The FBI fights computer crime with weapons that are at least ten years old,

*****************************************************************
The FBI fights computer crime with weapons that are at least ten years old,
according to one insider with contacts deep inside the "hacker" community.

Hampered by the lack of a single federal law that specifically prohibits
computer crime, and hamstrung by the fact that probably three quarters of the
computer mischief is done by juveniles who can't be prosecuted to the full
extent of the law, the famous federal police force nevertheless leads the fight
against computer crime in the U.S.

The agency's chief weapon is training, according to John Lewis, the
supervisory special agent who teaches a special three week course,
"Investigative Techniques of Computer-Related Crime" at the ca-p|s-like FBI
Academy Quantico, Virginia. Lewis and his fellow instructors train FBI agents,
local police and foreign agencies like Scotland Yard and the Royal Canadian
Mounted Police on the basics of computers and how to investigate computer
crimes. Most of the students go in knowing nothing about computers and come out
"computer literate" three weeks later, according to Lewis.

The FBI course is aimed at giving agents a general knowledge of computers and
how they operate, with a focus on how to find evidence of a crime. An old IBM
System 3, using transaction records supplied by a friendly bank, simulates real
banking records. Instructors build frauds into the simulated transactions and
challenge students to go in and detect the frauds. Students then build a
criminal case based on the evidence they uncover. Telecommunications, bulletin
boards and "phone phreak" tricks used to defraud the telephone system are
touched on only very briefly or not at all.

Bureaucracy appears to be one of the main obstacles to bringing agents up to
date on computer technology. Like many federal agencies, the FBI suffers from
budgetary and organizational inertia that keeps it behind private industry. For
instance, Anthony Adamski, chief of the financial-crimes unit, still relies on a
secretary to pound out his correspondence on a typewriter- no computer terminals
or word processors are evident in his big, new office in Washington D.C. A bulk
buy of some 6,000 Burroughs microcomputers mean that desktop computers will be
showing up on the agents' desks soon, however.

Adamski says the FBI has only recently begun to keep statistics on computer
crime. Therefore, no one can say officially whether computer-related crime is
going up or down or staying the same. Yet the gut feeling of Adamski and
training specialists at Quantico is that there has been no big increase of
computer crime in recent years. The movie War Games and the arrests last July
of Neal Patrick and the "414s" fueled interest by the media in computer
break-ins but has produced no substantial increase in the crimes, they say.

To some, even the limited amount of computer-crime training the bureau does
appears wasteful. Donn Parker, a senior management-systems consultant with SRI
in Menlo Park, California, explains why: "The problem is that the FBI gets a
whole class of people, gets them all keyed up, and teaches them how to [detect
computer crime]. Then the agents get home and they look around and can't find
any use for all that training."

There's not enough work to warrant training a number of prosecutors in every
jurisdiction to handle these cases, says Parker, an internationally recognized
expert whose latest book is called Fighting Computer Crime (Scribners).

"There's only enough [cases] for one or two people in a given area to
specialize in handling computer offenses.

"On the other hand, the FBI has indicated that it is handling a large number
of these high-tech crimes all across the country. Of course, a high number
might be a very small number relative to the number of FBI agents," he says.

But training alone does not account for the bureau's successes in tracking
down hackers, as in the headline-grabbing arrests last July of the "414" group
of teenage computer hackers who broke into computers at Security Pacific Bank,
the Memorial Sloan-Kettering Cancer Center and the Los Alamos National
Laboratory. For penetration into the hacker networks, the FBI relies on a far
older crime-fighting technique: the informer.

According to one of its own informants, the FBI was embarrassingly slow to
catch on to the hackers. Gerald Schmidt (not his real name), one of a loose
network of hackers who help the government keep tabs on the hacker underground,
tells how he first contacted the bureau: "A few years ago the first pirate
bulletin boards appeared. A pirate board is one that exists solely for the
theft of copyrighted software and phone-phreaking information. [Phone phreaking
information includes long-distance dialing codes, passwords that let you on
telephone company computers and the like.] I took a look at a couple of these
bulletin boards and said "Holy cow, we've got a problem!"

"I had to make a delivery right near a local FBI office," Schmidt says. "And
so I walked into the FBI and said, 'I've got information on software piracy.'
The FBI had to have something where someone stole money. I said, 'They're not
selling the software, they're just putting it on bulletin board systems.'

"'What's a bulletin board?' They asked. I said, 'A home computer connected to
a modem.' They said, 'What's a modem?" Then Schmidt showed the agent some
printouts from the pirates' bulletin boards. They were interested but had no
computer-crime trained agents in their office. The agents asked Schmidt to
monitor the pirate boards for them, offering to pay his phone bill and to cover
his expenses for printer paper and ribbons. He began supplying the agents with
reams of printouts.

The recent, well publicized crackdown on hackers, made possible in part by FBI
informants, has driven much of this activity underground, and made the hackers
very abqutious. In retaliation, some of Schmidt's fellow informants have had
their covers blown in hacker newsletters like Tap and 2600, but others remain in
place.

Some are said to occupy high positions in the strange pecking order that gives
respect and admiration to the person who can ferret out and share with his
fellows the most secret and detailed computer passwords and details.

(2600 Hertz is one of the frequencies used in so-called blue boxes [or an
ordinary personal computer if you know how to do it]- illegal hardware devices
that enable users to make long- distance calls anywhere without charge and
without detection. The companion hacker device- the black box- lets anyone call
you long distance without charge.)

Why do Schmidt and other hacker-informants turn in their friends?

For Schmidt the answer is two-fold: First, he believes that the malicious
hackers who delete files and scramble computer records in sensitive government
and medical computer systems have gone too far and should be stopped. Trashing
nonclassified medical records at the Sloan-Kettering center, for instance, is
easy to do. The computer has easy access for doctors and researchers and
contains no classified material. Yet a doctor could kill a patient by
prescribing a medicine or surgery based on incorrect records- computer records
that have been tampered with.

The second reason is the same one that got Schmidt interested in hacking in
the first place: the intellectual challenge. "It's the ultimate hack," he
says. "Hacking the hackers."

The information Schmidt began supplying to the FBI was a sample of computer
hacking that is still going on: a variety of antisocial behavior ranging from
silly pranks and braggadocio to malicious mischief to dangerous criminal
behavior. Schmidt divides the illegal hacking into three categories: software
piracy, free long-distance-calling services and breaking into mainframe
computers, which he considers the most serious of the three.

Schmidt estimates the damages of these kinds of hacking in ballpark figures:
"The theft of long-distance services is about $100 million a year nationwide,"
he says. "Piracy of software is easily that much. Credit-card fraud is about
$200 million." To demonstrate the potential for fraud, Schmidt provided
Infoworld with the Visa and MasterCard numbers, names and expiration dates for
half a dozen credit cards. He obtained the information from pirate bulletin
boards.

According to Schmidt, the dollar amounts are only part of the story, GTE
Telemail, an electronic mail system, was broken into by at least four gangs of
hackers, he says. "They were raising hell. The system got shut down one time
for a day. None of these people have been charged, nor have any of the 414s
been charged yet.

"We have a major problem with hackers, phreaks and thieves," says Schmidt, who
estimates that 75% of criminal hackers are teenagers and the other 25% are
adults using teenagers to do their dirty work for them.

"Adults are masterminding some of this activity. There are industrial spies,
people playing the stock market with the information- just about any theft or
fraud you can do with a computer. There are no foreign agents or organized
crime yet, but it's inevitable," he says. "I believe there are some people out
there now with possible organized-crime connections.

"It's an epidemic. In practically every upper-middle class high school this
is going on. I know of a high-school computer class in a school in the north
Dallas suburbs where the kids are trying everything they can think of to get
into the CIA computers."

"It's a strange culture," says SRI's Parker, "a rite of passage among
technology-oriented youth. The inner circle of hackers say they do it primarily
for educational purposes and for curiosity. They want to find out what all
those computers are being used for. There's a meritocracy in the culture, each
one trying to out do the other. The one who provides the most phone numbers and
passwords to computer systems rises to the top of the hackers.

"For the most part it's malicious mischief," Parker says. "They rationalize
that they're not really breaking any laws, just 'visiting' computers. But
that's hard to believe when they also say they've got to do their hacking before
they turn 18 so they don't come under adult jurisdiction. After 18, they have
to do it vicariously through surrogates. They are some grand old men of hacking
who egg on the younger ones... There have been some cases of a Fagin complex- a
gang of kids led by one or more adults- in Los Angeles."

Who are the hackers and what secret knowledge do they have?

A 17-year-old youth in Beverly Hills, California, announced himself to other
hackers on a bulletin board in this way: "Interests include exotic weapons,
chemicals, nerve gases, proprietary information from Pacific Telephone..."

Prized secret knowledge includes the two area codes in North America that have
not yet installed electronic switching system central-office equipment. Using
this information you can call those areas and use a blue box to blow the central
office equipment, and then call anywhere in the world without charge. Other
secret information lets you avoid being traced when you do this.

A knowledge of the phone systems lets hackers share one of the technological
privileges usually available only to large corporate customers: long-distance
conference calls connecting up to 59 hackers. Schmidt estimates there are three
or four conference calls made every night. The hackers swap more inside
information during the phone calls.

Thanks to packet-switching networks and the fact that they don't have to pay
long-distance charfus, time and distance mean B!5=MQr=Q!%9"=B
-IM9"UkW-]$[Z,.kV+W..H4ook into phone lines via modems make it easy to obtain
copyrighted software without human intervention.

"Software piracy exists only because they can do it over the phone long
distance without paying for it," Schmidt says. "some stuff gets sent through
the mail, but very little. There are bulletin boards that exist solely for the
purpose of pirating software. A program called ASCII Express Professional (AE
Pro) for the Apple was designed specifically for modem-to-modem transfers. You
can make a copy of anything on that computer. It can be copyrighted stuff-
WordStar, anything. There are probably about three dozen boards like that.
Some boards exchange information on breaking onto mainframes.

"In 1982 the FBI really didn't know what to do with all this information,"
Schmidt says. "There isn't a national computer- crime statue. And unless
there's $20,000 involved, federal prosecutors won't touch it."

Since then, the public and federal prosecutors' interest has picked up. The
film War Games and the arrest of 414 group in Milwaukee "created a lot of
interest on Congress and with other people," FBI instructor Lewis says. "But,
for ourselves it didn't really have any impact."

"We'd been providing the training already," says Jim Barko, FBI unit chief of
the EFCTU (economic and financial crimes training unit). He says public
interest may make it easier to fight computer crime. "There are more people
interested in this particular area now as a problem. War Games identified the
problem. But I think it was just circumstantial that the movie came out when it
did."

Despite the help of knowledgeable informants like Schmidt, tracking down
hackers can be frustrating business for the FBI. SRI's Parker explains some of
the pitfalls of going after hackers: "Some FBI agents are very discouraged
about doing something about the hacking thing. The cost of investigation
relative to the seriousness of each case is just too high," he says. "Also,
federal regulations from the Department of Justice make it almost impossible for
the FBI to deal with a juvenile."

An FBI agent cannot question a juvenile without his parents or a guardian
being present. The FBI approach has been mostly to support lhe local police
because local police are the only ones who can deal with juveniles. Another
difficulty the agency faces is the regulations about its jurisdiction.

"There has to be an attack on a government agency, a government contractor or
a government-insured institution for the FBI to have clear-cut jurisdiction,"
Parker says.

The FBI gets called into a case only after a crime has been detected by the
complaining party. The FBI has done a generally competent job of investigating
those crimes it was called in to investigate, in Parker's view. But the federal
agency's job is not to help government or financial institutions attempt to
prevent crimes, nor is its function to detect the crimes in the first place.

"We're not out detecting any type of crime," says Lewis. "We like to think we
can prevent them. We can make recommendations. But do we detect bank robberies
or are they reported to us? Or kidnapping- do we detect those? Or skyjacking?
There must be some evidence of crime, a crime over which the FBI has
jurisdiction. Then we open a case." And despite the spate of arrests and
crackdowns last summer, it looks like the FBI will have its hands full in the
future: The hackers have not gone away. Like mice running through the utility
passages of a large office building, they create damage and inconvenience, but
are tolerated as long as their nuisance remains bearable.

That status could change at any time, however.

Meanwhile, little electronic "sting" operations similar to Abscam keep the
element of danger on the hacker's game. An Air Force telephone network called
AUTOVON (a private telephone system connecting computers on every Air Force
installation in the world), was reportedly cracked by a hacker last last year.
The hacker published lists of AUTOVON dialups on a bulletin board.

The breach came to the attention `oo the Department of Defense on late 1983,
but apparently nothing was done to stop the hackers. Then, in January, the
AUTOVON number was answered in a sultry female voice. We wish to thank one and
all for allowing us to make a record of all calls for the past few months. You
will be hearing from us real soon. Have a happy New Year."

That's a New Year's message calculated to give any hacker a chill.

(Schmidt, of course, is an attention-grabbing jerk..)

Call Crystal Castle BBS - 15 SIGs - 130 Archive files, including Articles,
Essays, game cheats/solves, How to.. etc.. 1200 active/open messages

Phone number? (408) 733-1364

King Rat (Robert)
ssays, game cheats/solves, How to.. etc..