The following file is something I thought of and did
a LOT of research on before writing. It's something that
I haven't seen in PHRACK and I've been a devout fan of
this zine since the beginning.
The "PHRACK PROPHILES" on hackers and phreakers give
readers an insight into the movers and shakers of the P/H
world, but how about a profile or profiles on the
anti-hacker/phreaker establishment that seems to be
growing by leaps and bounds lately?
In the past years we've seen cops and feds who know
nothing about computers and/or telephone systems bungle their
way through search warrants and arrests and have had some good
laughs at their expense. But now it seems that the "computer
cops", the feds especially, are putting a big push on training
agents in the "tricks of the trade" and their conviction rate
is getting better.
The primary source of this training is the Federal Law
Enforcement Training Center in Glynco, Georgia, where they're
teaching computer seizure and analysis techniques,
computer-targeted search warrants, and telecommunications fraud
investigations. (They're very accommodating about giving out
information on the phone as long as you tell them you're a
cop). The FBI Academy in Quantico also has a computer crimes
course.
On the technical side of things, there's an organization
called IACIS which stands for the International Association
of Computer Investigative Specialists based in Portland,
Oregon, and which consists of members of both local law
enforcement agencies nationwide as well as various and
sundry federal agencies. This group teaches and certifies
cops in how to get evidence from computer systems that can't be
attacked in court (Of course, anything CAN be attacked, but
getting the evidence squashed is not always a sure thing unless
the judge is a computerphobe).
As much satisfaction as we've gained at the expense of
the US Secret Service from the Steve Jackson Games case, it's
widely publicized problems may prove to be a double-edged sword
hanging over our heads. Law enforcement learned a LOT of lessons
from mistakes made in that investigation.
Like most of you, I've spent a lot of years
exploring computer systems (usually those belonging to others)
and personally feel that I've done nothing wrong (know the
feeling?). I'm sure others across the country also can
conduct a little socially-engineered reconnaissance and
get the lowdown on some of the people we NEVER want to see
knocking on our doors with a sledge hammer in the middle of the
night.
This profile contains information on the ONLY computer
crime cop I could identify in the Louisville/Jefferson County
area after calling all the major departments posing as a writer
for a law enforcement magazine doing a survey. Information
about him was obtained not only from his department, but from
sources in the local and federal court systems, Ma Bell
Security, and the Federal Law Enforcement Training Center. Lt.
Baker is *not* a potential donor to the CPSR or EFF to say the
least.
I'm currently compiling similar information on other
law enforcement types in the Secret Service, Columbus Ohio PD,
Dallas PD, Georgia Bureau of Investigation and members of Ma
Bell's Data Security Group in Atlanta. Baker was just the
closest to me so I started with him. If I can get the
information I've requested, then future submissions will
also include lesson plans furnished by FLETC on their training
courses and analysis protocols suggested by the USSS...heh...heh.
Yours,
The Grimmace
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
COMPUTER-COP PROFILE I
LT. BILL BAKER
JEFFERSON COUNTY POLICE DEPARTMENT
LOUISVILLE, KENTUCKY
MEMBER: Communications Fraud Control Association
Washington, D.C.
PUBLICATIONS: Various computer/telecommunications
crime oriented articles for assorted
law enforcement and computer industry
magazines (i.e., POLICE CHIEF, DATA TODAY)
Posing as a freelance writer from the "Law Enforcement
Journal", I made calls to local police agencies all over this
area asking about their Computer Crime Units and received
replies ranging from "What are you talking about?" to "Maybe
FRAUD handles that...hey, Charlie...do the FRAUD guys do
anything with compoooters?". So much for the Louisville
Division of Police...no fear there, right?
But I decided to push on since Louisville, though not a
hotbed of phreakers/hackers, IS the latest home of TAP MAGAZINE
(a la Blitzkrieg BBS and the Predat0r) and has a smattering of
"hometown" folks engaged in less than legal activities through
the local phone lines.
The call made to the Jefferson County Police got me a
solid response of "You'll have to talk to Lt. Bill Baker. Hey,
Charlie, where's Lt. Baker working now?" (This guy is so low
key his own department doesn't even know where he works!) They
finally decide he's someplace called "Adam Station" and
through "various" contacts and a friendly local attorney who
rarely pays for telephone calls himself, I managed to obtain
quite a bit of information about Lt. Baker and his obviously
misguided quest.
Lt. Baker is fairly typical of the "new breed" of
high-tech investigator currently being churned out by the
various federal training schools. He's aggressive and, from
talking to other members of his department, thought of as a
"computer weenie" who was probably a hacker himself before he
embraced the "dark side" of "the FORCE". (I personally believe
that this may be more fact than fantasy after talking to him on
the phone since he seems to know more about phreaking and
hacking than one would think would be taught in the
aforementioned federal institutes of higher learning.)
I finally managed to speak with Lt. Baker on the phone
and gave him my "writing about computer crime" rap which he
bought with little suspicion. The following are excerpts from
the recording I made of the conversation [comments in brackets
are mine]:
TG: How would you rate the progress of computer and
telecommunications crime investigations in this area?
Baker: There have been some good cases made here, but there's
still a long way to go. The main problem is that there
hasn't been a push from local businesses in this area to combat
these types of crimes. Most of'em don't want to admit they've
been hit from the outside. If there's no complaints,
then the departments aren't likely to want to spend the money
to dig up additional crime, right?
TG: Of the hackers you've worked on, what kind of capabilities
do they have and how good do you think they are?
Baker: Well, hackers and phreaks are like any other cross-section
of a criminal group...there are some that are very good
and some that are pitiful. The best thing you can say
about working hacker/phreaker cases is that a lot of them
catch themselves. They have huge egos and tend to brag
a good deal about what they've done and how they did it.
TG: Does that mean that you don't think a computer crime
investigator has to be as good as the criminals
he chases...I mean, because a lot of these people leave
so many clues behind? How would you rate your ability
in this field?
Baker: Nope...not at all. I think that as technology gets better
so will the crooks. Let's keep the record straight here.
Sure, there are bozos out there who read a how-to file in
an old PHRACK and decide that they have the knowledge
they need to nuke the phone company or ride a VAX like
a Hell's Angel rides a Harley. Those are the easy ones.
The ones who -write- [author's emphasis] the technical
articles in PHRACK are the ones to worry about. There
are some stomp-down [??] incredibly knowledgeable
individuals in circulation blasting away with their modems
at any target of opportunity.
TG: You didn't mention your own ability for investigating
these people.
Baker: (Laughs) Yeah, well...let's say I know enough to get by
and am smart enough to know that there are no absolute
experts.
TG: How would you comment on the Steve Jackson Games case?
Do you think the Secret Service set a lot of bad
precedents?
Baker: (Laughs) Noooooooo....sorry, pal. That's been jawed to death
in every phreak/hack mag, legal journal, and Internet
newsgroup in existence and I'm not about to stick my
neck out on that one, OK? I will say that everyone learned
a lot from that case and I seriously doubt if you'll see the
same set of problems reoccurring in future cases. Maybe
the CSPR or EFF hired guns can come up with a new group
of loopholes, in which case we'll have to find new ways
to circumvent those attacks.
TG: You sound a little critical of the EFF and CSPR efforts
in their defense of so-called "computer criminals".
Baker: Well, I'm sure that they believe in what they're doing.
They must to invest that much cash and energy. But I
think there has to be some middle ground agreed upon
rather than just whining about "all information should
be free" and "if I can get into your system then I should
be allowed to look around". I'm not going to launch into
a diatribe on organizations that I don't agree with. I'm
simply going to work harder at dotting every "i" and
crossing every "t" to make my cases more secure. Stealing
telephone service is a crime, defrauding businesses is a
crime, gaining unauthorized access into someone else's
computer system is, in most states, a crime, and even if
there's no law on the books making it a crime, it's
wrong.
TG: Since by your own statement, you feel that high-tech
crime investigation is still in its infancy, what groups
or organizations would you say are in the lead in trying
to combat this type of crime?
Baker: The most significant two I know are the Federal Law
Enforcement Training Center in Glynco, Georgia, and the
Communications Fraud Control Association based out of
Washington, D.C. FLETC [he pronounces it FLET-SEE]
probably has the finest computer crimes training program
in the country. They bring in acknowledged experts and
don't cut the students any slack as far as learning to
do things correctly and, most importantly, legally. The
CFCA is the leader in Telecommunications security and
provide training and assistance to telecom and computer
companies along with law enforcement agencies all over
the country.
TG: Why do you think so few law enforcement agencies know
anything about computer crime investigations? Are they
going to leave the phreaks to the feds?
Baker: Nah...I don't think you can simplify it that easily.
Most departments don't have dedicated computer crime units
because of lack of funds to support such a unit, lack of
trained personnel, lack of understanding of the magnitude
of the problem, fear of increasing their crime stats or
any combination of those reasons. When I first got into
this, there weren't any experts. John Maxfield and his
BOARDSCAN operation got a lot of talk in the hack/phreak
journals and there were a small handful of others, but
no real standout authorities. I talked to an awful lot
of people before I hooked up with Clo Fleming at SPRINT
Security who helped me a lot.
TG: Do you still trade information with SPRINT?
Baker: I have contacts with all the major telecom carriers.
The training I got at FLETC really helped make some valuable
contacts. But I guess SPRINT and Clo Fleming would be
my first choice simply because they were willing to help
me when no one else would. You can't operate in this
environment without contacts in the OCC's. It can't be
done and the OCC's [Other Common Carriers] are a lot
more willing to assist law enforcement now than they
were in 1985. Of course, the telecommunications industry
is taking a $4-5 billion hit a year from fraud and that
has a lot to do with it.
TG: Do you subscribe to the hacker/phreaker magazines?
Baker: Sure...I subscribe to 2600 and get copies of some
others. I think PHRACK's probably the best overall,
but I can't afford the subscription rate they've imposed
on government agencies since Craig Neidorf took the hit
for publishing the "golden" E911 document. I've learned
a ton of stuff over the years from PHRACK and wish it
were still free, but they have a right to their info
just like the people who own the systems attacked by
hackers. It'd be kind of hypocritical for me to rip off
PHRACK and then turn and prosecute some other guy for
ripping off information from another source, right?
TG: What problems do you foresee in the future in computer
and telecom crime investigations?
Baker: Jeez...why don't you ask me when we'll have world peace
or something easy? OK, I think we'll probably see the
larger departments being forced to play catch-up with
the current trends and always being a little behind in
this area. I also think you'll see more officers losing
cases and being sued, a la SJG, until they get the
specific training required to handle these cases the
right way. Turning seized systems over to the local
"computer guy" in the department is going to cost'em in
the long run because every lawyer who gets one of these
cases is going to compare it bit by bit with the SJG
case to see if there's anything there he can use for
his client's defense.
TG: There has been a lot of discussion about whether or not
computer systems should be seized rather than just
making copies of the data for evidence. What is your
policy on equipment seizures when working cases like
this?
Baker: First of all, I don't go on fishing expeditions with
search warrants. If I have enough to convict a guy then
I get the warrant. I take everything that's there and
do the analysis. I've had cases where the defendant has
requested copies of data he needed for various reasons
and I've had no problems with furnishing them as long
as the request is reasonable. I ask for forfeiture of
the equipment if I can link it to the crime because the
law says I can. If I can't link the computers, then I
give them back...simple as that. I think it's kind of
interesting that most hackers or phreaks will refuse to
take a guilty plea for a reduced charge, even if I have
them stone cold and they're looking at a 99.999999%
chance of conviction in a jury trial, if it means
they'll lose their equipment in the deal. It makes good
leverage in certain situations.
TG: Did you have any part in Operation Sun-Devil?
Baker: Nope. Though I'd have liked to. I was on a lot of the
systems taken down in Sun-Devil.
TG: You said you were on some of the systems busted in the
Sun-Devil operation, are you still on phreak/hack
boards and would you name any?
Baker: (Laughs a lot) I think I'll pass on naming systems I'm
on, OK? That'd be cheating. (Laughs again) But I get
around enough to know what's going on. There are lots
of investigators out there calling the boards.
TG: I appreciate your time, Lt. Baker, and would like to ask
one last question. What motivates you in these cases
since the alleged "theft" involves pretty intangible
property?
Baker: Motivation? Hmmmm...I suppose you could say it's the
chase that motivates me more than the catch, though
the catch is pretty good, too. These cases tend to
be more one-on-one than some other types and the
adversaries can be very good at covering their tracks.
Hell, I probably have more in common with the people
I target than they'd like to believe. As for the
"intangibility" of the stolen goods, well, that's why
we have court systems, isn't it...to define those
little details.
TG: A lot of computer crime investigators would rather stay
in the background, but you don't seem to have taken that
position. Why not?
Baker: Well, like anyone involved in anything relatively new,
as opposed to the old standard type crimes like murder
and armed robbery, it's to my benefit to have anything
printed informing people of the problems created by
this type of activity. We all pay the price for telecom
fraud, credit card fraud, data loss due to illegal
access to computers and all the rest. But the people
involved in these crimes, for the most part, don't
exhibit the same profiles as the so-called "violent"
criminals. In fact, I've had some very friendly
conversations with a number of phreaks and hackers.
Investigators who have problems would probably have
them no matter what crimes they were investigating.
I never assume that I'm smarter than anyone I'm
chasing and I don't rub their noses in it when I make
a case. Just like I don't lose sleep when I just can't
seem to get that last piece of the puzzle and one gets
away. It's hide-and-seek in cyberspace. Pretty good
game, actually.
For what it's worth, there it is. The interview printed here
doesn't contain a lot of the bullshit that was thrown back and
forth during our conversation, just the relevant details which
tend to give an insight into this guy.
Frankly, I was impressed by the fact that he didn't seem
anything like I had expected after reading horror stories about
other agencies and investigators. This guy was personable and
maybe that's an indicator that he's dangerous. Never, ever
underestimate your opponents -- even if they do sound like
"good ole boys" and talk to you like you're the best friend
they ever had. Always remember that COPS INVENTED SOCIAL
ENGINEERING!
My next "computer cop" profile will deal with a rising star in
the U.S. Secret Service and his connections to the Guidry
Group, a consulting organization working for the cellular phone
industry in combating cellular fraud.
