post a job find a job join
mediabistro.com
Content
home members' center employers listings events learn bulletin board content about us
news flash    spotlight    q & a    feature    reading room    
spotlight

A Conversation with Marc Barry
by Alita Edgar

Every journalist worth his salt knows Adam Penenberg as the Forbes reporter who uncovered Stephen Glass's fabrications in The New Republic. Penenberg has turned his investigative talents to the world of corporate spies in Spooked: Espionage in Corporate America (Perseus Publishing), which he coauthored with a real-live spook, Marc Barry. Since his coauthor was less known to the media world, we thought you might enjoy meeting him.

As founder of C3I Analytics (a corporate intelligence firm), Marc Barry has many identities: environmentalist, venture capitalist, headhunter. But in his own home, he's a gym addict, a collector of sixties-era Pop Art furniture and the only person to have written three state laws without a law degree.

Marc Barry's spacious loft in New York's Little Italy is populated in all its corners by jewel-toned psychedelic couches, curvaceous green and purple Ultrasuede-covered chairs, and not much else. He could share a decorator with Austin Powers, or A Clockwork Orange's Korova Milkbar. "I view this stuff as functional art," he says. Pointing at the bright, sleek lounges, he remarks," I'm waiting for a guy I know to come over and see these. The biggest piece of that fabric I'd ever seen before was just about enough to cover that tongue chair over there. He bought it from a dealer in France, and I envied him. He paid twelve thousand dollars for it. When he sees this, he'll have a conniption fit." He lounges with his feet up on the couch in question.

MB: Tell me how you and Adam collaborated on the book.

Barry: Adam was the co-writer and it was his whole idea to do the book. I'm good at what I do, but I mean, the book could not have been written without him, especially as far as the whole structure of the book goes. I handled all the technical aspects. I did the sourcing. But all the character stuff was written by Adam. Anything where you see two people talking in a room, that's Adam. I'm the parts about where corporate intelligence came from, the CIA's involvement, the National Security Administration's (NSA) involvement. That's what I know. Adam's very good at getting in people's heads, putting down how it was done, what was happening-that's not something I can do. I can write a narrative of things that happened to me and I can do it in the third person. But I frankly wouldn't have done it for the money they were offering.

MB: In Chapter 4, "The Kite", which The New York Times Magazine excerpted, you pose as an environmentalist and the president of a fake company. Do you often assume false identities in your work?

Barry: Well, in my work I've posed as a venture capitalist, as a recruiter, a headhunter. I've met people who thought they were interviewing for a job, and in reality I was debriefing them on who they were actually working for. I've set up front companies. They're very elaborate and convoluted ruses. But the point of that chapter ("The Kite") is that you don't always need that. Sometimes if you have a telephone and you know exactly where the information is, it's easy to bang it out.

I would rather they'd chosen the chapter called "The Intelligencing of Corporate America," or the Motorola chapter ("Motorola: First in Business Collection"). Those were both more technical. I hate pandering to the lowest common denominator. What do I care whether a bunch of stupid people understand or not? Unfortunately, that's who the publisher wants you to write to-Horatio the Hornblower, standing in Barnes & Noble. They're trying to get him to plunk down his $26.50. I'm really amazed at how low the bar is in publishing.

I think people in my industry are going to read the book, and they are going to laugh, because it doesn't tell nearly enough.

MB: Are you satisfied with how the book turned out? Is there anything you would have done differently?

Barry: I just wish I was free to speak more candidly about what I know. If I could talk about the things that I have done in my career, there'd be congressional hearings. There's nothing that corporate America is doing that is less ruthless than what the US intelligence community-the CIA or the NSA or the DIA-is doing. And there's just so much hypocrisy involved. It's all hidden behind layers of nondisclosure agreements.

I don't see anything wrong with what they're doing either. The trouble I see is that nobody will own up to it. I mean, I've got money in the stock market. I think the average person wants companies to be using competitive intelligence.

I've had board members of SCIP (the Society of Competitive Intelligence Professionals) asking me to do some pretty dubious things because they don't want to get caught doing it themselves. That's what bothers me. They should just own up to what they're doing. If you don't agree with it, fine. If you resent me for talking about it, that's fine too, but don't deny it. Don't sit there and tell me it doesn't exist when it does. Then you're creating a scenario where I have to prove you wrong. And if I have to prove you wrong, that's going to be ugly.

MB: If everyone owned up to it, it wouldn't be secret.

Barry: Well, we're in such a PR-driven society. If it seems like it might result in some bad publicity, they don't want to do it. The C.I. industry itself is so concerned with image, and so concerned with cultivating an industry and making it more user-friendly and more palatable to a broader cross section of other industries that they want everyone to think that it's all warm and fuzzy. The leaders of the SCIP community will say, "Oh, our intelligence is all open source, nothing that could be remotely considered underhanded," and that's just not true. And granted, there is a lot out there. There's more information than most people realize out there, if you know where to look. But certain things, like Merck's new synthetic fluid for the knee that hasn't even passed clinical trials yet-you're not going to get that information unless you bamboozle it out of somebody. You're not going to get that without deception. And that's what I excel at.

MB: Tell me about your company, C3I Analytics. I hear you're building a war room?

Barry: Basically 75 percent of what we're doing right now is competitive intelligence. The other 25 percent is a joint venture I'm involved in with Raytheon. They're an enormous defense contractor-the guys who build satellites for the CIA. We're talking about building a $12 million war room. There's only one other facility like it in the world-the LIWA (Land Information Warfare Activity) center, owned by the Army. There's 24 feet of panoramic video screens going around the room, and supercomputers capable of dragging in huge nets of raw data from the world press and public files.

We can also do things like scenario war-rooming, where, say, Texaco wants to know about a huge oil reserve in the Caspian Sea. And Shell Oil gets control of it. So Texaco wants to know what's going to happen to prices globally. We can take all the elements in play, turn it into a scenario and run it. The idea is to provide big picture analysis. We can videoconference between 500 people in various parts of the world-everything from that to weather patterns. The guy who designed the war room, I've been told, actually designed the set for Star Trek: The Next Generation. It's very space-age looking. It's got a captain's chair.

In May when we were writing the manuscript, it said it was going to cost 7 million dollars. Now it's up to 12. My guess is by the time this thing is built, it's probably going to cost 15 or more.

It should be a lot of fun. It's going to be my New York Times obituary-"that name sounds familiar, who's that? Oh the guy that built that war room." We're charging clients a million dollars a year. We're going to handle everything from trademark counterfeiting to merging to competitive intelligence.

MB: When you were in high school, did you think, "I'm going to grow up and build a war room?"

Barry: That was the last thing on my mind. I was drinking and going to strip clubs, hanging out with my friends. I'm in the business for the cerebral aspects of this. They have it, they're going to hide it-how am I going to get it? Every chase, every caper I do is totally different. It never gets boring. I mean, I can go to a party and I'll know a little bit about a million different subjects.

I enjoy when people hide something and it's up to me to try to get it out of them. It's funny, because I hate it in my personal life. I rationalize all the duplicity and underhandedness by saying, "If I'm not doing it in my personal life, then I'm cool." I have a very compartmentalized life. That's why this book is getting kind of tricky. It's crossing the line. It's turning into my life.

MB: Do you feel like they're trying to sell this book based on your mystique?

Barry: I'm no different than anybody else. They try to sell you as this larger-than-life character, and I can understand the reasons for that. It's just hard to deal with at times. Sometimes I don't feel like playing spy. Most of the people I get talking to me are like, "So, do you bug telephones?" Jesus, how about a token for the cool machine!

If I did do those things, I wouldn't tell you. There's a lot more to it. I specialize in "humint"-human intelligence, eliciting from people. That other thing is "sigint," signal intelligence. It's a different deal. And then they're like, "Oh, fascinating," and they scribble in their notebooks. My friends down in D.C. and I goof on that. It sounds really pompous, but we say to each other, "If they really knew what went on…."

Running phone tolls and things like that are just starting to come out now. I've been running people's phone tolls for years! I used to do that on girlfriends, girls I just met. Then I found out how bad that is. It really ruins the relationship because then you have this profile of what she is. It robs you of all the magic of getting to know somebody. When you run somebody, you know their whole life history. If they're fibbing or embellishing, you know that too. You're like, "Don't give me that, I've got your ten-year address history right here!"

Biography

Adam Penenberg is a well-known investigative journalist. He currently writes for Time and Fortune, and was on staff at Forbes magazine and Forbes.com. His work has also appeared in the New York Times, Wired, and Playboy. He resides in New York City.

Marc Barry is an intelligence practitioner and a national expert on intellectual property. He is the founder of C3I Analytics, a corporate intelligence firm in New York City. His clients are Fortune 400 companies.

An excerpt from Spooked: Espionage in Corporate America
by Adam L. Penenberg and Marc Barry

Chapter 9: "Chief Hacking Officer"

Click to order

Marc Maiffret, his hair purple, spiky, and coated in gel, doesn't look like an operative paid to steal what a Kashmiri terrorist believed was top-secret U.S. military software. Partial to black pants and silk button-down shirts, Maiffret likes "to dress like Nicholas Cage," but at five foot six he's built more like a neo-Gothic version of Barney Rubble.

It has come as no surprise to the twenty-year-old cybersavant known as "Chameleon" that life is a numbers game. For as long as he can remember, the digital intruder turned Internet security guru has existed in a netherworld of digits. Zeroes and ones "that I manipulated and that manipulated me," strung together in the language of binary code, the basis of the commands he used to forge the applications that underlie the operating systems that serve as the brains of the computer networks he breaks into.

Chameleon, who specializes in tearing apart Microsoft software for security holes, says "I didn't graduate from MIT with top honors. My world has revolved around breaking software and systems while the security professionals' world has revolved around fixing and securing their systems against me and my attacks-attacks they know nothing about."

Now, as a cofounder of eEye, a top Internet security consulting firm, he has become one of those computer security pros he used to outfox. Maiffret has business cards, but that doesn't mean he has gone mainstream. After all, they read, "Chief Hacking Officer." He, and antiestablishment propeller-heads like him, with hacker handles like "Jericho," "Dildog," "Punkis," and "Tweety Fish," personify why corporate espionage has not yet been retrofitted for cyberspace.

But how tempting it must be for corporate America. Already most companies store vast caches of valuable data-including personnel records, customer billing, confidential financial information, confidential blueprints, marketing plans, and technologies in the R&D stage-in their computer networks. From a remote location anywhere in the world, a skilled digital intruder could sneak into a corporate network by tricking the network software to run his commands and not those of the system administrator. Once inside, he could jump from machine to machine, copying documents and confidential e-mail. A world of bits and bytes, since he leaves his bounty behind as well as taking it with him, a company wouldn't even know it had been hacked-unless the perp bragged.

"I think as businesses move more data online, their competitors will find it tempting to hire hackers," says Dale Coddington, systems security engineer for eEye Digital Security. "Since the FBI's track record catching them is less than stellar, there's little chance a well-trained hacker will get caught. With such low risk and high reward, it's inevitable some company is going to get burned through cyberspace. The question is, will it even know about it?"

Since the dawn of electronic time (the 1960s) computer hackers have roamed "cyberspace"-even before that word was first coined by sci-fi writer William Gibson in the 1984 paperback Neuromancer. At first the Internet connected a select group of universities and research institutions; the term "hacker" was either used to describe someone with a bad golf swing or a geek who explored the innermost workings of computer systems. In neither instance was a hacker a lawbreaker. He usually attained his skills by spending thousands of hours spelunking through large networks, studying how they were cobbled together. The invention of the World Wide Web in 1989 changed all this. At first the Information Superhighway was a mere backcountry road, riddled with potholes and service disruptions. As late as 1996 most Americans had never heard of the web, the word "browser" was used to describe someone wandering around a store without a plan, and few corporations maintained a presence in cyberspace.

As the 1990s hustled forward companies began to recognize the inevitability of business-to-consumer e-commerce, and by 2000 there were millions of web sites, many of them belonging to corporations and small businesses, as well as universities, research centers, think tanks, mom-and-pop operations, religious and political zealots, porn providers, online scammers and hate groups, newspapers, magazines, and publishing houses, hackers, and music and software pirates, as well as your regular Joe and Josephine Q. Public.

But more web sites means more computer assaults. In 1988, the first year for which statistics are available, there were 6 reported hacking incidents, according to CERT (part of Carnegie Mellon University's Software Engineering Institute). Four years later there were 773. The year 1995 saw 2,412 attacks launched on computers, with the number quadrupling to 9,859 in the year 1999. The first quarter of 2000 continued this trend, setting a pace that should easily eclipse 10,000 hacks for the year. And these are just the reported ones. The Pentagon alone suffers hundreds of attacks a week, as do scores of other government and military sites. Motorola, the New York Times, and Yahoo! are just a few of the companies that have had their web sites taken over by obstreperous digital felons.

Greater global interconnectedness isn't just part of a cybergeek's daily musings, it has also been working its way into the mainstream. Horror flick sequels specialist Wes Craven (director of Scream et al. and numerous Nightmares on Elm Street) says: "I look at computers and their growing global linkage as the beginning of neural pathways to planet consciousness. It began with the telegraph, the foundation for using numbers to convey information, to the computers of today. The way that computers are growing closer together, linked by the Internet, creates a digital central nervous system. There's a brain forming around the skin of the planet."

Trippy, maybe. But this greater human virtual connectivity comes at a price: security. The ease with which a massive wave of "denial of service" (DOS) attacks were launched against powerhouse e-commerce success stories in February 2000 illustrates that everyone, even the richest corporation, is equally vulnerable in cyberspace. Yahoo!, E*Trade, Amazon, Buy.com, and a score of other sites were hit with a hailstorm of tiny electronic packets containing anticorporate messages. The company's routers and servers hyperventilated from the onslaught, slowing traffic to a crawl and in some cases shutting down the network. In real-world terms it was the equivalent of a million irate PC owners simultaneously dialing twenty frazzled tech-support operators. The result: a stream of busy signals and a whole lot of frustrated customers.

"Hackers have known for a long time a large-scale DOS like this could be done, but no one's had the chutzpah to do it before," says Tweety Fish, a member of "Cult of the Dead Cow," an underground hacker organization the DOS attackers sent greetings to within the code used to flood targets. (Dead Cow members had nothing to do with it.)

Computer security company ICSA estimates there are 1 million hackers around the globe, many of them "script kiddies," or wannabees who wouldn't know computer code from Morse code but who get behind corporate firewalls by relying on point-and-click software available from hacker sites on the Internet-free for the asking, for those who know where to surf.

But don't expect corporations to turn to hackers to find out what rivals are up to any time soon. Corporate suits don't trust computer culture kids like Maiffret, and have even less desire to work with them; usually corporate IT departments' interface with his kind is when the company's home page has been graffitied by some "script kiddie." When companies hire computer experts from the outside, it is usually for computer forensics, another hot field. This is used to catch a disgruntled employee stealing data, or to nab someone distributing confidential material via e-mail. In 1998 Maiffret was hired to gather evidence for a civil suit. The client's spiteful ex-lover had stolen the license for a valuable microsurgical clamp from his company, AroSurgical of Newport Beach, California. Maiffret specially coded software to monitor her corporate e-mail account, hoping she would be reckless enough to continue using it. He was pleased when she did, dialing in from home. Maiffret didn't monitor her outgoing e-mail but he could see the incoming messages.

Every ten minutes the program would check her e-mail account, make copies, and send them to us, a program that it took me about forty-five minutes to code. We could have used the Microsoft Outlook program, but I didn't want files removed from the server, because then she wouldn't have gotten her mail and gotten suspicious.

One of the e-mails came from a company she had solicted that mentioned the existence of the document and would they be interested in talking. AroSurgical got an injunction, barring her from using the pilfered license, and eEye got to bill $240 an hour.

Maiffret believes he has the creativity to solve almost any problem on the fly-and that's because of his hacker roots. But many computer security firms claim they won't hire people like him. They say they are fearful of a criminal past.

ISS, an Internet security company headquartered in Atlanta, has for years decried the use of hackers by its competitors. The company guarantees its employees have pure pasts by conducting extensive background checks. But, points out Space Rogue publisher of the Hacker News Network and a member of the L0pht Heavy Industries, a hacker think tank in Boston, companies already hire hackers, they just don't know it.

"There is no national hacker registry to check on someone's hacker status," says Space Rogue, who, along with other members of L0pht, testified before Congress in 1998 about threats to the National Electronic Infrastructure. "Any company that comes out and claims, 'We do not hire hackers' is deluding itself," he continues.

ISS CEO Christopher Klaus, who kicked off his company in 1994 with a single product, calls hiring hackers "a questionable practice, which could lead to tremendous legal liability." The $3 billion company, housed in Atlanta, refers to itself as "the world's leading provider of security management solutions for the Internet," claiming more than 5,000 customers, including twenty-one of the twenty-five largest U.S. commercial banks, nine of the ten largest telecommunications companies, and more than thirty-five government agencies. Klaus, himself a reformed hacker who used the identity "Coup" would have a lot to lose if he brought in the wrong guys.

But ISS has in fact hired a half a dozen or more known hackers in recent years, some who have the reputation for being quite malicious, including one who goes by the name "Prym" and has been linked to a number of high-profile assaults on corporate, government, military, and proenvironmental web sites: "Phree Kevin Mitnick or we will club 600 baby seals," the nasty teen once scrawled across GreenPeace's home page. (At the time hacker Kevin Mitnick was in prison, and a major cause cèlébre.)

Klaus admits Prym was on ISS's payroll but "it was mutually decided we would part company. He no longer works at ISS." Another ISS employee edited the hacker 'zine Phrack, and at least two others coded hacker software exploits that somehow got into the wild. These exploits, some computer professionals say, were responsible for thousands of successful computer attacks over an eighteen-month period. Although Klaus says that he knew nothing about the extracurricular hacktivities of some of the young professionals he hired for his "X-Team," a much-hyped special security unit within the company, it's been an open secret in hacking circles for years.

Hackers like Maiffret detest law enforcement, distrust government, and can't stand corporations. Even when one of their own-Coup-turned corporate, he became, in their eyes, a hypocrite by disavowing his roots. Hackers' currency is up-to-the-second information, the lifeblood of their vocations. Who'd want to help a corporation make money? Besides, those who come equipped with the highest hacker skill levels often carry on two lives: In the virtual world they are shadowy figures who explore the farthest reaches of cyberspace for security holes. They create new scripts, sometimes malicious, contact software vendors to warn them about flaws in their products, set up web sites to comment on the scene, and publish copies of hacked corporate home pages (available at www.attrition.org).

They are often computer activists with a bent for anarchy. Information, the old hacker credo goes, wants to be free. In the real world, however, that same information about hacking and security vulnerabilities reaps them six-figure salaries as network consultants. Just because they are upper-income-earning, tax-paying, law-abiding citizens when they are not wired into their computers doesn't mean they have changed their worldviews. Hacking isn't just the accumulation of a special set of skills, it's a way of life, an obsession, more a new type of millennial philosophy than a job description at an "information resource" company.

No one better personifies this than Dildog, also a member of Cult of the Dead Cow, who was lounging in his hotel suite at the 1999 Defcon hacking convention, a smile smeared on his face. Being Las Vegas in July, the temperature outside is 100 degrees, but Dildog was air-conditioned cool. The unveiling of his latest software upgrade for "Back Orifice," a not-so-subtle dig at Microsoft's Back Office, had been a rousing success. The software is a corporate spook's hottest fantasy tool. Once installed on a target's computer network (it could be secretly planted merely by sending it as an e-mail attachment) it gave the user total access and control. From a remote location, a spy could explore every nook and cranny of the system and analyze every single activity, as if he were the systems administrator. He could capture all passwords and keystrokes, copy all documents and files, hop unhindered from machine to machine, from web server to e-mail files, surf through databases containing vast caches of credit cards, and wiggle his way into vast stores of personal information gathered from customers. The software also came equipped with programs that could turn on and control built-in microphones and PC cameras without the user knowing. Anyone could be watched and recorded at any time. Call it the Corporate Cam.

But that's not why Dildog, who earns big bucks at an established technology company, created it. Although software makers, computer security companies, antivirus makers, and law enforcement claimed the release of Back Orifice 2000 was just a way for hackers to legitimize illegal computer intrusions, Dildog says he is just trying to point out potential problems with Microsoft's software. Computer security companies are "afraid to admit that their detection system is horribly and possibly irreparably flawed," he says. "[They] give people the impression their software 'raises the bar' against the average hacker. Unfortunately, this also fools people with really critical networks into thinking that this software is sufficient to protect them. People trusting this stuff to protect them <el> are in for a surprise."

A gaggle of followers, most of them in their twenties and dressed in noir black, with tattoos, piercings, and scraggly hair, waited for Dildog in his hotel suite. They sat cross-legged on the carpet, availing themselves to a well-stocked minibar piled high with bottles of vodka, bourbon, and whiskey. Of the 3,000 hackers, crackers, geeks, "scene whores" (hacker groupies), computer security professionals, journalists, undercover cops, and federal agents who attended the 1999 Defcon hacker convention, 2,000 of them had crammed into a conference room at the Alexis Park Hotel to watch the BO2K release. The year before, Cult of the Dead Cow had chosen Defcon to promote the first version of its Back Orifice. Written by fellow Cult member Sir Dystic, it worked on Windows 95 and 98 machines by secretly creating a back door so that a remote user could control all functions on those computers.

The upgrade Dildog-coded version had been designed to work with networks that run on Windows NT, and it camouflaged itself extremely well. Cult of the Dead Cow members didn't travel all the way to Las Vegas to disappoint. They kicked off the conference with a laser light show, culminating in a deafening electronic moo sound. The crowd gyrated and cheered. Then, while Dildog and his associates explained their don't-blame-us-if-Microsoft-products-suck philosophy, a CD-ROM label was projected on the wall behind them, a cow head spinning and spinning. At the end of the presentation, Cult members flung two dozen CD-ROMS containing the Back Orifice update. The crowd surged forward. Antivirus makers and computer security company reps watched closely, hoping to later corral someone with a copy. The first one to crack the program would win bragging rights, their names in a press release, perhaps even a mention in some magazine or newspaper articles as heros who thwarted the evil intentions of the Cult of the Dead Cow hacker gang.

An employee of ISS threw himself into the mob and somehow snagged a copy. Within twenty-four hours, the company would crack parts of the program and release an application that could identify it. At the time, Dildog didn't know this, and even if he had he wouldn't have cared. In an earlier Internet conversation, according to [Dildog?], an ISS employee had approached him and asked how much of a bribe it would take for him to pass the company an advance copy of the software, he claims. "Money doesn't motivate us," he said, but as a joke the Cult sent the ISS minion back a note saying it would take $1 million and a monster truck. Later, Cult members would be chagrined to discover the original discs dispersed at Defcon had been infected with the Chernobyl computer virus. "Very embarrassing," Tweety Fish admits.

Although ISS had been more than happy to play up the fact that it could detect the software, Dildog fully expected companies would not only reverse-engineer it, they would soon come up with a removal tool. That was why he'd released his software as "open source," which meant hackers the world over could tweak the code to suit their needs. From previous experience, Dildog figured BO2K would then spread like a virus, morphing into perhaps dozens of different versions. He counted more than 300,000 downloads of the original Back Orifice, which ran solely on Windows 95 and 98 and was spread primarily by e-mail attachment. Who knew how many other copies had been spread friend to friend, hacker to hacker, "cracker" to victim? Dildog didn't care. Like Louis Malle, the French film director who once said, "I like confusion, but it drives the crew crazy," Dildog enjoyed anarchy and confusion, believing the question was usually more important than the answer.

In a hacker's eyes, only one thing could be worse than dealing with a corporation, and that would be breakfasting with law enforcement. A number of geeks complain that FBI agents have stormed into their homes waving warrants and confiscating computers. "And the feds never seem to get around to returning your stuff either," says Maiffret, who was raided by the feds in 1998. "Even if they did give it back, the way technology changes it would just be old tech anyway. So it's really a way of them to punish you without actually having to go to the trouble of taking you to court." Just dealing with an allegation can cost $2,000 to $5,000, and perhaps $20,000 to deal with more serious legal issues. Or more.

Kevin Mitnick's defense team, which was paid a fraction of what it usually earns to defend the star-crossed computer addict, billed the government for 3,000 hours of work over three years, but put in more than double that. At the usual L.A. lawyer rates, that would have meant Mitnick's bill, if he'd paid legal retail, would have topped $2 million. Why did his case drag on so long? Because "prosecutors [were] trying to make an example of him," surmises Jennifer Granick, a San Francisco lawyer who has defended a number of hackers.

What had Mitnick done to land him five years in jail? The indictment alleged he had copied proprietary computer and cell-phone software code from Motorola, Nokia, and Sun, worth, the government claimed, $80 million. In essence, prosecutors were charging him with economic espionage before there was a law against it. Mitnick, who was sentenced to a halfway house as a teenager for treatment for an obsession with computers, admits he hoarded this information but never shared it with anyone. He claims he wanted to study it.

"When he was in jail his eyes would shine whenever we would talk about computer code," says Brian Martin, aka "Jericho," webmaster of attrition.org, a site that tracks computer crime, and a former member of the Mitnick defense's computer forensics team. How did Mitnick, known less for his computer skills and more for his verbal dexterity, score his software fix? With Motorola, he says, it was easy. One day on his way home after work he stopped at a pay phone and, posing as an engineer, demanded the source code to a new cell phone. "A few minutes later I called back and was told it was already being transmitted to an online account I'd given them," Mitnick says. By the time he got home he had scored the blueprints to Motorola's latest product.

For a pretty abstract kind of crime, the government's tactics were heavy-handed, as if it were dealing with a terrorist. Mitnick wasn't just denied bail, he was denied a bail hearing. Donald Randolph, Mitnick's court-appointed attorney, says he had never heard of that before in his twenty-five years of practice. It took almost a year, and a number of motions filed by Randolph, before the prosecution turned over the nine gigabytes of electronic evidence it had accumulated, so the defense could prepare its case. Prosecutors were reluctant to give Mitnick a laptop to prepare his defense. Much of the rationale for the delay was the unfounded fear that somehow Mitnick could-without a modem-wreak cyberhavoc from prison. Indeed, prison officials had imbued Mitnick with powers befitting James Bond. He was once stowed in solitary confinement because prison officials were afraid he could turn his walkman into an FM transmitter that could be used to bug the warden's office.

When legal historians look back on Mitnick's case, they may be left scratching their heads over some of Judge Mariana Pfaelzer's odder rulings. It is with the issue of encryption that the Mitnick case really broke new ground. "This may be the first case in which encryption issues were litigated in a criminal arena," says Randolph of the Santa Monica, California-based firm Randolph & Levanas. "But get ready, it's going to be a regular issue starting now." Especially after the Department of Justice had for a time tossed around a very bad idea called the "Cyberspace Electronic Security Act." The bill was scary for a number of reasons. It would have permitted investigators to secretly enter your home, your private property, and search through your computer, or even install software without your knowledge that could intercept your keystrokes-your passwords, private e-mail conversations and online chats, or override encryption programs. Fortunately, after word of the proposal leaked out and met a storm of resistance, the Department of Justice quietly buried it.

But it continued to be concerned that criminals will rely more and more on encryption. Unfortunately, its proposed solution would have been like using satellite surveillance to nab a purse-snatcher. Of course, the irony was not lost on hackers: the Department of Justice was asking permission to breach Americans' computer systems while at the same time they went after people who breached Americans' computer systems, American companies, and the American government.

With Mitnick, the issue centered around a section of encrypted data found on the laptop in his possession when he was arrested in 1995. Since the prosecution couldn't crack the code, they said they wouldn't turn it over to the defense as discovery until Mitnick handed over the encryption key. The judge agreed. "In essence, the prosecution was arguing that their ignorance provides the justification for withholding evidence," Randolph says. "To the best of our knowledge, never before had this tactic been attempted." The reason Mitnick's attorneys wanted to see the evidence, besides their constitutional right to do so, was to see if there was any evidence that would point to Mitnick's innocence. If, for instance, he got Motorola cell phone source code from a source other than Motorola, he would not be guilty of computer fraud. (He might have been in receipt of stolen property, but that would have been a misdemeanor.) And Motorola's source code, and Sun's and Nokia's, had been floating around hacker circles for years.

What was the result of the well-publicized treatment Kevin Mitnick received? Hundreds of attacks on corporate, government, and military web sites protesting his treatment, with web sites like kevinmitnick.com and freekevin.com spreading the latest Kevin Mitnick news. Much of the reporting, naturally, derided law enforcement.

Martin even posted this joke on attrition.org: The NSA, the CIA, and the FBI all want to prove they are the best at apprehending criminals, so the president gives them a test. He releases a rabbit into the forest and commands each of them to catch it. The NSA places animal informants throughout the forest, and interrogate all plant and mineral witnesses. After three months of extensive investigations, they conclude that rabbits do not exist. The CIA, after two weeks with no leads, burns down the forest, killing everything in it, including the rabbit, which an unnamed agency source announces had it coming. The FBI takes only two hours to emerge from the forest with a badly beaten bear. The bear is yelling: "Okay, okay, I'm a rabbit, I'm a rabbit."

Hackers are always on red alert for the FBI. In fact, when Maiffret was contacted over the Internet by the alleged terrorist Khalid Ibrahim, a member of Harkat-ul-Ansar, a militant Indian separatist group on the State Department's list of the thirty most dangerous terrorist organizations in the world, he assumed Ibrahim worked for the feds. There are myriad reasons law enforcement has not been up to the task of combating digital crime. First, there is the dot com brain drain. The best and brightest take their pensions and jump to tech companies that pay three times their annual government salary. (You never hear of a top chief technology officer leaving his six-figure job to take a position with the FBI.) Or they start their own consultant firms. Law enforcement agents are also hampered by the realities of cyberspace. Unlike a crime scene in the real world, you can't seal off the entire computer network to a massive e-commerce site like Yahoo! Traditional crime-solving methods that have proved successful against terrorism and street crime don't work in the vagaries of cyberspace. Yet the FBI is stretched so thin, it often sends street agents to cover computer crime cases, the type of people who wouldn't know a URL from a UFO. Which is why the Bureau is viewed in such a dim light online. "The FBI is clueless when it comes to hackers," says Martin. "Their idea of a crime strategy is to track down rumors over the Internet in the hopes that someone is dumb enough to admit something."

This was the method they used to track who they thought had committed the February 2000 denial of service attacks. A week after the first wave, the FBI thought it had found its malicious geek: a pimply faced twenty-year-old "script kiddie" with low-level computer skills who, investigators believed, launched the electronic barrage from his job in tech support at a major auto parts supplier in Dearborn, Michigan. Although speculation had been running wild as to the identity of the culprit, hackers, crackers, pirates, and thieves treading on the seamy side of cyberspace were committing "serial bragging": taking credit for the attacks on hacker chat channels. Many had blithely assumed the name "MafiaBoy," one of the potential perps mentioned in a stream of news stories about the investigation. There were dozens of MafiaBoys running around the Internet in the days and weeks after the DOS. But one hacker wannabe stood out from the rest. "Pig Farmer," also known as "Eurostylin" and "Bean Farmer," had e-mailed Martin at the attrition site (he said he was a fan) right after the first wave of attacks, bragging about his exploits. When he couldn't answer simple questions about the assaults, however, he was dismissed as yet another crackpot craving the limelight.

As the real culprits unleashed torrents of electronic packets at more e-commerce sites over the course of the week-Amazon, Charles Schwab, Datek, ZDNet, and Lycos, among many others-Pig Farmer widened his contacts, sending mail from America Online to dozens of journalists in the hopes someone would listen to him. But nobody would. In an Internet Relay Chat (IRC) with some alleged cronies, Pig Farmer, ostensibly named because his parents have a farm where they raise pigs, beans, and corn, wrote: "I have sent 15 journalists an e-mail so we can get our message out. They have not responded to us, but the ones who have say we are not legit but we'll show them." He also brashly claimed he would hit CNN and Time Warner the next day, and they were attacked.

When Martin asked him after the first wave of attacks why he was doing this, Pig Farmer responded: "If you notice the targets, They are all PUBLICLY traded companies, This was an attempt to put a "Scare" into internet stock holders." But without hard evidence, Martin still couldn't be sure. He then passed on the e-mail that Pig Farmer had sent him to James M. Atkinson, founder of Granite Island Group of Gloucester, Massachusetts, a company that specializes in technical surveillance countermeasures. Atkinson, in addition to conducting bug sweeps of corporations, is also an expert hacker tracker. Because Atkinson has close ties to law enforcement, he knew agents had nothing on Pig Farmer, and was floundering in its investigation of the DOS attacker. All he had to start with was Pig Farmer's e-mail, which was a shame. It was no way to conduct an investigation. But Atkinson decided he would donate a few days of his time to see if he could help out.

It took almost no time for him to locate Pig Farmer's file directories and home page on AOL, complete with pictures of a barn, trailer, and souped-up car. Atkinson, who conducted hundreds of analysis projects like this, was not in the business of catching digital criminals. His company focused on bug sweeps, wiretap detection, and protecting corporations and government agencies from illegal surveillance or technical espionage.

"It took me 23 minutes to find out who the guy was," Atkinson says. "The way you catch mischief makers is you look for minutiae and small mistakes they make. When Pig Farmer reached out to media people, he left a trail that led back to him."

On the AOL home page, Atkinson found a photo of a bright red 1999 Dodge sports car with chrome wheels and, most important, tinted windows. Pig Farmer had deleted the license number from the photo, but he kept the car waxed and shiny and Atkinson was able to extract an image of his target by taking a photo of his car with a Sony digital camera using a flash in bright sunlight. Pig Farmer had received a ticket for the tinted windows, something he seemed proud of since he tried to unsuccessfully scan the image into his home page. But the file got corrupted. Of a 680-kilobyte file, only 630K got through. Atkinson downloaded the entire site into his Silicon Graphics workstation and recovered the fragments of the damaged document. On the ticket, he had eradicated his name and address, but not the number on the ticket, nor the license number of his car, the date, or the time. Atkinson made a call to the Michigan State Police and within nineteen minutes an officer phoned back with the potential perp's name, address, and other relevant information.

Pig Farmer "bragged about the attacks before, during and after," Atkinson says. "He seemed to do everything he could to draw attention to himself." With Janet Reno screaming behind the scenes that she wanted to hold a press conference announcing an arrest, the FBI got more than a dozen subpoenas and brought Pig Farmer in for questioning. But it didn't take long for agents and Department of Justice attorneys to realize all they had was a twenty-year-old hacker wannabe who had wasted their time. Pig Farmer had been reading everything he could of the DOS attacks through the media, then immediately crowed about it online in chat channels and through e-mails. If bragging were a crime, Pig Farmer might be serving a life sentence. Instead, the feds had to let him go.

Of course, "if hackers didn't brag, I wouldn't have a job," says a man who goes by the initials "J3," who trolls the hacker underground, monitoring discussion channels on Internet Relay Chat, checking out the latest info on "phreaking,"-cracking the phone system-dialing up bulletin boards and checking out web sites that offer password-cracking software and how-to guides. For J3 this isn't just a hobby, it's a job. The computer security firm ICSA hired him to as a kind of hacker spy. When he gets wind of a new security hole, he passes the information on to ICSA's tech staff so that the company can either develop a defense or tip off software makers before the flaw can be exploited. "I've found a company's entire password file posted to a web site, or that hackers have root in a network or that a merchant site with a database of credit cards has been compromised," he says. "I then contact the companies and warn them."

Yet the hacks keep on coming, and law enforcement has had little success in catching those responsible. That indicates that despite the contentious relationship between hackers and corporate America it's only a matter of time before spies turn to the Internet to syphon away valuable R&D from business competitors. It doesn't take William Gibson-like imagination to see why cyberspace will be the corporate battleground of the future.

The rise of colossal databases and innovations in data-sifting technologies have created an informational glut, with the spread of the web the final step. A talented hacker can uncover corporate secrets instantly with a few taps of the keyboard. For decades this information rested in remote mainframes difficult to access, even for the ones who put it there, or were filed away in dusty cabinets at corporate headquarters. The move to desktop PCs and local servers in the 1990s has distributed this data far and wide. Computers now hold half a billion bank accounts, half a billion credit card accounts, 200 million credit history files (approximately one for each American over eighteen), hundreds of millions of mortgage and retirement funds, medical claims, and more. That's just on the consumer end. There are also thousands of corporate computer networks accessible from the outside over phone lines, since its employees have to be able to dial in remotely. But letting in some and keeping out others, while providing basics like e-mail and Internet surfing, is challenging. No amount of computer security has been able to keep hackers out. If a company has a web site, it is vulnerable to a computer miscreant sneaking in right through the company's virtual welcome mat: its home page.

This was how a lone fifteen-year-old tenth-grader from suburban America cracked India's most important nuclear research center in Bombay in May 1998. He was watching TV coverage of India's underground nuclear tests and for some reason it stuck in his craw. He was not sure exactly why. After all, he was much too young to remember Hiroshima, Nagasaki, and the Cuban Missile Crisis. He couldn't even find India on the map. Some Third World hole that couldn't even feed its own people was getting into a nuclear arms race with Pakistan and China. The more he thought about it, the madder he got, so he decided to wreak vengeance on the Indians. And he would accomplish this without leaving his bedroom. In cyberspace, where the young hacker spent much of his life, he went by the nick "t3k-9," pronounced "Tech-9." He was especially adept at cracking passwords and log-ins, the keys to illegally accessing computer systems. On this particular day, t3k-9 stomped upstairs carrying his favorite hack snacks-chocolate Poptarts, Coca-Cola, and sour jawbreakers-and went to his bedroom, where he booted up his computer and listened to the comforting squawk of his modem. He checked in with search engine Infoseek, and plugged in ".in atomic," the equivalent of typing "India, atomic research." One of the first sites to come up was India's Bhabha Atomic Research Center (BARC), which he read had been instrumental in helping India develop the A-bomb.

He pointed and clicked his way to the BARC site and accessed the John the Ripper DES Encryption Cracker software he had downloaded off the Internet, where literally thousands of complex hacker applications and "how-to" guides are available from web sites and hacker chat channels. The password cruncher worked by setting up a phony log-in program so that BARC thought it was accepting a connection from a friendly machine. Then, by brute force, the cruncher tried every single combination of letters and numbers until it hit the jackpot.

First, the application ran through all the lettered combinations at the speed of digital light-a, b, aa, bb, cc-then after going through the entire alphabet, backtracking to ab, ac, ad, and so forth. t3k-9 had also added special customized word lists that combine letters and numbers he'd downloaded over the course of his travels. Forty-five seconds after he'd started, t3k-9 was amazed to discover that he'd cracked one of the passwords. He was inside India's number one atomic research network. His eyes bugged. He checked the password: "ANSI." Someone's name, he thought, the same as the log-in prompt. He couldn't believe his luck. The administrator hadn't followed standard password selection rules, which would have meant complex strings of numbers and letters-more difficult to crack because the longer it takes, the greater the likelihood you'll get caught.

t3k-9's first step was to download all the passwords and log-in names. Then he installed a back door that would enable him to gain entry into the system without being detected. After that, he consulted the network map, which was open to public display. He headed over to the web server and read through e-mails written in scientific geek-speak, then riffled through some documents on particle physics. Boring stuff, he thought. He decided to get out while the getting was good, downloading a few e-mails and a scientific document for souvenirs. Then, after erasing logs to ensure no one would be able to track him, he logged off.

If he'd kept this to himself, no one would have ever known. And in the days to follow, India's top nuclear research facility would probably never have suffered the ignominy of perhaps 100 hackers running roughshod through its computer network like gangs on a rampage. But t3k-9 couldn't keep mum. He did what every self-respecting hacker would do. He bragged. He posted the whole BARC password file-all 800 passwords and log-in names-on one of the hacker channels. Immediately, hackers began accessing this information and attacked Bhabha. Within days hackers from all over the world were wilding through the research center's computer systems, deleting files and copying e-mails, including one that questioned the legitimacy of one of the explosions, and tearing down the web site, replacing it with a mushroom cloud and a giggly greeting. If t3k-9 had been a terrorist or corporate spy instead of a kid who found physics papers lame, who knows what he could have downloaded?

Thus far, corporations have shown much less imagination than t3k-9, although they are beginning to keep tabs on their rivals over the Net: "We know our competitors check out our web site because we track their domain names," says Michael Renda, a manager of Internet projects at AlliedSignal. "And of course, we do the same to them." The Net makes it a snap to check out a competitor-its prices, customer lists, suppliers, distributors, and new product information, because companies are caught between two conflicting missions: providing customer and partner information available over the Internet and at the same time protecting their proprietary information.

DuPont on its web site offers anyone with access to a computer and a modem a list of every factory and yarn spinner the company uses in the production of the fabric CoolMax, which is used in athletic apparel. "They list factories and yarn spinners, their addresses, plant managers," says Mary Ellen Bates of Bates Information Services of Washington, D.C. "You can call suppliers-are they paying you enough, asking you to provide a new fabric, threatening to move operations to Shanghai? If you want to make a competing product you try to schmooze the plant managers. I don't see why it's beneficial to DuPont to display this kind of stuff."

Rumors abound on the Net about hackers being hired by corporations to steal proprietary information or money, but cases that come to public light are rare. Companies have been known to get victimized over the Internet in other ways, however. Until recently corporations parked whole divisions of employees and their direct report chain on their web sites, along with corporate profiles and résumés. Boeing on its web site listed the personnel of whole divisions, hundreds and hundreds of workers, including those who worked on technology used in the space shuttle. The Aerospace company's web site used to be "a gold mine for a competitor that would like to hire away staff who come with lots of sensitive information," says Robert D. Aaron of the Atlanta-based research firm Aaron/Smith Associates. "And you know who to talk to about each person. You can call up their boss, work your way up the organizational chart, and find out information about an executive, his background, how he is to work for." Eventually Boeing got wise and pulled this material.

To a hacker like Chameleon, however, accessing harder-to-get information requires more talent and skill. Before Maiffret escaped a severe addiction to hacking to grab a lucrative chunk of the dot com craze, he spent most of his days locked in his room in the southern Californian suburban home he shared with his mother and sister, plugged into his computer for thirty-six-hour-long hack sprees, probing networks to learn about the latest architectures, Internet servers, software exploit scripts and techniques, coding and decoding software, chatting up girls via e-mail and instant messaging, including one virtual relationship that he says ended disastrously, and dissecting back issues of Phrack, an online hacker zine.

Only when he couldn't keep his eyelids propped open any longer would he pull himself away from his virtual existence, crawl across the carpet to a corner of his room, and curl up on a comforter to catch some REM. "I preferred sleeping on the floor because I rarely slept," Maiffret recalls. School wasn't relevant. He stopped attending. The twenty-four-hour clock lost meaning; his life had been shaped into two seamless parts: cyberspace and sleep.

Not only was Chameleon known for his technical skills and respected as an "elite," or in the digital lexicon of the Net, "3l33t" hacker, he also viewed himself as a kind of twenty-first-century electronic poet and political activist. When he cracked a U.S. Department of Defense web site dedicated to artificial intelligence, he wrote: "It's funny how people go through life searching for the truth, yet when they find it they wish they hadn't searched for it. The truth is a virus and people don't want to get it. Live and deal with the truth, because sooner or later you will have to face it." For fun, Chameleon slipped in a piece of software that played the whistley theme to the X-Files every time someone accessed the page.

His first brush with fame came when he was seventeen, and ironically, for something he didn't do. At the time, Chameleon was affiliated with a hacker band called "Noid," with whom he had penetrated dozens of corporate networks, joyriding around the computers, riffling through servers and files, "to see how things worked," Maiffret says. At the time, the big news in computer security was that a hacker group called the Masters of Downloading (MOD) had stolen a piece of military software called DEM, or the Defense Information Systems Network Equipment Manager.

CBS News managed to get word to MOD, but since members were based in Europe, they told CBS to talk to Chameleon. Since he didn't want to do the show alone, Chameleon grabbed his roommate, a "phone phreaker"-someone who manipulates the telephone system to get what he wants-and they marched down to the studio. To protect their identities their faces were shadowed and voices modulated. But Chameleon had no intention of saying anything remotely incriminating, at least nothing true, so he lied. "I never claimed I stole the software; I said MOD did it, because that was true. But I did say I was a member of MOD. Man, and man, what a stupid lie!"

Shortly afterward Chameleon was pinged online. Someone by the name of Ibrahim told him he wanted the software. He kept messaging Chameleon, saying he'd pay good money for it. "At first I thought it was a guy messing with me; happens all the time on IRC," Chameleon says. "I played along, even though I thought it was b.s. But then the guy told me to check a P.O. box" three towns over from where Chameleon lived in Irvine, California.

When he got there, he peered inside the box. The lone piece of mail was a pink slip. A certified letter. This meant you had to sign for it. Which meant if the guy was an undercover agent, Chameleon could be in big trouble. He and his Noid boys had been extra busy lately, having defaced a slew of web sites in recent weeks. "We had gone on a spree, 10 or 12 sites, including the Army, Navy, Air Force-hell, we hacked one of each of the three branches of the military," Chameleon says. But he also realized his interactions with Ibrahim had been 100 percent legal, at least from his side. "Even if he was FBI, I hadn't given him software or anything," Chameleon says. So he opened up the box, grabbed the pink slip, marched up to the counter and accepted two $500 money orders. Written on the envelope was a pager number, a contact in Chicago. Chameleon wadded up the envelope and chucked it in the trash.

Okay, maybe the guy is a terrorist, Chameleon thought, or maybe he's FBI. Nevertheless, he filled out the money orders and cashed them at a bank down the street. "I would never rip anyone off but I had no problem doing it to a terrorist. Besides, that was a hell of a lot of money for me back then," he says. He took most of his booty and bought a Nintendo 64 game for his mentally handicapped sister, since "the doctors told me any toy that requires hand-eye coordination would be good for her." He used the rest to tool around town and fly up to San Jose to visit a friend. Meanwhile Ibrahim kept trying to raise him over IRC, the messages becoming more threatening. "I gave you money and what the fuck? I don't want to have to go back to my people and tell them you ripped us off," Ibrahim wrote.

Afraid, Chameleon stopped venturing online.

But this didn't prevent him from waking up with a jolt a few mornings after, a gun nuzzling his temple.

Copyright Perseus Publishing

Click to Order Spooked: Espionage in Corporate America Click to order Spooked: Espionage in Corporate America

 

 

 

 

Recent Spotlights
PHOTOGRAPHERS:
Young and Restless: Kevin Boyles
Native Lands : Teddy Maki
City in Silence, Part 2: Jerry Arcieri
Blood and Honey: Ron Haviv
City in Silence: Jerry Arcieri
Flight of the Blackbirds: Gary Fabiano
Riders for God: Rich Remsberg for KillingtheBuddha.com

Capture the Moment: The Pulitzer Prize Photographs at the Newseum

Melanie Einzig: Straight Arrows: Four Emerging Photographers at the Ariel Meyerowitz Gallery in New York City.
Distant Journeys by David Katzenstein
THINK{drinks}:
The THINK{drinks} series

Our first THINK{drinks} panel
Media Culpa: Can the Business Media Cause a Recession?

THINK{drinks}: Photos of our May Panel
Beyond Adrenaline: High Risk Journalism
The Pink Ghetto

No Laughing Matter: Comedy in Unfunny Times

PARTY PHOTOS:
Celluloid Skyline at the National Arts Club
mediabistro.com's July Cocktails in New York
Tasini v. Freeman: A Post-Tasini Debate
mediabistro.com and Creative Time in the Brooklyn Bridge Anchorage
The Rink Bar: Party Photos

Spring Fling photos from our March New York party at Scharmann's in SoHo.

Dinner and Dis(course: New York

The Anti-Pink Slip Soirée: mediabistro.com's first New York party of the "real" new millennium.
The Bootleg Remedy, guest artist at our January event in NYC
Spooked: Espionage in Corporate America by Adam L. Penenberg, Marc Barry
home | job listings | members center | events | bulletin board | resources
employers page | post a job | about us | contact us | advertising | legal

Copyright © 2000-2002 mediabistro.com inc. All rights reserved.

mediabistro.com health insurance