--had a list of at least THREE HUNDREDboards that they considered fully deserving of search and seizurewarrants. The twenty-five boards actually seized were merely among themost obvious and egregious of this much larger list of candidates. Allthese boards had been examined beforehand--either by informants, whohad passed printouts to the Secret Service, or by Secret Service agentsthemselves, who not only come equipped with modems but know how to usethem. 

There were a number of motives for Sundevil. First, it offered achance to get ahead of the curve on wire-fraud crimes. Tracking backcredit-card ripoffs to their perpetrators can be appallingly difficult. If these miscreants have any kind of electronic sophistication, theycan snarl their tracks through the phone network into a mind-boggling, untraceable mess, while still managing to "reach out and rob someone. "Boards, however, full of brags and boasts, codes and cards, offerevidence in the handy congealed form. 

Seizures themselves--the mere physical removal of machines--tends totake the pressure off. During Sundevil, a large number of code kids, warez d00dz, and credit card thieves would be deprived of thoseboards--their means of community and conspiracy--in one swift blow. As for the sysops themselves (commonly among the boldest offenders)they would be directly stripped of their computer equipment, andrendered digitally mute and blind. 

And this aspect of Sundevil was carried out with great success. Sundevil seems to have been a complete tactical surprise--unlike thefragmentary and continuing seizures of the war on the Legion of Doom, Sundevil was precisely timed and utterly overwhelming. At least forty"computers" were seized during May 7, 8 and 9, 1990, in Cincinnati, Detroit, Los Angeles, Miami, Newark, Phoenix, Tucson, Richmond, SanDiego, San Jose, Pittsburgh and San Francisco. Some cities sawmultiple raids, such as the five separate raids in the New York Cityenvirons. Plano, Texas (essentially a suburb of the Dallas/Fort Worthmetroplex, and a hub of the telecommunications industry) saw fourcomputer seizures. Chicago, ever in the forefront, saw its own localSundevil raid, briskly carried out by Secret Service agents TimothyFoley and Barbara Golden. 

Many of these raids occurred, not in the cities proper, but inassociated white-middle class suburbs--places like Mount Lebanon, Pennsylvania and Clark Lake, Michigan. There were a few raids onoffices; most took place in people's homes, the classic hackerbasements and bedrooms. 

The Sundevil raids were searches and seizures, not a group of massarrests. There were only four arrests during Sundevil. "Tony theTrashman, " a longtime teenage bete noire of the Arizona Racketeeringunit, was arrested in Tucson on May 9. "Dr. Ripco, " sysop of an outlawboard with the misfortune to exist in Chicago itself, was alsoarrested--on illegal weapons charges. Local units also arrested a19-year-old female phone phreak named "Electra" in Pennsylvania, and amale juvenile in California. Federal agents however were not seekingarrests, but computers. 

Hackers are generally not indicted (if at all) until the evidence intheir seized computers is evaluated--a process that can take weeks, months--even years. When hackers are arrested on the spot, it'sgenerally an arrest for other reasons. Drugs and/or illegal weaponsshow up in a good third of anti-hacker computer seizures (though notduring Sundevil). 

That scofflaw teenage hackers (or their parents) should have marijuanain their homes is probably not a shocking revelation, but thesurprisingly common presence of illegal firearms in hacker dens is abit disquieting. A Personal Computer can be a great equalizer for thetechno-cowboy--much like that more traditional American "GreatEqualizer, " the Personal Sixgun. Maybe it's not all that surprisingthat some guy obsessed with power through illicit technology would alsohave a few illicit high-velocity-impact devices around. An element ofthe digital underground particularly dotes on those "anarchy philes, "and this element tends to shade into the crackpot milieu ofsurvivalists, gun-nuts, anarcho-leftists and the ultra-libertarianright-wing. 

This is not to say that hacker raids to date have uncovered any majorcrack-dens or illegal arsenals; but Secret Service agents do not regard"hackers" as "just kids. " They regard hackers as unpredictable people, bright and slippery. It doesn't help matters that the hacker himselfhas been "hiding behind his keyboard" all this time. Commonly, policehave no idea what he looks like. This makes him an unknown quantity, someone best treated with proper caution. 

To date, no hacker has come out shooting, though they do sometimes bragon boards that they will do just that. Threats of this sort are takenseriously. Secret Service hacker raids tend to be swift, comprehensive, well-manned (even over-manned); and agents generallyburst through every door in the home at once, sometimes with drawnguns. Any potential resistance is swiftly quelled. Hacker raids areusually raids on people's homes. It can be a very dangerous businessto raid an American home; people can panic when strangers invade theirsanctum. Statistically speaking, the most dangerous thing a policemancan do is to enter someone's home. (The second most dangerous thing isto stop a car in traffic. ) People have guns in their homes. More copsare hurt in homes than are ever hurt in biker bars or massage parlors. 

But in any case, no one was hurt during Sundevil, or indeed during anypart of the Hacker Crackdown. 

Nor were there any allegations of any physical mistreatment of asuspect. Guns were pointed, interrogations were sharp and prolonged;but no one in 1990 claimed any act of brutality by any crackdown raider. 

In addition to the forty or so computers, Sundevil reaped floppy disksin particularly great abundance--an estimated 23, 000 of them, whichnaturally included every manner of illegitimate data: pirated games, stolen codes, hot credit card numbers, the complete text and softwareof entire pirate bulletin-boards. These floppy disks, which remain inpolice custody today, offer a gigantic, almost embarrassingly richsource of possible criminal indictments. These 23, 000 floppy disksalso include a thus-far unknown quantity of legitimate computer games, legitimate software, purportedly "private" mail from boards, businessrecords, and personal correspondence of all kinds. 

Standard computer-crime search warrants lay great emphasis on seizingwritten documents as well as computers--specifically includingphotocopies, computer printouts, telephone bills, address books, logs, notes, memoranda and correspondence. In practice, this has meant thatdiaries, gaming magazines, software documentation, nonfiction books onhacking and computer security, sometimes even science fiction novels, have all vanished out the door in police custody. A wide variety ofelectronic items have been known to vanish as well, includingtelephones, televisions, answering machines, Sony Walkmans, desktopprinters, compact disks, and audiotapes. 

No fewer than 150 members of the Secret Service were sent into thefield during Sundevil. They were commonly accompanied by squads oflocal and/or state police. Most of these officers--especially thelocals--had never been on an anti-hacker raid before. (This was onegood reason, in fact, why so many of them were invited along in thefirst place. ) Also, the presence of a uniformed police officer assuresthe raidees that the people entering their homes are, in fact, police. Secret Service agents wear plain clothes. So do the telco securityexperts who commonly accompany the Secret Service on raids (and whomake no particular effort to identify themselves as mere employees oftelephone companies). 

A typical hacker raid goes something like this. First, police storm inrapidly, through every entrance, with overwhelming force, in theassumption that this tactic will keep casualties to a minimum. Second, possible suspects are immediately removed from the vicinity of any andall computer systems, so that they will have no chance to purge ordestroy computer evidence. Suspects are herded into a room withoutcomputers, commonly the living room, and kept under guard--not ARMEDguard, for the guns are swiftly holstered, but under guardnevertheless. They are presented with the search warrant and warnedthat anything they say may be held against them. Commonly they have agreat deal to say, especially if they are unsuspecting parents. 

Somewhere in the house is the "hot spot"--a computer tied to a phoneline (possibly several computers and several phones). Commonly it's ateenager's bedroom, but it can be anywhere in the house; there may beseveral such rooms. This "hot spot" is put in charge of a two-agentteam, the "finder" and the "recorder. " The "finder" iscomputer-trained, commonly the case agent who has actually obtained thesearch warrant from a judge. He or she understands what is beingsought, and actually carries out the seizures: unplugs machines, opensdrawers, desks, files, floppy-disk containers, etc. The "recorder"photographs all the equipment, just as it stands--especially the tangleof wired connections in the back, which can otherwise be a realnightmare to restore. The recorder will also commonly photograph everyroom in the house, lest some wily criminal claim that the police hadrobbed him during the search. Some recorders carry videocams or taperecorders; however, it's more common for the recorder to simply takewritten notes. Objects are described and numbered as the finder seizesthem, generally on standard preprinted police inventory forms. 

Even Secret Service agents were not, and are not, expert computerusers. They have not made, and do not make, judgements on the flyabout potential threats posed by various forms of equipment. They mayexercise discretion; they may leave Dad his computer, for instance, butthey don't HAVE to. Standard computer-crime search warrants, whichdate back to the early 80s, use a sweeping language that targetscomputers, most anything attached to a computer, most anything used tooperate a computer--most anything that remotely resembles acomputer--plus most any and all written documents surrounding it. Computer-crime investigators have strongly urged agents to seize theworks. 

In this sense, Operation Sundevil appears to have been a completesuccess. Boards went down all over America, and were shipped en masseto the computer investigation lab of the Secret Service, in WashingtonDC, along with the 23, 000 floppy disks and unknown quantities ofprinted material. 

But the seizure of twenty-five boards, and the multi-megabyte mountainsof possibly useful evidence contained in these boards (and in theirowners' other computers, also out the door), were far from the onlymotives for Operation Sundevil. An unprecedented action of greatambition and size, Sundevil's motives can only be described aspolitical. It was a public-relations effort, meant to pass certainmessages, meant to make certain situations clear: both in the mind ofthe general public, and in the minds of various constituencies of theelectronic community. 

First--and this motivation was vital--a "message" would be sent fromlaw enforcement to the digital underground. This very message wasrecited in so many words by Garry M. Jenkins, the Assistant Director ofthe US Secret Service, at the Sundevil press conference in Phoenix onMay 9, 1990, immediately after the raids. In brief, hackers weremistaken in their foolish belief that they could hide behind the"relative anonymity of their computer terminals. " On the contrary, they should fully understand that state and federal cops were activelypatrolling the beat in cyberspace--that they were on the watcheverywhere, even in those sleazy and secretive dens of cybernetic vice, the underground boards. 

This is not an unusual message for police to publicly convey to crooks. The message is a standard message; only the context is new. 

In this respect, the Sundevil raids were the digital equivalent of thestandard vice-squad crackdown on massage parlors, porno bookstores, head-shops, or floating crap-games. There may be few or no arrests ina raid of this sort; no convictions, no trials, no interrogations. Incases of this sort, police may well walk out the door with many poundsof sleazy magazines, X-rated videotapes, sex toys, gambling equipment, baggies of marijuana. . . . 

Of course, if something truly horrendous is discovered by the raiders, there will be arrests and prosecutions. Far more likely, however, there will simply be a brief but sharp disruption of the closed andsecretive world of the nogoodniks. There will be "street hassle. ""Heat. " "Deterrence. " And, of course, the immediate loss of theseized goods. It is very unlikely that any of this seized materialwill ever be returned. Whether charged or not, whether convicted ornot, the perpetrators will almost surely lack the nerve ever to ask forthis stuff to be given back. 

Arrests and trials--putting people in jail--may involve all kinds offormal legalities; but dealing with the justice system is far from theonly task of police. Police do not simply arrest people. They don'tsimply put people in jail. That is not how the police perceive theirjobs. Police "protect and serve. " Police "keep the peace, " they "keeppublic order. " Like other forms of public relations, keeping publicorder is not an exact science. Keeping public order is something of anart-form. 

If a group of tough-looking teenage hoodlums was loitering on astreet-corner, no one would be surprised to see a street-cop arrive andsternly order them to "break it up. " On the contrary, the surprisewould come if one of these ne'er-do-wells stepped briskly into aphone-booth, called a civil rights lawyer, and instituted a civil suitin defense of his Constitutional rights of free speech and freeassembly. But something much along this line was one of the manyanomolous outcomes of the Hacker Crackdown. 

Sundevil also carried useful "messages" for other constituents of theelectronic community. These messages may not have been read aloud fromthe Phoenix podium in front of the press corps, but there was littlemistaking their meaning. There was a message of reassurance for theprimary victims of coding and carding: the telcos, and the creditcompanies. Sundevil was greeted with joy by the security officers ofthe electronic business community. After years of high-tech harassmentand spiralling revenue losses, their complaints of rampant outlawrywere being taken seriously by law enforcement. No more head-scratchingor dismissive shrugs; no more feeble excuses about "lack ofcomputer-trained officers" or the low priority of "victimless"white-collar telecommunication crimes. 

Computer-crime experts have long believed that computer-relatedoffenses are drastically under-reported. They regard this as a majoropen scandal of their field. Some victims are reluctant to come forth, because they believe that police and prosecutors are notcomputer-literate, and can and will do nothing. Others are embarrassedby their vulnerabilities, and will take strong measures to avoid anypublicity; this is especially true of banks, who fear a loss ofinvestor confidence should an embezzlement-case or wire-fraud surface. And some victims are so helplessly confused by their own hightechnology that they never even realize that a crime has occurred--evenwhen they have been fleeced to the bone. 

The results of this situation can be dire. Criminals escapeapprehension and punishment. The computer-crime units that do exist, can't get work. The true scope of computer-crime: its size, its realnature, the scope of its threats, and the legal remedies for it--allremain obscured. 

Another problem is very little publicized, but it is a cause of genuineconcern. Where there is persistent crime, but no effective policeprotection, then vigilantism can result. Telcos, banks, creditcompanies, the major corporations who maintain extensive computernetworks vulnerable to hacking --these organizations are powerful, wealthy, and politically influential. They are disinclined to bepushed around by crooks (or by most anyone else, for that matter). They often maintain well-organized private security forces, commonlyrun by experienced veterans of military and police units, who have leftpublic service for the greener pastures of the private sector. Forpolice, the corporate security manager can be a powerful ally; but ifthis gentleman finds no allies in the police, and the pressure is onfrom his board-of-directors, he may quietly take certain matters intohis own hands. 

Nor is there any lack of disposable hired-help in the corporatesecurity business. Private security agencies--the 'security business'generally--grew explosively in the 1980s. Today there are spookygumshoed armies of "security consultants, " "rent-a-cops, " "privateeyes, " "outside experts"--every manner of shady operator who retails in"results" and discretion. Or course, many of these gentlemen andladies may be paragons of professional and moral rectitude. But asanyone who has read a hard-boiled detective novel knows, police tend tobe less than fond of this sort of private-sector competition. 

Companies in search of computer-security have even been known to hirehackers. Police shudder at this prospect. 

Police treasure good relations with the business community. Rarelywill you see a policeman so indiscreet as to allege publicly that somemajor employer in his state or city has succumbed to paranoia and goneoff the rails. Nevertheless, police --and computer police inparticular--are aware of this possibility. Computer-crime police canand do spend up to half of their business hours just doing publicrelations: seminars, "dog and pony shows, " sometimes with parents'groups or computer users, but generally with their core audience: thelikely victims of hacking crimes. These, of course, are telcos, creditcard companies and large computer-equipped corporations. The policestrongly urge these people, as good citizens, to report offenses andpress criminal charges; they pass the message that there is someone inauthority who cares, understands, and, best of all, will take usefulaction should a computer-crime occur. 

But reassuring talk is cheap. Sundevil offered action. 

The final message of Sundevil was intended for internal consumption bylaw enforcement. Sundevil was offered as proof that the community ofAmerican computer-crime police had come of age. Sundevil was proofthat enormous things like Sundevil itself could now be accomplished. Sundevil was proof that the Secret Service and its locallaw-enforcement allies could act like a well-oiled machine--(despitethe hampering use of those scrambled phones). It was also proof thatthe Arizona Organized Crime and Racketeering Unit--the sparkplug ofSundevil--ranked with the best in the world in ambition, organization, and sheer conceptual daring. 

And, as a final fillip, Sundevil was a message from the Secret Serviceto their longtime rivals in the Federal Bureau of Investigation. ByCongressional fiat, both USSS and FBI formally share jurisdiction overfederal computer-crimebusting activities. Neither of these groups hasever been remotely happy with this muddled situation. It seems tosuggest that Congress cannot make up its mind as to which of thesegroups is better qualified. And there is scarcely a G-man or a SpecialAgent anywhere without a very firm opinion on that topic. 

#

For the neophyte, one of the most puzzling aspects of the crackdown onhackers is why the United States Secret Service has anything at all todo with this matter. 

The Secret Service is best known for its primary public role: itsagents protect the President of the United States. They also guard thePresident's family, the Vice President and his family, formerPresidents, and Presidential candidates. They sometimes guard foreigndignitaries who are visiting the United States, especially foreignheads of state, and have been known to accompany American officials ondiplomatic missions overseas. 

Special Agents of the Secret Service don't wear uniforms, but theSecret Service also has two uniformed police agencies. There's theformer White House Police (now known as the Secret Service UniformedDivision, since they currently guard foreign embassies in Washington, as well as the White House itself). And there's the uniformed TreasuryPolice Force. 

The Secret Service has been charged by Congress with a number oflittle-known duties. They guard the precious metals in Treasury vaults. They guard the most valuable historical documents of the United States:originals of the Constitution, the Declaration of Independence, Lincoln's Second Inaugural Address, an American-owned copy of the MagnaCarta, and so forth. Once they were assigned to guard the Mona Lisa, on her American tour in the 1960s. 

The entire Secret Service is a division of the Treasury Department. Secret Service Special Agents (there are about 1, 900 of them) arebodyguards for the President et al, but they all work for the Treasury. And the Treasury (through its divisions of the U. S. Mint and the Bureauof Engraving and Printing) prints the nation's money. 

As Treasury police, the Secret Service guards the nation's currency; itis the only federal law enforcement agency with direct jurisdictionover counterfeiting and forgery. It analyzes documents forauthenticity, and its fight against fake cash is still quite lively(especially since the skilled counterfeiters of Medellin, Columbia havegotten into the act). Government checks, bonds, and other obligations, which exist in untold millions and are worth untold billions, arecommon targets for forgery, which the Secret Service also battles. Iteven handles forgery of postage stamps. 

But cash is fading in importance today as money has become electronic. As necessity beckoned, the Secret Service moved from fighting thecounterfeiting of paper currency and the forging of checks, to theprotection of funds transferred by wire. 

From wire-fraud, it was a simple skip-and-jump to what is formallyknown as "access device fraud. " Congress granted the Secret Servicethe authority to investigate "access device fraud" under Title 18 ofthe United States Code (U. S. C. Section 1029). 

The term "access device" seems intuitively simple. It's some kind ofhigh-tech gizmo you use to get money with. It makes good sense to putthis sort of thing in the charge of counterfeiting and wire-fraudexperts. 

However, in Section 1029, the term "access device" is very generouslydefined. An access device is: "any card, plate, code, account number, or other means of account access that can be used, alone or inconjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiatea transfer of funds. "

"Access device" can therefore be construed to include credit cardsthemselves (a popular forgery item nowadays). It also includes creditcard account NUMBERS, those standards of the digital underground. Thesame goes for telephone charge cards (an increasingly popular item withtelcos, who are tired of being robbed of pocket change by phone-booththieves). And also telephone access CODES, those OTHER standards ofthe digital underground. (Stolen telephone codes may not "obtainmoney, " but they certainly do obtain valuable "services, " which isspecifically forbidden by Section 1029. )

We can now see that Section 1029 already pits the United States SecretService directly against the digital underground, without any mentionat all of the word "computer. "

Standard phreaking devices, like "blue boxes, " used to steal phoneservice from old-fashioned mechanical switches, are unquestionably"counterfeit access devices. " Thanks to Sec. 1029, it is not onlyillegal to USE counterfeit access devices, but it is even illegal toBUILD them. "Producing, " "designing" "duplicating" or "assembling"blue boxes are all federal crimes today, and if you do this, the SecretService has been charged by Congress to come after you. 

Automatic Teller Machines, which replicated all over America during the1980s, are definitely "access devices, " too, and an attempt to tamperwith their punch-in codes and plastic bank cards falls directly underSec. 1029. 

Section 1029 is remarkably elastic. Suppose you find a computerpassword in somebody's trash. That password might be a "code"--it'scertainly a "means of account access. " Now suppose you log on to acomputer and copy some software for yourself. You've certainlyobtained "service" (computer service) and a "thing of value" (thesoftware). Suppose you tell a dozen friends about your swipedpassword, and let them use it, too. Now you're "trafficking inunauthorized access devices. " And when the Prophet, a member of theLegion of Doom, passed a stolen telephone company document to KnightLightning at Phrack magazine, they were both charged under Sec. 1029!

There are two limitations on Section 1029. First, the offense must"affect interstate or foreign commerce" in order to become a matter offederal jurisdiction. The term "affecting commerce" is not welldefined; but you may take it as a given that the Secret Service cantake an interest if you've done most anything that happens to cross astate line. State and local police can be touchy about theirjurisdictions, and can sometimes be mulish when the feds show up. Butwhen it comes to computer-crime, the local police are patheticallygrateful for federal help--in fact they complain that they can't getenough of it. If you're stealing long-distance service, you're almostcertainly crossing state lines, and you're definitely "affecting theinterstate commerce" of the telcos. And if you're abusing credit cardsby ordering stuff out of glossy catalogs from, say, Vermont, you're infor it. 

The second limitation is money. As a rule, the feds don't pursuepenny-ante offenders. Federal judges will dismiss cases that appear towaste their time. Federal crimes must be serious; Section 1029specifies a minimum loss of a thousand dollars. 

We now come to the very next section of Title 18, which is Section1030, "Fraud and related activity in connection with computers. " Thisstatute gives the Secret Service direct jurisdiction over acts ofcomputer intrusion. On the face of it, the Secret Service would nowseem to command the field. Section 1030, however, is nowhere near soductile as Section 1029. 

The first annoyance is Section 1030(d), which reads:

"(d) The United States Secret Service shall, IN ADDITION TO ANY OTHERAGENCY HAVING SUCH AUTHORITY, have the authority to investigateoffenses under this section. Such authority of the United StatesSecret Service shall be exercised in accordance with an agreement whichshall be entered into by the Secretary of the Treasury AND THEATTORNEY GENERAL. " (Author's italics. ) [Represented by capitals. ]

The Secretary of the Treasury is the titular head of the SecretService, while the Attorney General is in charge of the FBI. InSection (d), Congress shrugged off responsibility for thecomputer-crime turf-battle between the Service and the Bureau, and madethem fight it out all by themselves. The result was a rather dire onefor the Secret Service, for the FBI ended up with exclusivejurisdiction over computer break-ins having to do with nationalsecurity, foreign espionage, federally insured banks, and U. S. Militarybases, while retaining joint jurisdiction over all the other computerintrusions. Essentially, when it comes to Section 1030, the FBI notonly gets the real glamor stuff for itself, but can peer over theshoulder of the Secret Service and barge in to meddle whenever it suitsthem. 

The second problem has to do with the dicey term "Federal interestcomputer. " Section 1030(a)(2) makes it illegal to "access a computerwithout authorization" if that computer belongs to a financialinstitution or an issuer of credit cards (fraud cases, in other words). Congress was quite willing to give the Secret Service jurisdiction overmoney-transferring computers, but Congress balked at letting theminvestigate any and all computer intrusions. Instead, the USSS had tosettle for the money machines and the "Federal interest computers. " A"Federal interest computer" is a computer which the government itselfowns, or is using. Large networks of interstate computers, linked overstate lines, are also considered to be of "Federal interest. " (Thisnotion of "Federal interest" is legally rather foggy and has never beenclearly defined in the courts. The Secret Service has never yet hadits hand slapped for investigating computer break-ins that were NOT of"Federal interest, " but conceivably someday this might happen. )

So the Secret Service's authority over "unauthorized access" tocomputers covers a lot of territory, but by no means the whole ball ofcyberspatial wax. If you are, for instance, a LOCAL computer retailer, or the owner of a LOCAL bulletin board system, then a malicious LOCALintruder can break in, crash your system, trash your files and scatterviruses, and the U. S. Secret Service cannot do a single thing about it. 

At least, it can't do anything DIRECTLY. But the Secret Service willdo plenty to help the local people who can. 

The FBI may have dealt itself an ace off the bottom of the deck when itcomes to Section 1030; but that's not the whole story; that's not thestreet. What's Congress thinks is one thing, and Congress has beenknown to change its mind. The REAL turf-struggle is out there in thestreets where it's happening. If you're a local street-cop with acomputer problem, the Secret Service wants you to know where you canfind the real expertise. While the Bureau crowd are off having theirfavorite shoes polished--(wing-tips)--and making derisive fun of theService's favorite shoes--("pansy-ass tassels")--the tassel-totingSecret Service has a crew of ready-and-able hacker-trackers installedin the capital of every state in the Union. Need advice? They'll giveyou advice, or at least point you in the right direction. Needtraining? They can see to that, too. 

If you're a local cop and you call in the FBI, the FBI (as is widelyand slanderously rumored) will order you around like a coolie, take allthe credit for your busts, and mop up every possible scrap of reflectedglory. The Secret Service, on the other hand, doesn't brag a lot. They're the quiet types. VERY quiet. Very cool. Efficient. High-tech. Mirrorshades, icy stares, radio ear-plugs, an Uzimachine-pistol tucked somewhere in that well-cut jacket. Americansamurai, sworn to give their lives to protect our President. "Thegranite agents. " Trained in martial arts, absolutely fearless. Everysingle one of 'em has a top-secret security clearance. Something goesa little wrong, you're not gonna hear any whining and moaning andpolitical buck-passing out of these guys. 

The facade of the granite agent is not, of course, the reality. SecretService agents are human beings. And the real glory in Service work isnot in battling computer crime--not yet, anyway--but in protecting thePresident. The real glamour of Secret Service work is in the WhiteHouse Detail. If you're at the President's side, then the kids and thewife see you on television; you rub shoulders with the most powerfulpeople in the world. That's the real heart of Service work, the numberone priority. More than one computer investigation has stopped dead inthe water when Service agents vanished at the President's need. 

There's romance in the work of the Service. The intimate access tocircles of great power; the esprit-de-corps of a highly trained anddisciplined elite; the high responsibility of defending the ChiefExecutive; the fulfillment of a patriotic duty. And as police workgoes, the pay's not bad. But there's squalor in Service work, too. You may get spat upon by protesters howling abuse--and if they getviolent, if they get too close, sometimes you have to knock one of themdown--discreetly. 

The real squalor in Service work is drudgery such as "the quarterlies, "traipsing out four times a year, year in, year out, to interview thevarious pathetic wretches, many of them in prisons and asylums, whohave seen fit to threaten the President's life. And then there's thegrinding stress of searching all those faces in the endless bustlingcrowds, looking for hatred, looking for psychosis, looking for thetight, nervous face of an Arthur Bremer, a Squeaky Fromme, a Lee HarveyOswald. It's watching all those grasping, waving hands for suddenmovements, while your ears strain at your radio headphone for thelong-rehearsed cry of "Gun!"

It's poring, in grinding detail, over the biographies of every rottenloser who ever shot at a President. It's the unsung work of theProtective Research Section, who study scrawled, anonymous deaththreats with all the meticulous tools of anti-forgery techniques. 

And it's maintaining the hefty computerized files on anyone who everthreatened the President's life. Civil libertarians have becomeincreasingly concerned at the Government's use of computer files totrack American citizens--but the Secret Service file of potentialPresidential assassins, which has upward of twenty thousand names, rarely causes a peep of protest. If you EVER state that you intend tokill the President, the Secret Service will want to know and record whoyou are, where you are, what you are, and what you're up to. If you'rea serious threat--if you're officially considered "of protectiveinterest"--then the Secret Service may well keep tabs on you for therest of your natural life. 

Protecting the President has first call on all the Service's resources. But there's a lot more to the Service's traditions and history thanstanding guard outside the Oval Office. 

The Secret Service is the nation's oldest general federallaw-enforcement agency. Compared to the Secret Service, the FBI arenew-hires and the CIA are temps. The Secret Service was founded 'wayback in 1865, at the suggestion of Hugh McCulloch, Abraham Lincoln'sSecretary of the Treasury. McCulloch wanted a specialized Treasurypolice to combat counterfeiting. Abraham Lincoln agreed that thisseemed a good idea, and, with a terrible irony, Abraham Lincoln wasshot that very night by John Wilkes Booth. 

The Secret Service originally had nothing to do with protectingPresidents. They didn't take this on as a regular assignment untilafter the Garfield assassination in 1881. And they didn't get anyCongressional money for it until President McKinley was shot in 1901. The Service was originally designed for one purpose: destroyingcounterfeiters. 

#

There are interesting parallels between the Service'snineteenth-century entry into counterfeiting, and America'stwentieth-century entry into computer-crime. 

In 1865, America's paper currency was a terrible muddle. Security wasdrastically bad. Currency was printed on the spot by local banks inliterally hundreds of different designs. No one really knew what theheck a dollar bill was supposed to look like. Bogus bills passedeasily. If some joker told you that a one-dollar bill from theRailroad Bank of Lowell, Massachusetts had a woman leaning on a shield, with a locomotive, a cornucopia, a compass, various agriculturalimplements, a railroad bridge, and some factories, then you pretty muchhad to take his word for it. (And in fact he was telling the truth!)

SIXTEEN HUNDRED local American banks designed and printed their ownpaper currency, and there were no general standards for security. Likea badly guarded node in a computer network, badly designed bills wereeasy to fake, and posed a security hazard for the entire monetarysystem. 

No one knew the exact extent of the threat to the currency. There werepanicked estimates that as much as a third of the entire nationalcurrency was faked. Counterfeiters--known as "boodlers" in theunderground slang of the time--were mostly technically skilledprinters who had gone to the bad. Many had once worked printinglegitimate currency. Boodlers operated in rings and gangs. Technicalexperts engraved the bogus plates--commonly in basements in New YorkCity. Smooth confidence men passed large wads of high-quality, high-denomination fakes, including the really sophisticatedstuff--government bonds, stock certificates, and railway shares. Cheaper, botched fakes were sold or sharewared to low-level gangs ofboodler wannabes. (The really cheesy lowlife boodlers merely upgradedreal bills by altering face values, changing ones to fives, tens tohundreds, and so on. )

The techniques of boodling were little-known and regarded with acertain awe by the mid-nineteenth-century public. The ability tomanipulate the system for rip-off seemed diabolically clever. As theskill and daring of the boodlers increased, the situation becameintolerable. The federal government stepped in, and began offering itsown federal currency, which was printed in fancy green ink, but only onthe back--the original "greenbacks. " And at first, the improvedsecurity of the well-designed, well-printed federal greenbacks seemedto solve the problem; but then the counterfeiters caught on. Within afew years things were worse than ever: a CENTRALIZED system where ALLsecurity was bad!

The local police were helpless. The Government tried offering bloodmoney to potential informants, but this met with little success. Banks, plagued by boodling, gave up hope of police help and hiredprivate security men instead. Merchants and bankers queued up by thethousands to buy privately-printed manuals on currency security, slimlittle books like Laban Heath's INFALLIBLE GOVERNMENT COUNTERFEITDETECTOR. The back of the book offered Laban Heath's patent microscopefor five bucks. 

Then the Secret Service entered the picture. The first agents were arough and ready crew. Their chief was one William P. Wood, a formerguerilla in the Mexican War who'd won a reputation busting contractorfraudsters for the War Department during the Civil War. Wood, who wasalso Keeper of the Capital Prison, had a sideline as a counterfeitingexpert, bagging boodlers for the federal bounty money. 

Wood was named Chief of the new Secret Service in July 1865. Therewere only ten Secret Service agents in all: Wood himself, a handfulwho'd worked for him in the War Department, and a few former privateinvestigators--counterfeiting experts--whom Wood had won over to publicservice. (The Secret Service of 1865 was much the size of the ChicagoComputer Fraud Task Force or the Arizona Racketeering Unit of 1990. )These ten "Operatives" had an additional twenty or so "AssistantOperatives" and "Informants. " Besides salary and per diem, each SecretService employee received a whopping twenty-five dollars for eachboodler he captured. 

Wood himself publicly estimated that at least HALF of America'scurrency was counterfeit, a perhaps pardonable perception. Within ayear the Secret Service had arrested over 200 counterfeiters. Theybusted about two hundred boodlers a year for four years straight. 

Wood attributed his success to travelling fast and light, hitting thebad-guys hard, and avoiding bureaucratic baggage. "Because my raidswere made without military escort and I did not ask the assistance ofstate officers, I surprised the professional counterfeiter. "

Wood's social message to the once-impudent boodlers bore an eerie ringof Sundevil: "It was also my purpose to convince such characters thatit would no longer be healthy for them to ply their vocation withoutbeing handled roughly, a fact they soon discovered. "

William P. Wood, the Secret Service's guerilla pioneer, did not endwell. He succumbed to the lure of aiming for the really big score. The notorious Brockway Gang of New York City, headed by William E. Brockway, the "King of the Counterfeiters, " had forged a number ofgovernment bonds. They'd passed these brilliant fakes on theprestigious Wall Street investment firm of Jay Cooke and Company. TheCooke firm were frantic and offered a huge reward for the forgers'plates. 

Laboring diligently, Wood confiscated the plates (though not Mr. Brockway) and claimed the reward. But the Cooke company treacherouslyreneged. Wood got involved in a down-and-dirty lawsuit with the Cookecapitalists. Wood's boss, Secretary of the Treasury McCulloch, feltthat Wood's demands for money and glory were unseemly, and even whenthe reward money finally came through, McCulloch refused to pay Woodanything. Wood found himself mired in a seemingly endless round offederal suits and Congressional lobbying. 

Wood never got his money. And he lost his job to boot. He resigned in1869. 

Wood's agents suffered, too. On May 12, 1869, the second Chief of theSecret Service took over, and almost immediately fired most of Wood'spioneer Secret Service agents: Operatives, Assistants and Informantsalike. The practice of receiving $25 per crook was abolished. And theSecret Service began the long, uncertain process of thoroughprofessionalization. 

Wood ended badly. He must have felt stabbed in the back. In fact hisentire organization was mangled. 

On the other hand, William P. Wood WAS the first head of the SecretService. William Wood was the pioneer. People still honor his name. Who remembers the name of the SECOND head of the Secret Service?

As for William Brockway (also known as "Colonel Spencer"), he wasfinally arrested by the Secret Service in 1880. He did five years inprison, got out, and was still boodling at the age of seventy-four. 

#

Anyone with an interest in Operation Sundevil--or in Americancomputer-crime generally--could scarcely miss the presence of GailThackeray, Assistant Attorney General of the State of Arizona. Computer-crime training manuals often cited Thackeray's group and herwork; she was the highest-ranking state official to specialize incomputer-related offenses. Her name had been on the Sundevil pressrelease (though modestly ranked well after the local federalprosecuting attorney and the head of the Phoenix Secret Service office). 

As public commentary, and controversy, began to mount about the HackerCrackdown, this Arizonan state official began to take a higher andhigher public profile. Though uttering almost nothing specific aboutthe Sundevil operation itself, she coined some of the most strikingsoundbites of the growing propaganda war: "Agents are operating in goodfaith, and I don't think you can say that for the hacker community, "was one. Another was the memorable "I am not a mad dog prosecutor"(Houston Chronicle, Sept 2, 1990. ) In the meantime, the Secret Servicemaintained its usual extreme discretion; the Chicago Unit, smartingfrom the backlash of the Steve Jackson scandal, had gone completely toearth. 

As I collated my growing pile of newspaper clippings, Gail Thackerayranked as a comparative fount of public knowledge on police operations. 

I decided that I had to get to know Gail Thackeray. I wrote to her atthe Arizona Attorney General's Office. Not only did she kindly replyto me, but, to my astonishment, she knew very well what "cyberpunk"science fiction was. 

Shortly after this, Gail Thackeray lost her job. And I temporarilymisplaced my own career as a science-fiction writer, to become afull-time computer-crime journalist. In early March, 1991, I flew toPhoenix, Arizona, to interview Gail Thackeray for my book on the hackercrackdown. 

#

"Credit cards didn't used to cost anything to get, " says GailThackeray. "Now they cost forty bucks--and that's all just to coverthe costs from RIP-OFF ARTISTS. "

Electronic nuisance criminals are parasites. One by one they're notmuch harm, no big deal. But they never come just one by one. Theycome in swarms, heaps, legions, sometimes whole subcultures. And theybite. Every time we buy a credit card today, we lose a littlefinancial vitality to a particular species of bloodsucker. 

What, in her expert opinion, are the worst forms of electronic crime, Iask, consulting my notes. Is it--credit card fraud? Breaking into ATMbank machines? Phone-phreaking? Computer intrusions? Softwareviruses? Access-code theft? Records tampering? Software piracy?Pornographic bulletin boards? Satellite TV piracy? Theft of cableservice? It's a long list. By the time I reach the end of it I feelrather depressed. 

"Oh no, " says Gail Thackeray, leaning forward over the table, her wholebody gone stiff with energetic indignation, "the biggest damage istelephone fraud. Fake sweepstakes, fake charities. Boiler-room conoperations. You could pay off the national debt with what these guyssteal. . . . They target old people, they get hold of credit ratings anddemographics, they rip off the old and the weak. " The words cometumbling out of her. 

It's low-tech stuff, your everyday boiler-room fraud. Grifters, conning people out of money over the phone, have been around fordecades. This is where the word "phony" came from!

It's just that it's so much EASIER now, horribly facilitated byadvances in technology and the byzantine structure of the modern phonesystem. The same professional fraudsters do it over and over, Thackeray tells me, they hide behind dense onion-shells of fakecompanies . . . Fake holding corporations nine or ten layers deep, registered all over the map. They get a phone installed under a falsename in an empty safe-house. And then they call-forward everything outof that phone to yet another phone, a phone that may even be in anotherSTATE. And they don't even pay the charges on their phones; after amonth or so, they just split; set up somewhere else in anotherPodunkville with the same seedy crew of veteran phone-crooks. They buyor steal commercial credit card reports, slap them on the PC, have aprogram pick out people over sixty-five who pay a lot to charities. Awhole subculture living off this, merciless folks on the con. 

"The 'light-bulbs for the blind' people, " Thackeray muses, with aspecial loathing. "There's just no end to them. "

We're sitting in a downtown diner in Phoenix, Arizona. It's a toughtown, Phoenix. A state capital seeing some hard times. Even to aTexan like myself, Arizona state politics seem rather baroque. Therewas, and remains, endless trouble over the Martin Luther King holiday, the sort of stiff-necked, foot-shooting incident for which Arizonapolitics seem famous. There was Evan Mecham, the eccentric Republicanmillionaire governor who was impeached, after reducing state governmentto a ludicrous shambles. Then there was the national Keating scandal, involving Arizona savings and loans, in which both of Arizona's U. S. Senators, DeConcini and McCain, played sadly prominent roles. 

And the very latest is the bizarre AzScam case, in which statelegislators were videotaped, eagerly taking cash from an informant ofthe Phoenix city police department, who was posing as a Vegas mobster. 

"Oh, " says Thackeray cheerfully. "These people are amateurs here, theythought they were finally getting to play with the big boys. Theydon't have the least idea how to take a bribe! It's not institutionalcorruption. It's not like back in Philly. "

Gail Thackeray was a former prosecutor in Philadelphia. Now she's aformer assistant attorney general of the State of Arizona. Sincemoving to Arizona in 1986, she had worked under the aegis of SteveTwist, her boss in the Attorney General's office. Steve Twist wroteArizona's pioneering computer crime laws and naturally took an interestin seeing them enforced. It was a snug niche, and Thackeray'sOrganized Crime and Racketeering Unit won a national reputation forambition and technical knowledgeability. . . . Until the latest electionin Arizona. Thackeray's boss ran for the top job, and lost. Thevictor, the new Attorney General, apparently went to some pains toeliminate the bureaucratic traces of his rival, including his petgroup--Thackeray's group. Twelve people got their walking papers. 

Now Thackeray's painstakingly assembled computer lab sits gatheringdust somewhere in the glass-and-concrete Attorney General's HQ on 1275Washington Street. Her computer-crime books, her painstakinglygarnered back issues of phreak and hacker zines, all bought at her ownexpense--are piled in boxes somewhere. The State of Arizona is simplynot particularly interested in electronic racketeering at the moment. 

At the moment of our interview, Gail Thackeray, officially unemployed, is working out of the county sheriff's office, living on her savings, and prosecuting several cases--working 60-hour weeks, just asalways--for no pay at all. "I'm trying to train people, " she mutters. 

Half her life seems to be spent training people--merely pointing out, to the naive and incredulous (such as myself) that this stuff isACTUALLY GOING ON OUT THERE. It's a small world, computer crime. Ayoung world. Gail Thackeray, a trim blonde Baby-Boomer who favorsGrand Canyon white-water rafting to kill some slow time, is one of theworld's most senior, most veteran "hacker-trackers. " Her mentor wasDonn Parker, the California think-tank theorist who got it all started'way back in the mid-70s, the "grandfather of the field, " "the greatbald eagle of computer crime. "

And what she has learned, Gail Thackeray teaches. Endlessly. Tirelessly. To anybody. To Secret Service agents and state police, atthe Glynco, Georgia federal training center. To local police, on"roadshows" with her slide projector and notebook. To corporatesecurity personnel. To journalists. To parents. 

Even CROOKS look to Gail Thackeray for advice. Phone-phreaks call herat the office. They know very well who she is. They pump her forinformation on what the cops are up to, how much they know. Sometimeswhole CROWDS of phone phreaks, hanging out on illegal conference calls, will call Gail Thackeray up. They taunt her. And, as always, theyboast. Phone-phreaks, real stone phone-phreaks, simply CANNOT SHUT UP. They natter on for hours. 

Left to themselves, they mostly talk about the intricacies ofripping-off phones; it's about as interesting as listening tohot-rodders talk about suspension and distributor-caps. They alsogossip cruelly about each other. And when talking to Gail Thackeray, they incriminate themselves. "I have tapes, " Thackeray says coolly. 

Phone phreaks just talk like crazy. "Dial-Tone" out in Alabama hasbeen known to spend half-an-hour simply reading stolen phone-codesaloud into voice-mail answering machines. Hundreds, thousands ofnumbers, recited in a monotone, without a break--an eerie phenomenon. When arrested, it's a rare phone phreak who doesn't inform at endlesslength on everybody he knows. 

Hackers are no better. What other group of criminals, she asksrhetorically, publishes newsletters and holds conventions? She seemsdeeply nettled by the sheer brazenness of this behavior, though to anoutsider, this activity might make one wonder whether hackers should beconsidered "criminals" at all. Skateboarders have magazines, and theytrespass a lot. Hot rod people have magazines and they break speedlimits and sometimes kill people. . . . 

I ask her whether it would be any loss to society if phone phreakingand computer hacking, as hobbies, simply dried up and blew away, sothat nobody ever did it again. 

She seems surprised. "No, " she says swiftly. "Maybe a little . . . Inthe old days . . . The MIT stuff. . . . But there's a lot of wonderful, legal stuff you can do with computers now, you don't have to break intosomebody else's just to learn. You don't have that excuse. You canlearn all you like. "

Did you ever hack into a system? I ask. 

The trainees do it at Glynco. Just to demonstrate systemvulnerabilities. She's cool to the notion. Genuinely indifferent. 

"What kind of computer do you have?"

"A Compaq 286LE, " she mutters. 

"What kind do you WISH you had?"

At this question, the unmistakable light of true hackerdom flares inGail Thackeray's eyes. She becomes tense, animated, the words pourout: "An Amiga 2000 with an IBM card and Mac emulation! The mostcommon hacker machines are Amigas and Commodores. And Apples. " If shehad the Amiga, she enthuses, she could run a whole galaxy of seizedcomputer-evidence disks on one convenient multifunctional machine. Acheap one, too. Not like the old Attorney General lab, where they hadan ancient CP/M machine, assorted Amiga flavors and Apple flavors, acouple IBMS, all the utility software . . . But no Commodores. Theworkstations down at the Attorney General's are Wang dedicatedword-processors. Lame machines tied in to an office net--though atleast they get on-line to the Lexis and Westlaw legal data services. 

I don't say anything. I recognize the syndrome, though. Thiscomputer-fever has been running through segments of our society foryears now. It's a strange kind of lust: K-hunger, Meg-hunger; but it'sa shared disease; it can kill parties dead, as conversation spiralsinto the deepest and most deviant recesses of software releases andexpensive peripherals. . . . The mark of the hacker beast. I have ittoo. The whole "electronic community, " whatever the hell that is, hasit. Gail Thackeray has it. Gail Thackeray is a hacker cop. Myimmediate reaction is a strong rush of indignant pity: WHY DOESN'TSOMEBODY BUY THIS WOMAN HER AMIGA?! It's not like she's asking for aCray X-MP supercomputer mainframe; an Amiga's a sweet little cookie-boxthing. We're losing zillions in organized fraud; prosecuting anddefending a single hacker case in court can cost a hundred grand easy. How come nobody can come up with four lousy grand so this woman can doher job? For a hundred grand we could buy every computer cop inAmerica an Amiga. There aren't that many of 'em. 

Computers. The lust, the hunger, for computers. The loyalty theyinspire, the intense sense of possessiveness. The culture they havebred. I myself am sitting in downtown Phoenix, Arizona because itsuddenly occurred to me that the police might--just MIGHT--come andtake away my computer. The prospect of this, the mere IMPLIED THREAT, was unbearable. It literally changed my life. It was changing thelives of many others. Eventually it would change everybody's life. 

Gail Thackeray was one of the top computer-crime people in America. And I was just some novelist, and yet I had a better computer thanhers. PRACTICALLY EVERYBODY I KNEW had a better computer than GailThackeray and her feeble laptop 286. It was like sending the sheriffin to clean up Dodge City and arming her with a slingshot cut from anold rubber tire. 

But then again, you don't need a howitzer to enforce the law. You cando a lot just with a badge. With a badge alone, you can basicallywreak havoc, take a terrible vengeance on wrongdoers. Ninety percentof "computer crime investigation" is just "crime investigation:" names, places, dossiers, modus operandi, search warrants, victims, complainants, informants. . . . 

What will computer crime look like in ten years? Will it get better?Did "Sundevil" send 'em reeling back in confusion?

It'll be like it is now, only worse, she tells me with perfectconviction. Still there in the background, ticking along, changingwith the times: the criminal underworld. It'll be like drugs are. Like our problems with alcohol. All the cops and laws in the worldnever solved our problems with alcohol. If there's something peoplewant, a certain percentage of them are just going to take it. Fifteenpercent of the populace will never steal. Fifteen percent will stealmost anything not nailed down. The battle is for the hearts and mindsof the remaining seventy percent. 

And criminals catch on fast. If there's not "too steep a learningcurve"--if it doesn't require a baffling amount of expertise andpractice--then criminals are often some of the first through the gateof a new technology. Especially if it helps them to hide. They havetons of cash, criminals. The new communications tech--like pagers, cellular phones, faxes, Federal Express--were pioneered by richcorporate people, and by criminals. In the early years of pagers andbeepers, dope dealers were so enthralled this technology that owing abeeper was practically prima facie evidence of cocaine dealing. CBradio exploded when the speed limit hit 55 and breaking the highway lawbecame a national pastime. Dope dealers send cash by Federal Express, despite, or perhaps BECAUSE OF, the warnings in FedEx offices that tellyou never to try this. Fed Ex uses X-rays and dogs on their mail, tostop drug shipments. That doesn't work very well. 

Drug dealers went wild over cellular phones. There are simple methodsof faking ID on cellular phones, making the location of the callmobile, free of charge, and effectively untraceable. Now victimizedcellular companies routinely bring in vast toll-lists of calls toColombia and Pakistan. 

Judge Greene's fragmentation of the phone company is driving lawenforcement nuts. Four thousand telecommunications companies. Fraudskyrocketing. Every temptation in the world available with a phone anda credit card number. Criminals untraceable. A galaxy of "new neatrotten things to do. "

If there were one thing Thackeray would like to have, it would be aneffective legal end-run through this new fragmentation minefield. 

It would be a new form of electronic search warrant, an "electronicletter of marque" to be issued by a judge. It would create a newcategory of "electronic emergency. " Like a wiretap, its use would berare, but it would cut across state lines and force swift cooperationfrom all concerned. Cellular, phone, laser, computer network, PBXes, AT&T, Baby Bells, long-distance entrepreneurs, packet radio. Somedocument, some mighty court-order, that could slice through fourthousand separate forms of corporate red-tape, and get her at once tothe source of calls, the source of email threats and viruses, thesources of bomb threats, kidnapping threats. "From now on, " she says, "the Lindbergh baby will always die. "

Something that would make the Net sit still, if only for a moment. Something that would get her up to speed. Seven league boots. That'swhat she really needs. "Those guys move in nanoseconds and I'm on thePony Express. "

And then, too, there's the coming international angle. Electroniccrime has never been easy to localize, to tie to a physicaljurisdiction. And phone-phreaks and hackers loathe boundaries, theyjump them whenever they can. The English. The Dutch. And theGermans, especially the ubiquitous Chaos Computer Club. TheAustralians. They've all learned phone-phreaking from America. It's agrowth mischief industry. The multinational networks are global, butgovernments and the police simply aren't. Neither are the laws. Orthe legal frameworks for citizen protection. 

One language is global, though--English. Phone phreaks speak English;it's their native tongue even if they're Germans. English may havestarted in England but now it's the Net language; it might as well becalled "CNNese. "

Asians just aren't much into phone phreaking. They're the worldmasters at organized software piracy. The French aren't intophone-phreaking either. The French are into computerized industrialespionage. 

In the old days of the MIT righteous hackerdom, crashing systems didn'thurt anybody. Not all that much, anyway. Not permanently. Now theplayers are more venal. Now the consequences are worse. Hacking willbegin killing people soon. Already there are methods of stacking callsonto 911 systems, annoying the police, and possibly causing the deathof some poor soul calling in with a genuine emergency. Hackers inAmtrak computers, or air-traffic control computers, will kill somebodysomeday. Maybe a lot of people. Gail Thackeray expects it. 

And the viruses are getting nastier. The "Scud" virus is the latestone out. It wipes hard-disks. 

According to Thackeray, the idea that phone-phreaks are Robin Hoods isa fraud. They don't deserve this repute. Basically, they pick on theweak. AT&T now protects itself with the fearsome ANI (Automatic NumberIdentification) trace capability. When AT&T wised up and tightenedsecurity generally, the phreaks drifted into the Baby Bells. The BabyBells lashed out in 1989 and 1990, so the phreaks switched to smallerlong-distance entrepreneurs. Today, they are moving into locally ownedPBXes and voice-mail systems, which are full of security holes, dreadfully easy to hack. These victims aren't the moneybags Sheriff ofNottingham or Bad King John, but small groups of innocent people whofind it hard to protect themselves, and who really suffer from thesedepredations. Phone phreaks pick on the weak. They do it for power. If it were legal, they wouldn't do it. They don't want service, orknowledge, they want the thrill of power-tripping. There's plenty ofknowledge or service around if you're willing to pay. Phone phreaksdon't pay, they steal. It's because it is illegal that it feels likepower, that it gratifies their vanity. 

I leave Gail Thackeray with a handshake at the door of her officebuilding--a vast International-Style office building downtown. TheSheriff's office is renting part of it. I get the vague impressionthat quite a lot of the building is empty--real estate crash. 

In a Phoenix sports apparel store, in a downtown mall, I meet the "SunDevil" himself. He is the cartoon mascot of Arizona State University, whose football stadium, "Sundevil, " is near the local Secret ServiceHQ--hence the name Operation Sundevil. The Sun Devil himself is named"Sparky. " Sparky the Sun Devil is maroon and bright yellow, the schoolcolors. Sparky brandishes a three-tined yellow pitchfork. He has asmall mustache, pointed ears, a barbed tail, and is dashing forwardjabbing the air with the pitchfork, with an expression of devilish glee. 

Phoenix was the home of Operation Sundevil. The Legion of Doom ran ahacker bulletin board called "The Phoenix Project. " An Australianhacker named "Phoenix" once burrowed through the Internet to attackCliff Stoll, then bragged and boasted about it to The New York Times. This net of coincidence is both odd and meaningless. 

The headquarters of the Arizona Attorney General, Gail Thackeray'sformer workplace, is on 1275 Washington Avenue. Many of the downtownstreets in Phoenix are named after prominent American presidents:Washington, Jefferson, Madison. . . . 

After dark, all the employees go home to their suburbs. Washington, Jefferson and Madison--what would be the Phoenix inner city, if therewere an inner city in this sprawling automobile-bred town--become thehaunts of transients and derelicts. The homeless. The sidewalks alongWashington are lined with orange trees. Ripe fallen fruit liesscattered like croquet balls on the sidewalks and gutters. No oneseems to be eating them. I try a fresh one. It tastes unbearablybitter. 

The Attorney General's office, built in 1981 during the Babbittadministration, is a long low two-story building of white cement andwall-sized sheets of curtain-glass. Behind each glass wall is alawyer's office, quite open and visible to anyone strolling by. Acrossthe street is a dour government building labelled simply ECONOMICSECURITY, something that has not been in great supply in the AmericanSouthwest lately. 

The offices are about twelve feet square. They feature tall woodencases full of red-spined lawbooks; Wang computer monitors; telephones;Post-it notes galore. Also framed law diplomas and a general excess ofbad Western landscape art. Ansel Adams photos are a big favorite, perhaps to compensate for the dismal specter of the parking lot, twoacres of striped black asphalt, which features gravel landscaping andsome sickly-looking barrel cacti. 

It has grown dark. Gail Thackeray has told me that the people who worklate here, are afraid of muggings in the parking lot. It seems cruellyironic that a woman tracing electronic racketeers across the interstatelabyrinth of Cyberspace should fear an assault by a homeless derelictin the parking lot of her own workplace. 

Perhaps this is less than coincidence. Perhaps these two seeminglydisparate worlds are somehow generating one another. The poor anddisenfranchised take to the streets, while the rich andcomputer-equipped, safe in their bedrooms, chatter over their modems. Quite often the derelicts kick the glass out and break in to thelawyers' offices, if they see something they need or want badly enough. 

I cross the parking lot to the street behind the Attorney General'soffice. A pair of young tramps are bedding down on flattened sheets ofcardboard, under an alcove stretching over the sidewalk. One trampwears a glitter-covered T-shirt reading "CALIFORNIA" in Coca-Colacursive. His nose and cheeks look chafed and swollen; they glistenwith what seems to be Vaseline. The other tramp has a raggedlong-sleeved shirt and lank brown hair parted in the middle. They bothwear blue jeans coated in grime. They are both drunk. 

"You guys crash here a lot?" I ask them. 

They look at me warily. I am wearing black jeans, a black pinstripedsuit jacket and a black silk tie. I have odd shoes and a funny haircut. 

"It's our first time here, " says the red-nosed tramp unconvincingly. There is a lot of cardboard stacked here. More than any two peoplecould use. 

"We usually stay at the Vinnie's down the street, " says thebrown-haired tramp, puffing a Marlboro with a meditative air, as hesprawls with his head on a blue nylon backpack. "The Saint Vincent's. "

"You know who works in that building over there?" I ask, pointing. 

The brown-haired tramp shrugs. "Some kind of attorneys, it says. "

We urge one another to take it easy. I give them five bucks. 

A block down the street I meet a vigorous workman who is wheeling alongsome kind of industrial trolley; it has what appears to be a tank ofpropane on it. 

We make eye contact. We nod politely. I walk past him. "Hey! Excuseme sir!" he says. 

"Yes?" I say, stopping and turning. 

"Have you seen, " the guy says rapidly, "a black guy, about 6'7", scarson both his cheeks like this--" he gestures--"wears a black baseballcap on backwards, wandering around here anyplace?"

"Sounds like I don't much WANT to meet him, " I say. 

"He took my wallet, " says my new acquaintance. "Took it this morning. Y'know, some people would be SCARED of a guy like that. But I'm notscared. I'm from Chicago. I'm gonna hunt him down. We do things likethat in Chicago. "

"Yeah?"

"I went to the cops and now he's got an APB out on his ass, " he sayswith satisfaction. "You run into him, you let me know. "

"Okay, " I say. "What is your name, sir?"

"Stanley. . . . "

"And how can I reach you?"

"Oh, " Stanley says, in the same rapid voice, "you don't have to reach, uh, me. You can just call the cops. Go straight to the cops. " Hereaches into a pocket and pulls out a greasy piece of pasteboard. "See, here's my report on him. "

I look. The "report, " the size of an index card, is labelled PRO-ACT:Phoenix Residents Opposing Active Crime Threat. . . . Or is it OrganizedAgainst Crime Threat? In the darkening street it's hard to read. Somekind of vigilante group? Neighborhood watch? I feel very puzzled. 

"Are you a police officer, sir?"

He smiles, seems very pleased by the question. 

"No, " he says. 

"But you are a 'Phoenix Resident?'"

"Would you believe a homeless person, " Stanley says. 

"Really? But what's with the. . . . " For the first time I take a closelook at Stanley's trolley. It's a rubber-wheeled thing of industrialmetal, but the device I had mistaken for a tank of propane is in fact awater-cooler. Stanley also has an Army duffel-bag, stuffed tight as asausage with clothing or perhaps a tent, and, at the base of histrolley, a cardboard box and a battered leather briefcase. 

"I see, " I say, quite at a loss. For the first time I notice thatStanley has a wallet. He has not lost his wallet at all. It is in hisback pocket and chained to his belt. It's not a new wallet. It seemsto have seen a lot of wear. 

"Well, you know how it is, brother, " says Stanley. Now that I knowthat he is homeless--A POSSIBLE THREAT--my entire perception of him haschanged in an instant. His speech, which once seemed just bright andenthusiastic, now seems to have a dangerous tang of mania. "I have todo this!" he assures me. "Track this guy down. . . . It's a thing I do. . . You know . . . To keep myself together!" He smiles, nods, lifts histrolley by its decaying rubber handgrips. 

"Gotta work together, y'know, " Stanley booms, his face alight withcheerfulness, "the police can't do everything!" The gentlemen I met inmy stroll in downtown Phoenix are the only computer illiterates in thisbook. To regard them as irrelevant, however, would be a grave mistake. 

As computerization spreads across society, the populace at large issubjected to wave after wave of future shock. But, as a necessaryconverse, the "computer community" itself is subjected to wave afterwave of incoming computer illiterates. How will those currentlyenjoying America's digital bounty regard, and treat, all this teemingrefuse yearning to breathe free? Will the electronic frontier beanother Land of Opportunity--or an armed and monitored enclave, wherethe disenfranchised snuggle on their cardboard at the locked doors ofour houses of justice?

Some people just don't get along with computers. They can't read. They can't type. They just don't have it in their heads to masterarcane instructions in wirebound manuals. Somewhere, the process ofcomputerization of the populace will reach a limit. Some people--quitedecent people maybe, who might have thrived in any othersituation--will be left irretrievably outside the bounds. What's to bedone with these people, in the bright new shiny electroworld? How willthey be regarded, by the mouse-whizzing masters of cyberspace? Withcontempt? Indifference? Fear?

In retrospect, it astonishes me to realize how quickly poor Stanleybecame a perceived threat. Surprise and fear are closely alliedfeelings. And the world of computing is full of surprises. 

I met one character in the streets of Phoenix whose role in this bookis supremely and directly relevant. That personage was Stanley's giantthieving scarred phantom. This phantasm is everywhere in this book. He is the specter haunting cyberspace. 

Sometimes he's a maniac vandal ready to smash the phone system for nosane reason at all. Sometimes he's a fascist fed, coldly programminghis mighty mainframes to destroy our Bill of Rights. Sometimes he's atelco bureaucrat, covertly conspiring to register all modems in theservice of an Orwellian surveillance regime. Mostly, though, thisfearsome phantom is a "hacker. " He's strange, he doesn't belong, he'snot authorized, he doesn't smell right, he's not keeping his properplace, he's not one of us. The focus of fear is the hacker, for muchthe same reasons that Stanley's fancied assailant is black. 

Stanley's demon can't go away, because he doesn't exist. Despitesingleminded and tremendous effort, he can't be arrested, sued, jailed, or fired. The only constructive way to do ANYTHING about him is tolearn more about Stanley himself. This learning process may berepellent, it may be ugly, it may involve grave elements of paranoiacconfusion, but it's necessary. Knowing Stanley requires something morethan class-crossing condescension. It requires more than steely legalobjectivity. It requires human compassion and sympathy. 

To know Stanley is to know his demon. If you know the other guy'sdemon, then maybe you'll come to know some of your own. You'll be ableto separate reality from illusion. And then you won't do your cause, and yourself, more harm than good. Like poor damned Stanley fromChicago did. 

#

The Federal Computer Investigations Committee (FCIC) is the mostimportant and influential organization in the realm of Americancomputer-crime. Since the police of other countries have largely takentheir computer-crime cues from American methods, the FCIC might well becalled the most important computer crime group in the world. 

It is also, by federal standards, an organization of great unorthodoxy. State and local investigators mix with federal agents. Lawyers, financial auditors and computer-security programmers trade notes withstreet cops. Industry vendors and telco security people show up toexplain their gadgetry and plead for protection and justice. Privateinvestigators, think-tank experts and industry pundits throw in theirtwo cents' worth. The FCIC is the antithesis of a formal bureaucracy. 

Members of the FCIC are obscurely proud of this fact; they recognizetheir group as aberrant, but are entirely convinced that this, forthem, outright WEIRD behavior is nevertheless ABSOLUTELY NECESSARY toget their jobs done. 

FCIC regulars --from the Secret Service, the FBI, the IRS, theDepartment of Labor, the offices of federal attorneys, state police, the Air Force, from military intelligence--often attend meetings, heldhither and thither across the country, at their own expense. The FCICdoesn't get grants. It doesn't charge membership fees. It doesn'thave a boss. It has no headquarters--just a mail drop in WashingtonDC, at the Fraud Division of the Secret Service. It doesn't have abudget. It doesn't have schedules. It meets three times a year--sortof. Sometimes it issues publications, but the FCIC has no regularpublisher, no treasurer, not even a secretary. There are no minutes ofFCIC meetings. Non-federal people are considered "non-votingmembers, " but there's not much in the way of elections. There are nobadges, lapel pins or certificates of membership. Everyone is on afirst-name basis. There are about forty of them. Nobody knows howmany, exactly. People come, people go--sometimes people "go" formallybut still hang around anyway. Nobody has ever exactly figured out what"membership" of this "Committee" actually entails. 

Strange as this may seem to some, to anyone familiar with the socialworld of computing, the "organization" of the FCIC is very recognizable. 

For years now, economists and management theorists have speculated thatthe tidal wave of the information revolution would destroy rigid, pyramidal bureaucracies, where everything is top-down and centrallycontrolled. Highly trained "employees" would take on much greaterautonomy, being self-starting, and self-motivating, moving from placeto place, task to task, with great speed and fluidity. "Ad-hocracy"would rule, with groups of people spontaneously knitting togetheracross organizational lines, tackling the problem at hand, applyingintense computer-aided expertise to it, and then vanishing whence theycame. 

This is more or less what has actually happened in the world of federalcomputer investigation. With the conspicuous exception of the phonecompanies, which are after all over a hundred years old, practicallyEVERY organization that plays any important role in this book functionsjust like the FCIC. The Chicago Task Force, the Arizona RacketeeringUnit, the Legion of Doom, the Phrack crowd, the Electronic FrontierFoundation--they ALL look and act like "tiger teams" or "user'sgroups. " They are all electronic ad-hocracies leaping up spontaneouslyto attempt to meet a need. 

Some are police. Some are, by strict definition, criminals. Some arepolitical interest-groups. But every single group has that samequality of apparent spontaneity--"Hey, gang! My uncle's got abarn--let's put on a show!"

Every one of these groups is embarrassed by this "amateurism, " and, forthe sake of their public image in a world of non-computer people, theyall attempt to look as stern and formal and impressive as possible. These electronic frontier-dwellers resemble groups ofnineteenth-century pioneers hankering after the respectability ofstatehood. There are however, two crucial differences in thehistorical experience of these "pioneers" of the nineteeth andtwenty-first centuries. 

First, powerful information technology DOES play into the hands ofsmall, fluid, loosely organized groups. There have always been"pioneers, " "hobbyists, " "amateurs, " "dilettantes, " "volunteers, ""movements, " "users' groups" and "blue-ribbon panels of experts"around. But a group of this kind--when technically equipped to shiphuge amounts of specialized information, at lightning speed, to itsmembers, to government, and to the press--is simply a different kind ofanimal. It's like the difference between an eel and an electric eel. 

The second crucial change is that American society is currently in astate approaching permanent technological revolution. In the world ofcomputers particularly, it is practically impossible to EVER stop beinga "pioneer, " unless you either drop dead or deliberately jump off thebus. The scene has never slowed down enough to becomewell-institutionalized. And after twenty, thirty, forty years the"computer revolution" continues to spread, to permeate new corners ofsociety. Anything that really works is already obsolete. 

If you spend your entire working life as a "pioneer, " the word"pioneer" begins to lose its meaning. Your way of life looks less andless like an introduction to something else" more stable and organized, and more and more like JUST THE WAY THINGS ARE. A "permanentrevolution" is really a contradiction in terms. If "turmoil" lastslong enough, it simply becomes A NEW KIND OF SOCIETY--still the samegame of history, but new players, new rules. 

Apply this to the world of late twentieth-century law enforcement, andthe implications are novel and puzzling indeed. Any bureaucraticrulebook you write about computer-crime will be flawed when you writeit, and almost an antique by the time it sees print. The fluidity andfast reactions of the FCIC give them a great advantage in this regard, which explains their success. Even with the best will in the world(which it does not, in fact, possess) it is impossible for anorganization the size of the U. S. Federal Bureau of Investigation toget up to speed on the theory and practice of computer crime. If theytried to train all their agents to do this, it would be SUICIDAL, asthey would NEVER BE ABLE TO DO ANYTHING ELSE. 

The FBI does try to train its agents in the basics of electronic crime, at their base in Quantico, Virginia. And the Secret Service, alongwith many other law enforcement groups, runs quite successful andwell-attended training courses on wire fraud, business crime, andcomputer intrusion at the Federal Law Enforcement Training Center(FLETC, pronounced "fletsy") in Glynco, Georgia. But the best effortsof these bureaucracies does not remove the absolute need for a"cutting-edge mess" like the FCIC. 

For you see--the members of FCIC ARE the trainers of the rest of lawenforcement. Practically and literally speaking, they are the Glyncocomputer-crime faculty by another name. If the FCIC went over a cliffon a bus, the U. S. Law enforcement community would be rendered deafdumb and blind in the world of computer crime, and would swiftly feel adesperate need to reinvent them. And this is no time to go startingfrom scratch. 

On June 11, 1991, I once again arrived in Phoenix, Arizona, for thelatest meeting of the Federal Computer Investigations Committee. Thiswas more or less the twentieth meeting of this stellar group. Thecount was uncertain, since nobody could figure out whether to includethe meetings of "the Colluquy, " which is what the FCIC was called inthe mid-1980s before it had even managed to obtain the dignity of itsown acronym. 

Since my last visit to Arizona, in May, the local AzScam briberyscandal had resolved itself in a general muddle of humiliation. ThePhoenix chief of police, whose agents had videotaped nine statelegislators up to no good, had resigned his office in a tussle with thePhoenix city council over the propriety of his undercover operations. 

The Phoenix Chief could now join Gail Thackeray and eleven of herclosest associates in the shared experience of politically motivatedunemployment. As of June, resignations were still continuing at theArizona Attorney General's office, which could be interpreted as eithera New Broom Sweeping Clean or a Night of the Long Knives Part II, depending on your point of view. 

The meeting of FCIC was held at the Scottsdale Hilton Resort. Scottsdale is a wealthy suburb of Phoenix, known as "Scottsdull" toscoffing local trendies, but well-equipped with posh shopping-malls andmanicured lawns, while conspicuously undersupplied with homelessderelicts. The Scottsdale Hilton Resort was a sprawling hotel inpostmodern crypto-Southwestern style. It featured a "mission belltower" plated in turquoise tile and vaguely resembling a Saudi minaret. 

Inside it was all barbarically striped Santa Fe Style decor. There wasa health spa downstairs and a large oddly-shaped pool in the patio. Apoolside umbrella-stand offered Ben and Jerry's politically correctPeace Pops. 

I registered as a member of FCIC, attaining a handy discount rate, thenwent in search of the Feds. Sure enough, at the back of the hotelgrounds came the unmistakable sound of Gail Thackeray holding forth. 

Since I had also attended the Computers Freedom and Privacy conference(about which more later), this was the second time I had seen Thackerayin a group of her law enforcement colleagues. Once again I was struckby how simply pleased they seemed to see her. It was natural thatshe'd get SOME attention, as Gail was one of two women in a group ofsome thirty men; but there was a lot more to it than that. 

Gail Thackeray personifies the social glue of the FCIC. They couldgive a damn about her losing her job with the Attorney General. Theywere sorry about it, of course, but hell, they'd all lost jobs. Ifthey were the kind of guys who liked steady boring jobs, they wouldnever have gotten into computer work in the first place. 

I wandered into her circle and was immediately introduced to fivestrangers. The conditions of my visit at FCIC were reviewed. I wouldnot quote anyone directly. I would not tie opinions expressed to theagencies of the attendees. I would not (a purely hypothetical example)report the conversation of a guy from the Secret Service talking quitecivilly to a guy from the FBI, as these two agencies NEVER talk toeach other, and the IRS (also present, also hypothetical) NEVER TALKSTO ANYBODY. 

Worse yet, I was forbidden to attend the first conference. And Ididn't. I have no idea what the FCIC was up to behind closed doorsthat afternoon. I rather suspect that they were engaging in a frankand thorough confession of their errors, goof-ups and blunders, as thishas been a feature of every FCIC meeting since their legendary Memphisbeer-bust of 1986. Perhaps the single greatest attraction of FCIC isthat it is a place where you can go, let your hair down, and completelylevel with people who actually comprehend what you are talking about. Not only do they understand you, but they REALLY PAY ATTENTION, theyare GRATEFUL FOR YOUR INSIGHTS, and they FORGIVE YOU, which in ninecases out of ten is something even your boss can't do, because as soonas you start talking "ROM, " "BBS, " or "T-1 trunk, " his eyes glaze over. 

I had nothing much to do that afternoon. The FCIC were beavering awayin their conference room. Doors were firmly closed, windows too darkto peer through. I wondered what a real hacker, a computer intruder, would do at a meeting like this. 

The answer came at once. He would "trash" the place. Not reduce theplace to trash in some orgy of vandalism; that's not the use of theterm in the hacker milieu. No, he would quietly EMPTY THE TRASHBASKETS and silently raid any valuable data indiscreetly thrown away. 

Journalists have been known to do this. (Journalists huntinginformation have been known to do almost every single unethical thingthat hackers have ever done. They also throw in a few awful techniquesall their own. ) The legality of 'trashing' is somewhat dubious but itis not in fact flagrantly illegal. It was, however, absurd tocontemplate trashing the FCIC. These people knew all about trashing. I wouldn't last fifteen seconds. 

The idea sounded interesting, though. I'd been hearing a lot about thepractice lately. On the spur of the moment, I decided I would trytrashing the office ACROSS THE HALL from the FCIC, an area which hadnothing to do with the investigators. 

The office was tiny; six chairs, a table. . . . Nevertheless, it wasopen, so I dug around in its plastic trash can. 

To my utter astonishment, I came up with the torn scraps of a SPRINTlong-distance phone bill. More digging produced a bank statement andthe scraps of a hand-written letter, along with gum, cigarette ashes, candy wrappers and a day-old-issue of USA TODAY. 

The trash went back in its receptacle while the scraps of data wentinto my travel bag. I detoured through the hotel souvenir shop forsome Scotch tape and went up to my room. 

Coincidence or not, it was quite true. Some poor soul had, in fact, thrown a SPRINT bill into the hotel's trash. Date May 1991, totalamount due: $252. 36. Not a business phone, either, but a residentialbill, in the name of someone called Evelyn (not her real name). Evelyn's records showed a ## PAST DUE BILL ##! Here was her nine-digitaccount ID. Here was a stern computer-printed warning:

"TREAT YOUR FONCARD AS YOU WOULD ANY CREDIT CARD. TO SECURE AGAINSTFRAUD, NEVER GIVE YOUR FONCARD NUMBER OVER THE PHONE UNLESS YOUINITIATED THE CALL. IF YOU RECEIVE SUSPICIOUS CALLS PLEASE NOTIFYCUSTOMER SERVICE IMMEDIATELY!"

I examined my watch. Still plenty of time left for the FCIC to carryon. I sorted out the scraps of Evelyn's SPRINT bill and re-assembledthem with fresh Scotch tape. Here was her ten-digit FONCARD number. Didn't seem to have the ID number necessary to cause real fraud trouble. 

I did, however, have Evelyn's home phone number. And the phone numbersfor a whole crowd of Evelyn's long-distance friends and acquaintances. In San Diego, Folsom, Redondo, Las Vegas, La Jolla, Topeka, andNorthampton Massachusetts. Even somebody in Australia!

I examined other documents. Here was a bank statement. It wasEvelyn's IRA account down at a bank in San Mateo California (totalbalance $1877. 20). Here was a charge-card bill for $382. 64. She waspaying it off bit by bit. 

Driven by motives that were completely unethical and prurient, I nowexamined the handwritten notes. They had been torn fairly thoroughly, so much so that it took me almost an entire five minutes to reassemblethem. 

They were drafts of a love letter. They had been written on the linedstationery of Evelyn's employer, a biomedical company. Probablywritten at work when she should have been doing something else. 

"Dear Bob, " (not his real name) "I guess in everyone's life therecomes a time when hard decisions have to be made, and this is adifficult one for me--very upsetting. Since you haven't called me, andI don't understand why, I can only surmise it's because you don't wantto. I thought I would have heard from you Friday. I did have a fewunusual problems with my phone and possibly you tried, I hope so. 

"Robert, you asked me to 'let go'. . . . "

The first note ended. UNUSUAL PROBLEMS WITH HER PHONE? I lookedswiftly at the next note. 

"Bob, not hearing from you for the whole weekend has left me veryperplexed. . . . "

Next draft. 

"Dear Bob, there is so much I don't understand right now, and I wish Idid. I wish I could talk to you, but for some unknown reason you haveelected not to call--this is so difficult for me to understand. . . . "

She tried again. 

"Bob, Since I have always held you in such high esteem, I had everyhope that we could remain good friends, but now one essentialingredient is missing--respect. Your ability to discard people whentheir purpose is served is appalling to me. The kindest thing youcould do for me now is to leave me alone. You are no longer welcome inmy heart or home. . . . "

Try again. 

"Bob, I wrote a very factual note to you to say how much respect I hadlost for you, by the way you treat people, me in particular, souncaring and cold. The kindest thing you can do for me is to leave mealone entirely, as you are no longer welcome in my heart or home. Iwould appreciate it if you could retire your debt to me as soon aspossible--I wish no link to you in any way. Sincerely, Evelyn. "

Good heavens, I thought, the bastard actually owes her money! I turnedto the next page. 

"Bob: very simple. GOODBYE! No more mind games--no morefascination--no more coldness--no more respect for you! It'sover--Finis. Evie"

There were two versions of the final brushoff letter, but they readabout the same. Maybe she hadn't sent it. The final item in myillicit and shameful booty was an envelope addressed to "Bob" at hishome address, but it had no stamp on it and it hadn't been mailed. 

Maybe she'd just been blowing off steam because her rascal boyfriendhad neglected to call her one weekend. Big deal. Maybe they'd kissedand made up, maybe she and Bob were down at Pop's Chocolate Shop now, sharing a malted. Sure. 

Easy to find out. All I had to do was call Evelyn up. With ahalf-clever story and enough brass-plated gall I could probably trickthe truth out of her. Phone-phreaks and hackers deceive people overthe phone all the time. It's called "social engineering. " Socialengineering is a very common practice in the underground, and almostmagically effective. Human beings are almost always the weakest linkin computer security. The simplest way to learn Things You Are NotMeant To Know is simply to call up and exploit the knowledgeablepeople. With social engineering, you use the bits of specializedknowledge you already have as a key, to manipulate people intobelieving that you are legitimate. You can then coax, flatter, orfrighten them into revealing almost anything you want to know. Deceiving people (especially over the phone) is easy and fun. Exploiting their gullibility is very gratifying; it makes you feel verysuperior to them. 

If I'd been a malicious hacker on a trashing raid, I would now haveEvelyn very much in my power. Given all this inside data, it wouldn'ttake much effort at all to invent a convincing lie. If I were ruthlessenough, and jaded enough, and clever enough, this momentaryindiscretion of hers--maybe committed in tears, who knows--could causeher a whole world of confusion and grief. 

I didn't even have to have a MALICIOUS motive. Maybe I'd be "on herside, " and call up Bob instead, and anonymously threaten to break bothhis kneecaps if he didn't take Evelyn out for a steak dinner pronto. It was still profoundly NONE OF MY BUSINESS. To have gotten thisknowledge at all was a sordid act and to use it would be to inflict asordid injury. 

To do all these awful things would require exactly zero high-techexpertise. All it would take was the willingness to do it and acertain amount of bent imagination. 

I went back downstairs. The hard-working FCIC, who had laboredforty-five minutes over their schedule, were through for the day, andadjourned to the hotel bar. We all had a beer. 

I had a chat with a guy about "Isis, " or rather IACIS, theInternational Association of Computer Investigation Specialists. They're into "computer forensics, " the techniques of pickingcomputer-systems apart without destroying vital evidence. IACIS, currently run out of Oregon, is comprised of investigators in the U. S. , Canada, Taiwan and Ireland. "Taiwan and Ireland?" I said. Are TAIWANand IRELAND really in the forefront of this stuff? Well not exactly, my informant admitted. They just happen to have been the first ones tohave caught on by word of mouth. Still, the international anglecounts, because this is obviously an international problem. Phone-lines go everywhere. 

There was a Mountie here from the Royal Canadian Mounted Police. Heseemed to be having quite a good time. Nobody had flung this Canadianout because he might pose a foreign security risk. These arecyberspace cops. They still worry a lot about "jurisdictions, " butmere geography is the least of their troubles. 

NASA had failed to show. NASA suffers a lot from computer intrusions, in particular from Australian raiders and a well-trumpeted ChaosComputer Club case, and in 1990 there was a brief press flurry when itwas revealed that one of NASA's Houston branch-exchanges had beensystematically ripped off by a gang of phone-phreaks. But the NASAguys had had their funding cut. They were stripping everything. 

Air Force OSI, its Office of Special Investigations, is the ONLYfederal entity dedicated full-time to computer security. They'd beenexpected to show up in force, but some of them had cancelled--aPentagon budget pinch. 

As the empties piled up, the guys began joshing around and tellingwar-stories. "These are cops, " Thackeray said tolerantly. "If they'renot talking shop they talk about women and beer. "

I heard the story about the guy who, asked for "a copy" of a computerdisk, PHOTOCOPIED THE LABEL ON IT. He put the floppy disk onto theglass plate of a photocopier. The blast of static when the copierworked completely erased all the real information on the disk. 

Some other poor souls threw a whole bag of confiscated diskettes intothe squad-car trunk next to the police radio. The powerful radiosignal blasted them, too. 

We heard a bit about Dave Geneson, the first computer prosecutor, amainframe-runner in Dade County, turned lawyer. Dave Geneson was oneguy who had hit the ground running, a signal virtue in making thetransition to computer-crime. It was generally agreed that it waseasier to learn the world of computers first, then police orprosecutorial work. You could take certain computer people and train'em to successful police work--but of course they had to have the COPMENTALITY. They had to have street smarts. Patience. Persistence. And discretion. You've got to make sure they're not hot-shots, show-offs, "cowboys. "

Most of the folks in the bar had backgrounds in military intelligence, or drugs, or homicide. It was rudely opined that "militaryintelligence" was a contradiction in terms, while even the grisly worldof homicide was considered cleaner than drug enforcement. One guy hadbeen 'way undercover doing dope-work in Europe for four years straight. "I'm almost recovered now, " he said deadpan, with the acid black humorthat is pure cop. "Hey, now I can say FUCKER without putting MOTHER infront of it. "

"In the cop world, " another guy said earnestly, "everything is good andbad, black and white. In the computer world everything is gray. "

One guy--a founder of the FCIC, who'd been with the group since it wasjust the Colluquy--described his own introduction to the field. He'dbeen a Washington DC homicide guy called in on a "hacker" case. Fromthe word "hacker, " he naturally assumed he was on the trail of aknife-wielding marauder, and went to the computer center expectingblood and a body. When he finally figured out what was happening there(after loudly demanding, in vain, that the programmers "speakEnglish"), he called headquarters and told them he was clueless aboutcomputers. They told him nobody else knew diddly either, and to getthe hell back to work. 

So, he said, he had proceeded by comparisons. By analogy. Bymetaphor. "Somebody broke in to your computer, huh?" Breaking andentering; I can understand that. How'd he get in? "Over thephone-lines. " Harassing phone-calls, I can understand that! What weneed here is a tap and a trace!

It worked. It was better than nothing. And it worked a lot fasterwhen he got hold of another cop who'd done something similar. And thenthe two of them got another, and another, and pretty soon the Colluquywas a happening thing. It helped a lot that everybody seemed to knowCarlton Fitzpatrick, the data-processing trainer in Glynco. 

The ice broke big-time in Memphis in '86. The Colluquy had attracted abunch of new guys--Secret Service, FBI, military, other feds, heavyguys. Nobody wanted to tell anybody anything. They suspected that ifword got back to the home office they'd all be fired. They passed anuncomfortably guarded afternoon. 

The formalities got them nowhere. But after the formal session wasover, the organizers brought in a case of beer. As soon as theparticipants knocked it off with the bureaucratic ranks andturf-fighting, everything changed. "I bared my soul, " one veteranreminisced proudly. By nightfall they were building pyramids of emptybeer-cans and doing everything but composing a team fight song. 

FCIC were not the only computer-crime people around. There was DATTA(District Attorneys' Technology Theft Association), though they mostlyspecialized in chip theft, intellectual property, and black-marketcases. There was HTCIA (High Tech Computer InvestigatorsAssociation), also out in Silicon Valley, a year older than FCIC andfeaturing brilliant people like Donald Ingraham. There was LEETAC (LawEnforcement Electronic Technology Assistance Committee) in Florida, andcomputer-crime units in Illinois and Maryland and Texas and Ohio andColorado and Pennsylvania. But these were local groups. FCIC were thefirst to really network nationally and on a federal level. 

FCIC people live on the phone lines. Not on bulletin boardsystems--they know very well what boards are, and they know that boardsaren't secure. Everyone in the FCIC has a voice-phone bill like youwouldn't believe. FCIC people have been tight with the telco peoplefor a long time. Telephone cyberspace is their native habitat. 

FCIC has three basic sub-tribes: the trainers, the security people, and the investigators. That's why it's called an "InvestigationsCommittee" with no mention of the term "computer-crime"--the dreaded"C-word. " FCIC, officially, is "an association of agencies rather thanindividuals;" unofficially, this field is small enough that theinfluence of individuals and individual expertise is paramount. Attendance is by invitation only, and most everyone in FCIC considershimself a prophet without honor in his own house. 

Again and again I heard this, with different terms but identicalsentiments. "I'd been sitting in the wilderness talking to myself. " "Iwas totally isolated. " "I was desperate. " "FCIC is the best thingthere is about computer crime in America. " "FCIC is what reallyworks. " "This is where you hear real people telling you what's reallyhappening out there, not just lawyers picking nits. " "We taught eachother everything we knew. "

The sincerity of these statements convinces me that this is true. FCICis the real thing and it is invaluable. It's also very sharply at oddswith the rest of the traditions and power structure in American lawenforcement. There probably hasn't been anything around as loose andgo-getting as the FCIC since the start of the U. S. Secret Service inthe 1860s. FCIC people are living like twenty-first-century people ina twentieth-century environment, and while there's a great deal to besaid for that, there's also a great deal to be said against it, andthose against it happen to control the budgets. 

I listened to two FCIC guys from Jersey compare life histories. One ofthem had been a biker in a fairly heavy-duty gang in the 1960s. "Oh, did you know so-and-so?" said the other guy from Jersey. "Big guy, heavyset?"

"Yeah, I knew him. "

"Yeah, he was one of ours. He was our plant in the gang. "

"Really? Wow! Yeah, I knew him. Helluva guy. "

Thackeray reminisced at length about being tear-gassed blind in theNovember 1969 antiwar protests in Washington Circle, covering them forher college paper. "Oh yeah, I was there, " said another cop. "Glad tohear that tear gas hit somethin'. Haw haw haw. " He'd been so blindhimself, he confessed, that later that day he'd arrested a small tree. 

FCIC are an odd group, sifted out by coincidence and necessity, andturned into a new kind of cop. There are a lot of specialized cops inthe world--your bunco guys, your drug guys, your tax guys, but the onlygroup that matches FCIC for sheer isolation are probably thechild-pornography people. Because they both deal with conspirators whoare desperate to exchange forbidden data and also desperate to hide;and because nobody else in law enforcement even wants to hear about it. 

FCIC people tend to change jobs a lot. They tend not to get theequipment and training they want and need. And they tend to get suedquite often. 

As the night wore on and a band set up in the bar, the talk grewdarker. Nothing ever gets done in government, someone opined, untilthere's a DISASTER. Computing disasters are awful, but there's nodenying that they greatly help the credibility of FCIC people. TheInternet Worm, for instance. "For years we'd been warning aboutthat--but it's nothing compared to what's coming. " They expecthorrors, these people. They know that nothing will really get doneuntil there is a horror. 

#

Next day we heard an extensive briefing from a guy who'd been acomputer cop, gotten into hot water with an Arizona city council, andnow installed computer networks for a living (at a considerable rise inpay). He talked about pulling fiber-optic networks apart. 

Even a single computer, with enough peripherals, is a literal"network"--a bunch of machines all cabled together, generally with acomplexity that puts stereo units to shame. FCIC people invent andpublicize methods of seizing computers and maintaining their evidence. Simple things, sometimes, but vital rules of thumb for street cops, whonowadays often stumble across a busy computer in the midst of a druginvestigation or a white-collar bust. For instance: Photograph thesystem before you touch it. Label the ends of all the cables beforeyou detach anything. "Park" the heads on the disk drives before youmove them. Get the diskettes. Don't put the diskettes in magneticfields. Don't write on diskettes with ballpoint pens. Get themanuals. Get the printouts. Get the handwritten notes. Copy databefore you look at it, and then examine the copy instead of theoriginal. 

Now our lecturer distributed copied diagrams of a typical LAN or "LocalArea Network", which happened to be out of Connecticut. ONE HUNDREDAND FIFTY-NINE desktop computers, each with its own peripherals. Three"file servers. " Five "star couplers" each with thirty-two ports. Onesixteen-port coupler off in the corner office. All these machinestalking to each other, distributing electronic mail, distributingsoftware, distributing, quite possibly, criminal evidence. All linkedby high-capacity fiber-optic cable. A bad guy--cops talk a about "badguys" --might be lurking on PC #47 lot or #123 and distributing his illdoings onto some dupe's "personal" machine in another office--oranother floor--or, quite possibly, two or three miles away! Or, conceivably, the evidence might be "data-striped"--split up intomeaningless slivers stored, one by one, on a whole crowd of differentdisk drives. 

The lecturer challenged us for solutions. I for one was utterlyclueless. As far as I could figure, the Cossacks were at the gate;there were probably more disks in this single building than were seizedduring the entirety of Operation Sundevil. 

"Inside informant, " somebody said. Right. There's always the humanangle, something easy to forget when contemplating the arcane recessesof high technology. Cops are skilled at getting people to talk, andcomputer people, given a chair and some sustained attention, will talkabout their computers till their throats go raw. There's a case onrecord of a single question--"How'd you do it?"--eliciting aforty-five-minute videotaped confession from a computer criminal whonot only completely incriminated himself but drew helpful diagrams. 

Computer people talk. Hackers BRAG. Phone-phreaks talkPATHOLOGICALLY--why else are they stealing phone-codes, if not tonatter for ten hours straight to their friends on an opposite seaboard?Computer-literate people do in fact possess an arsenal of nifty gadgetsand techniques that would allow them to conceal all kinds of exoticskullduggery, and if they could only SHUT UP about it, they couldprobably get away with all manner of amazing information-crimes. Butthat's just not how it works--or at least, that's not how it's workedSO FAR. 

Most every phone-phreak ever busted has swiftly implicated his mentors, his disciples, and his friends. Most every white-collarcomputer-criminal, smugly convinced that his clever scheme isbulletproof, swiftly learns otherwise when, for the first time in hislife, an actual no-kidding policeman leans over, grabs the front of hisshirt, looks him right in the eye and says: "All right, ASSHOLE--youand me are going downtown!" All the hardware in the world will notinsulate your nerves from these actual real-life sensations of terrorand guilt. 

Cops know ways to get from point A to point Z without thumbing throughevery letter in some smart-ass bad-guy's alphabet. Cops know how tocut to the chase. Cops know a lot of things other people don't know. 

Hackers know a lot of things other people don't know, too. Hackersknow, for instance, how to sneak into your computer through thephone-lines. But cops can show up RIGHT ON YOUR DOORSTEP and carry offYOU and your computer in separate steel boxes. A cop interested inhackers can grab them and grill them. A hacker interested in cops hasto depend on hearsay, underground legends, and what cops are willing topublicly reveal. And the Secret Service didn't get named "the SECRETService" because they blab a lot. 

Some people, our lecturer informed us, were under the mistakenimpression that it was "impossible" to tap a fiber-optic line. Well, he announced, he and his son had just whipped up a fiber-optic tap inhis workshop at home. He passed it around the audience, along with acircuit-covered LAN plug-in card so we'd all recognize one if we saw iton a case. We all had a look. 

The tap was a classic "Goofy Prototype"--a thumb-length rounded metalcylinder with a pair of plastic brackets on it. From one end dangledthree thin black cables, each of which ended in a tiny black plasticcap. When you plucked the safety-cap off the end of a cable, you couldsee the glass fiber--no thicker than a pinhole. 

Our lecturer informed us that the metal cylinder was a "wavelengthdivision multiplexer. " Apparently, what one did was to cut thefiber-optic cable, insert two of the legs into the cut to complete thenetwork again, and then read any passing data on the line by hooking upthe third leg to some kind of monitor. Sounded simple enough. Iwondered why nobody had thought of it before. I also wondered whetherthis guy's son back at the workshop had any teenage friends. 

We had a break. The guy sitting next to me was wearing a giveawaybaseball cap advertising the Uzi submachine gun. We had a desultorychat about the merits of Uzis. Long a favorite of the Secret Service, it seems Uzis went out of fashion with the advent of the Persian GulfWar, our Arab allies taking some offense at Americans toting Israeliweapons. Besides, I was informed by another expert, Uzis jam. Theequivalent weapon of choice today is the Heckler & Koch, manufacturedin Germany. 

The guy with the Uzi cap was a forensic photographer. He also did alot of photographic surveillance work in computer crime cases. He usedto, that is, until the firings in Phoenix. He was now a privateinvestigator and, with his wife, ran a photography salon specializingin weddings and portrait photos. At--one must repeat--a considerablerise in income. 

He was still FCIC. If you were FCIC, and you needed to talk to anexpert about forensic photography, well, there he was, willing andable. If he hadn't shown up, people would have missed him. 

Our lecturer had raised the point that preliminary investigation of acomputer system is vital before any seizure is undertaken. It's vitalto understand how many machines are in there, what kinds there are, what kind of operating system they use, how many people use them, wherethe actual data itself is stored. To simply barge into an officedemanding "all the computers" is a recipe for swift disaster. 

This entails some discreet inquiries beforehand. In fact, what itentails is basically undercover work. An intelligence operation. SPYING, not to put too fine a point on it. 

In a chat after the lecture, I asked an attendee whether "trashing"might work. 

I received a swift briefing on the theory and practice of "trashcovers. " Police "trash covers, " like "mail covers" or like wiretaps, require the agreement of a judge. This obtained, the "trashing" workof cops is just like that of hackers, only more so and much betterorganized. So much so, I was informed, that mobsters in Phoenix makeextensive use of locked garbage cans picked up by a specialtyhigh-security trash company. 

In one case, a tiger team of Arizona cops had trashed a local residencefor four months. Every week they showed up on the municipal garbagetruck, disguised as garbagemen, and carried the contents of the suspectcans off to a shade tree, where they combed through the garbage--amessy task, especially considering that one of the occupants wasundergoing kidney dialysis. All useful documents were cleaned, driedand examined. A discarded typewriter-ribbon was an especially valuablesource of data, as its long one-strike ribbon of film contained thecontents of every letter mailed out of the house. The letters wereneatly retyped by a police secretary equipped with a large desk-mountedmagnifying glass. 

There is something weirdly disquieting about the whole subject of"trashing"--an unsuspected and indeed rather disgusting mode of deeppersonal vulnerability. Things that we pass by every day, that we takeutterly for granted, can be exploited with so little work. Oncediscovered, the knowledge of these vulnerabilities tend to spread. 

Take the lowly subject of MANHOLE COVERS. The humble manhole coverreproduces many of the dilemmas of computer-security in miniature. Manhole covers are, of course, technological artifacts, access-pointsto our buried urban infrastructure. To the vast majority of us, manhole covers are invisible. They are also vulnerable. For manyyears now, the Secret Service has made a point of caulking manholecovers along all routes of the Presidential motorcade. This is, ofcourse, to deter terrorists from leaping out of underground ambush or, more likely, planting remote-control car-smashing bombs beneath thestreet. 

Lately, manhole covers have seen more and more criminal exploitation, especially in New York City. Recently, a telco in New York Citydiscovered that a cable television service had been sneaking into telcomanholes and installing cable service alongside thephone-lines--WITHOUT PAYING ROYALTIES. New York companies have alsosuffered a general plague of (a) underground copper cable theft; (b)dumping of garbage, including toxic waste, and (c) hasty dumping ofmurder victims. 

Industry complaints reached the ears of an innovative New Englandindustrial-security company, and the result was a new product known as"the Intimidator, " a thick titanium-steel bolt with a preciselymachined head that requires a special device to unscrew. All these"keys" have registered serial numbers kept on file with themanufacturer. There are now some thousands of these "Intimidator"bolts being sunk into American pavements wherever our President passes, like some macabre parody of strewn roses. They are also spreading asfast as steel dandelions around US military bases and many centers ofprivate industry. 

Quite likely it has never occurred to you to peer under a manholecover, perhaps climb down and walk around down there with a flashlight, just to see what it's like. Formally speaking, this might betrespassing, but if you didn't hurt anything, and didn't make anabsolute habit of it, nobody would really care. The freedom to sneakunder manholes was likely a freedom you never intended to exercise. 

You now are rather less likely to have that freedom at all. You maynever even have missed it until you read about it here, but if you'rein New York City it's gone, and elsewhere it's likely going. This isone of the things that crime, and the reaction to crime, does to us. 

The tenor of the meeting now changed as the Electronic FrontierFoundation arrived. The EFF, whose personnel and history will beexamined in detail in the next chapter, are a pioneering civilliberties group who arose in direct response to the Hacker Crackdown of1990. 

Now Mitchell Kapor, the Foundation's president, and Michael Godwin, itschief attorney, were confronting federal law enforcement MANO A MANOfor the first time ever. Ever alert to the manifold uses of publicity, Mitch Kapor and Mike Godwin had brought their own journalist in tow:Robert Draper, from Austin, whose recent well-received book aboutROLLING STONE magazine was still on the stands. Draper was onassignment for TEXAS MONTHLY. 

The Steve Jackson/EFF civil lawsuit against the Chicago Computer Fraudand Abuse Task Force was a matter of considerable regional interest inTexas. There were now two Austinite journalists here on the case. Infact, counting Godwin (a former Austinite and former journalist) therewere three of us. Lunch was like Old Home Week. 

Later, I took Draper up to my hotel room. We had a long frank talkabout the case, networking earnestly like a miniature freelance-journoversion of the FCIC: privately confessing the numerous blunders ofjournalists covering the story, and trying hard to figure out who waswho and what the hell was really going on out there. I showed Drapereverything I had dug out of the Hilton trashcan. We pondered theethics of "trashing" for a while, and agreed that they were dismal. Wealso agreed that finding a SPRINT bill on your first time out was aheck of a coincidence. 

First I'd "trashed"--and now, mere hours later, I'd bragged to someoneelse. Having entered the lifestyle of hackerdom, I was now, unsurprisingly, following its logic. Having discovered somethingremarkable through a surreptitious action, I of course HAD to "brag, "and to drag the passing Draper into my iniquities. I felt I needed awitness. Otherwise nobody would have believed what I'd discovered. . . . 

Back at the meeting, Thackeray cordially, if rather tentatively, introduced Kapor and Godwin to her colleagues. Papers weredistributed. Kapor took center stage. The brilliant Bostonianhigh-tech entrepreneur, normally the hawk in his own administration andquite an effective public speaker, seemed visibly nervous, and franklyadmitted as much. He began by saying he consided computer-intrusion tobe morally wrong, and that the EFF was not a "hacker defense fund, "despite what had appeared in print. Kapor chatted a bit about thebasic motivations of his group, emphasizing their good faith andwillingness to listen and seek common ground with lawenforcement--when, er, possible. 

Then, at Godwin's urging, Kapor suddenly remarked that EFF's ownInternet machine had been "hacked" recently, and that EFF did notconsider this incident amusing. 

After this surprising confession, things began to loosen up quiterapidly. Soon Kapor was fielding questions, parrying objections, challenging definitions, and juggling paradigms with something akin tohis usual gusto. 

Kapor seemed to score quite an effect with his shrewd and skepticalanalysis of the merits of telco "Caller-ID" services. (On this topic, FCIC and EFF have never been at loggerheads, and have no particularestablished earthworks to defend. ) Caller-ID has generally beenpromoted as a privacy service for consumers, a presentation Kapordescribed as a "smokescreen, " the real point of Caller-ID being toALLOW CORPORATE CUSTOMERS TO BUILD EXTENSIVE COMMERCIAL DATABASES ONEVERYBODY WHO PHONES OR FAXES THEM. Clearly, few people in the roomhad considered this possibility, except perhaps for two late-arrivalsfrom US WEST RBOC security, who chuckled nervously. 

Mike Godwin then made an extensive presentation on "Civil LibertiesImplications of Computer Searches and Seizures. " Now, at last, we weregetting to the real nitty-gritty here, real political horse-trading. The audience listened with close attention, angry mutters risingoccasionally: "He's trying to teach us our jobs!" "We've beenthinking about this for years! We think about these issues every day!""If I didn't seize the works, I'd be sued by the guy's victims!" "I'mviolating the law if I leave ten thousand disks full of illegal PIRATEDSOFTWARE and STOLEN CODES!" "It's our job to make sure people don'ttrash the Constitution--we're the DEFENDERS of the Constitution!" "Weseize stuff when we know it will be forfeited anyway as restitution forthe victim!"

"If it's forfeitable, then don't get a search warrant, get a forfeiturewarrant, " Godwin suggested coolly. He further remarked that mostsuspects in computer crime don't WANT to see their computers vanish outthe door, headed God knew where, for who knows how long. They mightnot mind a search, even an extensive search, but they want theirmachines searched on-site. 

"Are they gonna feed us?" somebody asked sourly. 

"How about if you take copies of the data?" Godwin parried. 

"That'll never stand up in court. "

"Okay, you make copies, give THEM the copies, and take the originals. "

Hmmm. 

Godwin championed bulletin-board systems as repositories of FirstAmendment protected free speech. He complained that federalcomputer-crime training manuals gave boards a bad press, suggestingthat they are hotbeds of crime haunted by pedophiles and crooks, whereas the vast majority of the nation's thousands of boards arecompletely innocuous, and nowhere near so romantically suspicious. 

People who run boards violently resent it when their systems areseized, and their dozens (or hundreds) of users look on in abjecthorror. Their rights of free expression are cut short. Their right toassociate with other people is infringed. And their privacy isviolated as their private electronic mail becomes police property. 

Not a soul spoke up to defend the practice of seizing boards. Theissue passed in chastened silence. Legal principles aside--(and thoseprinciples cannot be settled without laws passed or courtprecedents)--seizing bulletin boards has become public-relations poisonfor American computer police. 

And anyway, it's not entirely necessary. If you're a cop, you can get'most everything you need from a pirate board, just by using an insideinformant. Plenty of vigilantes--well, CONCERNED CITIZENS--will informpolice the moment they see a pirate board hit their area (and willtell the police all about it, in such technical detail, actually, thatyou kinda wish they'd shut up). They will happily supply police withextensive downloads or printouts. It's IMPOSSIBLE to keep this fluidelectronic information out of the hands of police. 

Some people in the electronic community become enraged at the prospectof cops "monitoring" bulletin boards. This does have touchy aspects, as Secret Service people in particular examine bulletin boards withsome regularity. But to expect electronic police to be deaf dumb andblind in regard to this particular medium rather flies in the face ofcommon sense. Police watch television, listen to radio, read newspapersand magazines; why should the new medium of boards be different? Copscan exercise the same access to electronic information as everybodyelse. As we have seen, quite a few computer police maintain THEIR OWNbulletin boards, including anti-hacker "sting" boards, which havegenerally proven quite effective. 

As a final clincher, their Mountie friends in Canada (and colleagues inIreland and Taiwan) don't have First Amendment or Americanconstitutional restrictions, but they do have phone lines, and can callany bulletin board in America whenever they please. The sametechnological determinants that play into the hands of hackers, phonephreaks and software pirates can play into the hands of police. "Technological determinants" don't have ANY human allegiances. They'renot black or white, or Establishment or Underground, or pro-or-antianything. 

Godwin complained at length about what he called "the Clever Hobbyisthypothesis" --the assumption that the "hacker" you're busting isclearly a technical genius, and must therefore by searched with extremethoroughness. So: from the law's point of view, why risk missinganything? Take the works. Take the guy's computer. Take his books. Take his notebooks. Take the electronic drafts of his love letters. Take his Walkman. Take his wife's computer. Take his dad's computer. Take his kid sister's computer. Take his employer's computer. Takehis compact disks--they MIGHT be CD-ROM disks, cunningly disguised aspop music. Take his laser printer--he might have hidden somethingvital in the printer's 5meg of memory. Take his software manuals andhardware documentation. Take his science-fiction novels and hissimulation-gaming books. Take his Nintendo Game-Boy and his Pac-Manarcade game. Take his answering machine, take his telephone out of thewall. Take anything remotely suspicious. 

Godwin pointed out that most "hackers" are not, in fact, clever geniushobbyists. Quite a few are crooks and grifters who don't have much inthe way of technical sophistication; just some rule-of-thumb rip-offtechniques. The same goes for most fifteen-year-olds who've downloadeda code-scanning program from a pirate board. There's no real need toseize everything in sight. It doesn't require an entire computersystem and ten thousand disks to prove a case in court. 

What if the computer is the instrumentality of a crime? someonedemanded. 

Godwin admitted quietly that the doctrine of seizing theinstrumentality of a crime was pretty well established in the Americanlegal system. 

The meeting broke up. Godwin and Kapor had to leave. Kapor wastestifying next morning before the Massachusetts Department Of PublicUtility, about ISDN narrowband wide-area networking. 

As soon as they were gone, Thackeray seemed elated. She had taken agreat risk with this. Her colleagues had not, in fact, torn Kapor andGodwin's heads off. She was very proud of them, and told them so. 

"Did you hear what Godwin said about INSTRUMENTALITY OF A CRIME?" sheexulted, to nobody in particular. "Wow, that means MITCH ISN'T GOINGTO SUE ME. "

#

America's computer police are an interesting group. As a socialphenomenon they are far more interesting, and far more important, thanteenage phone phreaks and computer hackers. First, they're older andwiser; not dizzy hobbyists with leaky morals, but seasoned adultprofessionals with all the responsibilities of public service. And, unlike hackers, they possess not merely TECHNICAL power alone, butheavy-duty legal and social authority. 

And, very interestingly, they are just as much at sea in cyberspace aseveryone else. They are not happy about this. Police areauthoritarian by nature, and prefer to obey rules and precedents. (Even those police who secretly enjoy a fast ride in rough territorywill soberly disclaim any "cowboy" attitude. ) But in cyberspace thereARE no rules and precedents. They are groundbreaking pioneers, Cyberspace Rangers, whether they like it or not. 

In my opinion, any teenager enthralled by computers, fascinated by theins and outs of computer security, and attracted by the lure ofspecialized forms of knowledge and power, would do well to forget allabout "hacking" and set his (or her) sights on becoming a fed. Fedscan trump hackers at almost every single thing hackers do, includinggathering intelligence, undercover disguise, trashing, phone-tapping, building dossiers, networking, and infiltrating computersystems--CRIMINAL computer systems. Secret Service agents know moreabout phreaking, coding and carding than most phreaks can find out inyears, and when it comes to viruses, break-ins, software bombs andtrojan horses, Feds have direct access to red-hot confidentialinformation that is only vague rumor in the underground. 

And if it's an impressive public rep you're after, there are few peoplein the world who can be so chillingly impressive as a well-trained, well-armed United States Secret Service agent. 

Of course, a few personal sacrifices are necessary in order to obtainthat power and knowledge. First, you'll have the galling discipline ofbelonging to a large organization; but the world of computer crime isstill so small, and so amazingly fast-moving, that it will remainspectacularly fluid for years to come. The second sacrifice is thatyou'll have to give up ripping people off. This is not a great loss. Abstaining from the use of illegal drugs, also necessary, will be aboon to your health. 

A career in computer security is not a bad choice for a young man orwoman today. The field will almost certainly expand drastically inyears to come. If you are a teenager today, by the time you become aprofessional, the pioneers you have read about in this book will be thegrand old men and women of the field, swamped by their many disciplesand successors. Of course, some of them, like William P. Wood of the1865 Secret Service, may well be mangled in the whirring machinery oflegal controversy; but by the time you enter the computer-crime field, it may have stabilized somewhat, while remaining entertaininglychallenging. 

But you can't just have a badge. You have to win it. First, there'sthe federal law enforcement training. And it's hard--it's a challenge. A real challenge--not for wimps and rodents. 

Every Secret Service agent must complete gruelling courses at theFederal Law Enforcement Training Center. (In fact, Secret Serviceagents are periodically re-trained during their entire careers. )

In order to get a glimpse of what this might be like, I myselftravelled to FLETC. 

#

The Federal Law Enforcement Training Center is a 1500-acre facility onGeorgia's Atlantic coast. It's a milieu of marshgrass, seabirds, damp, clinging sea-breezes, palmettos, mosquitos, and bats. Until 1974, itwas a Navy Air Base, and still features a working runway, and some WWIIvintage blockhouses and officers' quarters. The Center has sincebenefitted by a forty-million-dollar retrofit, but there's still enoughforest and swamp on the facility for the Border Patrol to put intracking practice. 

As a town, "Glynco" scarcely exists. The nearest real town isBrunswick, a few miles down Highway 17, where I stayed at the aptlynamed Marshview Holiday Inn. I had Sunday dinner at a seafoodrestaurant called "Jinright's, " where I feasted on deep-fried alligatortail. This local favorite was a heaped basket of bite-sized chunks ofwhite, tender, almost fluffy reptile meat, steaming in a pepperedbatter crust. Alligator makes a culinary experience that's hard toforget, especially when liberally basted with homemade cocktail saucefrom a Jinright squeeze-bottle. 

The crowded clientele were tourists, fishermen, local black folks intheir Sunday best, and white Georgian locals who all seemed to bear anuncanny resemblance to Georgia humorist Lewis Grizzard. 

The 2, 400 students from 75 federal agencies who make up the FLETCpopulation scarcely seem to make a dent in the low-key local scene. The students look like tourists, and the teachers seem to have taken onmuch of the relaxed air of the Deep South. My host was Mr. CarltonFitzpatrick, the Program Coordinator of the Financial Fraud Institute. Carlton Fitzpatrick is a mustached, sinewy, well-tanned Alabama nativesomewhere near his late forties, with a fondness for chewing tobacco, powerful computers, and salty, down-home homilies. We'd met before, atFCIC in Arizona. 

The Financial Fraud Institute is one of the nine divisions at FLETC. Besides Financial Fraud, there's Driver & Marine, Firearms, andPhysical Training. These are specialized pursuits. There are alsofive general training divisions: Basic Training, Operations, Enforcement Techniques, Legal Division, and Behavioral Science. 

Somewhere in this curriculum is everything necessary to turn greencollege graduates into federal agents. First they're given ID cards. Then they get the rather miserable-looking blue coveralls known as"smurf suits. " The trainees are assigned a barracks and a cafeteria, and immediately set on FLETC's bone-grinding physical training routine. Besides the obligatory daily jogging--(the trainers run up dangerflags beside the track when the humidity rises high enough to threatenheat stroke)--here's the Nautilus machines, the martial arts, thesurvival skills. . . . 

The eighteen federal agencies who maintain on-site academies at FLETCemploy a wide variety of specialized law enforcement units, some ofthem rather arcane. There's Border Patrol, IRS Criminal InvestigationDivision, Park Service, Fish and Wildlife, Customs, Immigration, SecretService and the Treasury's uniformed subdivisions. . . . If you're afederal cop and you don't work for the FBI, you train at FLETC. Thisincludes people as apparently obscure as the agents of the RailroadRetirement Board Inspector General. Or the Tennessee Valley AuthorityPolice, who are in fact federal police officers, and can and do arrestcriminals on the federal property of the Tennessee Valley Authority. 

And then there are the computer-crime people. All sorts, allbackgrounds. Mr. Fitzpatrick is not jealous of his specializedknowledge. Cops all over, in every branch of service, may feel a needto learn what he can teach. Backgrounds don't matter much. Fitzpatrick himself was originally a Border Patrol veteran, then becamea Border Patrol instructor at FLETC. His Spanish is still fluent--buthe found himself strangely fascinated when the first computers showedup at the Training Center. Fitzpatrick did have a background inelectrical engineering, and though he never considered himself acomputer hacker, he somehow found himself writing useful littleprograms for this new and promising gizmo. 

He began looking into the general subject of computers and crime, reading Donn Parker's books and articles, keeping an ear cocked for warstories, useful insights from the field, the up-and-coming people ofthe local computer-crime and high-technology units. . . . Soon he got areputation around FLETC as the resident "computer expert, " and thatreputation alone brought him more exposure, more experience--until oneday he looked around, and sure enough he WAS a federal computer-crimeexpert. 

In fact, this unassuming, genial man may be THE federal computer-crimeexpert. There are plenty of very good computer people, and plenty ofvery good federal investigators, but the area where these worlds ofexpertise overlap is very slim. And Carlton Fitzpatrick has been rightat the center of that since 1985, the first year of the Colluquy, agroup which owes much to his influence. 

He seems quite at home in his modest, acoustic-tiled office, with itsAnsel Adams-style Western photographic art, a gold-framed SeniorInstructor Certificate, and a towering bookcase crammed with three-ringbinders with ominous titles such as Datapro Reports on InformationSecurity and CFCA Telecom Security '90. 

The phone rings every ten minutes; colleagues show up at the door tochat about new developments in locksmithing or to shake their headsover the latest dismal developments in the BCCI global banking scandal. 

Carlton Fitzpatrick is a fount of computer-crime war-stories, relatedin an acerbic drawl. He tells me the colorful tale of a hacker caughtin California some years back. He'd been raiding systems, typing codewithout a detectable break, for twenty, twenty-four, thirty-six hoursstraight. Not just logged on--TYPING. Investigators were baffled. Nobody could do that. Didn't he have to go to the bathroom? Was itsome kind of automatic keyboard-whacking device that could actuallytype code?

A raid on the suspect's home revealed a situation of astonishingsqualor. The hacker turned out to be a Pakistani computer-sciencestudent who had flunked out of a California university. He'd gonecompletely underground as an illegal electronic immigrant, and wasselling stolen phone-service to stay alive. The place was not merelymessy and dirty, but in a state of psychotic disorder. Powered by someweird mix of culture shock, computer addiction, and amphetamines, thesuspect had in fact been sitting in front of his computer for a day anda half straight, with snacks and drugs at hand on the edge of his deskand a chamber-pot under his chair. 

Word about stuff like this gets around in the hacker-tracker community. 

Carlton Fitzpatrick takes me for a guided tour by car around the FLETCgrounds. One of our first sights is the biggest indoor firing range inthe world. There are federal trainees in there, Fitzpatrick assures mepolitely, blasting away with a wide variety of automatic weapons: Uzis, Glocks, AK-47s. . . . He's willing to take me inside. I tell him I'msure that's really interesting, but I'd rather see his computers. Carlton Fitzpatrick seems quite surprised and pleased. I'm apparentlythe first journalist he's ever seen who has turned down the shootinggallery in favor of microchips. 

Our next stop is a favorite with touring Congressmen: the three-milelong FLETC driving range. Here trainees of the Driver & MarineDivision are taught high-speed pursuit skills, setting and breakingroad-blocks, diplomatic security driving for VIP limousines. . . . Afavorite FLETC pastime is to strap a passing Senator into the passengerseat beside a Driver & Marine trainer, hit a hundred miles an hour, then take it right into "the skid-pan, " a section of greased trackwhere two tons of Detroit iron can whip and spin like a hockey puck. 

Cars don't fare well at FLETC. First they're rifled again and againfor search practice. Then they do 25, 000 miles of high-speed pursuittraining; they get about seventy miles per set of steel-belted radials. Then it's off to the skid pan, where sometimes they roll and tumbleheadlong in the grease. When they're sufficiently grease-stained, dented, and creaky, they're sent to the roadblock unit, where they'rebattered without pity. And finally then they're sacrificed to theBureau of Alcohol, Tobacco and Firearms, whose trainees learn the insand outs of car-bomb work by blowing them into smoking wreckage. 

There's a railroad box-car on the FLETC grounds, and a large groundedboat, and a propless plane; all training-grounds for searches. Theplane sits forlornly on a patch of weedy tarmac next to an eerieblockhouse known as the "ninja compound, " where anti-terrorismspecialists practice hostage rescues. As I gaze on this creepy paragonof modern low-intensity warfare, my nerves are jangled by a suddenstaccato outburst of automatic weapons fire, somewhere in the woods tomy right. "Nine-millimeter, " Fitzpatrick judges calmly. 

Even the eldritch ninja compound pales somewhat compared to the trulysurreal area known as "the raid-houses. " This is a street lined on bothsides with nondescript concrete-block houses with flat pebbled roofs. They were once officers' quarters. Now they are training grounds. Thefirst one to our left, Fitzpatrick tells me, has been specially adaptedfor computer search-and-seizure practice. Inside it has been wired forvideo from top to bottom, with eighteen pan-and-tilt remotelycontrolled videocams mounted on walls and in corners. Every movementof the trainee agent is recorded live by teachers, for later tapedanalysis. Wasted movements, hesitations, possibly lethal tacticalmistakes--all are gone over in detail. 

Perhaps the weirdest single aspect of this building is its front door, scarred and scuffed all along the bottom, from the repeated impact, dayafter day, of federal shoe-leather. 

Down at the far end of the row of raid-houses some people arepracticing a murder. We drive by slowly as some very young and rathernervous-looking federal trainees interview a heavyset bald man on theraid-house lawn. Dealing with murder takes a lot of practice; firstyou have to learn to control your own instinctive disgust and panic, then you have to learn to control the reactions of a nerve-shreddedcrowd of civilians, some of whom may have just lost a loved one, someof whom may be murderers--quite possibly both at once. 

A dummy plays the corpse. The roles of the bereaved, the morbidlycurious, and the homicidal are played, for pay, by local Georgians:waitresses, musicians, most anybody who needs to moonlight and canlearn a script. These people, some of whom are FLETC regulars yearafter year, must surely have one of the strangest jobs in the world. 

Something about the scene: "normal" people in a weird situation, standing around talking in bright Georgia sunshine, unsuccessfullypretending that something dreadful has gone on, while a dummy liesinside on faked bloodstains. . . . While behind this weird masquerade, like a nested set of Russian dolls, are grim future realities of realdeath, real violence, real murders of real people, that these youngagents will really investigate, many times during their careers. . . . Over and over. . . . Will those anticipated murders look like this, feellike this--not as "real" as these amateur actors are trying to make itseem, but both as "real, " and as numbingly unreal, as watching fakepeople standing around on a fake lawn? Something about this sceneunhinges me. It seems nightmarish to me, Kafkaesque. I simply don'tknow how to take it; my head is turned around; I don't know whether tolaugh, cry, or just shudder. 

When the tour is over, Carlton Fitzpatrick and I talk about computers. For the first time cyberspace seems like quite a comfortable place. Itseems very real to me suddenly, a place where I know what I'm talkingabout, a place I'm used to. It's real. "Real. " Whatever. 

Carlton Fitzpatrick is the only person I've met in cyberspace circleswho is happy with his present equipment. He's got a 5 Meg RAM PC witha 112 meg hard disk; a 660 meg's on the way. He's got a Compaq 386desktop, and a Zenith 386 laptop with 120 meg. Down the hall is a NECMulti-Sync 2A with a CD-ROM drive and a 9600 baud modem with fourcom-lines. There's a training minicomputer, and a 10-meg local minijust for the Center, and a lab-full of student PC clones andhalf-a-dozen Macs or so. There's a Data General MV 2500 with 8 meg onboard and a 370 meg disk. 

Fitzpatrick plans to run a UNIX board on the Data General when he'sfinished beta-testing the software for it, which he wrote himself. It'll have E-mail features, massive files on all manner ofcomputer-crime and investigation procedures, and will follow thecomputer-security specifics of the Department of Defense "Orange Book. "He thinks it will be the biggest BBS in the federal government. 

Will it have Phrack on it? I ask wryly. 

Sure, he tells me. Phrack, TAP, Computer Underground Digest, all thatstuff. With proper disclaimers, of course. 

I ask him if he plans to be the sysop. Running a system that size isvery time-consuming, and Fitzpatrick teaches two three-hour coursesevery day. 

No, he says seriously, FLETC has to get its money worth out of theinstructors. He thinks he can get a local volunteer to do it, ahigh-school student. 

He says a bit more, something I think about an Eagle Scoutlaw-enforcement liaison program, but my mind has rocketed off indisbelief. 

"You're going to put a TEENAGER in charge of a federal security BBS?"I'm speechless. It hasn't escaped my notice that the FLETC FinancialFraud Institute is the ULTIMATE hacker-trashing target; there is stuffin here, stuff of such utter and consummate cool by every standard ofthe digital underground. . . . 

I imagine the hackers of my acquaintance, fainting dead-away fromforbidden-knowledge greed-fits, at the mere prospect of cracking thesuperultra top-secret computers used to train the Secret Service incomputer-crime. . . . 

"Uhm, Carlton, " I babble, "I'm sure he's a really nice kid and all, butthat's a terrible temptation to set in front of somebody who's, youknow, into computers and just starting out. . . . "

"Yeah, " he says, "that did occur to me. " For the first time I begin tosuspect that he's pulling my leg. 

He seems proudest when he shows me an ongoing project called JICC, Joint Intelligence Control Council. It's based on the servicesprovided by EPIC, the El Paso Intelligence Center, which supplies dataand intelligence to the Drug Enforcement Administration, the CustomsService, the Coast Guard, and the state police of the four southernborder states. Certain EPIC files can now be accessed bydrug-enforcement police of Central America, South America and theCaribbean, who can also trade information among themselves. Using atelecom program called "White Hat, " written by two brothers named Lopezfrom the Dominican Republic, police can now network internationally oninexpensive PCs. Carlton Fitzpatrick is teaching a class of drug-waragents from the Third World, and he's very proud of their progress. Perhaps soon the sophisticated smuggling networks of the MedellinCartel will be matched by a sophisticated computer network of theMedellin Cartel's sworn enemies. They'll track boats, trackcontraband, track the international drug-lords who now leap overborders with great ease, defeating the police through the clever use offragmented national jurisdictions. 

JICC and EPIC must remain beyond the scope of this book. They seem tome to be very large topics fraught with complications that I am not fitto judge. I do know, however, that the international, computer-assisted networking of police, across national boundaries, issomething that Carlton Fitzpatrick considers very important, aharbinger of a desirable future. I also know that networks by theirnature ignore physical boundaries. And I also know that where you putcommunications you put a community, and that when those communitiesbecome self-aware they will fight to preserve themselves and to expandtheir influence. I make no judgements whether this is good or bad. It's just cyberspace; it's just the way things are. 

I asked Carlton Fitzpatrick what advice he would have for atwenty-year-old who wanted to shine someday in the world of electroniclaw enforcement. 

He told me that the number one rule was simply not to be scared ofcomputers. You don't need to be an obsessive "computer weenie, " butyou mustn't be buffaloed just because some machine looks fancy. Theadvantages computers give smart crooks are matched by the advantagesthey give smart cops. Cops in the future will have to enforce the law"with their heads, not their holsters. " Today you can make good caseswithout ever leaving your office. In the future, cops who resist thecomputer revolution will never get far beyond walking a beat. 

I asked Carlton Fitzpatrick if he had some single message for thepublic; some single thing that he would most like the American publicto know about his work. 

He thought about it while. "Yes, " he said finally. "TELL me therules, and I'll TEACH those rules!" He looked me straight in the eye. "I do the best that I can. "

PART FOUR: THE CIVIL LIBERTARIANS

The story of the Hacker Crackdown, as we have followed it thus far, hasbeen technological, subcultural, criminal and legal. The story of theCivil Libertarians, though it partakes of all those other aspects, isprofoundly and thoroughly POLITICAL. 

In 1990, the obscure, long-simmering struggle over the ownership andnature of cyberspace became loudly and irretrievably public. Peoplefrom some of the oddest corners of American society suddenly foundthemselves public figures. Some of these people found this situationmuch more than they had ever bargained for. They backpedalled, andtried to retreat back to the mandarin obscurity of their cozysubcultural niches. This was generally to prove a mistake. 

But the civil libertarians seized the day in 1990. They foundthemselves organizing, propagandizing, podium-pounding, persuading, touring, negotiating, posing for publicity photos, submitting tointerviews, squinting in the limelight as they tried a tentative, butgrowingly sophisticated, buck-and-wing upon the public stage. 

It's not hard to see why the civil libertarians should have thiscompetitive advantage. 

The hackers of the digital underground are an hermetic elite. Theyfind it hard to make any remotely convincing case for their actions infront of the general public. Actually, hackers roundly despise the"ignorant" public, and have never trusted the judgement of "thesystem. " Hackers do propagandize, but only among themselves, mostly ingiddy, badly spelled manifestos of class warfare, youth rebellion ornaive techie utopianism. Hackers must strut and boast in order toestablish and preserve their underground reputations. But if theyspeak out too loudly and publicly, they will break the fragilesurface-tension of the underground, and they will be harrassed orarrested. Over the longer term, most hackers stumble, get busted, getbetrayed, or simply give up. As a political force, the digitalunderground is hamstrung. 

The telcos, for their part, are an ivory tower under protracted seige. They have plenty of money with which to push their calculated publicimage, but they waste much energy and goodwill attacking one anotherwith slanderous and demeaning ad campaigns. The telcos have sufferedat the hands of politicians, and, like hackers, they don't trust thepublic's judgement. And this distrust may be well-founded. Should thegeneral public of the high-tech 1990s come to understand its own bestinterests in telecommunications, that might well pose a grave threat tothe specialized technical power and authority that the telcos haverelished for over a century. The telcos do have strong advantages:loyal employees, specialized expertise, influence in the halls ofpower, tactical allies in law enforcement, and unbelievably vastamounts of money. But politically speaking, they lack genuinegrassroots support; they simply don't seem to have many friends. 

Cops know a lot of things other people don't know. But cops willinglyreveal only those aspects of their knowledge that they feel will meettheir institutional purposes and further public order. Cops haverespect, they have responsibilities, they have power in the streets andeven power in the home, but cops don't do particularly well inlimelight. When pressed, they will step out in the public gaze tothreaten bad-guys, or to cajole prominent citizens, or perhaps tosternly lecture the naive and misguided. But then they go back withintheir time-honored fortress of the station-house, the courtroom and therule-book. 

The electronic civil libertarians, however, have proven to be bornpolitical animals. They seemed to grasp very early on the postmoderntruism that communication is power. Publicity is power. Soundbitesare power. The ability to shove one's issue onto the publicagenda--and KEEP IT THERE--is power. Fame is power. Simple personalfluency and eloquence can be power, if you can somehow catch thepublic's eye and ear. 

The civil libertarians had no monopoly on "technical power"--thoughthey all owned computers, most were not particularly advanced computerexperts. They had a good deal of money, but nowhere near theearthshaking wealth and the galaxy of resources possessed by telcos orfederal agencies. They had no ability to arrest people. They carriedout no phreak and hacker covert dirty-tricks. 

But they really knew how to network. 

Unlike the other groups in this book, the civil libertarians haveoperated very much in the open, more or less right in the publichurly-burly. They have lectured audiences galore and talked tocountless journalists, and have learned to refine their spiels. They've kept the cameras clicking, kept those faxes humming, swappedthat email, run those photocopiers on overtime, licked envelopes andspent small fortunes on airfare and long-distance. In an informationsociety, this open, overt, obvious activity has proven to be a profoundadvantage. 

In 1990, the civil libertarians of cyberspace assembled out of nowherein particular, at warp speed. This "group" (actually, a networkinggaggle of interested parties which scarcely deserves even that looseterm) has almost nothing in the way of formal organization. Thoseformal civil libertarian organizations which did take an interest incyberspace issues, mainly the Computer Professionals for SocialResponsibility and the American Civil Liberties Union, were carriedalong by events in 1990, and acted mostly as adjuncts, underwriters orlaunching-pads. 

The civil libertarians nevertheless enjoyed the greatest success of anyof the groups in the Crackdown of 1990. At this writing, their futurelooks rosy and the political initiative is firmly in their hands. Thisshould be kept in mind as we study the highly unlikely lives andlifestyles of the people who actually made this happen. 

#

In June 1989, Apple Computer, Inc. , of Cupertino, California, had aproblem. Someone had illicitly copied a small piece of Apple'sproprietary software, software which controlled an internal chipdriving the Macintosh screen display. This Color QuickDraw source codewas a closely guarded piece of Apple's intellectual property. Onlytrusted Apple insiders were supposed to possess it. 

But the "NuPrometheus League" wanted things otherwise. This person (orpersons) made several illicit copies of this source code, perhaps asmany as two dozen. He (or she, or they) then put those illicit floppydisks into envelopes and mailed them to people all over America: peoplein the computer industry who were associated with, but not directlyemployed by, Apple Computer. 

The NuPrometheus caper was a complex, highly ideological, and veryhacker-like crime. Prometheus, it will be recalled, stole the fire ofthe Gods and gave this potent gift to the general ranks of downtroddenmankind. A similar god-in-the-manger attitude was implied for thecorporate elite of Apple Computer, while the "Nu" Prometheus hadhimself cast in the role of rebel demigod. The illicitly copied datawas given away for free. 

The new Prometheus, whoever he was, escaped the fate of the ancientGreek Prometheus, who was chained to a rock for centuries by thevengeful gods while an eagle tore and ate his liver. On the otherhand, NuPrometheus chickened out somewhat by comparison with his rolemodel. The small chunk of Color QuickDraw code he had filched andreplicated was more or less useless to Apple's industrial rivals (or, in fact, to anyone else). Instead of giving fire to mankind, it wasmore as if NuPrometheus had photocopied the schematics for part of aBic lighter. The act was not a genuine work of industrial espionage. It was best interpreted as a symbolic, deliberate slap in the face forthe Apple corporate heirarchy. 

Apple's internal struggles were well-known in the industry. Apple'sfounders, Jobs and Wozniak, had both taken their leave long since. Their raucous core of senior employees had been a barnstorming crew of1960s Californians, many of them markedly less than happy with the newbutton-down multimillion dollar regime at Apple. Many of theprogrammers and developers who had invented the Macintosh model in theearly 1980s had also taken their leave of the company. It was they, not the current masters of Apple's corporate fate, who had invented thestolen Color QuickDraw code. The NuPrometheus stunt waswell-calculated to wound company morale. 

Apple called the FBI. The Bureau takes an interest in high-profileintellectual-property theft cases, industrial espionage and theft oftrade secrets. These were likely the right people to call, and rumorhas it that the entities responsible were in fact discovered by theFBI, and then quietly squelched by Apple management. NuPrometheus wasnever publicly charged with a crime, or prosecuted, or jailed. Butthere were no further illicit releases of Macintosh internal software. Eventually the painful issue of NuPrometheus was allowed to fade. 

In the meantime, however, a large number of puzzled bystanders foundthemselves entertaining surprise guests from the FBI. 

One of these people was John Perry Barlow. Barlow is a most unusualman, difficult to describe in conventional terms. He is perhaps bestknown as a songwriter for the Grateful Dead, for he composed lyrics for"Hell in a Bucket, " "Picasso Moon, " "Mexicali Blues, " "I Need aMiracle, " and many more; he has been writing for the band since 1970. 

Before we tackle the vexing question as to why a rock lyricist shouldbe interviewed by the FBI in a computer-crime case, it might be well tosay a word or two about the Grateful Dead. The Grateful Dead areperhaps the most successful and long-lasting of the numerous culturalemanations from the Haight-Ashbury district of San Francisco, in theglory days of Movement politics and lysergic transcendance. TheGrateful Dead are a nexus, a veritable whirlwind, of applique decals, psychedelic vans, tie-dyed T-shirts, earth-color denim, frenzieddancing and open and unashamed drug use. The symbols, and therealities, of Californian freak power surround the Grateful Dead likeknotted macrame. 

The Grateful Dead and their thousands of Deadhead devotees are radicalBohemians. This much is widely understood. Exactly what this impliesin the 1990s is rather more problematic. 

The Grateful Dead are among the world's most popular and wealthyentertainers: number 20, according to Forbes magazine, right betweenM. C. Hammer and Sean Connery. In 1990, this jeans-clad group ofpurported raffish outcasts earned seventeen million dollars. They havebeen earning sums much along this line for quite some time now. 

And while the Dead are not investment bankers or three-piece-suit taxspecialists--they are, in point of fact, hippie musicians--this moneyhas not been squandered in senseless Bohemian excess. The Dead havebeen quietly active for many years, funding various worthy activitiesin their extensive and widespread cultural community. 

The Grateful Dead are not conventional players in the American powerestablishment. They nevertheless are something of a force to bereckoned with. They have a lot of money and a lot of friends in manyplaces, both likely and unlikely. 

The Dead may be known for back-to-the-earth environmentalist rhetoric, but this hardly makes them anti-technological Luddites. On thecontrary, like most rock musicians, the Grateful Dead have spent theirentire adult lives in the company of complex electronic equipment. They have funds to burn on any sophisticated tool and toy that mighthappen to catch their fancy. And their fancy is quite extensive. 

The Deadhead community boasts any number of recording engineers, lighting experts, rock video mavens, electronic technicians of alldescriptions. And the drift goes both ways. Steve Wozniak, Apple'sco-founder, used to throw rock festivals. Silicon Valley rocks out. 

These are the 1990s, not the 1960s. Today, for a surprising number ofpeople all over America, the supposed dividing line between Bohemianand technician simply no longer exists. People of this sort may have aset of windchimes and a dog with a knotted kerchief 'round its neck, but they're also quite likely to own a multimegabyte Macintosh runningMIDI synthesizer software and trippy fractal simulations. These days, even Timothy Leary himself, prophet of LSD, does virtual-realitycomputer-graphics demos in his lecture tours. 

John Perry Barlow is not a member of the Grateful Dead. He is, however, a ranking Deadhead. 

Barlow describes himself as a "techno-crank. " A vague term like"social activist" might not be far from the mark, either. But Barlowmight be better described as a "poet"--if one keeps in mind PercyShelley's archaic definition of poets as "unacknowledged legislators ofthe world. "

Barlow once made a stab at acknowledged legislator status. In 1987, henarrowly missed the Republican nomination for a seat in the WyomingState Senate. Barlow is a Wyoming native, the third-generation scionof a well-to-do cattle-ranching family. He is in his early forties, married and the father of three daughters. 

Barlow is not much troubled by other people's narrow notions ofconsistency. In the late 1980s, this Republican rock lyricist cattlerancher sold his ranch and became a computer telecommunications devotee. 

The free-spirited Barlow made this transition with ease. He genuinelyenjoyed computers. With a beep of his modem, he leapt from small-townPinedale, Wyoming, into electronic contact with a large and livelycrowd of bright, inventive, technological sophisticates from all overthe world. Barlow found the social milieu of computing attractive: itsfast-lane pace, its blue-sky rhetoric, its open-endedness. Barlowbegan dabbling in computer journalism, with marked success, as he was aquick study, and both shrewd and eloquent. He frequently travelled toSan Francisco to network with Deadhead friends. There Barlow madeextensive contacts throughout the Californian computer community, including friendships among the wilder spirits at Apple. 

In May 1990, Barlow received a visit from a local Wyoming agent of theFBI. The NuPrometheus case had reached Wyoming. 

Barlow was troubled to find himself under investigation in an area ofhis interests once quite free of federal attention. He had to struggleto explain the very nature of computer-crime to a headscratching localFBI man who specialized in cattle-rustling. Barlow, chatting helpfullyand demonstrating the wonders of his modem to the puzzled fed, wasalarmed to find all "hackers" generally under FBI suspicion as an evilinfluence in the electronic community. The FBI, in pursuit of a hackercalled "NuPrometheus, " were tracing attendees of a suspect group calledthe Hackers Conference. 

The Hackers Conference, which had been started in 1984, was a yearlyCalifornian meeting of digital pioneers and enthusiasts. The hackersof the Hackers Conference had little if anything to do with the hackersof the digital underground. On the contrary, the hackers of thisconference were mostly well-to-do Californian high-tech CEOs, consultants, journalists and entrepreneurs. (This group of hackerswere the exact sort of "hackers" most likely to react with militantfury at any criminal degradation of the term "hacker. ")

Barlow, though he was not arrested or accused of a crime, and thoughhis computer had certainly not gone out the door, was very troubled bythis anomaly. He carried the word to the Well. 

Like the Hackers Conference, "the Well" was an emanation of the PointFoundation. Point Foundation, the inspiration of a wealthy Californian60s radical named Stewart Brand, was to be a major launch-pad of thecivil libertarian effort. 

Point Foundation's cultural efforts, like those of their fellow BayArea Californians the Grateful Dead, were multifaceted andmultitudinous. Rigid ideological consistency had never been a strongsuit of the Whole Earth Catalog. This Point publication had enjoyed astrong vogue during the late 60s and early 70s, when it offeredhundreds of practical (and not so practical) tips on communitarianliving, environmentalism, and getting back-to-the-land. The WholeEarth Catalog, and its sequels, sold two and half million copies andwon a National Book Award. 

With the slow collapse of American radical dissent, the Whole EarthCatalog had slipped to a more modest corner of the cultural radar; butin its magazine incarnation, CoEvolution Quarterly, the PointFoundation continued to offer a magpie potpourri of "access to toolsand ideas. "

CoEvolution Quarterly, which started in 1974, was never a widelypopular magazine. Despite periodic outbreaks of millenarian fervor, CoEvolution Quarterly failed to revolutionize Western civilization andreplace leaden centuries of history with bright new Californianparadigms. Instead, this propaganda arm of Point Foundation cakewalkeda fine line between impressive brilliance and New Age flakiness. CoEvolution Quarterly carried no advertising, cost a lot, and came outon cheap newsprint with modest black-and-white graphics. It was poorlydistributed, and spread mostly by subscription and word of mouth. 

It could not seem to grow beyond 30, 000 subscribers. And yet--it neverseemed to shrink much, either. Year in, year out, decade in, decadeout, some strange demographic minority accreted to support themagazine. The enthusiastic readership did not seem to have much in theway of coherent politics or ideals. It was sometimes hard tounderstand what held them together (if the often bitter debate in theletter-columns could be described as "togetherness"). 

But if the magazine did not flourish, it was resilient; it got by. Then, in 1984, the birth-year of the Macintosh computer, CoEvolutionQuarterly suddenly hit the rapids. Point Foundation had discovered thecomputer revolution. Out came the Whole Earth Software Catalog of1984, arousing headscratching doubts among the tie-dyed faithful, andrabid enthusiasm among the nascent "cyberpunk" milieu, present companyincluded. Point Foundation started its yearly Hackers Conference, andbegan to take an extensive interest in the strange new possibilities ofdigital counterculture. CoEvolution Quarterlyfolded its teepee, replaced by Whole Earth Software Review and eventually by Whole EarthReview (the magazine's present incarnation, currently under theeditorship of virtual-reality maven Howard Rheingold). 

1985 saw the birth of the "WELL"--the "Whole Earth 'Lectronic Link. "The Well was Point Foundation's bulletin board system. 

As boards went, the Well was an anomaly from the beginning, andremained one. It was local to San Francisco. It was huge, withmultiple phonelines and enormous files of commentary. Its complexUNIX-based software might be most charitably described as"user-opaque. " It was run on a mainframe out of the rambling officesof a non-profit cultural foundation in Sausalito. And it was crammedwith fans of the Grateful Dead. 

Though the Well was peopled by chattering hipsters of the Bay Areacounterculture, it was by no means a "digital underground" board. Teenagers were fairly scarce; most Well users (known as "Wellbeings")were thirty- and forty-something Baby Boomers. They tended to work inthe information industry: hardware, software, telecommunications, media, entertainment. Librarians, academics, and journalists wereespecially common on the Well, attracted by Point Foundation'sopen-handed distribution of "tools and ideas. "

There were no anarchy files on the Well, scarcely a dropped hint aboutaccess codes or credit-card theft. No one used handles. Vicious"flame-wars" were held to a comparatively civilized rumble. Debateswere sometimes sharp, but no Wellbeing ever claimed that a rival haddisconnected his phone, trashed his house, or posted his credit cardnumbers. 

The Well grew slowly as the 1980s advanced. It charged a modest sumfor access and storage, and lost money for years--but not enough tohamper the Point Foundation, which was nonprofit anyway. By 1990, theWell had about five thousand users. These users wandered about agigantic cyberspace smorgasbord of "Conferences", each conferenceitself consisting of a welter of "topics, " each topic containingdozens, sometimes hundreds of comments, in a tumbling, multipersondebate that could last for months or years on end. 

In 1991, the Well's list of conferences looked like this:

CONFERENCES ON THE WELL

WELL "Screenzine" Digest (g zine)

Best of the WELL - vintage material - (g best)

Index listing of new topics in all conferences - (g newtops)

 Business - Education ----------------------

 Apple Library Users Group(g alug) Agriculture (g agri) Brainstorming (g brain) Classifieds (g cla) Computer Journalism (g cj) Consultants (g consult) Consumers (g cons) Design (g design) Desktop Publishing (g desk) Disability (g disability) Education (g ed) Energy (g energy91) Entrepreneurs (g entre) Homeowners (g home) Indexing (g indexing) Investments (g invest) Kids91 (g kids) Legal (g legal) One Person Business (g one) Periodical/newsletter (g per) Telecomm Law (g tcl) The Future (g fut) Translators (g trans) Travel (g tra) Work (g work)

 Electronic Frontier Foundation (g eff) Computers, Freedom & Privacy (g cfp) Computer Professionals for Social Responsibility (g cpsr)

 Social - Political - Humanities ---------------------------------

 Aging (g gray) AIDS (g aids) Amnesty International (g amnesty) Archives (g arc) Berkeley (g berk) Buddhist (g wonderland) Christian (g cross) Couples (g couples) Current Events (g curr) Dreams (g dream) Drugs (g dru) East Coast (g east) Emotional Health@@@@ (g private) Erotica (g eros) Environment (g env) Firearms (g firearms) First Amendment (g first) Fringes of Reason (g fringes) Gay (g gay) Gay (Private)# (g gaypriv) Geography (g geo) German (g german) Gulf War (g gulf) Hawaii (g aloha) Health (g heal) History (g hist) Holistic (g holi) Interview (g inter) Italian (g ital) Jewish (g jew) Liberty (g liberty) Mind (g mind) Miscellaneous (g misc) Men on the WELL@@ (g mow) Network Integration (g origin) Nonprofits (g non) North Bay (g north) Northwest (g nw) Pacific Rim (g pacrim) Parenting (g par) Peace (g pea) Peninsula (g pen) Poetry (g poetry) Philosophy (g phi) Politics (g pol) Psychology (g psy) Psychotherapy (g therapy) Recovery## (g recovery) San Francisco (g sanfran) Scams (g scam) Sexuality (g sex) Singles (g singles) Southern (g south) Spanish (g spanish) Spirituality (g spirit) Tibet (g tibet) Transportation (g transport) True Confessions (g tru) Unclear (g unclear) WELL Writer's Workshop@@@(g www) Whole Earth (g we) Women on the WELL@(g wow) Words (g words) Writers (g wri)

 @@@@Private Conference - mail wooly for entry @@@Private conference - mail sonia for entry @@Private conference - mail flash for entry @ Private conference - mail reva for entry # Private Conference - mail hudu for entry ## Private Conference - mail dhawk for entry

 Arts - Recreation - Entertainment -----------------------------------

 ArtCom Electronic Net (g acen) Audio-Videophilia (g aud) Bicycles (g bike) Bay Area Tonight@@(g bat) Boating (g wet) Books (g books) CD's (g cd) Comics (g comics) Cooking (g cook) Flying (g flying) Fun (g fun) Games (g games) Gardening (g gard) Kids (g kids) Nightowls@ (g owl) Jokes (g jokes) MIDI (g midi) Movies (g movies) Motorcycling (g ride) Motoring (g car) Music (g mus) On Stage (g onstage) Pets (g pets) Radio (g rad) Restaurant (g rest) Science Fiction (g sf) Sports (g spo) Star Trek (g trek) Television (g tv) Theater (g theater) Weird (g weird) Zines/Factsheet Five(g f5) @Open from midnight to 6am @@Updated daily

 Grateful Dead -------------

 Grateful Dead (g gd) Deadplan@ (g dp) Deadlit (g deadlit) Feedback (g feedback) GD Hour (g gdh) Tapes (g tapes) Tickets (g tix) Tours (g tours)

 @Private conference - mail tnf for entry

 Computers -----------

 AI/Forth/Realtime (g realtime) Amiga (g amiga) Apple (g app) Computer Books (g cbook) Art & Graphics (g gra) Hacking (g hack) HyperCard (g hype) IBM PC (g ibm) LANs (g lan) Laptop (g lap) Macintosh (g mac) Mactech (g mactech) Microtimes (g microx) Muchomedia (g mucho) NeXt (g next) OS/2 (g os2) Printers (g print) Programmer's Net (g net) Siggraph (g siggraph) Software Design (g sdc) Software/Programming (g software) Software Support (g ssc) Unix (g unix) Windows (g windows) Word Processing (g word)

 Technical - Communications ----------------------------

 Bioinfo (g bioinfo) Info (g boing) Media (g media) NAPLPS (g naplps) Netweaver (g netweaver) Networld (g networld) Packet Radio (g packet) Photography (g pho) Radio (g rad) Science (g science) Technical Writers (g tec) Telecommunications(g tele) Usenet (g usenet) Video (g vid) Virtual Reality (g vr)

 The WELL Itself ---------------

 Deeper (g deeper) Entry (g ent) General (g gentech) Help (g help) Hosts (g hosts) Policy (g policy) System News (g news) Test (g test)

The list itself is dazzling, bringing to the untutored eye a dizzyingimpression of a bizarre milieu of mountain-climbing Hawaiian holisticphotographers trading true-life confessions with bisexualword-processing Tibetans. 

But this confusion is more apparent than real. Each of theseconferences was a little cyberspace world in itself, comprising dozensand perhaps hundreds of sub-topics. Each conference was commonlyfrequented by a fairly small, fairly like-minded community of perhaps afew dozen people. It was humanly impossible to encompass the entireWell (especially since access to the Well's mainframe computer wasbilled by the hour). Most long-time users contented themselves with afew favorite topical neighborhoods, with the occasional foray elsewherefor a taste of exotica. But especially important news items, and hottopical debates, could catch the attention of the entire Well community. 

Like any community, the Well had its celebrities, and John PerryBarlow, the silver-tongued and silver-modemed lyricist of the GratefulDead, ranked prominently among them. It was here on the Well thatBarlow posted his true-life tale of computer-crime encounter with theFBI. 

The story, as might be expected, created a great stir. The Well wasalready primed for hacker controversy. In December 1989, Harper'smagazine had hosted a debate on the Well about the ethics of illicitcomputer intrusion. While over forty various computer-mavens tookpart, Barlow proved a star in the debate. So did "Acid Phreak" and"Phiber Optik, " a pair of young New York hacker-phreaks whose skills attelco switching-station intrusion were matched only by their apparentlylimitless hunger for fame. The advent of these two boldly swaggeringoutlaws in the precincts of the Well created a sensation akin to thatof Black Panthers at a cocktail party for the radically chic. 

Phiber Optik in particular was to seize the day in 1990. A devotee ofthe 2600 circle and stalwart of the New York hackers' group "Masters ofDeception, " Phiber Optik was a splendid exemplar of the computerintruder as committed dissident. The eighteen-year-old Optik, ahigh-school dropout and part-time computer repairman, was young, smart, and ruthlessly obsessive, a sharp-dressing, sharp-talking digital dudewho was utterly and airily contemptuous of anyone's rules but his own. By late 1991, Phiber Optik had appeared in Harper's, Esquire, The NewYork Times, in countless public debates and conventions, even on atelevision show hosted by Geraldo Rivera. 

Treated with gingerly respect by Barlow and other Well mavens, PhiberOptik swiftly became a Well celebrity. Strangely, despite his thornyattitude and utter single-mindedness, Phiber Optik seemed to arousestrong protective instincts in most of the people who met him. He wasgreat copy for journalists, always fearlessly ready to swagger, and, better yet, to actually DEMONSTRATE some off-the-wall digital stunt. He was a born media darling. 

Even cops seemed to recognize that there was something peculiarlyunworldly and uncriminal about this particular troublemaker. He was sobold, so flagrant, so young, and so obviously doomed, that even thosewho strongly disapproved of his actions grew anxious for his welfare, and began to flutter about him as if he were an endangered seal pup. 

In January 24, 1990 (nine days after the Martin Luther King Day Crash), Phiber Optik, Acid Phreak, and a third NYC scofflaw named Scorpion wereraided by the Secret Service. Their computers went out the door, alongwith the usual blizzard of papers, notebooks, compact disks, answeringmachines, Sony Walkmans, etc. Both Acid Phreak and Phiber Optik wereaccused of having caused the Crash. 

The mills of justice ground slowly. The case eventually fell into thehands of the New York State Police. Phiber had lost his machinery inthe raid, but there were no charges filed against him for over a year. His predicament was extensively publicized on the Well, where it causedmuch resentment for police tactics. It's one thing to merely hearabout a hacker raided or busted; it's another to see the policeattacking someone you've come to know personally, and who has explainedhis motives at length. Through the Harper's debate on the Well, it hadbecome clear to the Wellbeings that Phiber Optik was not in fact goingto "hurt anything. " In their own salad days, many Wellbeings had tastedtear-gas in pitched street-battles with police. They were inclined toindulgence for acts of civil disobedience. 

Wellbeings were also startled to learn of the draconian thoroughness ofa typical hacker search-and-seizure. It took no great stretch ofimagination for them to envision themselves suffering much the sametreatment. 

As early as January 1990, sentiment on the Well had already begun tosour, and people had begun to grumble that "hackers" were getting a rawdeal from the ham-handed powers-that-be. The resultant issue ofHarper's magazine posed the question as to whether computer-intrusionwas a "crime" at all. As Barlow put it later: "I've begun to wonderif we wouldn't also regard spelunkers as desperate criminals if AT&Towned all the caves. "

In February 1991, more than a year after the raid on his home, PhiberOptik was finally arrested, and was charged with first-degree ComputerTampering and Computer Trespass, New York state offenses. He was alsocharged with a theft-of-service misdemeanor, involving a complexfree-call scam to a 900 number. Phiber Optik pled guilty to themisdemeanor charge, and was sentenced to 35 hours of community service. 

This passing harassment from the unfathomable world of straight peopleseemed to bother Optik himself little if at all. Deprived of hiscomputer by the January search-and-seizure, he simply bought himself aportable computer so the cops could no longer monitor the phone wherehe lived with his Mom, and he went right on with his depredations, sometimes on live radio or in front of television cameras. 

The crackdown raid may have done little to dissuade Phiber Optik, butits galling affect on the Wellbeings was profound. As 1990 rolled on, the slings and arrows mounted: the Knight Lightning raid, the SteveJackson raid, the nation-spanning Operation Sundevil. The rhetoric oflaw enforcement made it clear that there was, in fact, a concertedcrackdown on hackers in progress. 

The hackers of the Hackers Conference, the Wellbeings, and their ilk, did not really mind the occasional public misapprehension of "hacking;"if anything, this membrane of differentiation from straight societymade the "computer community" feel different, smarter, better. Theyhad never before been confronted, however, by a concerted vilificationcampaign. 

Barlow's central role in the counter-struggle was one of the majoranomalies of 1990. Journalists investigating the controversy oftenstumbled over the truth about Barlow, but they commonly dustedthemselves off and hurried on as if nothing had happened. It was as ifit were TOO MUCH TO BELIEVE that a 1960s freak from the Grateful Deadhad taken on a federal law enforcement operation head-to-head andACTUALLY SEEMED TO BE WINNING!

Barlow had no easily detectable power-base for a political struggle ofthis kind. He had no formal legal or technical credentials. Barlowwas, however, a computer networker of truly stellar brilliance. He hada poet's gift of concise, colorful phrasing. He also had ajournalist's shrewdness, an off-the-wall, self-deprecating wit, and aphenomenal wealth of simple personal charm. 

The kind of influence Barlow possessed is fairly common currency inliterary, artistic, or musical circles. A gifted critic can wieldgreat artistic influence simply through defining the temper of thetimes, by coining the catch-phrases and the terms of debate that becomethe common currency of the period. (And as it happened, Barlow WAS apart-time art critic, with a special fondness for the Western art ofFrederic Remington. )

Barlow was the first commentator to adopt William Gibson's strikingscience-fictional term "cyberspace" as a synonym for the present-daynexus of computer and telecommunications networks. Barlow wasinsistent that cyberspace should be regarded as a qualitatively newworld, a "frontier. " According to Barlow, the world of electroniccommunications, now made visible through the computer screen, could nolonger be usefully regarded as just a tangle of high-tech wiring. Instead, it had become a PLACE, cyberspace, which demanded a new set ofmetaphors, a new set of rules and behaviors. The term, as Barlowemployed it, struck a useful chord, and this concept of cyberspace waspicked up by Time, Scientific American, computer police, hackers, andeven Constitutional scholars. "Cyberspace" now seems likely to becomea permanent fixture of the language. 

Barlow was very striking in person: a tall, craggy-faced, bearded, deep-voiced Wyomingan in a dashing Western ensemble of jeans, jacket, cowboy boots, a knotted throat-kerchief and an ever-present GratefulDead cloisonne lapel pin. 

Armed with a modem, however, Barlow was truly in his element. Formalhierarchies were not Barlow's strong suit; he rarely missed a chance tobelittle the "large organizations and their drones, " with theiruptight, institutional mindset. Barlow was very much of thefree-spirit persuasion, deeply unimpressed by brass-hats andjacks-in-office. But when it came to the digital grapevine, Barlow wasa cyberspace ad-hocrat par excellence. 

There was not a mighty army of Barlows. There was only one Barlow, andhe was a fairly anomolous individual. However, the situation onlyseemed to REQUIRE a single Barlow. In fact, after 1990, many peoplemust have concluded that a single Barlow was far more than they'd everbargained for. 

Barlow's querulous mini-essay about his encounter with the FBI struck astrong chord on the Well. A number of other free spirits on thefringes of Apple Computing had come under suspicion, and they liked itnot one whit better than he did. 

One of these was Mitchell Kapor, the co-inventor of the spreadsheetprogram "Lotus 1-2-3" and the founder of Lotus Development Corporation. Kapor had written-off the passing indignity of being fingerprinted downat his own local Boston FBI headquarters, but Barlow's post made thefull national scope of the FBI's dragnet clear to Kapor. The issue nowhad Kapor's full attention. As the Secret Service swung intoanti-hacker operation nationwide in 1990, Kapor watched every move withdeep skepticism and growing alarm. 

As it happened, Kapor had already met Barlow, who had interviewed Kaporfor a California computer journal. Like most people who met Barlow, Kapor had been very taken with him. Now Kapor took it upon himself todrop in on Barlow for a heart-to-heart talk about the situation. 

Kapor was a regular on the Well. Kapor had been a devotee of the WholeEarth Catalog since the beginning, and treasured a complete run of themagazine. And Kapor not only had a modem, but a private jet. Inpursuit of the scattered high-tech investments of Kapor EnterprisesInc. , his personal, multi-million dollar holding company, Kaporcommonly crossed state lines with about as much thought as one mightgive to faxing a letter. 

The Kapor-Barlow council of June 1990, in Pinedale, Wyoming, was thestart of the Electronic Frontier Foundation. Barlow swiftly wrote amanifesto, "Crime and Puzzlement, " which announced his, and Kapor's, intention to form a political organization to "raise and disburse fundsfor education, lobbying, and litigation in the areas relating todigital speech and the extension of the Constitution into Cyberspace. "

Furthermore, proclaimed the manifesto, the foundation would "fund, conduct, and support legal efforts to demonstrate that the SecretService has exercised prior restraint on publications, limited freespeech, conducted improper seizure of equipment and data, used undueforce, and generally conducted itself in a fashion which is arbitrary, oppressive, and unconstitutional. "

"Crime and Puzzlement" was distributed far and wide through computernetworking channels, and also printed in the Whole Earth Review. Thesudden declaration of a coherent, politicized counter-strike from theranks of hackerdom electrified the community. Steve Wozniak (perhaps abit stung by the NuPrometheus scandal) swiftly offered to match anyfunds Kapor offered the Foundation. 

John Gilmore, one of the pioneers of Sun Microsystems, immediatelyoffered his own extensive financial and personal support. Gilmore, anardent libertarian, was to prove an eloquent advocate of electronicprivacy issues, especially freedom from governmental and corporatecomputer-assisted surveillance of private citizens. 

A second meeting in San Francisco rounded up further allies: StewartBrand of the Point Foundation, virtual-reality pioneers Jaron Lanierand Chuck Blanchard, network entrepreneur and venture capitalist NatGoldhaber. At this dinner meeting, the activists settled on a formaltitle: the Electronic Frontier Foundation, Incorporated. Kapor becameits president. A new EFF Conference was opened on the PointFoundation's Well, and the Well was declared "the home of theElectronic Frontier Foundation. "

Press coverage was immediate and intense. Like theirnineteenth-century spiritual ancestors, Alexander Graham Bell andThomas Watson, the high-tech computer entrepreneurs of the 1970s and1980s--people such as Wozniak, Jobs, Kapor, Gates, and H. Ross Perot, who had raised themselves by their bootstraps to dominate a glitteringnew industry--had always made very good copy. 

But while the Wellbeings rejoiced, the press in general seemednonplussed by the self-declared "civilizers of cyberspace. " EFF'sinsistence that the war against "hackers" involved grave Constitutionalcivil liberties issues seemed somewhat farfetched, especially sincenone of EFF's organizers were lawyers or established politicians. Thebusiness press in particular found it easier to seize on the apparentcore of the story--that high-tech entrepreneur Mitchell Kapor hadestablished a "defense fund for hackers. " Was EFF a genuinelyimportant political development--or merely a clique of wealthyeccentrics, dabbling in matters better left to the proper authorities?The jury was still out. 

But the stage was now set for open confrontation. And the first andthe most critical battle was the hacker show-trial of "KnightLightning. "

#

It has been my practice throughout this book to refer to hackers onlyby their "handles. " There is little to gain by giving the real namesof these people, many of whom are juveniles, many of whom have neverbeen convicted of any crime, and many of whom had unsuspecting parentswho have already suffered enough. 

But the trial of Knight Lightning on July 24-27, 1990, made thisparticular "hacker" a nationally known public figure. It can do noparticular harm to himself or his family if I repeat thelong-established fact that his name is Craig Neidorf (pronouncedNYE-dorf). 

Neidorf's jury trial took place in the United States District Court, Northern District of Illinois, Eastern Division, with the HonorableNicholas J. Bua presiding. The United States of America was theplaintiff, the defendant Mr. Neidorf. The defendant's attorney wasSheldon T. Zenner of the Chicago firm of Katten, Muchin and Zavis. 

The prosecution was led by the stalwarts of the Chicago Computer Fraudand Abuse Task Force: William J. Cook, Colleen D. Coughlin, and DavidA. Glockner, all Assistant United States Attorneys. The Secret ServiceCase Agent was Timothy M. Foley. 

It will be recalled that Neidorf was the co-editor of an undergroundhacker "magazine" called Phrack. Phrack was an entirely electronicpublication, distributed through bulletin boards and over electronicnetworks. It was amateur publication given away for free. Neidorf hadnever made any money for his work in Phrack. Neither had hisunindicted co-editor "Taran King" or any of the numerous Phrackcontributors. 

The Chicago Computer Fraud and Abuse Task Force, however, had decidedto prosecute Neidorf as a fraudster. To formally admit that Phrack wasa "magazine" and Neidorf a "publisher" was to open a prosecutorialPandora's Box of First Amendment issues. To do this was to play intothe hands of Zenner and his EFF advisers, which now included a phalanxof prominent New York civil rights lawyers as well as the formidablelegal staff of Katten, Muchin and Zavis. Instead, the prosecutionrelied heavily on the issue of access device fraud: Section 1029 ofTitle 18, the section from which the Secret Service drew its mostdirect jurisdiction over computer crime. 

Neidorf's alleged crimes centered around the E911 Document. He wasaccused of having entered into a fraudulent scheme with the Prophet, who, it will be recalled, was the Atlanta LoD member who had illicitlycopied the E911 Document from the BellSouth AIMSX system. 

The Prophet himself was also a co-defendant in the Neidorf case, part-and-parcel of the alleged "fraud scheme" to "steal" BellSouth'sE911 Document (and to pass the Document across state lines, whichhelped establish the Neidorf trial as a federal case). The Prophet, inthe spirit of full co-operation, had agreed to testify against Neidorf. 

In fact, all three of the Atlanta crew stood ready to testify againstNeidorf. Their own federal prosecutors in Atlanta had charged theAtlanta Three with: (a) conspiracy, (b) computer fraud, (c) wire fraud, (d) access device fraud, and (e) interstate transportation of stolenproperty (Title 18, Sections 371, 1030, 1343, 1029, and 2314). 

Faced with this blizzard of trouble, Prophet and Leftist had ducked anypublic trial and had pled guilty to reduced charges--one conspiracycount apiece. Urvile had pled guilty to that odd bit of Section 1029which makes it illegal to possess "fifteen or more" illegal accessdevices (in his case, computer passwords). And their sentences werescheduled for September 14, 1990--well after the Neidorf trial. Aswitnesses, they could presumably be relied upon to behave. 

Neidorf, however, was pleading innocent. Most everyone else caught upin the crackdown had "cooperated fully" and pled guilty in hope ofreduced sentences. (Steve Jackson was a notable exception, of course, and had strongly protested his innocence from the very beginning. ButSteve Jackson could not get a day in court--Steve Jackson had neverbeen charged with any crime in the first place. )

Neidorf had been urged to plead guilty. But Neidorf was a politicalscience major and was disinclined to go to jail for "fraud" when he hadnot made any money, had not broken into any computer, and had beenpublishing a magazine that he considered protected under the FirstAmendment. 

Neidorf's trial was the ONLY legal action of the entire Crackdown thatactually involved bringing the issues at hand out for a public test infront of a jury of American citizens. 

Neidorf, too, had cooperated with investigators. He had voluntarilyhanded over much of the evidence that had led to his own indictment. He had already admitted in writing that he knew that the E911 Documenthad been stolen before he had "published" it in Phrack--or, from theprosecution's point of view, illegally transported stolen property bywire in something purporting to be a "publication. "

But even if the "publication" of the E911 Document was not held to be acrime, that wouldn't let Neidorf off the hook. Neidorf had stillreceived the E911 Document when Prophet had transferred it to him fromRich Andrews' Jolnet node. On that occasion, it certainly hadn't been"published"--it was hacker booty, pure and simple, transported acrossstate lines. 

The Chicago Task Force led a Chicago grand jury to indict Neidorf on aset of charges that could have put him in jail for thirty years. Whensome of these charges were successfully challenged before Neidorfactually went to trial, the Chicago Task Force rearranged hisindictment so that he faced a possible jail term of over sixty years!As a first offender, it was very unlikely that Neidorf would in factreceive a sentence so drastic; but the Chicago Task Force clearlyintended to see Neidorf put in prison, and his conspiratorial"magazine" put permanently out of commission. This was a federal case, and Neidorf was charged with the fraudulent theft of property worthalmost eighty thousand dollars. 

William Cook was a strong believer in high-profile prosecutions withsymbolic overtones. He often published articles on his work in thesecurity trade press, arguing that "a clear message had to be sent tothe public at large and the computer community in particular thatunauthorized attacks on computers and the theft of computerizedinformation would not be tolerated by the courts. "

The issues were complex, the prosecution's tactics somewhat unorthodox, but the Chicago Task Force had proved sure-footed to date. "Shadowhawk" had been bagged on the wing in 1989 by the Task Force, andsentenced to nine months in prison, and a $10, 000 fine. The Shadowhawkcase involved charges under Section 1030, the "federal interestcomputer" section. 

Shadowhawk had not in fact been a devotee of "federal-interest"computers per se. On the contrary, Shadowhawk, who owned an AT&T homecomputer, seemed to cherish a special aggression toward AT&T. He hadbragged on the underground boards "Phreak Klass 2600" and "Dr. Ripco"of his skills at raiding AT&T, and of his intention to crash AT&T'snational phone system. Shadowhawk's brags were noticed by HenryKluepfel of Bellcore Security, scourge of the outlaw boards, whoserelations with the Chicago Task Force were long and intimate. 

The Task Force successfully established that Section 1030 applied tothe teenage Shadowhawk, despite the objections of his defense attorney. Shadowhawk had entered a computer "owned" by U. S. Missile Command andmerely "managed" by AT&T. He had also entered an AT&T computer locatedat Robbins Air Force Base in Georgia. Attacking AT&T was of "federalinterest" whether Shadowhawk had intended it or not. 

The Task Force also convinced the court that a piece of AT&T softwarethat Shadowhawk had illicitly copied from Bell Labs, the "ArtificialIntelligence C5 Expert System, " was worth a cool one million dollars. Shadowhawk's attorney had argued that Shadowhawk had not sold theprogram and had made no profit from the illicit copying. And in pointof fact, the C5 Expert System was experimental software, and had noestablished market value because it had never been on the market in thefirst place. AT&T's own assessment of a "one million dollar" figurefor its own intangible property was accepted without challenge by thecourt, however. And the court concurred with the governmentprosecutors that Shadowhawk showed clear "intent to defraud" whetherhe'd gotten any money or not. Shadowhawk went to jail. 

The Task Force's other best-known triumph had been the conviction andjailing of "Kyrie. " Kyrie, a true denizen of the digital criminalunderground, was a 36-year-old Canadian woman, convicted and jailed fortelecommunications fraud in Canada. After her release from prison, shehad fled the wrath of Canada Bell and the Royal Canadian MountedPolice, and eventually settled, very unwisely, in Chicago. 

"Kyrie, " who also called herself "Long Distance Information, "specialized in voice-mail abuse. She assembled large numbers of hotlong-distance codes, then read them aloud into a series of corporatevoice-mail systems. Kyrie and her friends were electronic squatters incorporate voice-mail systems, using them much as if they were piratebulletin boards, then moving on when their vocal chatter clogged thesystem and the owners necessarily wised up. Kyrie's camp followerswere a loose tribe of some hundred and fifty phone-phreaks, whofollowed her trail of piracy from machine to machine, ardently beggingfor her services and expertise. 

Kyrie's disciples passed her stolen credit-card numbers, in exchangefor her stolen "long distance information. " Some of Kyrie's clientspaid her off in cash, by scamming credit-card cash advances fromWestern Union. 

Kyrie travelled incessantly, mostly through airline tickets and hotelrooms that she scammed through stolen credit cards. Tiring of this, she found refuge with a fellow female phone phreak in Chicago. Kyrie'shostess, like a surprising number of phone phreaks, was blind. She wasalso physically disabled. Kyrie allegedly made the best of her newsituation by applying for, and receiving, state welfare funds under afalse identity as a qualified caretaker for the handicapped. 

Sadly, Kyrie's two children by a former marriage had also vanishedunderground with her; these pre-teen digital refugees had no legalAmerican identity, and had never spent a day in school. 

Kyrie was addicted to technical mastery and enthralled by her owncleverness and the ardent worship of her teenage followers. Thisfoolishly led her to phone up Gail Thackeray in Arizona, to boast, brag, strut, and offer to play informant. Thackeray, however, hadalready learned far more than enough about Kyrie, whom she roundlydespised as an adult criminal corrupting minors, a "female Fagin. "Thackeray passed her tapes of Kyrie's boasts to the Secret Service. 

Kyrie was raided and arrested in Chicago in May 1989. She confessed atgreat length and pled guilty. 

In August 1990, Cook and his Task Force colleague Colleen Coughlin sentKyrie to jail for 27 months, for computer and telecommunications fraud. This was a markedly severe sentence by the usual wrist-slappingstandards of "hacker" busts. Seven of Kyrie's foremost teenagedisciples were also indicted and convicted. The Kyrie "high-techstreet gang, " as Cook described it, had been crushed. Cook and hiscolleagues had been the first ever to put someone in prison forvoice-mail abuse. Their pioneering efforts had won them attention andkudos. 

In his article on Kyrie, Cook drove the message home to the readers ofSecurity Management magazine, a trade journal for corporate securityprofessionals. The case, Cook said, and Kyrie's stiff sentence, "reflect a new reality for hackers and computer crime victims in the'90s. . . . Individuals and corporations who report computer andtelecommunications crimes can now expect that their cooperation withfederal law enforcement will result in meaningful punishment. Companies and the public at large must report computer-enhanced crimesif they want prosecutors and the course to protect their rights to thetangible and intangible property developed and stored on computers. "

Cook had made it his business to construct this "new reality forhackers. " He'd also made it his business to police corporate propertyrights to the intangible. 

Had the Electronic Frontier Foundation been a "hacker defense fund" asthat term was generally understood, they presumably would have stood upfor Kyrie. Her 1990 sentence did indeed send a "message" that federalheat was coming down on "hackers. " But Kyrie found no defenders atEFF, or anywhere else, for that matter. EFF was not a bail-out fundfor electronic crooks. 

The Neidorf case paralleled the Shadowhawk case in certain ways. Thevictim once again was allowed to set the value of the "stolen"property. Once again Kluepfel was both investigator and technicaladvisor. Once again no money had changed hands, but the "intent todefraud" was central. 

The prosecution's case showed signs of weakness early on. The TaskForce had originally hoped to prove Neidorf the center of a nationwideLegion of Doom criminal conspiracy. The Phrack editors threw physicalget-togethers every summer, which attracted hackers from across thecountry; generally two dozen or so of the magazine's favoritecontributors and readers. (Such conventions were common in the hackercommunity; 2600 Magazine, for instance, held public meetings of hackersin New York, every month. ) LoD heavy-dudes were always a strongpresence at these Phrack-sponsored "Summercons. "

In July 1988, an Arizona hacker named "Dictator" attended Summercon inNeidorf's home town of St. Louis. Dictator was one of Gail Thackeray'sunderground informants; Dictator's underground board in Phoenix was asting operation for the Secret Service. Dictator brought an undercovercrew of Secret Service agents to Summercon. The agents bored spyholesthrough the wall of Dictator's hotel room in St Louis, and videotapedthe frolicking hackers through a one-way mirror. As it happened, however, nothing illegal had occurred on videotape, other than theguzzling of beer by a couple of minors. Summercons were social events, not sinister cabals. The tapes showed fifteen hours of raucouslaughter, pizza-gobbling, in-jokes and back-slapping. 

Neidorf's lawyer, Sheldon Zenner, saw the Secret Service tapes beforethe trial. Zenner was shocked by the complete harmlessness of thismeeting, which Cook had earlier characterized as a sinister interstateconspiracy to commit fraud. Zenner wanted to show the Summercon tapesto the jury. It took protracted maneuverings by the Task Force to keepthe tapes from the jury as "irrelevant. "

The E911 Document was also proving a weak reed. It had originally beenvalued at $79, 449. Unlike Shadowhawk's arcane Artificial Intelligencebooty, the E911 Document was not software--it was written in English. Computer-knowledgeable people found this value--for a twelve-pagebureaucratic document--frankly incredible. In his "Crime andPuzzlement" manifesto for EFF, Barlow commented: "We will probablynever know how this figure was reached or by whom, though I like toimagine an appraisal team consisting of Franz Kafka, Joseph Heller, andThomas Pynchon. "

As it happened, Barlow was unduly pessimistic. The EFF did, in fact, eventually discover exactly how this figure was reached, and bywhom--but only in 1991, long after the Neidorf trial was over. 

Kim Megahee, a Southern Bell security manager, had arrived at thedocument's value by simply adding up the "costs associated with theproduction" of the E911 Document. Those "costs" were as follows:

1. A technical writer had been hired to research and write the E911 Document. 200 hours of work, at $35 an hour, cost : $7, 000. A Project Manager had overseen the technical writer. 200 hours, at $31 an hour, made: $6, 200. 

2. A week of typing had cost $721 dollars. A week of formatting had cost $721. A week of graphics formatting had cost $742. 

3. Two days of editing cost $367. 

4. A box of order labels cost five dollars. 

5. Preparing a purchase order for the Document, including typing and the obtaining of an authorizing signature from within the BellSouth bureaucracy, cost $129. 

6. Printing cost $313. Mailing the Document to fifty people took fifty hours by a clerk, and cost $858. 

7. Placing the Document in an index took two clerks an hour each, totalling $43. 

Bureaucratic overhead alone, therefore, was alleged to have cost awhopping $17, 099. According to Mr. Megahee, the typing of atwelve-page document had taken a full week. Writing it had taken fiveweeks, including an overseer who apparently did nothing else but watchthe author for five weeks. Editing twelve pages had taken two days. Printing and mailing an electronic document (which was alreadyavailable on the Southern Bell Data Network to any telco employee whoneeded it), had cost over a thousand dollars. 

But this was just the beginning. There were also the HARDWAREEXPENSES. Eight hundred fifty dollars for a VT220 computer monitor. THIRTY-ONE THOUSAND DOLLARS for a sophisticated VAXstation II computer. Six thousand dollars for a computer printer. TWENTY-TWO THOUSANDDOLLARS for a copy of "Interleaf" software. Two thousand five hundreddollars for VMS software. All this to create the twelve-page Document. 

Plus ten percent of the cost of the software and the hardware, formaintenance. (Actually, the ten percent maintenance costs, thoughmentioned, had been left off the final $79, 449 total, apparentlythrough a merciful oversight). 

Mr. Megahee's letter had been mailed directly to William Cook himself, at the office of the Chicago federal attorneys. The United StatesGovernment accepted these telco figures without question. 

As incredulity mounted, the value of the E911 Document was officiallyrevised downward. This time, Robert Kibler of BellSouth Securityestimated the value of the twelve pages as a mere $24, 639. 05--based, purportedly, on "R&D costs. " But this specific estimate, right down tothe nickel, did not move the skeptics at all; in fact it provoked openscorn and a torrent of sarcasm. 

The financial issues concerning theft of proprietary information havealways been peculiar. It could be argued that BellSouth had not "lost"its E911 Document at all in the first place, and therefore had notsuffered any monetary damage from this "theft. " And Sheldon Zenner didin fact argue this at Neidorf's trial--that Prophet's raid had not been"theft, " but was better understood as illicit copying. 

The money, however, was not central to anyone's true purposes in thistrial. It was not Cook's strategy to convince the jury that the E911Document was a major act of theft and should be punished for thatreason alone. His strategy was to argue that the E911 Document wasDANGEROUS. It was his intention to establish that the E911 Documentwas "a road-map" to the Enhanced 911 System. Neidorf had deliberatelyand recklessly distributed a dangerous weapon. Neidorf and the Prophetdid not care (or perhaps even gloated at the sinister idea) that theE911 Document could be used by hackers to disrupt 911 service, "a lifeline for every person certainly in the Southern Bell region of theUnited States, and indeed, in many communities throughout the UnitedStates, " in Cook's own words. Neidorf had put people's lives in danger. 

In pre-trial maneuverings, Cook had established that the E911 Documentwas too hot to appear in the public proceedings of the Neidorf trial. The JURY ITSELF would not be allowed to ever see this Document, lest itslip into the official court records, and thus into the hands of thegeneral public, and, thus, somehow, to malicious hackers who mightlethally abuse it. 

Hiding the E911 Document from the jury may have been a clever legalmaneuver, but it had a severe flaw. There were, in point of fact, hundreds, perhaps thousands, of people, already in possession of theE911 Document, just as Phrack had published it. Its true nature wasalready obvious to a wide section of the interested public (all ofwhom, by the way, were, at least theoretically, party to a giganticwire-fraud conspiracy). Most everyone in the electronic community whohad a modem and any interest in the Neidorf case already had a copy ofthe Document. It had already been available in Phrack for over a year. 

People, even quite normal people without any particular prurientinterest in forbidden knowledge, did not shut their eyes in terror atthe thought of beholding a "dangerous" document from a telephonecompany. On the contrary, they tended to trust their own judgement andsimply read the Document for themselves. And they were not impressed. 

One such person was John Nagle. Nagle was a forty-one-year-oldprofessional programmer with a masters' degree in computer science fromStanford. He had worked for Ford Aerospace, where he had invented acomputer-networking technique known as the "Nagle Algorithm, " and forthe prominent Californian computer-graphics firm "Autodesk, " where hewas a major stockholder. 

Nagle was also a prominent figure on the Well, much respected for histechnical knowledgeability. 

Nagle had followed the civil-liberties debate closely, for he was anardent telecommunicator. He was no particular friend of computerintruders, but he believed electronic publishing had a great deal tooffer society at large, and attempts to restrain its growth, or tocensor free electronic expression, strongly roused his ire. 

The Neidorf case, and the E911 Document, were both being discussed indetail on the Internet, in an electronic publication called TelecomDigest. Nagle, a longtime Internet maven, was a regular reader ofTelecom Digest. Nagle had never seen a copy of Phrack, but theimplications of the case disturbed him. 

While in a Stanford bookstore hunting books on robotics, Nagle happenedacross a book called The Intelligent Network. Thumbing through it atrandom, Nagle came across an entire chapter meticulously detailing theworkings of E911 police emergency systems. This extensive text wasbeing sold openly, and yet in Illinois a young man was in danger ofgoing to prison for publishing a thin six-page document about 911service. 

Nagle made an ironic comment to this effect in Telecom Digest. Fromthere, Nagle was put in touch with Mitch Kapor, and then with Neidorf'slawyers. 

Sheldon Zenner was delighted to find a computer telecommunicationsexpert willing to speak up for Neidorf, one who was not a wacky teenage"hacker. " Nagle was fluent, mature, and respectable; he'd once had afederal security clearance. 

Nagle was asked to fly to Illinois to join the defense team. 

Having joined the defense as an expert witness, Nagle read the entireE911 Document for himself. He made his own judgement about itspotential for menace. 

The time has now come for you yourself, the reader, to have a look atthe E911 Document. This six-page piece of work was the pretext for afederal prosecution that could have sent an electronic publisher toprison for thirty, or even sixty, years. It was the pretext for thesearch and seizure of Steve Jackson Games, a legitimate publisher ofprinted books. It was also the formal pretext for the search andseizure of the Mentor's bulletin board, "Phoenix Project, " and for theraid on the home of Erik Bloodaxe. It also had much to do with theseizure of Richard Andrews' Jolnet node and the shutdown of CharlesBoykin's AT&T node. The E911 Document was the single most importantpiece of evidence in the Hacker Crackdown. There can be no real andlegitimate substitute for the Document itself. 

==Phrack Inc. ==

Volume Two, Issue 24, File 5 of 13

 Control Office Administration Of Enhanced 911 Services For Special Services and Account Centers

by the Eavesdropper

March, 1988

 Description of Service ~~~~~~~~~~~~~~~~~~~~~

The control office for Emergency 911 service is assigned in accordancewith the existing standard guidelines to one of the following centers:

 o Special Services Center (SSC) o Major Accounts Center (MAC) o Serving Test Center (STC) o Toll Control Center (TCC)

The SSC/MAC designation is used in this document interchangeably forany of these four centers. The Special Services Centers (SSCs) orMajor Account Centers (MACs) have been designated as the troublereporting contact for all E911 customer (PSAP) reported troubles. Subscribers who have trouble on an E911 call will continue to contactlocal repair service (CRSAB) who will refer the trouble to the SSC/MAC, when appropriate. 

Due to the critical nature of E911 service, the control and timelyrepair of troubles is demanded. As the primary E911 customer contact, the SSC/MAC is in the unique position to monitor the status of thetrouble and insure its resolution. 

 System Overview ~~~~~~~~~~~~~~~

The number 911 is intended as a nationwide universal telephone numberwhich provides the public with direct access to a Public SafetyAnswering Point (PSAP). A PSAP is also referred to as an EmergencyService Bureau (ESB). A PSAP is an agency or facility which isauthorized by a municipality to receive and respond to police, fireand/or ambulance services. One or more attendants are located at thePSAP facilities to receive and handle calls of an emergency nature inaccordance with the local municipal requirements. 

An important advantage of E911 emergency service is improved (reduced)response times for emergency services. Also close coordination amongagencies providing various emergency services is a valuable capabilityprovided by E911 service. 

1A ESS is used as the tandem office for the E911 network to route all911 calls to the correct (primary) PSAP designated to serve the callingstation. The E911 feature was developed primarily to provide routingto the correct PSAP for all 911 calls. Selective routing allows a 911call originated from a particular station located in a particulardistrict, zone, or town, to be routed to the primary PSAP designated toserve that customer station regardless of wire center boundaries. Thus, selective routing eliminates the problem of wire centerboundaries not coinciding with district or other political boundaries. 

The services available with the E911 feature include:

 Forced Disconnect Default Routing Alternative Routing Night Service Selective Routing Automatic Number Identification (ANI) Selective Transfer Automatic Location Identification (ALI)

 Preservice/Installation Guidelines ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When a contract for an E911 system has been signed, it is theresponsibility of Network Marketing to establish animplementation/cutover committee which should include a representativefrom the SSC/MAC. Duties of the E911 Implementation Team includecoordination of all phases of the E911 system deployment and theformation of an on-going E911 maintenance subcommittee. 

Marketing is responsible for providing the following customer specificinformation to the SSC/MAC prior to the start of call through testing:

 o All PSAP's (name, address, local contact) o All PSAP circuit ID's o 1004 911 service request including PSAP details on each PSAP (1004 Section K, L, M) o Network configuration o Any vendor information (name, telephone number, equipment)

The SSC/MAC needs to know if the equipment and sets at the PSAP aremaintained by the BOCs, an independent company, or an outside vendor, or any combination. This information is then entered on the PSAPprofile sheets and reviewed quarterly for changes, additions anddeletions. 

Marketing will secure the Major Account Number (MAN) and provide thisnumber to Corporate Communications so that the initial issue of theservice orders carry the MAN and can be tracked by the SSC/MAC viaCORDNET. PSAP circuits are official services by definition. 

All service orders required for the installation of the E911 systemshould include the MAN assigned to the city/county which has purchasedthe system. 

In accordance with the basic SSC/MAC strategy for provisioning, theSSC/MAC will be Overall Control Office (OCO) for all Node to PSAPcircuits (official services) and any other services for this customer. Training must be scheduled for all SSC/MAC involved personnel duringthe pre-service stage of the project. 

The E911 Implementation Team will form the on-going maintenancesubcommittee prior to the initial implementation of the E911 system. This sub-committee will establish post implementation quality assuranceprocedures to ensure that the E911 system continues to provide qualityservice to the customer. Customer/Company training, trouble reportinginterfaces for the customer, telephone company and any involvedindependent telephone companies needs to be addressed and implementedprior to E911 cutover. These functions can be best addressed by theformation of a sub-committee of the E911 Implementation Team to set upguidelines for and to secure service commitments of interfacingorganizations. A SSC/MAC supervisor should chair this subcommittee andinclude the following organizations:

 1) Switching Control Center - E911 translations - Trunking - End office and Tandem office hardware/software 2) Recent Change Memory Administration Center - Daily RC update activity for TN/ESN translations - Processes validity errors and rejects 3) Line and Number Administration - Verification of TN/ESN translations 4) Special Service Center/Major Account Center - Single point of contact for all PSAP and Node to host troubles - Logs, tracks & statusing of all trouble reports - Trouble referral, follow up, and escalation - Customer notification of status and restoration - Analyzation of "chronic" troubles - Testing, installation and maintenance of E911 circuits 5) Installation and Maintenance (SSIM/I&M) - Repair and maintenance of PSAP equipment and Telco owned sets 6) Minicomputer Maintenance Operations Center - E911 circuit maintenance (where applicable) 7) Area Maintenance Engineer - Technical assistance on voice (CO-PSAP) network related E911 troubles

 Maintenance Guidelines ~~~~~~~~~~~~~~~~~~~~~

The CCNC will test the Node circuit from the 202T at the Host site tothe 202T at the Node site. Since Host to Node (CCNC to MMOC) circuitsare official company services, the CCNC will refer all Node circuittroubles to the SSC/MAC. The SSC/MAC is responsible for the testing andfollow up to restoration of these circuit troubles. 

Although Node to PSAP circuit are official services, the MMOC willrefer PSAP circuit troubles to the appropriate SSC/MAC. The SSC/MAC isresponsible for testing and follow up to restoration of PSAP circuittroubles. 

The SSC/MAC will also receive reports from CRSAB/IMC(s) on subscriber911 troubles when they are not line troubles. The SSC/MAC isresponsible for testing and restoration of these troubles. 

Maintenance responsibilities are as follows:

 SCC@ Voice Network (ANI to PSAP) @SCC responsible for tandem switch

 SSIM/I&M PSAP Equipment (Modems, CIU's, sets) Vendor PSAP Equipment (when CPE) SSC/MAC PSAP to Node circuits, and tandem to PSAP voice circuits (EMNT) MMOC Node site (Modems, cables, etc)

Note: All above work groups are required to resolve troubles byinterfacing with appropriate work groups for resolution. 

The Switching Control Center (SCC) is responsible for E911/1AESStranslations in tandem central offices. These translations route E911calls, selective transfer, default routing, speed calling, etc. , foreach PSAP. The SCC is also responsible for troubleshooting on thevoice network (call originating to end office tandem equipment). 

For example, ANI failures in the originating offices would be aresponsibility of the SCC. 

Recent Change Memory Administration Center (RCMAC) performs the dailytandem translation updates (recent change) for routing of individualtelephone numbers. 

Recent changes are generated from service order activity (new service, address changes, etc. ) and compiled into a daily file by the E911Center (ALI/DMS E911 Computer). 

SSIM/I&M is responsible for the installation and repair of PSAPequipment. PSAP equipment includes ANI Controller, ALI Controller, datasets, cables, sets, and other peripheral equipment that is not vendorowned. SSIM/I&M is responsible for establishing maintenance test kits, complete with spare parts for PSAP maintenance. This includes testgear, data sets, and ANI/ALI Controller parts. 

Special Services Center (SSC) or Major Account Center (MAC) serves asthe trouble reporting contact for all (PSAP) troubles reported bycustomer. The SSC/MAC refers troubles to proper organizations forhandling and tracks status of troubles, escalating when necessary. TheSSC/MAC will close out troubles with customer. The SSC/MAC willanalyze all troubles and tracks "chronic" PSAP troubles. 

Corporate Communications Network Center (CCNC) will test and refertroubles on all node to host circuits. All E911 circuits areclassified as official company property. 

The Minicomputer Maintenance Operations Center (MMOC) maintains theE911 (ALI/DMS) computer hardware at the Host site. This MMOC is alsoresponsible for monitoring the system and reporting certain PSAP andsystem problems to the local MMOC's, SCC's or SSC/MAC's. The MMOCpersonnel also operate software programs that maintain the TN data baseunder the direction of the E911 Center. The maintenance of the NODEcomputer (the interface between the PSAP and the ALI/DMS computer) is afunction of the MMOC at the NODE site. The MMOC's at the NODE sitesmay also be involved in the testing of NODE to Host circuits. The MMOCwill also assist on Host to PSAP and data network related troubles notresolved through standard trouble clearing procedures. 

Installation And Maintenance Center (IMC) is responsible for referralof E911 subscriber troubles that are not subscriber line problems. 

E911 Center - Performs the role of System Administration and isresponsible for overall operation of the E911 computer software. TheE911 Center does A-Z trouble analysis and provides statisticalinformation on the performance of the system. 

This analysis includes processing PSAP inquiries (trouble reports) andreferral of network troubles. The E911 Center also performs dailyprocessing of tandem recent change and provides information to theRCMAC for tandem input. The E911 Center is responsible for dailyprocessing of the ALI/DMS computer data base and provides error files, etc. To the Customer Services department for investigation andcorrection. The E911 Center participates in all system implementationsand on-going maintenance effort and assists in the development ofprocedures, training and education of information to all groups. 

Any group receiving a 911 trouble from the SSC/MAC should close out thetrouble with the SSC/MAC or provide a status if the trouble has beenreferred to another group. This will allow the SSC/MAC to provide astatus back to the customer or escalate as appropriate. 

Any group receiving a trouble from the Host site (MMOC or CCNC) shouldclose the trouble back to that group. 

The MMOC should notify the appropriate SSC/MAC when the Host, Node, orall Node circuits are down so that the SSC/MAC can reply to customerreports that may be called in by the PSAPs. This will eliminateduplicate reporting of troubles. On complete outages the MMOC willfollow escalation procedures for a Node after two (2) hours and for aPSAP after four (4) hours. Additionally the MMOC will notify theappropriate SSC/MAC when the Host, Node, or all Node circuits are down. 

The PSAP will call the SSC/MAC to report E911 troubles. The personreporting the E911 trouble may not have a circuit I. D. And willtherefore report the PSAP name and address. Many PSAP troubles are notcircuit specific. In those instances where the caller cannot provide acircuit I. D. , the SSC/MAC will be required to determine the circuitI. D. Using the PSAP profile. Under no circumstances will the SSC/MACCenter refuse to take the trouble. The E911 trouble should be handledas quickly as possible, with the SSC/MAC providing as much assistanceas possible while taking the trouble report from the caller. 

The SSC/MAC will screen/test the trouble to determine the appropriatehandoff organization based on the following criteria:

 PSAP equipment problem: SSIM/I&M Circuit problem: SSC/MAC Voice network problem: SCC (report trunk group number) Problem affecting multiple PSAPs (No ALI report from all PSAPs): Contact the MMOC to check for NODE or Host computer problems before further testing. 

The SSC/MAC will track the status of reported troubles and escalate asappropriate. The SSC/MAC will close out customer/company reports withthe initiating contact. Groups with specific maintenanceresponsibilities, defined above, will investigate "chronic" troublesupon request from the SSC/MAC and the ongoing maintenance subcommittee. 

All "out of service" E911 troubles are priority one type reports. Onelink down to a PSAP is considered a priority one trouble and should behandled as if the PSAP was isolated. 

The PSAP will report troubles with the ANI controller, ALI controlleror set equipment to the SSC/MAC. 

NO ANI: Where the PSAP reports NO ANI (digital display screen isblank) ask if this condition exists on all screens and on all calls. It is important to differentiate between blank screens and screensdisplaying 911-00XX, or all zeroes. 

When the PSAP reports all screens on all calls, ask if there is anyvoice contact with callers. If there is no voice contact the troubleshould be referred to the SCC immediately since 911 calls are notgetting through which may require alternate routing of calls to anotherPSAP. 

When the PSAP reports this condition on all screens but not all callsand has voice contact with callers, the report should be referred toSSIM/I&M for dispatch. The SSC/MAC should verify with the SCC that ANIis pulsing before dispatching SSIM. 

When the PSAP reports this condition on one screen for all calls(others work fine) the trouble should be referred to SSIM/I&M fordispatch, because the trouble is isolated to one piece of equipment atthe customer premise. 

An ANI failure (i. E. All zeroes) indicates that the ANI has not beenreceived by the PSAP from the tandem office or was lost by the PSAP ANIcontroller. The PSAP may receive "02" alarms which can be caused bythe ANI controller logging more than three all zero failures on thesame trunk. The PSAP has been instructed to report this condition tothe SSC/MAC since it could indicate an equipment trouble at the PSAPwhich might be affecting all subscribers calling into the PSAP. Whenall zeroes are being received on all calls or "02" alarms continue, atester should analyze the condition to determine the appropriate actionto be taken. The tester must perform cooperative testing with the SCCwhen there appears to be a problem on the Tandem-PSAP trunks beforerequesting dispatch. 

When an occasional all zero condition is reported, the SSC/MAC shoulddispatch SSIM/I&M to routine equipment on a "chronic" troublesweep. 

The PSAPs are instructed to report incidental ANI failures to the BOCon a PSAP inquiry trouble ticket (paper) that is sent to the CustomerServices E911 group and forwarded to E911 center when required. Thisusually involves only a particular telephone number and is not acondition that would require a report to the SSC/MAC. Multiple ANIfailures which our from the same end office (XX denotes end office), indicate a hard trouble condition may exist in the end office or endoffice tandem trunks. The PSAP will report this type of condition tothe SSC/MAC and the SSC/MAC should refer the report to the SCCresponsible for the tandem office. NOTE: XX is the ESCO (EmergencyService Number) associated with the incoming 911 trunks into thetandem. It is important that the C/MAC tell the SCC what is displayedat the PSAP (i. E. 911-0011) which indicates to the SCC which end officeis in trouble. 

Note: It is essential that the PSAP fill out inquiry form on every ANIfailure. 

The PSAP will report a trouble any time an address is not received onan address display (screen blank) E911 call. (If a record is not inthe 911 data base or an ANI failure is encountered, the screen willprovide a display noticing such condition). The SSC/MAC should verifywith the PSAP whether the NO ALI condition is on one screen or allscreens. 

When the condition is on one screen (other screens receive ALIinformation) the SSC/MAC will request SSIM/I&M to dispatch. 

If no screens are receiving ALI information, there is usually a circuittrouble between the PSAP and the Host computer. The SSC/MAC shouldtest the trouble and refer for restoral. 

Note: If the SSC/MAC receives calls from multiple PSAP's, all of whichare receiving NO ALI, there is a problem with the Node or Node to Hostcircuits or the Host computer itself. Before referring the trouble theSSC/MAC should call the MMOC to inquire if the Node or Host is introuble. 

Alarm conditions on the ANI controller digital display at the PSAP areto be reported by the PSAP's. These alarms can indicate varioustrouble conditions so the SSC/MAC should ask the PSAP if any portion ofthe E911 system is not functioning properly. 

The SSC/MAC should verify with the PSAP attendant that the equipment'sprimary function is answering E911 calls. If it is, the SSC/MAC shouldrequest a dispatch SSIM/I&M. If the equipment is not primarily usedfor E911, then the SSC/MAC should advise PSAP to contact their CPEvendor. 

Note: These troubles can be quite confusing when the PSAP has vendorequipment mixed in with equipment that the BOC maintains. TheMarketing representative should provide the SSC/MAC informationconcerning any unusual or exception items where the PSAP should contacttheir vendor. This information should be included in the PSAP profilesheets. 

ANI or ALI controller down: When the host computer sees the PSAPequipment down and it does not come back up, the MMOC will report thetrouble to the SSC/MAC; the equipment is down at the PSAP, a dispatchwill be required. 

PSAP link (circuit) down: The MMOC will provide the SSC/MAC with thecircuit ID that the Host computer indicates in trouble. Although eachPSAP has two circuits, when either circuit is down the condition mustbe treated as an emergency since failure of the second circuit willcause the PSAP to be isolated. 

Any problems that the MMOC identifies from the Node location to theHost computer will be handled directly with the appropriateMMOC(s)/CCNC. 

Note: The customer will call only when a problem is apparent to thePSAP. When only one circuit is down to the PSAP, the customer may notbe aware there is a trouble, even though there is one link down, notification should appear on the PSAP screen. Troubles called intothe SSC/MAC from the MMOC or other company employee should not beclosed out by calling the PSAP since it may result in the customerresponding that they do not have a trouble. These reports can only beclosed out by receiving information that the trouble was fixed and bychecking with the company employee that reported the trouble. The MMOCpersonnel will be able to verify that the trouble has cleared byreviewing a printout from the host. 

When the CRSAB receives a subscriber complaint (i. E. , cannot dial 911)the RSA should obtain as much information as possible while thecustomer is on the line. 

For example, what happened when the subscriber dialed 911? The reportis automatically directed to the IMC for subscriber line testing. Whenno line trouble is found, the IMC will refer the trouble condition tothe SSC/MAC. The SSC/MAC will contact Customer Services E911 Group andverify that the subscriber should be able to call 911 and obtain theESN. The SSC/MAC will verify the ESN via 2SCCS. When bothverifications match, the SSC/MAC will refer the report to the SCCresponsible for the 911 tandem office for investigation and resolution. The MAC is responsible for tracking the trouble and informing the IMCwhen it is resolved. 

For more information, please refer to E911 Glossary of Terms. 

 End of Phrack File _____________________________________

The reader is forgiven if he or she was entirely unable to read thisdocument. John Perry Barlow had a great deal of fun at its expense, in"Crime and Puzzlement:" "Bureaucrat-ese of surpassing opacity. . . . Toread the whole thing straight through without entering coma requireseither a machine or a human who has too much practice thinking likeone. Anyone who can understand it fully and fluidly had altered hisconsciousness beyond the ability to ever again read Blake, Whitman, orTolstoy. . . . The document contains little of interest to anyone who isnot a student of advanced organizational sclerosis. "

With the Document itself to hand, however, exactly as it was published(in its six-page edited form) in Phrack, the reader may be able toverify a few statements of fact about its nature. First, there is nosoftware, no computer code, in the Document. It is notcomputer-programming language like FORTRAN or C++, it is English; allthe sentences have nouns and verbs and punctuation. It does notexplain how to break into the E911 system. It does not suggest ways todestroy or damage the E911 system. 

There are no access codes in the Document. There are no computerpasswords. It does not explain how to steal long distance service. Itdoes not explain how to break in to telco switching stations. There isnothing in it about using a personal computer or a modem for anypurpose at all, good or bad. 

Close study will reveal that this document is not about machinery. TheE911 Document is about ADMINISTRATION. It describes how one creates andadministers certain units of telco bureaucracy: Special Service Centersand Major Account Centers (SSC/MAC). It describes how these centersshould distribute responsibility for the E911 service, to other unitsof telco bureaucracy, in a chain of command, a formal hierarchy. Itdescribes who answers customer complaints, who screens calls, whoreports equipment failures, who answers those reports, who handlesmaintenance, who chairs subcommittees, who gives orders, who followsorders, WHO tells WHOM what to do. The Document is not a "roadmap" tocomputers. The Document is a roadmap to PEOPLE. 

As an aid to breaking into computer systems, the Document is USELESS. As an aid to harassing and deceiving telco people, however, theDocument might prove handy (especially with its Glossary, which I havenot included). An intense and protracted study of this Document andits Glossary, combined with many other such documents, might teach oneto speak like a telco employee. And telco people live by SPEECH--theylive by phone communication. If you can mimic their language over thephone, you can "social-engineer" them. If you can con telco people, you can wreak havoc among them. You can force them to no longer trustone another; you can break the telephonic ties that bind theircommunity; you can make them paranoid. And people will fight harder todefend their community than they will fight to defend their individualselves. 

This was the genuine, gut-level threat posed by Phrack magazine. Thereal struggle was over the control of telco language, the control oftelco knowledge. It was a struggle to defend the social "membrane ofdifferentiation" that forms the walls of the telco community's ivorytower --the special jargon that allows telco professionals to recognizeone another, and to exclude charlatans, thieves, and upstarts. And theprosecution brought out this fact. They repeatedly made reference tothe threat posed to telco professionals by hackers using "socialengineering. "

However, Craig Neidorf was not on trial for learning to speak like aprofessional telecommunications expert. Craig Neidorf was on trial foraccess device fraud and transportation of stolen property. He was ontrial for stealing a document that was purportedly highly sensitive andpurportedly worth tens of thousands of dollars. 

#

John Nagle read the E911 Document. He drew his own conclusions. Andhe presented Zenner and his defense team with an overflowing box ofsimilar material, drawn mostly from Stanford University's engineeringlibraries. During the trial, the defense team--Zenner, half-a-dozenother attorneys, Nagle, Neidorf, and computer-security expert DorothyDenning, all pored over the E911 Document line-by-line. 

On the afternoon of July 25, 1990, Zenner began to cross-examine awoman named Billie Williams, a service manager for Southern Bell inAtlanta. Ms. Williams had been responsible for the E911 Document. (She was not its author--its original "author" was a Southern Bellstaff manager named Richard Helms. However, Mr. Helms should not bearthe entire blame; many telco staff people and maintenance personnel hadamended the Document. It had not been so much "written" by a singleauthor, as built by committee out of concrete-blocks of jargon. )

Ms. Williams had been called as a witness for the prosecution, and hadgamely tried to explain the basic technical structure of the E911system, aided by charts. 

Now it was Zenner's turn. He first established that the "proprietarystamp" that BellSouth had used on the E911 Document was stamped onEVERY SINGLE DOCUMENT that BellSouth wrote--THOUSANDS of documents. "We do not publish anything other than for our own company, " Ms. Williams explained. "Any company document of this nature is consideredproprietary. " Nobody was in charge of singling out specialhigh-security publications for special high-security protection. Theywere ALL special, no matter how trivial, no matter what their subjectmatter--the stamp was put on as soon as any document was written, andthe stamp was never removed. 

Zenner now asked whether the charts she had been using to explain themechanics of E911 system were "proprietary, " too. Were they PUBLICINFORMATION, these charts, all about PSAPs, ALIs, nodes, local endswitches? Could he take the charts out in the street and show them toanybody, "without violating some proprietary notion that BellSouth has?"

Ms Williams showed some confusion, but finally agreed that the chartswere, in fact, public. 

"But isn't this what you said was basically what appeared in Phrack?"

Ms. Williams denied this. 

Zenner now pointed out that the E911 Document as published in Phrackwas only half the size of the original E911 Document (as Prophet hadpurloined it). Half of it had been deleted--edited by Neidorf. 

Ms. Williams countered that "Most of the information that is in thetext file is redundant. "

Zenner continued to probe. Exactly what bits of knowledge in theDocument were, in fact, unknown to the public? Locations of E911computers? Phone numbers for telco personnel? Ongoing maintenancesubcommittees? Hadn't Neidorf removed much of this?

Then he pounced. "Are you familiar with Bellcore Technical ReferenceDocument TR-TSY-000350?" It was, Zenner explained, officially titled"E911 Public Safety Answering Point Interface Between 1-1AESS Switchand Customer Premises Equipment. " It contained highly detailed andspecific technical information about the E911 System. It was publishedby Bellcore and publicly available for about $20. 

He showed the witness a Bellcore catalog which listed thousands ofdocuments from Bellcore and from all the Baby Bells, BellSouthincluded. The catalog, Zenner pointed out, was free. Anyone with acredit card could call the Bellcore toll-free 800 number and simplyorder any of these documents, which would be shipped to any customerwithout question. Including, for instance, "BellSouth E911 ServiceInterfaces to Customer Premises Equipment at a Public Safety AnsweringPoint. "

Zenner gave the witness a copy of "BellSouth E911 Service Interfaces, "which cost, as he pointed out, $13, straight from the catalog. "Lookat it carefully, " he urged Ms. Williams, "and tell me if it doesn'tcontain about twice as much detailed information about the E911 systemof BellSouth than appeared anywhere in Phrack. "

"You want me to. . . . " Ms. Williams trailed off. "I don't understand. "

"Take a careful look, " Zenner persisted. "Take a look at thatdocument, and tell me when you're done looking at it if, indeed, itdoesn't contain much more detailed information about the E911 systemthan appeared in Phrack. "

"Phrack wasn't taken from this, " Ms. Williams said. 

"Excuse me?" said Zenner. 

"Phrack wasn't taken from this. "

"I can't hear you, " Zenner said. 

"Phrack was not taken from this document. I don't understand yourquestion to me. "

"I guess you don't, " Zenner said. 

At this point, the prosecution's case had been gutshot. Ms. Williamswas distressed. Her confusion was quite genuine. Phrack had not beentaken from any publicly available Bellcore document. Phrack's E911Document had been stolen from her own company's computers, from her owncompany's text files, that her own colleagues had written, and revised, with much labor. 

But the "value" of the Document had been blown to smithereens. Itwasn't worth eighty grand. According to Bellcore it was worth thirteenbucks. And the looming menace that it supposedly posed had beenreduced in instants to a scarecrow. Bellcore itself was sellingmaterial far more detailed and "dangerous, " to anybody with a creditcard and a phone. 

Actually, Bellcore was not giving this information to just anybody. They gave it to ANYBODY WHO ASKED, but not many did ask. Not manypeople knew that Bellcore had a free catalog and an 800 number. JohnNagle knew, but certainly the average teenage phreak didn't know. "Tuc, " a friend of Neidorf's and sometime Phrack contributor, knew, andTuc had been very helpful to the defense, behind the scenes. But theLegion of Doom didn't know--otherwise, they would never have wasted somuch time raiding dumpsters. Cook didn't know. Foley didn't know. Kluepfel didn't know. The right hand of Bellcore knew not what theleft hand was doing. The right hand was battering hackers withoutmercy, while the left hand was distributing Bellcore's intellectualproperty to anybody who was interested in telephone technicaltrivia--apparently, a pathetic few. 

The digital underground was so amateurish and poorly organized thatthey had never discovered this heap of unguarded riches. The ivorytower of the telcos was so wrapped-up in the fog of its own technicalobscurity that it had left all the windows open and flung open thedoors. No one had even noticed. 

Zenner sank another nail in the coffin. He produced a printed issue ofTelephone Engineer & Management, a prominent industry journal thatcomes out twice a month and costs $27 a year. This particular issue ofTE&M, called "Update on 911, " featured a galaxy of technical details on911 service and a glossary far more extensive than Phrack's. 

The trial rumbled on, somehow, through its own momentum. Tim Foleytestified about his interrogations of Neidorf. Neidorf's writtenadmission that he had known the E911 Document was pilfered wasofficially read into the court record. 

An interesting side issue came up: "Terminus" had once passed Neidorfa piece of UNIX AT&T software, a log-in sequence, that had beencunningly altered so that it could trap passwords. The UNIX softwareitself was illegally copied AT&T property, and the alterations"Terminus" had made to it, had transformed it into a device forfacilitating computer break-ins. Terminus himself would eventuallyplead guilty to theft of this piece of software, and the Chicago groupwould send Terminus to prison for it. But it was of dubious relevancein the Neidorf case. Neidorf hadn't written the program. He wasn'taccused of ever having used it. And Neidorf wasn't being charged withsoftware theft or owning a password trapper. 

On the next day, Zenner took the offensive. The civil libertarians nowhad their own arcane, untried legal weaponry to launch into action--theElectronic Communications Privacy Act of 1986, 18 US Code, Section 2701et seq. Section 2701 makes it a crime to intentionally access withoutauthorization a facility in which an electronic communication serviceis provided--it is, at heart, an anti-bugging and anti-tapping law, intended to carry the traditional protections of telephones into otherelectronic channels of communication. While providing penalties foramateur snoops, however, Section 2703 of the ECPA also lays some formaldifficulties on the bugging and tapping activities of police. 

The Secret Service, in the person of Tim Foley, had served RichardAndrews with a federal grand jury subpoena, in their pursuit ofProphet, the E911 Document, and the Terminus software ring. Butaccording to the Electronic Communications Privacy Act, a "provider ofremote computing service" was legally entitled to "prior notice" fromthe government if a subpoena was used. Richard Andrews and hisbasement UNIX node, Jolnet, had not received any "prior notice. " TimFoley had purportedly violated the ECPA and committed an electroniccrime! Zenner now sought the judge's permission to cross-examine Foleyon the topic of Foley's own electronic misdeeds. 

Cook argued that Richard Andrews' Jolnet was a privately owned bulletinboard, and not within the purview of ECPA. Judge Bua granted themotion of the government to prevent cross-examination on that point, and Zenner's offensive fizzled. This, however, was the first directassault on the legality of the actions of the Computer Fraud and AbuseTask Force itself--the first suggestion that they themselves had brokenthe law, and might, perhaps, be called to account. 

Zenner, in any case, did not really need the ECPA. Instead, he grilledFoley on the glaring contradictions in the supposed value of the E911Document. He also brought up the embarrassing fact that the supposedlyred-hot E911 Document had been sitting around for months, in Jolnet, with Kluepfel's knowledge, while Kluepfel had done nothing about it. 

In the afternoon, the Prophet was brought in to testify for theprosecution. (The Prophet, it will be recalled, had also been indictedin the case as partner in a fraud scheme with Neidorf. ) In Atlanta, the Prophet had already pled guilty to one charge of conspiracy, onecharge of wire fraud and one charge of interstate transportation ofstolen property. The wire fraud charge, and the stolen propertycharge, were both directly based on the E911 Document. 

The twenty-year-old Prophet proved a sorry customer, answeringquestions politely but in a barely audible mumble, his voice trailingoff at the ends of sentences. He was constantly urged to speak up. 

Cook, examining Prophet, forced him to admit that he had once had a"drug problem, " abusing amphetamines, marijuana, cocaine, and LSD. This may have established to the jury that "hackers" are, or can be, seedy lowlife characters, but it may have damaged Prophet's credibilitysomewhat. Zenner later suggested that drugs might have damagedProphet's memory. The interesting fact also surfaced that Prophet hadnever physically met Craig Neidorf. He didn't even know Neidorf's lastname--at least, not until the trial. 

Prophet confirmed the basic facts of his hacker career. He was amember of the Legion of Doom. He had abused codes, he had broken intoswitching stations and re-routed calls, he had hung out on piratebulletin boards. He had raided the BellSouth AIMSX computer, copiedthe E911 Document, stored it on Jolnet, mailed it to Neidorf. He andNeidorf had edited it, and Neidorf had known where it came from. 

Zenner, however, had Prophet confirm that Neidorf was not a member ofthe Legion of Doom, and had not urged Prophet to break into BellSouthcomputers. Neidorf had never urged Prophet to defraud anyone, or tosteal anything. Prophet also admitted that he had never known Neidorfto break in to any computer. Prophet said that no one in the Legion ofDoom considered Craig Neidorf a "hacker" at all. Neidorf was not aUNIX maven, and simply lacked the necessary skill and ability to breakinto computers. Neidorf just published a magazine. 

On Friday, July 27, 1990, the case against Neidorf collapsed. Cookmoved to dismiss the indictment, citing "information currentlyavailable to us that was not available to us at the inception of thetrial. " Judge Bua praised the prosecution for this action, which hedescribed as "very responsible, " then dismissed a juror and declared amistrial. 

Neidorf was a free man. His defense, however, had cost himself and hisfamily dearly. Months of his life had been consumed in anguish; he hadseen his closest friends shun him as a federal criminal. He owed hislawyers over a hundred thousand dollars, despite a generous payment tothe defense by Mitch Kapor. 

Neidorf was not found innocent. The trial was simply dropped. Nevertheless, on September 9, 1991, Judge Bua granted Neidorf's motionfor the "expungement and sealing" of his indictment record. The UnitedStates Secret Service was ordered to delete and destroy allfingerprints, photographs, and other records of arrest or processingrelating to Neidorf's indictment, including their paper documents andtheir computer records. 

Neidorf went back to school, blazingly determined to become a lawyer. Having seen the justice system at work, Neidorf lost much of hisenthusiasm for merely technical power. At this writing, Craig Neidorfis working in Washington as a salaried researcher for the AmericanCivil Liberties Union. 

#

The outcome of the Neidorf trial changed the EFF fromvoices-in-the-wilderness to the media darlings of the new frontier. 

Legally speaking, the Neidorf case was not a sweeping triumph foranyone concerned. No constitutional principles had been established. The issues of "freedom of the press" for electronic publishers remainedin legal limbo. There were public misconceptions about the case. Manypeople thought Neidorf had been found innocent and relieved of all hislegal debts by Kapor. The truth was that the government had simplydropped the case, and Neidorf's family had gone deeply into hock tosupport him. 

But the Neidorf case did provide a single, devastating, publicsound-bite: THE FEDS SAID IT WAS WORTH EIGHTY GRAND, AND IT WAS ONLYWORTH THIRTEEN BUCKS. 

This is the Neidorf case's single most memorable element. No seriousreport of the case missed this particular element. Even cops could notread this without a wince and a shake of the head. It left the publiccredibility of the crackdown agents in tatters. 

The crackdown, in fact, continued, however. Those two charges againstProphet, which had been based on the E911 Document, were quietlyforgotten at his sentencing--even though Prophet had already pledguilty to them. Georgia federal prosecutors strongly argued for jailtime for the Atlanta Three, insisting on "the need to send a message tothe community, " "the message that hackers around the country need tohear. "

There was a great deal in their sentencing memorandum about the awfulthings that various other hackers had done (though the Atlanta Threethemselves had not, in fact, actually committed these crimes). Therewas also much speculation about the awful things that the Atlanta ThreeMIGHT have done and WERE CAPABLE of doing (even though they had not, infact, actually done them). The prosecution's argument carried the day. The Atlanta Three were sent to prison: Urvile and Leftist both got 14months each, while Prophet (a second offender) got 21 months. 

The Atlanta Three were also assessed staggering fines as "restitution":$233, 000 each. BellSouth claimed that the defendants had "stolen""approximately $233, 880 worth" of "proprietary computer accessinformation"--specifically, $233, 880 worth of computer passwords andconnect addresses. BellSouth's astonishing claim of the extreme valueof its own computer passwords and addresses was accepted at face valueby the Georgia court. Furthermore (as if to emphasize its theoreticalnature) this enormous sum was not divvied up among the Atlanta Three, but each of them had to pay all of it. 

A striking aspect of the sentence was that the Atlanta Three werespecifically forbidden to use computers, except for work or undersupervision. Depriving hackers of home computers and modems makes somesense if one considers hackers as "computer addicts, " but EFF, filingan amicus brief in the case, protested that this punishment wasunconstitutional--it deprived the Atlanta Three of their rights of freeassociation and free expression through electronic media. 

Terminus, the "ultimate hacker, " was finally sent to prison for a yearthrough the dogged efforts of the Chicago Task Force. His crime, towhich he pled guilty, was the transfer of the UNIX password trapper, which was officially valued by AT&T at $77, 000, a figure which arousedintense skepticism among those familiar with UNIX "login. C" programs. 

The jailing of Terminus and the Atlanta Legionnaires of Doom, however, did not cause the EFF any sense of embarrassment or defeat. On thecontrary, the civil libertarians were rapidly gathering strength. 

An early and potent supporter was Senator Patrick Leahy, Democrat fromVermont, who had been a Senate sponsor of the Electronic CommunicationsPrivacy Act. Even before the Neidorf trial, Leahy had spoken out indefense of hacker-power and freedom of the keyboard: "We cannot undulyinhibit the inquisitive 13-year-old who, if left to experiment today, may tomorrow develop the telecommunications or computer technology tolead the United States into the 21st century. He represents our futureand our best hope to remain a technologically competitive nation. "

It was a handsome statement, rendered perhaps rather more effective bythe fact that the crackdown raiders DID NOT HAVE any Senators speakingout for THEM. On the contrary, their highly secretive actions andtactics, all "sealed search warrants" here and "confidential ongoinginvestigations" there, might have won them a burst of glamorouspublicity at first, but were crippling them in the on-going propagandawar. Gail Thackeray was reduced to unsupported bluster: "Some ofthese people who are loudest on the bandwagon may just slink into thebackground, " she predicted in Newsweek--when all the facts came out, and the cops were vindicated. 

But all the facts did not come out. Those facts that did, were notvery flattering. And the cops were not vindicated. And Gail Thackeraylost her job. By the end of 1991, William Cook had also left publicemployment. 

1990 had belonged to the crackdown, but by '91 its agents were insevere disarray, and the libertarians were on a roll. People wereflocking to the cause. 

A particularly interesting ally had been Mike Godwin of Austin, Texas. Godwin was an individual almost as difficult to describe as Barlow; hehad been editor of the student newspaper of the University of Texas, and a computer salesman, and a programmer, and in 1990 was back in lawschool, looking for a law degree. 

Godwin was also a bulletin board maven. He was very well-known in theAustin board community under his handle "Johnny Mnemonic, " which headopted from a cyberpunk science fiction story by William Gibson. Godwin was an ardent cyberpunk science fiction fan. As a fellowAustinite of similar age and similar interests, I myself had knownGodwin socially for many years. When William Gibson and myself hadbeen writing our collaborative SF novel, The Difference Engine, Godwinhad been our technical advisor in our effort to link our Appleword-processors from Austin to Vancouver. Gibson and I were so pleasedby his generous expert help that we named a character in the novel"Michael Godwin" in his honor. 

The handle "Mnemonic" suited Godwin very well. His erudition and hismastery of trivia were impressive to the point of stupor; his ardentcuriosity seemed insatiable, and his desire to debate and argue seemedthe central drive of his life. Godwin had even started his own Austindebating society, wryly known as the "Dull Men's Club. " In person, Godwin could be overwhelming; a flypaper-brained polymath who couldnot seem to let any idea go. On bulletin boards, however, Godwin'sclosely reasoned, highly grammatical, erudite posts suited the mediumwell, and he became a local board celebrity. 

Mike Godwin was the man most responsible for the public nationalexposure of the Steve Jackson case. The Izenberg seizure in Austin hadreceived no press coverage at all. The March 1 raids on Mentor, Bloodaxe, and Steve Jackson Games had received a brief front-pagesplash in the front page of the Austin American-Statesman, but it wasconfused and ill-informed: the warrants were sealed, and the SecretService wasn't talking. Steve Jackson seemed doomed to obscurity. Jackson had not been arrested; he was not charged with any crime; hewas not on trial. He had lost some computers in an ongoinginvestigation--so what? Jackson tried hard to attract attention to thetrue extent of his plight, but he was drawing a blank; no one in aposition to help him seemed able to get a mental grip on the issues. 

Godwin, however, was uniquely, almost magically, qualified to carryJackson's case to the outside world. Godwin was a board enthusiast, ascience fiction fan, a former journalist, a computer salesman, alawyer-to-be, and an Austinite. Through a coincidence yet moreamazing, in his last year of law school Godwin had specialized infederal prosecutions and criminal procedure. Acting entirely on hisown, Godwin made up a press packet which summarized the issues andprovided useful contacts for reporters. Godwin's behind-the-sceneseffort (which he carried out mostly to prove a point in a local boarddebate) broke the story again in the Austin American-Statesman and thenin Newsweek. 

Life was never the same for Mike Godwin after that. As he joined thegrowing civil liberties debate on the Internet, it was obvious to allparties involved that here was one guy who, in the midst of completemurk and confusion, GENUINELY UNDERSTOOD EVERYTHING HE WAS TALKINGABOUT. The disparate elements of Godwin's dilettantish existencesuddenly fell together as neatly as the facets of a Rubik's cube. 

When the time came to hire a full-time EFF staff attorney, Godwin wasthe obvious choice. He took the Texas bar exam, left Austin, moved toCambridge, became a full-time, professional, computer civillibertarian, and was soon touring the nation on behalf of EFF, delivering well-received addresses on the issues to crowds as disparateas academics, industrialists, science fiction fans, and federal cops. 

Michael Godwin is currently the chief legal counsel of the ElectronicFrontier Foundation in Cambridge, Massachusetts. 

#

Another early and influential participant in the controversy wasDorothy Denning. Dr. Denning was unique among investigators of thecomputer underground in that she did not enter the debate with any setof politicized motives. She was a professional cryptographer andcomputer security expert whose primary interest in hackers wasSCHOLARLY. She had a B. A. And M. A. In mathematics, and a Ph. D. Incomputer science from Purdue. She had worked for SRI International, the California think-tank that was also the home of computer-securitymaven Donn Parker, and had authored an influential text calledCryptography and Data Security. In 1990, Dr. Denning was working forDigital Equipment Corporation in their Systems Research Center. Herhusband, Peter Denning, was also a computer security expert, workingfor NASA's Research Institute for Advanced Computer Science. He hadedited the well-received Computers Under Attack: Intruders, Worms andViruses. 

Dr. Denning took it upon herself to contact the digital underground, more or less with an anthropological interest. There she discoveredthat these computer-intruding hackers, who had been characterized asunethical, irresponsible, and a serious danger to society, did in facthave their own subculture and their own rules. They were notparticularly well-considered rules, but they were, in fact, rules. Basically, they didn't take money and they didn't break anything. 

Her dispassionate reports on her researches did a great deal toinfluence serious-minded computer professionals--the sort of people whomerely rolled their eyes at the cyberspace rhapsodies of a John PerryBarlow. 

For young hackers of the digital underground, meeting Dorothy Denningwas a genuinely mind-boggling experience. Here was this neatlycoiffed, conservatively dressed, dainty little personage, who remindedmost hackers of their moms or their aunts. And yet she was an IBMsystems programmer with profound expertise in computer architecturesand high-security information flow, who had personal friends in the FBIand the National Security Agency. 

Dorothy Denning was a shining example of the American mathematicalintelligentsia, a genuinely brilliant person from the central ranks ofthe computer-science elite. And here she was, gently questioningtwenty-year-old hairy-eyed phone-phreaks over the deeper ethicalimplications of their behavior. 

Confronted by this genuinely nice lady, most hackers sat up verystraight and did their best to keep the anarchy-file stuff down to afaint whiff of brimstone. Nevertheless, the hackers WERE in factprepared to seriously discuss serious issues with Dorothy Denning. They were willing to speak the unspeakable and defend the indefensible, to blurt out their convictions that information cannot be owned, thatthe databases of governments and large corporations were a threat tothe rights and privacy of individuals. 

Denning's articles made it clear to many that "hacking" was not simplevandalism by some evil clique of psychotics. "Hacking" was not anaberrant menace that could be charmed away by ignoring it, or swept outof existence by jailing a few ringleaders. Instead, "hacking" wassymptomatic of a growing, primal struggle over knowledge and power inthe age of information. 

Denning pointed out that the attitude of hackers were at leastpartially shared by forward-looking management theorists in thebusiness community: people like Peter Drucker and Tom Peters. PeterDrucker, in his book The New Realities, had stated that "control ofinformation by the government is no longer possible. Indeed, information is now transnational. Like money, it has no 'fatherland. '"

And management maven Tom Peters had chided large corporations foruptight, proprietary attitudes in his bestseller, Thriving on Chaos:"Information hoarding, especially by politically motivated, power-seeking staffs, had been commonplace throughout Americanindustry, service and manufacturing alike. It will be an impossiblemillstone around the neck of tomorrow's organizations. "

Dorothy Denning had shattered the social membrane of the digitalunderground. She attended the Neidorf trial, where she was prepared totestify for the defense as an expert witness. She was abehind-the-scenes organizer of two of the most important nationalmeetings of the computer civil libertarians. Though not a zealot ofany description, she brought disparate elements of the electroniccommunity into a surprising and fruitful collusion. 

Dorothy Denning is currently the Chair of the Computer ScienceDepartment at Georgetown University in Washington, DC. 

#

There were many stellar figures in the civil libertarian community. There's no question, however, that its single most influential figurewas Mitchell D. Kapor. Other people might have formal titles, orgovernmental positions, have more experience with crime, or with thelaw, or with the arcanities of computer security or constitutionaltheory. But by 1991 Kapor had transcended any such narrow role. Kaporhad become "Mitch. "

Mitch had become the central civil-libertarian ad-hocrat. Mitch hadstood up first, he had spoken out loudly, directly, vigorously andangrily, he had put his own reputation, and his very considerablepersonal fortune, on the line. By mid-'91 Kapor was the best-knownadvocate of his cause and was known PERSONALLY by almost every singlehuman being in America with any direct influence on the question ofcivil liberties in cyberspace. Mitch had built bridges, crossed voids, changed paradigms, forged metaphors, made phone-calls and swappedbusiness cards to such spectacular effect that it had become impossiblefor anyone to take any action in the "hacker question" withoutwondering what Mitch might think--and say--and tell his friends. 

The EFF had simply NETWORKED the situation into an entirely new statusquo. And in fact this had been EFF's deliberate strategy from thebeginning. Both Barlow and Kapor loathed bureaucracies and haddeliberately chosen to work almost entirely through the electronicspiderweb of "valuable personal contacts. "

After a year of EFF, both Barlow and Kapor had every reason to lookback with satisfaction. EFF had established its own Internet node, "eff. Org, " with a well-stocked electronic archive of documents onelectronic civil rights, privacy issues, and academic freedom. EFF wasalso publishing EFFector, a quarterly printed journal, as well asEFFector Online, an electronic newsletter with over 1, 200 subscribers. And EFF was thriving on the Well. 

EFF had a national headquarters in Cambridge and a full-time staff. Ithad become a membership organization and was attracting grass-rootssupport. It had also attracted the support of some thirty civil-rightslawyers, ready and eager to do pro bono work in defense of theConstitution in Cyberspace. 

EFF had lobbied successfully in Washington and in Massachusetts tochange state and federal legislation on computer networking. Kapor inparticular had become a veteran expert witness, and had joined theComputer Science and Telecommunications Board of the National Academyof Science and Engineering. 

EFF had sponsored meetings such as "Computers, Freedom and Privacy" andthe CPSR Roundtable. It had carried out a press offensive that, in thewords of EFFector, "has affected the climate of opinion about computernetworking and begun to reverse the slide into 'hacker hysteria' thatwas beginning to grip the nation. "

It had helped Craig Neidorf avoid prison. 

And, last but certainly not least, the Electronic Frontier Foundationhad filed a federal lawsuit in the name of Steve Jackson, Steve JacksonGames Inc. , and three users of the Illuminati bulletin board system. The defendants were, and are, the United States Secret Service, WilliamCook, Tim Foley, Barbara Golden and Henry Kleupfel. 

The case, which is in pre-trial procedures in an Austin federal courtas of this writing, is a civil action for damages to redress allegedviolations of the First and Fourth Amendments to the United StatesConstitution, as well as the Privacy Protection Act of 1980 (42 USC2000aa et seq. ), and the Electronic Communications Privacy Act (18 USC2510 et seq and 2701 et seq). 

EFF had established that it had credibility. It had also establishedthat it had teeth. 

In the fall of 1991 I travelled to Massachusetts to speak personallywith Mitch Kapor. It was my final interview for this book. 

#

The city of Boston has always been one of the major intellectualcenters of the American republic. It is a very old city by Americanstandards, a place of skyscrapers overshadowing seventeenth-centurygraveyards, where the high-tech start-up companies of Route 128co-exist with the hand-wrought pre-industrial grace of "Old Ironsides, "the USS CONSTITUTION. 

The Battle of Bunker Hill, one of the first and bitterest armed clashesof the American Revolution, was fought in Boston's environs. Todaythere is a monumental spire on Bunker Hill, visible throughout much ofthe city. The willingness of the republican revolutionaries to take uparms and fire on their oppressors has left a cultural legacy that twofull centuries have not effaced. Bunker Hill is still a potent centerof American political symbolism, and the Spirit of '76 is still apotent image for those who seek to mold public opinion. 

Of course, not everyone who wraps himself in the flag is necessarily apatriot. When I visited the spire in September 1991, it bore a huge, badly-erased, spray-can grafitto around its bottom reading "BRITSOUT--IRA PROVOS. " Inside this hallowed edifice was a glass-caseddiorama of thousands of tiny toy soldiers, rebels and redcoats, fighting and dying over the green hill, the riverside marshes, therebel trenchworks. Plaques indicated the movement of troops, theshiftings of strategy. The Bunker Hill Monument is occupied at itsvery center by the toy soldiers of a military war-game simulation. 

The Boston metroplex is a place of great universities, prominent amongthe Massachusetts Institute of Technology, where the term "computerhacker" was first coined. The Hacker Crackdown of 1990 might beinterpreted as a political struggle among American cities: traditionalstrongholds of longhair intellectual liberalism, such as Boston, SanFrancisco, and Austin, versus the bare-knuckle industrial pragmatism ofChicago and Phoenix (with Atlanta and New York wrapped in internalstruggle). 

The headquarters of the Electronic Frontier Foundation is on 155 SecondStreet in Cambridge, a Bostonian suburb north of the River Charles. Second Street has weedy sidewalks of dented, sagging brick and elderlycracked asphalt; large street-signs warn "NO PARKING DURING DECLAREDSNOW EMERGENCY. " This is an old area of modest manufacturingindustries; the EFF is catecorner from the Greene Rubber Company. EFF's building is two stories of red brick; its large wooden windowsfeature gracefully arched tops and stone sills. 

The glass window beside the Second Street entrance bears three sheetsof neatly laser-printed paper, taped against the glass. They read: ONTechnology. EFF. KEI. 

"ON Technology" is Kapor's software company, which currentlyspecializes in "groupware" for the Apple Macintosh computer. "Groupware" is intended to promote efficient social interaction amongoffice-workers linked by computers. ON Technology's most successfulsoftware products to date are "Meeting Maker" and "Instant Update. "

"KEI" is Kapor Enterprises Inc. , Kapor's personal holding company, thecommercial entity that formally controls his extensive investments inother hardware and software corporations. 

"EFF" is a political action group--of a special sort. 

Inside, someone's bike has been chained to the handrails of a modestflight of stairs. A wall of modish glass brick separates this anteroomfrom the offices. Beyond the brick, there's an alarm system mounted onthe wall, a sleek, complex little number that resembles a cross betweena thermostat and a CD player. Piled against the wall are box after boxof a recent special issue of Scientific American, "How to Work, Play, and Thrive in Cyberspace, " with extensive coverage of electronicnetworking techniques and political issues, including an article byKapor himself. These boxes are addressed to Gerard Van der Leun, EFF'sDirector of Communications, who will shortly mail those magazines toevery member of the EFF. 

The joint headquarters of EFF, KEI, and ON Technology, which Kaporcurrently rents, is a modestly bustling place. It's very much the samephysical size as Steve Jackson's gaming company. It's certainly a farcry from the gigantic gray steel-sided railway shipping barn, on theMonsignor O'Brien Highway, that is owned by Lotus DevelopmentCorporation. 

Lotus is, of course, the software giant that Mitchell Kapor founded inthe late 70s. The software program Kapor co-authored, "Lotus 1-2-3, "is still that company's most profitable product. "Lotus 1-2-3" alsobears a singular distinction in the digital underground: it's probablythe most pirated piece of application software in world history. 

Kapor greets me cordially in his own office, down a hall. Kapor, whosename is pronounced KAY-por, is in his early forties, married and thefather of two. He has a round face, high forehead, straight nose, aslightly tousled mop of black hair peppered with gray. His large browneyes are wideset, reflective, one might almost say soulful. Hedisdains ties, and commonly wears Hawaiian shirts and tropical prints, not so much garish as simply cheerful and just that little bitanomalous. 

There is just the whiff of hacker brimstone about Mitch Kapor. He maynot have the hard-riding, hell-for-leather, guitar-strumming charismaof his Wyoming colleague John Perry Barlow, but there's something aboutthe guy that still stops one short. He has the air of the Eastern citydude in the bowler hat, the dreamy, Longfellow-quoting poker shark whoonly HAPPENS to know the exact mathematical odds against drawing to aninside straight. Even among his computer-community colleagues, who arehardly known for mental sluggishness, Kapor strikes one forcefully as avery intelligent man. He speaks rapidly, with vigorous gestures, hisBoston accent sometimes slipping to the sharp nasal tang of his youthin Long Island. 

Kapor, whose Kapor Family Foundation does much of his philanthropicwork, is a strong supporter of Boston's Computer Museum. Kapor'sinterest in the history of his industry has brought him some remarkablecurios, such as the "byte" just outside his office door. This"byte"--eight digital bits--has been salvaged from the wreck of anelectronic computer of the pre-transistor age. It's a standinggunmetal rack about the size of a small toaster-oven: with eight slotsof hand-soldered breadboarding featuring thumb-sized vacuum tubes. Ifit fell off a table it could easily break your foot, but it wasstate-of-the-art computation in the 1940s. (It would take exactly157, 184 of these primordial toasters to hold the first part of thisbook. )

There's also a coiling, multicolored, scaly dragon that some inspiredtechno-punk artist has cobbled up entirely out of transistors, capacitors, and brightly plastic-coated wiring. 

Inside the office, Kapor excuses himself briefly to do a littlemouse-whizzing housekeeping on his personal Macintosh IIfx. If itsgiant screen were an open window, an agile person could climb throughit without much trouble at all. There's a coffee-cup at Kapor's elbow, a memento of his recent trip to Eastern Europe, which has ablack-and-white stencilled photo and the legend CAPITALIST FOOLS TOUR. It's Kapor, Barlow, and two California venture-capitalist luminaries oftheir acquaintance, four windblown, grinning Baby Boomer dudes inleather jackets, boots, denim, travel bags, standing on airport tarmacsomewhere behind the formerly Iron Curtain. They look as if they'rehaving the absolute time of their lives. 

Kapor is in a reminiscent mood. We talk a bit about his youth--highschool days as a "math nerd, " Saturdays attending Columbia University'shigh-school science honors program, where he had his first experienceprogramming computers. IBM 1620s, in 1965 and '66. "I was veryinterested, " says Kapor, "and then I went off to college and gotdistracted by drugs sex and rock and roll, like anybody with half abrain would have then!" After college he was a progressive-rock DJ inHartford, Connecticut, for a couple of years. 

I ask him if he ever misses his rock and roll days--if he ever wishedhe could go back to radio work. 

He shakes his head flatly. "I stopped thinking about going back to bea DJ the day after Altamont. "

Kapor moved to Boston in 1974 and got a job programming mainframes inCOBOL. He hated it. He quit and became a teacher of transcendentalmeditation. (It was Kapor's long flirtation with Eastern mysticismthat gave the world "Lotus. ")

In 1976 Kapor went to Switzerland, where the Transcendental Meditationmovement had rented a gigantic Victorian hotel in St-Moritz. It was anall-male group--a hundred and twenty of them--determined uponEnlightenment or Bust. Kapor had given the transcendant his best shot. He was becoming disenchanted by "the nuttiness in the organization. ""They were teaching people to levitate, " he says, staring at the floor. His voice drops an octave, becomes flat. "THEY DON'T LEVITATE. "

Kapor chose Bust. He went back to the States and acquired a degree incounselling psychology. He worked a while in a hospital, couldn'tstand that either. "My rep was, " he says "a very bright kid with alot of potential who hasn't found himself. Almost thirty. Sort oflost. "

Kapor was unemployed when he bought his first personal computer--anApple II. He sold his stereo to raise cash and drove to New Hampshireto avoid the sales tax. 

"The day after I purchased it, " Kapor tells me, "I was hanging out in acomputer store and I saw another guy, a man in his forties, well-dressed guy, and eavesdropped on his conversation with thesalesman. He didn't know anything about computers. I'd had a yearprogramming. And I could program in BASIC. I'd taught myself. So Iwent up to him, and I actually sold myself to him as a consultant. " Hepauses. "I don't know where I got the nerve to do this. It wasuncharacteristic. I just said, 'I think I can help you, I've beenlistening, this is what you need to do and I think I can do it foryou. ' And he took me on! He was my first client! I became a computerconsultant the first day after I bought the Apple II. "

Kapor had found his true vocation. He attracted more clients for hisconsultant service, and started an Apple users' group. 

A friend of Kapor's, Eric Rosenfeld, a graduate student at MIT, had aproblem. He was doing a thesis on an arcane form of financialstatistics, but could not wedge himself into the crowded queue for timeon MIT's mainframes. (One might note at this point that if Mr. Rosenfeld had dishonestly broken into the MIT mainframes, Kapor himselfmight have never invented Lotus 1-2-3 and the PC business might havebeen set back for years!) Eric Rosenfeld did have an Apple II, however, and he thought it might be possible to scale the problem down. Kapor, as favor, wrote a program for him in BASIC that did the job. 

It then occurred to the two of them, out of the blue, that it might bepossible to SELL this program. They marketed it themselves, in plasticbaggies, for about a hundred bucks a pop, mail order. "This was atotal cottage industry by a marginal consultant, " Kapor says proudly. "That's how I got started, honest to God. "

Rosenfeld, who later became a very prominent figure on Wall Street, urged Kapor to go to MIT's business school for an MBA. Kapor did sevenmonths there, but never got his MBA. He picked up some usefultools--mainly a firm grasp of the principles of accounting--and, in hisown words, "learned to talk MBA. " Then he dropped out and went toSilicon Valley. 

The inventors of VisiCalc, the Apple computer's premier businessprogram, had shown an interest in Mitch Kapor. Kapor worked diligentlyfor them for six months, got tired of California, and went back toBoston where they had better bookstores. The VisiCalc group had madethe critical error of bringing in "professional management. " "Thatdrove them into the ground, " Kapor says. 

"Yeah, you don't hear a lot about VisiCalc these days, " I muse. 

Kapor looks surprised. "Well, Lotus . . . We BOUGHT it. "

"Oh. You BOUGHT it?"

"Yeah. "

"Sort of like the Bell System buying Western Union?"

Kapor grins. "Yep! Yep! Yeah, exactly!"

Mitch Kapor was not in full command of the destiny of himself or hisindustry. The hottest software commodities of the early 1980s wereCOMPUTER GAMES--the Atari seemed destined to enter every teenage homein America. Kapor got into business software simply because he didn'thave any particular feeling for computer games. But he was supremelyfast on his feet, open to new ideas and inclined to trust hisinstincts. And his instincts were good. He chose good people to dealwith--gifted programmer Jonathan Sachs (the co-author of Lotus 1-2-3). Financial wizard Eric Rosenfeld, canny Wall Street analyst and venturecapitalist Ben Rosen. Kapor was the founder and CEO of Lotus, one ofthe most spectacularly successful business ventures of the latertwentieth century. 

He is now an extremely wealthy man. I ask him if he actually knows howmuch money he has. 

"Yeah, " he says. "Within a percent or two. "

How much does he actually have, then?

He shakes his head. "A lot. A lot. Not something I talk about. Issues of money and class are things that cut pretty close to thebone. "

I don't pry. It's beside the point. One might presume, impolitely, that Kapor has at least forty million--that's what he got the year heleft Lotus. People who ought to know claim Kapor has about a hundredand fifty million, give or take a market swing in his stock holdings. If Kapor had stuck with Lotus, as his colleague friend and rival BillGates has stuck with his own software start-up, Microsoft, then Kaporwould likely have much the same fortune Gates has--somewhere in theneighborhood of three billion, give or take a few hundred million. Mitch Kapor has all the money he wants. Money has lost whatever charmit ever held for him--probably not much in the first place. When Lotusbecame too uptight, too bureaucratic, too far from the true sources ofhis own satisfaction, Kapor walked. He simply severed all connectionswith the company and went out the door. It stunned everyone--exceptthose who knew him best. 

Kapor has not had to strain his resources to wreak a thoroughtransformation in cyberspace politics. In its first year, EFF's budgetwas about a quarter of a million dollars. Kapor is running EFF out ofhis pocket change. 

Kapor takes pains to tell me that he does not consider himself a civillibertarian per se. He has spent quite some time with true-blue civillibertarians lately, and there's a political-correctness to them thatbugs him. They seem to him to spend entirely too much time in legalnitpicking and not enough vigorously exercising civil rights in theeveryday real world. 

Kapor is an entrepreneur. Like all hackers, he prefers hisinvolvements direct, personal, and hands-on. "The fact that EFF has anode on the Internet is a great thing. We're a publisher. We're adistributor of information. " Among the items the eff. Org Internet nodecarries is back issues of Phrack. They had an internal debate aboutthat in EFF, and finally decided to take the plunge. They might carryother digital underground publications--but if they do, he says, "we'llcertainly carry Donn Parker, and anything Gail Thackeray wants to putup. We'll turn it into a public library, that has the whole spectrumof use. Evolve in the direction of people making up their own minds. "He grins. "We'll try to label all the editorials. "

Kapor is determined to tackle the technicalities of the Internet in theservice of the public interest. "The problem with being a node on theNet today is that you've got to have a captive technical specialist. We have Chris Davis around, for the care and feeding of the balkybeast! We couldn't do it ourselves!"

He pauses. "So one direction in which technology has to evolve is muchmore standardized units, that a non-technical person can feelcomfortable with. It's the same shift as from minicomputers to PCs. Ican see a future in which any person can have a Node on the Net. Anyperson can be a publisher. It's better than the media we now have. It's possible. We're working actively. "

Kapor is in his element now, fluent, thoroughly in command in hismaterial. "You go tell a hardware Internet hacker that everyone shouldhave a node on the Net, " he says, "and the first thing they're going tosay is, 'IP doesn't scale!'" ("IP" is the interface protocol for theInternet. As it currently exists, the IP software is simply notcapable of indefinite expansion; it will run out of usable addresses, it will saturate. ) "The answer, " Kapor says, "is: evolve the protocol!Get the smart people together and figure out what to do. Do we add ID?Do we add new protocol? Don't just say, WE CAN'T DO IT. "

Getting smart people together to figure out what to do is a skill atwhich Kapor clearly excels. I counter that people on the Internetrather enjoy their elite technical status, and don't seem particularlyanxious to democratize the Net. 

Kapor agrees, with a show of scorn. "I tell them that this is thesnobbery of the people on the Mayflower looking down their noses at thepeople who came over ON THE SECOND BOAT! Just because they got here ayear, or five years, or ten years before everybody else, that doesn'tgive them ownership of cyberspace! By what right?"

I remark that the telcos are an electronic network, too, and they seemto guard their specialized knowledge pretty closely. 

Kapor ripostes that the telcos and the Internet are entirely differentanimals. "The Internet is an open system, everything is published, everything gets argued about, basically by anybody who can get in. Mostly, it's exclusive and elitist just because it's so difficult. Let's make it easier to use. "

On the other hand, he allows with a swift change of emphasis, theso-called elitists do have a point as well. "Before people start comingin, who are new, who want to make suggestions, and criticize the Net as'all screwed up'. . . . They should at least take the time to understandthe culture on its own terms. It has its own history--show somerespect for it. I'm a conservative, to that extent. "

The Internet is Kapor's paradigm for the future of telecommunications. The Internet is decentralized, non-hierarchical, almost anarchic. There are no bosses, no chain of command, no secret data. If each nodeobeys the general interface standards, there's simply no need for anycentral network authority. 

Wouldn't that spell the doom of AT&T as an institution? I ask. 

That prospect doesn't faze Kapor for a moment. "Their big advantage, that they have now, is that they have all of the wiring. But twothings are happening. Anyone with right-of-way is putting downfiber--Southern Pacific Railroad, people like that--there's enormous'dark fiber' laid in. " ("Dark Fiber" is fiber-optic cable, whoseenormous capacity so exceeds the demands of current usage that much ofthe fiber still has no light-signals on it--it's still 'dark, ' awaitingfuture use. )

"The other thing that's happening is the local-loop stuff is going togo wireless. Everyone from Bellcore to the cable TV companies to AT&Twants to put in these things called 'personal communication systems. 'So you could have local competition--you could have multiplicity ofpeople, a bunch of neighborhoods, sticking stuff up on poles. And abunch of other people laying in dark fiber. So what happens to thetelephone companies? There's enormous pressure on them from both sides. 

"The more I look at this, the more I believe that in a post-industrial, digital world, the idea of regulated monopolies is bad. People willlook back on it and say that in the 19th and 20th centuries the idea ofpublic utilities was an okay compromise. You needed one set of wiresin the ground. It was too economically inefficient, otherwise. Andthat meant one entity running it. But now, with pieces beingwireless--the connections are going to be via high-level interfaces, not via wires. I mean, ULTIMATELY there are going to be wires--but thewires are just a commodity. Fiber, wireless. You no longer NEED autility. "

Water utilities? Gas utilities?

Of course we still need those, he agrees. "But when what you're movingis information, instead of physical substances, then you can play by adifferent set of rules. We're evolving those rules now! Hopefully youcan have a much more decentralized system, and one in which there'smore competition in the marketplace. 

"The role of government will be to make sure that nobody cheats. Theproverbial 'level playing field. ' A policy that preventsmonopolization. It should result in better service, lower prices, morechoices, and local empowerment. " He smiles. "I'm very big on localempowerment. "

Kapor is a man with a vision. It's a very novel vision which he andhis allies are working out in considerable detail and with greatenergy. Dark, cynical, morbid cyberpunk that I am, I cannot avoidconsidering some of the darker implications of "decentralized, nonhierarchical, locally empowered" networking. 

I remark that some pundits have suggested that electronicnetworking--faxes, phones, small-scale photocopiers--played a strongrole in dissolving the power of centralized communism and causing thecollapse of the Warsaw Pact. 

Socialism is totally discredited, says Kapor, fresh back from theEastern Bloc. The idea that faxes did it, all by themselves, is ratherwishful thinking. 

Has it occurred to him that electronic networking might corrodeAmerica's industrial and political infrastructure to the point wherethe whole thing becomes untenable, unworkable--and the old order justcollapses headlong, like in Eastern Europe?

"No, " Kapor says flatly. "I think that's extraordinarily unlikely. Inpart, because ten or fifteen years ago, I had similar hopes aboutpersonal computers--which utterly failed to materialize. " He grinswryly, then his eyes narrow. "I'm VERY opposed to techno-utopias. Every time I see one, I either run away, or try to kill it. "

It dawns on me then that Mitch Kapor is not trying to make the worldsafe for democracy. He certainly is not trying to make it safe foranarchists or utopians--least of all for computer intruders orelectronic rip-off artists. What he really hopes to do is make theworld safe for future Mitch Kapors. This world of decentralized, small-scale nodes, with instant global access for the best andbrightest, would be a perfect milieu for the shoestring atticcapitalism that made Mitch Kapor what he is today. 

Kapor is a very bright man. He has a rare combination of visionaryintensity with a strong practical streak. The Board of the EFF: JohnBarlow, Jerry Berman of the ACLU, Stewart Brand, John Gilmore, SteveWozniak, and Esther Dyson, the doyenne of East-West computerentrepreneurism--share his gift, his vision, and his formidablenetworking talents. They are people of the 1960s, winnowed-out by itsturbulence and rewarded with wealth and influence. They are some ofthe best and the brightest that the electronic community has to offer. But can they do it, in the real world? Or are they only dreaming?They are so few. And there is so much against them. 

I leave Kapor and his networking employees struggling cheerfully withthe promising intricacies of their newly installed Macintosh System 7software. The next day is Saturday. EFF is closed. I pay a fewvisits to points of interest downtown. 

One of them is the birthplace of the telephone. 

It's marked by a bronze plaque in a plinth of black-and-white speckledgranite. It sits in the plaza of the John F. Kennedy Federal Building, the very place where Kapor was once fingerprinted by the FBI. 

The plaque has a bas-relief picture of Bell's original telephone. "BIRTHPLACE OF THE TELEPHONE, " it reads. "Here, on June 2, 1875, Alexander Graham Bell and Thomas A. Watson first transmitted sound overwires. 

"This successful experiment was completed in a fifth floor garret atwhat was then 109 Court Street and marked the beginning of world-widetelephone service. "

109 Court Street is long gone. Within sight of Bell's plaque, across astreet, is one of the central offices of NYNEX, the local Bell RBOC, on 6 Bowdoin Square. 

I cross the street and circle the telco building, slowly, hands in myjacket pockets. It's a bright, windy, New England autumn day. Thecentral office is a handsome 1940s-era megalith in late Art Deco, eightstories high. 

Parked outside the back is a power-generation truck. The generatorstrikes me as rather anomalous. Don't they already have their owngenerators in this eight-story monster? Then the suspicion strikes methat NYNEX must have heard of the September 17 AT&T power-outage whichcrashed New York City. Belt-and-suspenders, this generator. Verytelco. 

Over the glass doors of the front entrance is a handsome bronzebas-relief of Art Deco vines, sunflowers, and birds, entwining the Belllogo and the legend NEW ENGLAND TELEPHONE AND TELEGRAPH COMPANY--anentity which no longer officially exists. 

The doors are locked securely. I peer through the shadowed glass. Inside is an official poster reading:

"New England Telephone a NYNEX Company

ATTENTION

"All persons while on New England Telephone Company premises arerequired to visibly wear their identification cards (C. C. P. Section 2, Page 1). 

"Visitors, vendors, contractors, and all others are required to visiblywear a daily pass. 

"Thank you. 

Kevin C. Stanton. Building Security Coordinator. "

Outside, around the corner, is a pull-down ribbed metal security door, a locked delivery entrance. Some passing stranger has grafitti-taggedthis door, with a single word in red spray-painted cursive:

Fury

#

My book on the Hacker Crackdown is almost over now. I havedeliberately saved the best for last. 

In February 1991, I attended the CPSR Public Policy Roundtable, inWashington, DC. CPSR, Computer Professionals for SocialResponsibility, was a sister organization of EFF, or perhaps its aunt, being older and perhaps somewhat wiser in the ways of the world ofpolitics. 

Computer Professionals for Social Responsibility began in 1981 in PaloAlto, as an informal discussion group of Californian computerscientists and technicians, united by nothing more than an electronicmailing list. This typical high-tech ad-hocracy received the dignityof its own acronym in 1982, and was formally incorporated in 1983. 

CPSR lobbied government and public alike with an educational outreacheffort, sternly warning against any foolish and unthinking trust incomplex computer systems. CPSR insisted that mere computers shouldnever be considered a magic panacea for humanity's social, ethical orpolitical problems. CPSR members were especially troubled about thestability, safety, and dependability of military computer systems, andvery especially troubled by those systems controlling nuclear arsenals. CPSR was best-known for its persistent and well-publicized attacks onthe scientific credibility of the Strategic Defense Initiative ("StarWars"). 

In 1990, CPSR was the nation's veteran cyber-political activist group, with over two thousand members in twenty-one local chapters across theUS. It was especially active in Boston, Silicon Valley, and WashingtonDC, where its Washington office sponsored the Public Policy Roundtable. 

The Roundtable, however, had been funded by EFF, which had passed CPSRan extensive grant for operations. This was the first large-scale, official meeting of what was to become the electronic civil libertariancommunity. 

Sixty people attended, myself included--in this instance, not so muchas a journalist as a cyberpunk author. Many of the luminaries of thefield took part: Kapor and Godwin as a matter of course. RichardCiville and Marc Rotenberg of CPSR. Jerry Berman of the ACLU. JohnQuarterman, author of The Matrix. Steven Levy, author of Hackers. George Perry and Sandy Weiss of Prodigy Services, there to networkabout the civil-liberties troubles their young commercial network wasexperiencing. Dr. Dorothy Denning. Cliff Figallo, manager of theWell. Steve Jackson was there, having finally found his ideal targetaudience, and so was Craig Neidorf, "Knight Lightning" himself, withhis attorney, Sheldon Zenner. Katie Hafner, science journalist, andco-author of Cyberpunk: Outlaws and Hackers on the Computer Frontier. Dave Farber, ARPAnet pioneer and fabled Internet guru. Janlori Goldmanof the ACLU's Project on Privacy and Technology. John Nagle ofAutodesk and the Well. Don Goldberg of the House Judiciary Committee. Tom Guidoboni, the defense attorney in the Internet Worm case. LanceHoffman, computer-science professor at The George WashingtonUniversity. Eli Noam of Columbia. And a host of others no lessdistinguished. 

Senator Patrick Leahy delivered the keynote address, expressing hisdetermination to keep ahead of the curve on the issue of electronicfree speech. The address was well-received, and the sense ofexcitement was palpable. Every panel discussion was interesting--somewere entirely compelling. People networked with an almost franticinterest. 

I myself had a most interesting and cordial lunch discussion with Noeland Jeanne Gayler, Admiral Gayler being a former director of theNational Security Agency. As this was the first known encounterbetween an actual no-kidding cyberpunk and a chief executive ofAmerica's largest and best-financed electronic espionage apparat, therewas naturally a bit of eyebrow-raising on both sides. 

Unfortunately, our discussion was off-the-record. In fact all thediscussions at the CPSR were officially off-the-record, the idea beingto do some serious networking in an atmosphere of complete frankness, rather than to stage a media circus. 

In any case, CPSR Roundtable, though interesting and intenselyvaluable, was as nothing compared to the truly mind-boggling event thattranspired a mere month later. 

#

"Computers, Freedom and Privacy. " Four hundred people from everyconceivable corner of America's electronic community. As a sciencefiction writer, I have been to some weird gigs in my day, but thisthing is truly BEYOND THE PALE. Even "Cyberthon, " Point Foundation's"Woodstock of Cyberspace" where Bay Area psychedelia collided headlongwith the emergent world of computerized virtual reality, was like aKiwanis Club gig compared to this astonishing do. 

The "electronic community" had reached an apogee. Almost everyprincipal in this book is in attendance. Civil Libertarians. ComputerCops. The Digital Underground. Even a few discreet telco people. Colorcoded dots for lapel tags are distributed. Free Expressionissues. Law Enforcement. Computer Security. Privacy. Journalists. Lawyers. Educators. Librarians. Programmers. Stylish punk-blackdots for the hackers and phone phreaks. Almost everyone here seems towear eight or nine dots, to have six or seven professional hats. 

It is a community. Something like Lebanon perhaps, but a digitalnation. People who had feuded all year in the national press, peoplewho entertained the deepest suspicions of one another's motives andethics, are now in each others' laps. "Computers, Freedom and Privacy"had every reason in the world to turn ugly, and yet except for smallirruptions of puzzling nonsense from the convention's token lunatic, asurprising bonhomie reigned. CFP was like a wedding-party in which twolovers, unstable bride and charlatan groom, tie the knot in a clearlydisastrous matrimony. 

It is clear to both families--even to neighbors and random guests--that this is not a workable relationship, and yet the young couple'sdesperate attraction can brook no further delay. They simply cannothelp themselves. Crockery will fly, shrieks from their newlywed homewill wake the city block, divorce waits in the wings like a vultureover the Kalahari, and yet this is a wedding, and there is going to bea child from it. Tragedies end in death; comedies in marriage. TheHacker Crackdown is ending in marriage. And there will be a child. 

From the beginning, anomalies reign. John Perry Barlow, cyberspaceranger, is here. His color photo in The New York Times Magazine, Barlow scowling in a grim Wyoming snowscape, with long black coat, darkhat, a Macintosh SE30 propped on a fencepost and an awesome frontierrifle tucked under one arm, will be the single most striking visualimage of the Hacker Crackdown. And he is CFP's guest of honor--alongwith Gail Thackeray of the FCIC! What on earth do they expect thesedual guests to do with each other? Waltz?

Barlow delivers the first address. Uncharacteristically, he ishoarse--the sheer volume of roadwork has worn him down. He speaksbriefly, congenially, in a plea for conciliation, and takes his leaveto a storm of applause. 

Then Gail Thackeray takes the stage. She's visibly nervous. She'sbeen on the Well a lot lately. Reading those Barlow posts. FollowingBarlow is a challenge to anyone. In honor of the famous lyricist forthe Grateful Dead, she announces reedily, she is going to read--A POEM. A poem she has composed herself. 

It's an awful poem, doggerel in the rollicking meter of Robert W. Service's The Cremation of Sam McGee, but it is in fact, a poem. It'sthe Ballad of the Electronic Frontier! A poem about the HackerCrackdown and the sheer unlikelihood of CFP. It's full of in-jokes. The score or so cops in the audience, who are sitting together in anervous claque, are absolutely cracking-up. Gail's poem is thefunniest goddamn thing they've ever heard. The hackers and civil-libs, who had this woman figured for Ilsa She-Wolf of the SS, are staringwith their jaws hanging loosely. Never in the wildest reaches of theirimagination had they figured Gail Thackeray was capable of such atotally off-the-wall move. You can see them punching their mentalCONTROL-RESET buttons. Jesus! This woman's a hacker weirdo! She'sJUST LIKE US! God, this changes everything!

Al Bayse, computer technician for the FBI, had been the only cop at theCPSR Roundtable, dragged there with his arm bent by Dorothy Denning. He was guarded and tightlipped at CPSR Roundtable; a "lion thrown tothe Christians. "

At CFP, backed by a claque of cops, Bayse suddenly waxes eloquent andeven droll, describing the FBI's "NCIC 2000", a gigantic digitalcatalog of criminal records, as if he has suddenly become some weirdhybrid of George Orwell and George Gobel. Tentatively, he makes anarcane joke about statistical analysis. At least a third of the crowdlaughs aloud. 

"They didn't laugh at that at my last speech, " Bayse observes. He hadbeen addressing cops--STRAIGHT cops, not computer people. It had beena worthy meeting, useful one supposes, but nothing like THIS. Therehas never been ANYTHING like this. Without any prodding, without anypreparation, people in the audience simply begin to ask questions. Longhairs, freaky people, mathematicians. Bayse is answering, politely, frankly, fully, like a man walking on air. The ballroom'satmosphere crackles with surreality. A female lawyer behind me breaksinto a sweat and a hot waft of surprisingly potent and musky perfumeflows off her pulse-points. 

People are giddy with laughter. People are interested, fascinated, their eyes so wide and dark that they seem eroticized. Unlikelydaisy-chains form in the halls, around the bar, on the escalators: copswith hackers, civil rights with FBI, Secret Service with phone phreaks. 

Gail Thackeray is at her crispest in a white wool sweater with a tinySecret Service logo. "I found Phiber Optik at the payphones, and whenhe saw my sweater, he turned into a PILLAR OF SALT!" she chortles. 

Phiber discusses his case at much length with his arresting officer, Don Delaney of the New York State Police. After an hour's chat, thetwo of them look ready to begin singing "Auld Lang Syne. " Phiberfinally finds the courage to get his worst complaint off his chest. Itisn't so much the arrest. It was the CHARGE. Pirating service off 900numbers. I'm a PROGRAMMER, Phiber insists. This lame charge is goingto hurt my reputation. It would have been cool to be busted forsomething happening, like Section 1030 computer intrusion. Maybe somekind of crime that's scarcely been invented yet. Not lousy phonefraud. Phooey. 

Delaney seems regretful. He had a mountain of possible criminalcharges against Phiber Optik. The kid's gonna plead guilty anyway. He's a first timer, they always plead. Coulda charged the kid withmost anything, and gotten the same result in the end. Delaney seemsgenuinely sorry not to have gratified Phiber in this harmless fashion. Too late now. Phiber's pled already. All water under the bridge. Whaddya gonna do?

Delaney's got a good grasp on the hacker mentality. He held a pressconference after he busted a bunch of Masters of Deception kids. Somejourno had asked him: "Would you describe these people as GENIUSES?"Delaney's deadpan answer, perfect: "No, I would describe these peopleas DEFENDANTS. " Delaney busts a kid for hacking codes with repeatedrandom dialling. Tells the press that NYNEX can track this stuff in notime flat nowadays, and a kid has to be STUPID to do something so easyto catch. Dead on again: hackers don't mind being thought of asGenghis Khan by the straights, but if there's anything that really gets'em where they live, it's being called DUMB. 

Won't be as much fun for Phiber next time around. As a second offenderhe's gonna see prison. Hackers break the law. They're not geniuses, either. They're gonna be defendants. And yet, Delaney muses over adrink in the hotel bar, he has found it impossible to treat them ascommon criminals. Delaney knows criminals. These kids, by comparison, are clueless--there is just no crook vibe off of them, they don't smellright, they're just not BAD. 

Delaney has seen a lot of action. He did Vietnam. He's been shot at, he has shot people. He's a homicide cop from New York. He has theappearance of a man who has not only seen the shit hit the fan but hasseen it splattered across whole city blocks and left to ferment foryears. This guy has been around. 

He listens to Steve Jackson tell his story. The dreamy game strategisthas been dealt a bad hand. He has played it for all he is worth. Under his nerdish SF-fan exterior is a core of iron. Friends of hissay Steve Jackson believes in the rules, believes in fair play. Hewill never compromise his principles, never give up. "Steve, " Delaneysays to Steve Jackson, "they had some balls, whoever busted you. You're all right!" Jackson, stunned, falls silent and actually blusheswith pleasure. 

Neidorf has grown up a lot in the past year. The kid is a quick study, you gotta give him that. Dressed by his mom, the fashion manager for anational clothing chain, Missouri college techie-frat Craig Neidorfout-dappers everyone at this gig but the toniest East Coast lawyers. The iron jaws of prison clanged shut without him and now law schoolbeckons for Neidorf. He looks like a larval Congressman. 

Not a "hacker, " our Mr. Neidorf. He's not interested in computerscience. Why should he be? He's not interested in writing C code therest of his life, and besides, he's seen where the chips fall. To theworld of computer science he and Phrack were just a curiosity. But tothe world of law. . . . The kid has learned where the bodies are buried. He carries his notebook of press clippings wherever he goes. 

Phiber Optik makes fun of Neidorf for a Midwestern geek, for believingthat "Acid Phreak" does acid and listens to acid rock. Hell no. Acid's never done ACID! Acid's into ACID HOUSE MUSIC. Jesus. Thevery idea of doing LSD. Our PARENTS did LSD, ya clown. 

Thackeray suddenly turns upon Craig Neidorf the full lighthouse glareof her attention and begins a determined half-hour attempt to WIN THEBOY OVER. The Joan of Arc of Computer Crime is GIVING CAREER ADVICE TOKNIGHT LIGHTNING! "Your experience would be very valuable--a realasset, " she tells him with unmistakeable sixty-thousand-watt sincerity. Neidorf is fascinated. He listens with unfeigned attention. He'snodding and saying yes ma'am. Yes, Craig, you too can forget all aboutmoney and enter the glamorous and horribly underpaid world ofPROSECUTING COMPUTER CRIME! You can put your former friends inprison--ooops. . . . 

You cannot go on dueling at modem's length indefinitely. You cannotbeat one another senseless with rolled-up press-clippings. Sooner orlater you have to come directly to grips. And yet the very act ofassembling here has changed the entire situation drastically. JohnQuarterman, author of The Matrix, explains the Internet at hissymposium. It is the largest news network in the world, it is growingby leaps and bounds, and yet you cannot measure Internet because youcannot stop it in place. It cannot stop, because there is no oneanywhere in the world with the authority to stop Internet. It changes, yes, it grows, it embeds itself across the post-industrial, postmodernworld and it generates community wherever it touches, and it is doingthis all by itself. 

Phiber is different. A very fin de siecle kid, Phiber Optik. Barlowsays he looks like an Edwardian dandy. He does rather. Shaven neck, the sides of his skull cropped hip-hop close, unruly tangle of blackhair on top that looks pomaded, he stays up till four a. M. And missesall the sessions, then hangs out in payphone booths with his acousticcoupler gutsily CRACKING SYSTEMS RIGHT IN THE MIDST OF THE HEAVIEST LAWENFORCEMENT DUDES IN THE U. S. , or at least PRETENDING to. . . . Unlike"Frank Drake. " Drake, who wrote Dorothy Denning out of nowhere, andasked for an interview for his cheapo cyberpunk fanzine, and thenstarted grilling her on her ethics. She was squirmin', too. . . . Drake, scarecrow-tall with his floppy blond mohawk, rotting tennis shoes andblack leather jacket lettered ILLUMINATI in red, gives off anunmistakeable air of the bohemian literatus. Drake is the kind of guywho reads British industrial design magazines and appreciates WilliamGibson because the quality of the prose is so tasty. Drake could nevertouch a phone or a keyboard again, and he'd still have the nose-ringand the blurry photocopied fanzines and the sampled industrial music. He's a radical punk with a desktop-publishing rig and an Internetaddress. Standing next to Drake, the diminutive Phiber looks like he'sbeen physically coagulated out of phone-lines. Born to phreak. 

Dorothy Denning approaches Phiber suddenly. The two of them are aboutthe same height and body-build. Denning's blue eyes flash behind theround window-frames of her glasses. "Why did you say I was 'quaint?'"she asks Phiber, quaintly. 

It's a perfect description but Phiber is nonplussed . . . "Well, I uh, you know. . . . "

"I also think you're quaint, Dorothy, " I say, novelist to the rescue, the journo gift of gab. . . . She is neat and dapper and yet there's anarcane quality to her, something like a Pilgrim Maiden behind leadedglass; if she were six inches high Dorothy Denning would look greatinside a china cabinet . . . The Cryptographeress . . . TheCryptographrix . . . Whatever. . . . Weirdly, Peter Denning looks just likehis wife, you could pick this gentleman out of a thousand guys as thesoulmate of Dorothy Denning. Wearing tailored slacks, a spotless fuzzyvarsity sweater, and a neatly knotted academician's tie. . . . Thisfineboned, exquisitely polite, utterly civilized and hyperintelligentcouple seem to have emerged from some cleaner and finer paralleluniverse, where humanity exists to do the Brain Teasers column inScientific American. Why does this Nice Lady hang out with theseunsavory characters?

Because the time has come for it, that's why. Because she's the bestthere is at what she does. 

Donn Parker is here, the Great Bald Eagle of Computer Crime. . . . Withhis bald dome, great height, and enormous Lincoln-like hands, the greatvisionary pioneer of the field plows through the lesser mortals like anicebreaker. . . . His eyes are fixed on the future with the rigidity of abronze statue. . . . Eventually, he tells his audience, all businesscrime will be computer crime, because businesses will do everythingthrough computers. "Computer crime" as a category will vanish. 

In the meantime, passing fads will flourish and fail and evaporate. . . . Parker's commanding, resonant voice is sphinxlike, everything is viewedfrom some eldritch valley of deep historical abstraction. . . . Yes, they've come and they've gone, these passing flaps in the world ofdigital computation. . . . The radio-frequency emanation scandal . . . KGBand MI5 and CIA do it every day, it's easy, but nobody else everhas. . . . The salami-slice fraud, mostly mythical. . . . "Crimoids, " hecalls them. . . . Computer viruses are the current crimoid champ, a lotless dangerous than most people let on, but the novelty is fading andthere's a crimoid vacuum at the moment, the press is visibly hungeringfor something more outrageous. . . . The Great Man shares with us a fewspeculations on the coming crimoids. . . . Desktop Forgery! Wow. . . . Computers stolen just for the sake of the information withinthem--data-napping! Happened in Britain a while ago, could be thecoming thing. . . . Phantom nodes in the Internet!

Parker handles his overhead projector sheets with an ecclesiasticalair. . . . He wears a grey double-breasted suit, a light blue shirt, anda very quiet tie of understated maroon and blue paisley. . . . Aphorismsemerge from him with slow, leaden emphasis. . . . There is no such thingas an adequately secure computer when one faces a sufficiently powerfuladversary. . . . Deterrence is the most socially useful aspect ofsecurity. . . . People are the primary weakness in all informationsystems. . . . The entire baseline of computer security must be shiftedupward. . . . Don't ever violate your security by publicly describingyour security measures. . . . 

People in the audience are beginning to squirm, and yet there issomething about the elemental purity of this guy's philosophy thatcompels uneasy respect. . . . Parker sounds like the only sane guy leftin the lifeboat, sometimes. The guy who can prove rigorously, fromdeep moral principles, that Harvey there, the one with the broken legand the checkered past, is the one who has to be, err . . . That is, Mr. Harvey is best placed to make the necessary sacrifice for the securityand indeed the very survival of the rest of this lifeboat's crew. . . . Computer security, Parker informs us mournfully, is a nasty topic, andwe wish we didn't have to have it. . . . The security expert, armed withmethod and logic, must think--imagine--everything that the adversarymight do before the adversary might actually do it. It is as if thecriminal's dark brain were an extensive subprogram within the shiningcranium of Donn Parker. He is a Holmes whose Moriarty does not quiteyet exist and so must be perfectly simulated. 

CFP is a stellar gathering, with the giddiness of a wedding. It is ahappy time, a happy ending, they know their world is changing forevertonight, and they're proud to have been there to see it happen, totalk, to think, to help. 

And yet as night falls, a certain elegiac quality manifests itself, asthe crowd gathers beneath the chandeliers with their wineglasses anddessert plates. Something is ending here, gone forever, and it takes awhile to pinpoint it. 

It is the End of the Amateurs.