or "T-1 trunk," his eyes glaze over.
I had nothing much to do that afternoon. The FCIC were beavering away in their conference room. Doors were firmly closed, windows too dark to peer through. I wondered what a real hacker, a computer intruder, would do at a meeting like this.
The answer came at once. He would "trash" the place. Not reduce the place to trash in some orgy of vandalism; that"s not the use of the term in the hacker milieu. No, he would quietly EMPTY THE TRASH BASKETS and silently raid any valuable data indiscreetly thrown away.
Journalists have been known to do this. (Journalists hunting information have been known to do almost every single unethical thing that hackers have ever done. They also throw in a few awful techniques all their own.) The legality of "trashing" is somewhat dubious but it is not in fact flagrantly illegal. It was, however, absurd to contemplate trashing the FCIC.
These people knew all about trashing. I wouldn"t last fifteen seconds.
The idea sounded interesting, though. I"d been hearing a lot about the practice lately. On the spur of the moment, I decided I would try trashing the office ACROSS THE HALL from the FCIC, an area which had nothing to do with the investigators.
The office was tiny; six chairs, a table. . . . Nevertheless, it was open, so I dug around in its plastic trash can.
To my utter astonishment, I came up with the torn sc.r.a.ps of a SPRINT long-distance phone bill. More digging produced a bank statement and the sc.r.a.ps of a hand-written letter, along with gum, cigarette ashes, candy wrappers and a day-old-issue of USA TODAY.
The trash went back in its receptacle while the sc.r.a.ps of data went into my travel bag. I detoured through the hotel souvenir shop for some Scotch tape and went up to my room.
Coincidence or not, it was quite true. Some poor soul had, in fact, thrown a SPRINT bill into the hotel"s trash. Date May 1991, total amount due: $252.36. Not a business phone, either, but a residential bill, in the name of someone called Evelyn (not her real name). Evelyn"s records showed a ## PAST DUE BILL ##!
Here was her nine-digit account ID. Here was a stern computer-printed warning:
"TREAT YOUR FONCARD AS YOU WOULD ANY CREDIT CARD. TO SECURE AGAINST FRAUD, NEVER GIVE YOUR FONCARD NUMBER OVER THE PHONE UNLESS YOU INITIATED THE CALL.
IF YOU RECEIVE SUSPICIOUS CALLS PLEASE NOTIFY CUSTOMER SERVICE IMMEDIATELY!"
I examined my watch. Still plenty of time left for the FCIC to carry on.
I sorted out the sc.r.a.ps of Evelyn"s SPRINT bill and re-a.s.sembled them with fresh Scotch tape. Here was her ten-digit FONCARD number. Didn"t seem to have the ID number necessary to cause real fraud trouble.
I did, however, have Evelyn"s home phone number. And the phone numbers for a whole crowd of Evelyn"s long-distance friends and acquaintances.
In San Diego, Folsom, Redondo, Las Vegas, La Jolla, Topeka, and Northampton Ma.s.sachusetts. Even somebody in Australia!
I examined other doc.u.ments. Here was a bank statement. It was Evelyn"s IRA account down at a bank in San Mateo California (total balance $1877.20).
Here was a charge-card bill for $382.64. She was paying it off bit by bit.
Driven by motives that were completely unethical and prurient, I now examined the handwritten notes. They had been torn fairly thoroughly, so much so that it took me almost an entire five minutes to rea.s.semble them.
They were drafts of a love letter. They had been written on the lined stationery of Evelyn"s employer, a biomedical company.
Probably written at work when she should have been doing something else.
"Dear Bob," (not his real name) "I guess in everyone"s life there comes a time when hard decisions have to be made, and this is a difficult one for me--very upsetting. Since you haven"t called me, and I don"t understand why, I can only surmise it"s because you don"t want to. I thought I would have heard from you Friday. I did have a few unusual problems with my phone and possibly you tried, I hope so.
"Robert, you asked me to "let go". . . ."
The first note ended. UNUSUAL PROBLEMS WITH HER PHONE?
I looked swiftly at the next note.
"Bob, not hearing from you for the whole weekend has left me very perplexed. . . ."
Next draft.
"Dear Bob, there is so much I don"t understand right now, and I wish I did.
I wish I could talk to you, but for some unknown reason you have elected not to call--this is so difficult for me to understand. . . ."
She tried again.
"Bob, Since I have always held you in such high esteem, I had every hope that we could remain good friends, but now one essential ingredient is missing-- respect. Your ability to discard people when their purpose is served is appalling to me. The kindest thing you could do for me now is to leave me alone. You are no longer welcome in my heart or home. . . ."
Try again.
"Bob, I wrote a very factual note to you to say how much respect I had lost for you, by the way you treat people, me in particular, so uncaring and cold.
The kindest thing you can do for me is to leave me alone entirely, as you are no longer welcome in my heart or home. I would appreciate it if you could retire your debt to me as soon as possible--I wish no link to you in any way. Sincerely, Evelyn."
Good heavens, I thought, the b.a.s.t.a.r.d actually owes her money!
I turned to the next page.
"Bob: very simple. GOODBYE! No more mind games--no more fascination-- no more coldness--no more respect for you! It"s over--Finis. Evie"
There were two versions of the final brushoff letter, but they read about the same. Maybe she hadn"t sent it. The final item in my illicit and shameful booty was an envelope addressed to "Bob" at his home address, but it had no stamp on it and it hadn"t been mailed.
Maybe she"d just been blowing off steam because her rascal boyfriend had neglected to call her one weekend. Big deal. Maybe they"d kissed and made up, maybe she and Bob were down at Pop"s Chocolate Shop now, sharing a malted. Sure.
Easy to find out. All I had to do was call Evelyn up. With a half-clever story and enough bra.s.s-plated gall I could probably trick the truth out of her.
Phone-phreaks and hackers deceive people over the phone all the time.
It"s called "social engineering." Social engineering is a very common practice in the underground, and almost magically effective. Human beings are almost always the weakest link in computer security. The simplest way to learn Things You Are Not Meant To Know is simply to call up and exploit the knowledgeable people. With social engineering, you use the bits of specialized knowledge you already have as a key, to manipulate people into believing that you are legitimate. You can then coax, flatter, or frighten them into revealing almost anything you want to know. Deceiving people (especially over the phone) is easy and fun. Exploiting their gullibility is very gratifying; it makes you feel very superior to them.
If I"d been a malicious hacker on a trashing raid, I would now have Evelyn very much in my power. Given all this inside data, it wouldn"t take much effort at all to invent a convincing lie. If I were ruthless enough, and jaded enough, and clever enough, this momentary indiscretion of hers-- maybe committed in tears, who knows--could cause her a whole world of confusion and grief.
I didn"t even have to have a MALICIOUS motive. Maybe I"d be "on her side,"
and call up Bob instead, and anonymously threaten to break both his kneecaps if he didn"t take Evelyn out for a steak dinner p.r.o.nto. It was still profoundly NONE OF MY BUSINESS. To have gotten this knowledge at all was a sordid act and to use it would be to inflict a sordid injury.
To do all these awful things would require exactly zero high-tech expertise.
All it would take was the willingness to do it and a certain amount of bent imagination.
I went back downstairs. The hard-working FCIC, who had labored forty-five minutes over their schedule, were through for the day, and adjourned to the hotel bar. We all had a beer.
I had a chat with a guy about "Isis," or rather IACIS, the International a.s.sociation of Computer Investigation Specialists.
They"re into "computer forensics," the techniques of picking computer- systems apart without destroying vital evidence. IACIS, currently run out of Oregon, is comprised of investigators in the U.S., Canada, Taiwan and Ireland. "Taiwan and Ireland?" I said. Are TAIWAN and IRELAND really in the forefront of this stuff? Well not exactly, my informant admitted. They just happen to have been the first ones to have caught on by word of mouth. Still, the international angle counts, because this is obviously an international problem. Phone-lines go everywhere.
There was a Mountie here from the Royal Canadian Mounted Police.
He seemed to be having quite a good time. n.o.body had flung this Canadian out because he might pose a foreign security risk.
These are cybers.p.a.ce cops. They still worry a lot about "jurisdictions,"
but mere geography is the least of their troubles.
NASA had failed to show. NASA suffers a lot from computer intrusions, in particular from Australian raiders and a well-trumpeted Chaos Computer Club case, and in 1990 there was a brief press flurry when it was revealed that one of NASA"s Houston branch-exchanges had been systematically ripped off by a gang of phone-phreaks.
But the NASA guys had had their funding cut. They were stripping everything.
Air Force OSI, its Office of Special Investigations, is the ONLY federal ent.i.ty dedicated full-time to computer security. They"d been expected to show up in force, but some of them had cancelled--a Pentagon budget pinch.
As the empties piled up, the guys began joshing around and telling war-stories.
"These are cops," Thackeray said tolerantly. "If they"re not talking shop they talk about women and beer."
I heard the story about the guy who, asked for "a copy" of a computer disk, PHOTOCOPIED THE LABEL ON IT. He put the floppy disk onto the gla.s.s plate of a photocopier. The blast of static when the copier worked completely erased all the real information on the disk.