We asked three former hackers and a security expert to discuss technology's latest growth industry: espionage. What we learned will scare you.

Hack Attack

Edited By Gary Andrew Poole

Copyright © Forbes ASAP 1996
 

 

 

 

 

 

 

 

 

 

Bios:

Name: Jeromie W. Jackson

Age: 23

Known as: Jeromie W. Jackson (no handle)

Current employment: Security consultant, Garrison Technologies, an Austin, Tex.-based information systems security firm

Education: Attended Southwestern College in San Diego, where he studied computer information systems and networks

Last book read: A Guide to Understanding Security Modeling in Trusted Systems, published by the NSA's National Computer Security Center (the book is better known as "the Aqua Book")

Known for: Information systems, network analysis and firewalls

Why he doesn't want to be a hacker: "Man, they should grow up. They're just a bunch of knee biters."

E-mail address: jeromie @garrison.com


Name: Matt Harrigan

Age: 21

Former handle: Digital Jesus

Current employment: CIO, Microcosm Computer Resources, a San Diego, Calif.-based firm that specializes in creating Web-based applications, network security and penetration testing

Education: Attended Northern Arizona University

Hero: Dennis Ritchie, one of the creators of Unix

Last book read: Chaos: Making a New Science by James Gleick

Why he went legit: "I found it more gratifying to help the administrators of the machines I had compromised."

Any regrets? "No, I'm happy where I am. I do my job better based on what I know."


Name: Jeff Moss

Age: 26

Handle: The Dark Tangent

Current employment: Installing Web servers and support networks for Internet connectivity. And he's the organizer of Def Con, a hacker conference, which will be held in Las Vegas this year from July 26 to 28.

Education: B.A. in criminal justice from Gonzaga. Dropped out of law school at the University of Dayton.

Major influence: The writers Isaac Asimov and Larry Niven. And Harry Harrison, author of The Stainless Steel Rat series of books about an oppressive future. "Written in a light style," says the Dark Tangent.

Hero: Harrison Ford in Blade Runner

Last book read: The Diamond Age by Neal Stephenson; Cyborg Worlds: The Military Information Society, edited by Les Levidow and Kevin Robbins

Famous for: "Not going to jail; also running a bulletin board-called The Dark Tangent System-full of information to help hackers."

Why he became a hacker: "Interesting career choice. Never a dull moment."

Why he stopped being an "outlaw" hacker: "Sooner or later I was gonna get caught. I didn't want to go to jail. Jail is a good deterrent."

On his mind: "Privacy issues relating to encrypted mail and networks."

Web page: www.defcon.org

E-mail address: jm@defcon.org


Name: Phil Latham

Age: 26

Handle: Dune

Current employment: Security specialist with Network Security Associates, based in Berkeley, Calif.

Education: Self-taught

Major influence: Henry Rollins (the musician/poet)

First computer: Apple IIe

Hero: Steve Wozniak, cofounder of Apple Computer.

Last two books read: Psychedelics Encyclopedia by Peter Stafford; Snow Crash by Neal Stephenson (a book about a hacker/pizza delivery boy)

Famous for: Wrote the Garage Door Hacker, detailed schematics for a device that would allow people to open any garage door.

Why he became a hacker: "It was my way of escaping from a world I was dissatisfied with, plus it was interesting."

On his mind: "I would like to create drugs, like smart drugs, that will beneficially help the brain-and use computers to help me model them."

Web page: www.dis.org/dune

E-mail address: dune@dis.org


Pranks

Prank #1: Baby Monitors

Our roundtable laughs about their five funniest tricks.

ASAP: You guys know anything about baby monitors?

Everyone: Yeah.

[Laughter.]

Dune: We scored on the baby monitors. I went to Boeing surplus one day in Seattle, and I picked up the standard 49-megahertz transmitter. Three channels, the space patrol. I got them for like $5, so it was a deal. I brought the thing home, and they had the headsets that you use for firing weapons and stuff, the ear protection. They have the boom mike off of it. I said okay. Cool. So I was messing with them. I just turned it on to see if it worked. I noticed the baby monitor. There's a house that was two houses over that did day care, so they always had children over there. So I heard the baby monitor, and I thought it was probably them. So I got on there and said, "This is Satan. We have your children."

[Laughter.]

Prank #2: The Garage Door Revolt

Dune: Okay, the schematics for that were published in a magazine a few years ago. About a month after that magazine came out, somebody sent me in the mail a newspaper story. It had a paragraph about the day of the great garage door revolt. Basically, somewhere in California or something, somebody got up on a hill with a device and opened everybody's garage door [within] about two miles.

ASAP: Gee, who could have done it?

[Knowing laughter.]

Tangent: Sweet.

E-mail address: matth@ mcr.com

In a hotel suite across from Oracle, three former hackers gaze at the company's headquarters. They laugh. They tell us how they could cripple the database company. It wouldn't even be hard. They-or skilled hackers hired by a competitor-could peek into Oracle's financial documents. Listen to important cellular phone conversations. Or wipe the company's computers out with one electromagnetic pulse fired from a $300 ray-gun. With enough money and expertise, espionage experts could even manipulate-yes, manipulate-Oracle's stock price.

It could never happen, you say. Actually...it could. The fourth person in the room-a security specialist-acknowledges that it's futile to try to plug every hole at a company. Most companies are not well prepared and are poised to lose billions of dollars. They all say there will be a day when there is an all-out war against corporations. That day, they warn, is coming soon.

To find out why companies are becoming so vulnerable to attacks, we gathered four brilliant "security experts" to discuss the problem. All the participants are in their 20s. Only one has finished college. But all can break into your system and easily monitor (and probably alter) data, if they so chose.

They predicted a wave of criminal hacking. "There's going to be total escalation," promised one young man known as the Dark Tangent.

ASAP: Say you wanted to show that Bill Gates was slowly going insane.

Dune: We already know he is....

[Laughter.]

ASAP: How could you spread false rumors-through e-mail-to show that he's losing it?

Tangent: Are you talking inside the Microsoft company?

ASAP: Inside and outside.

Matt: Spoofing e-mail [when a hacker impersonates another person] would be the easiest way. Anyone can do it.

Tangent: Yeah, it's simple.

Matt: I could show you how to do it in five seconds.

Dune: There are scripts that do it for you.

ASAP: Does it happen? Are there people who do it?

Tangent: Do you know Bird? I thought I'd bring him up. Bird, this guy, he monitors all of my inbound and outbound mail. So that everything I get and everything I send is monitored, and it has been that way for about a year. So I never know if what I'm getting is really my mail or something doctored up for me.

Matt: Why is someone laundering your mail?

Tangent: I don't know. He finds it interesting or something. Actually he's vengeful. Everything I send out I don't know if the other people receive it in the same fashion that I send it out, because he is sitting in between me and the rest of the network. If you did the same thing to Microsoft you could wreak all kinds of havoc.

Dune: Yeah, it just depends on how sophisticated you want to get.

Tangent: You could do anything you want.

ASAP: Back to Bill Gates.

Dune: So you really want to spoof his e-mail?

Matt: Your best option would be to find someone who has already penetrated Microsoft's network. There are people in Microsoft who will help you. Without a doubt, Microsoft, like many other companies, has been compromised. It's a known fact.

Dune: Yeah, it's been done.

ASAP: How do you find the people who have penetrated Microsoft?

Dune: Talk to the hacker community.

Tangent: If that's your goal, sure. But when I come across industrial espionage people they ask, "We want to get the HMO database. How do we get to the HMO database? We want the customer list." Spoofing Gates is more like a government espionage thing.

ASAP: All of you have been approached by people who are interested in industrial espionage. Are they more interested in monitoring or altering?

Everyone: Monitoring.

ASAP: So it's not going out and destroying stuff or changing information.

Everyone: No.

Tangent: But...I think we're at the infancy of industrial espionage. It's going from passive snooping to actively manipulating data.

ASAP: Any early evidence?

Tangent: There's one company that does all its security credit transactions over the Net. So, let's say I want to bill $50 to account number xyz. I can do that. So when you want to attach a charge, you send them e-mail in plaintext saying that this is the account I want it to go into. And they receive hundreds of pieces of mail every day with tens of thousands-with hundreds of thousands-of dollars coming in. And if you really wanted to, if you knew about the service, you could sit outside that gateway and you could substitute your account number for every one of those account numbers. And in about two or three days, before anybody caught on, you could have millions and millions of dollars. In three easy steps, you could take it over.

ASAP: What company is this?

Tangent: I know. I'm not going to tell you. I do not want to be sued. But there's a bank here in California that does that, too. There's a three-hour window of opportunity where they don't do a verification of funds.

ASAP: Is it just sloppiness, or...?

Tangent: Yes. Oh, they'll fix it, but there's plenty of opportunity to take money if you want to get it.

Jeromie: It's more than sloppiness. It's systemic. Companies are totally clueless when it comes to client/server security. They're just open-everywhere.

ASAP: Are there companies hiring hackers to break into competitors? Does that go on?

Tangent: Sure.

Jeromie: Absolutely.

Matt: It's no different than the real world; there is actual industrial espionage going on. Someone might work for company A, but he is actually employed by company B to work there. It's the same exact thing with computer security. You've got people who are actually hired to obtain jobs with competitors specifically for the purpose of gaining physical access to their network.

ASAP: What information are they looking to steal?

Matt: It happens a lot in the defense industry. Defense contractors will oftentimes bid for the same contract, and one company will try to figure out what the other company has bid, simply to underbid them or to perhaps find out if they were planning on approaching the contract in the same fashion. This creates multiple windows of opportunity for the snooping party in terms of being able to reorganize their contract.

ASAP: Could you change your competitor's bid?

Matt: No, that would be immediately seen. Somebody would catch that.

Tangent: There's a lot of counterintelligence- and counterespionage-type stuff. That happens all of the time in the defense industry. I've heard horror stories. The boardroom would have stereo mikes at both corners and microphones planted above them and everything. They lost three defense contractor bids-each one by about $1,000. They were multimillion-dollar bids. So the other people knew exactly what they were going to bid and bid $1,000 underneath them. They lost three contracts. They, of course, didn't share any of that with the stockholders. They just wrote it off as, like, a $800 million loss, because they are not about to tell their shareholders that their security sucks and they just got bent.

ASAP: How about other things that competitors look for?

Jeromie: I've actually been asked by someone to do this before. I knew a guy in San Diego that resold refurbished PBX equipment, phone equipment. He bought systems from a broker in New York that found PBXs from all around the world. The guy in San Diego wanted me to monitor the broker's line in New York to find out where he was getting the PBXs. Because if he could do that, he could cut out the middleman and make 20% more.

ASAP: Did it work?

Jeromie: I don't know. I turned him down.

[Laughter from everyone.]

ASAP: How much did he offer to pay you?

Jeromie: He didn't give me a figure. He just asked me if I was willing to do it.

ASAP: How much would it cost to do something like that?

Tangent: It just all depends.

ASAP: Is it like $5,000 or something like that? How much would you charge?

Dune: A 16-year-old would say, "Give me $50 so I can get me some beer!"

Matt: Maybe there should be a minimum wage for hackin'....

Tangent: I've been offered $10,000 to get a customer list from a Web server.

Dune: Really?

Tangent: Yeah. It wasn't even all that well protected.

ASAP: Did you do it?

Tangent: No.

ASAP: How come?

Tangent: I don't know. What happens if the other company gets in trouble or something? I don't need 10 grand that badly. It's interesting. It's fun to be approached with that stuff....

ASAP: You didn't turn them in?

Dune: To who? Just because they asked him a question?

ASAP: What kind of firm asked you to hack into its competitor's system?

Tangent: They were in mail order. They just wanted the competitor's mailing list. I guess it would be fairly obvious because all of a sudden all of your customers would start buying from somebody else. But they weren't too terribly concerned.

ASAP: How would you go about doing that?

Tangent: That system had some pretty-known holes. You could just go right in. They stole a lot of their customers off the Web page. I probably could have gone right into the database.

ASAP: Tell us in real plain English how you would do it.

Matt: Anytime anyone registers for a service or product over the Web, they input data, like their name, phone number, credit card information,...into a form and submit it to a particular computer. Whoever the customer is submitting their data to usually keeps the information in a plaintext file on that same computer. You reach that file, and you have that data.

ASAP: It's that easy! How long would it take you?

Matt: It all depends on who is storing that data.

Jeromie: And how it is stored, and where it's stored.

Dune: If your Windows machine has a ppp link it would be pretty damn easy to get into-actually it would be very easy to get into. Especially if they are sharing out a drive and sharing out a directory. As opposed to a no-name operating system that not too many people use that nobody knows about. Breaking into that would be quite a bit harder.

ASAP: Switching subjects, how would you monitor someone's cell-phone conversation?

Tangent: Buy a product off the shelf.

Matt: Anybody with a scanner can do that.

Tangent: That's the way to do that. If I were going to find out what is going on at Oracle, I could probably go over there with a complete cell-site monitoring system for like $2,000 that would monitor the A and B channel, even and odd. I could sit in that parking lot and anybody that was foolish enough to use a cellular phone...

ASAP: Where would you buy that?

Tangent: Anywhere. You can mail-order it.

ASAP: What does the system look like?

Matt: Imagine a radio that listens to cellular-phone calls.

ASAP: So you can just hear all the conversations?

Tangent: Yeah, except these are a little smarter. They can decode some of the data so they can tell you what number is calling or what number they are calling....You need a cell phone, and a laptop with four serial ports.

Dune: Yeah, a laptop, a cell phone, and a device that interfaces the two. You can monitor and follow calls [if you leave one cell site and go into the next, you can follow the handshake, thus follow the conversation]; it will snag what is called the forward data channel information, which contains, among other things, the phone number of the cell phone that was either being dialed or dialed from.

Tangent: It's a felony now, by the way, because Congress decided it is illegal to tune in to the public airwaves on those frequencies.

ASAP: As a cell-phone user, is there any way of preventing that?

Tangent: No, it is impossible. Anybody could sit outside of Oracle and monitor all of their channels, which means you are not going to miss anything. Let's say I was interested in the CEO. I have the CEO's business card and I have his phone number on it, and I know it's a cell phone, or he gives me his cell-phone number. I could program in my voice-activated tape recorder and my cell-monitoring device to turn itself on anytime his number is in use. If I put one of these in his house and one maybe in between the two or near the business, I could capture every single voice conversation of anybody calling him or him calling out. I just pick up my tape and listen to these calls. It would be painless. It would be much easier than going to his house and skulking around in the dark and clipping onto his phone lines and stuff.

Dune: Much easier.

Tangent: If I wanted to, I could get a hit list of all of the top executives there, and put all their phone numbers on my watch list, and anytime those numbers came up, I would record all of the conversations. I could do all this for less than $2,000. It's pitiful.

ASAP: When you buy this kit, do they give you instructions on how to use it?

[Laughter.]

Tangent: No.

Matt: Actually, their instructions are specifically for Oracle.

[Laughter.]

ASAP: How would you find out how to use it?

Tangent: It's simple.

ASAP: Tell us how.

Tangent: I'd call up the people who make the software and I'd schmooze them. I'd say, "I'm an enthusiast, and I kind of want to listen to cell-phone calls." If they were stupid and told you, I guess they'd be committing a felony.

Dune: Some hackers came out with some software for the CTEK [cellular telephone experimenters kit] that specifically does that. It's available on BBSs [bulletin board systems].

Tangent: For cell-phone companies it's legitimate to have the software for protection purposes, so there are companies that legitimately make it. So if you dummy up some company letterhead, you can order it. People have it. It's not that hard to get.

ASAP: Does that go on a lot? Are there people out there listening?

Dune: Oh, yeah. A rule of thumb: If you are on a cordless phone or a cell phone, people are listening. Just basically assume it.

Tangent: Especially if you're in a big company. You could go out to Redmond and I bet you can hit on Microsoft and get all types of juicy information.

Dune: Of course. How many business people do you know that use cell phones? Just about everybody has one.

Tangent: My friend in counterintelligence says the first thing he says when he talks to customers is, "Don't call from your office phone. Don't call me from your cell phone. Don't call me from your home phone. Go to a pay phone at lunch." People are good with that because it's all cloak-and-dagger for the first couple of weeks. Then they forget and get lazy.

ASAP: So CEOs should be making all their calls from a pay phone?

[Laughter.]

Tangent: No, no, no. If a CEO thinks he is being monitored, a CEO shouldn't go announcing that over the intercom system or picking up their desk phone.

In Seattle, a friend thought maybe he was being monitored by a competitor. It was a pretty competitive business. He hires a guy and does a sweep of his office. It's a small company, maybe a $100 million company.

He doesn't find a bug but finds a bug in the building upstairs. He wasn't paying the person to sweep the other people's offices, so he ignored it. But he kept a frequency, and he'd tune in on his scanner to see what the investment house upstairs is up to. What's the hot stock for the day?

A couple of months later, he comes back and sweeps it again. It is still there. So he said, okay, we owe this guy a favor. My friend has got all this gear. He's got his junction detector [which detects EMF, thus finding hidden electronics], and he's got all this crap. He goes up in the elevator, and they walk into the company. (I'm not going to name the company.) They go right into the CEO's office desk. He's on the phone. Guys are coming in with antennas on their back.

They come up, and he's got this nice big mahogany desk and everything. They come right around. The guy gets out of the way. What's going on? The guy's got his thumb on this thing. He's tuning in. He's got a spectrum analyzer, and he finds it. There's a false wood panel underneath the desk. They pull that down, and it's just lying there with a big bug, with a big transmitter and everything. It was there for at least six months. Everything that that guy said was monitored. I don't know how much money they got out of it, but it definitely goes on.

Dune: So somebody actually measured it out, went into the place, cut the wood out and then came back in and had to do this surreptitiously.

Tangent: Yeah.

Dune: I can see why the government is paranoid about espionage. Unfortunately, I think it's laid on a little bit thick.

Tangent: But corporate America. I'd protect corporate America before I'd protect...

Dune: You want a strong corporate structure. You want your economics in your country to be good. You want it to be protected.

Tangent: You don't want the French to come over....

Dune: And believe me, the French are one of the biggest at industrial espionage.

Tangent: The French are number one.

ASAP: They think it's okay to spy, right?

Tangent: It's legal for them. It's a sport. Like on Air France, first-class passenger seats used to have bugs in them. If you flew Air France first class, you're a businessman, and you talk to the businessman next to you and your conversation was recorded. The top three or four business hotels-they were all bugged.

ASAP: We're at a French hotel, so be careful.

Matt: I think I can see one of the bugs. Bonjour!

[Laughter.]

ASAP: Do you find many instances of people trying to steal laptops?

Jeromie: A lot of our customers are worried about that because they have people out in the field that have portions of databases that they consider proprietary or confidential, and they don't know how to secure it to make sure that if someone does get the laptop, they still won't be able to get to the data. That's something that a lot of our customers look for.

Matt: Do you provide field solutions?

Jeromie: Yeah, there are some solutions, like SmartDisk and CryptoCard. They are basically devices you use to authenticate yourself for access to data. Tangent: What's the price on those?

Jeromie: They are relatively cheap, I believe around $500 to $800. It makes it so that if somebody steals your laptop, and a competitor gets it, it's going to be useless to them because they cannot read the data on it.

ASAP: There was an incident a couple of months ago with MGM. They put up a Web site dealing with the movie Hackers. People went in and sort of changed it around and screwed with it. How hard is that to do? To go to somebody's Web site and change the information and content numbers?

Tangent: It's getting harder.

Matt: A Web site is essentially the same idea as an Internet site. Any computer that is on the Internet can potentially be a Web site, so breaking into one would be of the same nature.

ASAP: How would you go about doing it?

Matt: You'd probably try all of the various data sending/receiving programs on the different ports. Sendmail is probably the largest cause of data changing/loss in the business industry today.

 

Dune: Big program. Lots of bugs.

Tangent: Running services that don't need to be run....If you are running a Web server, your Web server doesn't need to be running Telnet and ftp. It just needs to be running Web server. If all of your machines are sort of configured identically, then they are all running services that are vulnerable. There are holes in Telnet.

[Laughter.]

ASAP: Every company you read about is getting heavily into Intranets.

Tangent: Yes, companies are now external and internal.

ASAP: Yeah. It increases exponentially the amount of information that is traveling through networks-from sales appointments to financial information. It seems that it will be easier than ever for hackers-if you're not careful.

Tangent: You have to spend a fortune to protect your assets.

Jeromie: A lot of our customers ...that's one of the major things they look at. We try to implement models instead of just saying, "We need security." The two big models are in-depth security or perimeter security. In-depth would mean you'd go and look at every single one of your computers throughout your network and try to evaluate the security of it. Well, obviously you are never going to be able to do it, because people are throwing new programs on their machines all of the time. Networks are getting swapped around, etc. So the other way you do it is by creating perimeters. What that means is you basically put a circle around what you consider secure.

ASAP: Are there certain departments within the big companies that are more vulnerable than others?

Jeromie: It's all based on the services that they're running.

Matt: You know, ironically, the people most directly involved with technology are usually at the highest risk because they are so busy developing new software and new things for the market that they're on the bleeding edge. They always have the newest software, and a lot of times the newest software is the worst software.

ASAP: What about going in and looking at a competitor and stealing their proprietary secrets?

Tangent: You can remotely monitor people's video screens with some fairly inexpensive equipment. Depending on the quality, you can tune in. Just like I tune in the TV or radio, I could tune in to the frequency of your monitor and see everything you type on your screen.

So if I wanted to snoop into your accounting department, I could sit outside up to a mile away. With a directional antenna, I could tune in to that building. Since every monitor is not perfect, exact replicas of each other, they all have slight variations, I can distinguish between those variations and tune in to just one monitor.

ASAP: How hard is that to do?

Tangent: You just have to buy the equipment. The equipment is anywhere between super-super cheap-$1,000-to a nice digital frame buffering for $30,000.

ASAP: So if I wanted to hack Larry Ellison's [CEO of Oracle] e-mail, would it be easier to penetrate the internal network or to monitor his screen?

Jeromie: It would probably be easier to watch it as it comes across the Internet.

Matt: But he means intra-the internal network-where he's really making decisions about the company.

Tangent: If I had the money, I'd do it remotely. I could stick that thing in a bush.

Dune: You could just park a van around Oracle. Nobody would ever notice.

Matt: You don't just stick 30 grand in a bush. That's the thing.

Tangent: But if you're screwing with Oracle, you probably have a budget.

Matt: From Microsoft or something.

[Laughter.]

ASAP: Do you find a lot of your clients are concerned about these kinds of electronic attacks from competitors or just the sort of rogue 16-year-old?

Jeromie: It's a little bit of both. Some companies are sophisticated about security; for example, in the biomedical field they are very tight on that type of thing because you release one little research secret and your competitor down the street might release a drug that you had been working on for years. In highly competitive industries, it seems like our customers are interested in protecting information. But the majority of them are just worried about the "hackers on the Internet" that they read about.

ASAP: Which companies have the worst security?

Jeromie: The ones that don't have the money. Small companies, usually.

ASAP: Startups?

Jeromie: Yeah. Firewalls start at $15,000-not including the consulting-and small companies just don't have that kind of money. They say, "We have $5,000 allocated for security, not $50,000." The people that don't have the money to spend are just vulnerable.

ASAP: Is that money well spent, do you think?

Jeromie: I would say that it is well spent. A firewall can secure a lot of things. But one thing that we really try to explain to our customers is that a firewall can very easily be installed improperly.

ASAP: In what way?

Jeromie: A typical example we've seen is a big manufacturer that claims it can do udp- and rpc-based services securely, which is just bullshit.

ASAP: What does that mean for somebody who doesn't know a lot about computers?

Jeromie: The Internet and most corporate networks are tcp/ip based. There are a bunch of different types of message packets that are transmitted. There are three big types: udp, rpc and tcp services. tcp you can secure. udp and rpc you cannot. The only way to do it would be end-to-end encryption.

ASAP: There are probably a lot of snake oil salesmen in the firewall business....

Jeromie: Definitely. In the firewall market especially. Everyone is trying to push their product and make their product unique. I've heard that it's a $60 million market. So everyone is trying to get in there. Anything, even remotely, if it can put a password on your Lotus Notes, they will call it a firewall.

[Laughter.]

ASAP: Have you ever heard of a device that directs magnetic signals at hard disks and can scramble the data?

Everyone: Yes! A HERF [high energy radio frequency] gun.

Tangent: That will cook your internal organs, man! Give you gonad cancer!

[Laughter.]

Tangent: This is my nightmare. $300: a rucksack full of car batteries, a microcapacitor and a directional antenna and I could point it at Oracle over there [Oracle headquarters is visible from the suite] and I could...

Dune: We could cook the fourth floor.

Prank #3: Hotel & Casino

Tangent: Last year these guys hacked into the video system at the hotel and they could see which room was blocked. So they would fire up the pornos and force them to view them. It was the funniest thing.

[Laughter.]

Tangent: I like the bingo prank.

Matt: Yeah, they hacked into the
bingo system, found the transmission frequency and
announced, "D-7." But there was no

D-7.

[Laughter.]

Tangent: The bingo players. What did they do? Did they just flip out?

Dune: A bunch of drunk old people with buckets of quarters and dimes and nickels.

Matt: Then someone decided it would be funny to order hamburgers over the bingo system.

[Laughter.]

Prank #4: McDonald's Drive-thru

Dune: McDonald's has a similar service. You know, all the fast-food joints with all the wireless headsets. Those are fun to hack.

[Laughter.]

Tangent: [Acting as the customer]: I want five Big Macs.

Dune: [Acting as the McDonald's employee]: That's a real shitty Corvette you've got out there. Why don't you get the hell out of here?

[Knowing laughter.]

Naturally, I wouldn't know anything about that.

Tangent: You can start some nasty fights that way.

Dune: The one I like the most is, "We have our dog food special of the day." Customer: "You're kidding, right?" "Absolutely not. It's McGood."

Tangent: We could cook their whole office.

ASAP: So if you were a suicide bomber from Sybase?

Tangent: No, you wouldn't have to be a suicide bomber. You could park it in a car and walk away. It's a $300 poor man's nuke. For three or four hundred bucks, you could build something that would put that company out of business for a month. And you could do it every single day of the week if you wanted to. Oh, they restored it. Boop! Oh, hey, restored. Boop! Oh, they restored it....You could keep them down indefinitely.

Dune: And you could do it remotely. I mean you could do it from any angle.

Tangent: If you really wanted to, you could do it. The only downside is that the way the magnetic waves propagate is like a figure eight. So if you're standing behind the thing, well, some energy gets dumped into your organs.

[Hearty laughter.]

Tangent: So you make sure it's on a tripod pointing at the goal and you do it with a remote from across the street....[He turns serious.] You can build these for cheap. And the amount of damage you could do is significant. You could point it at an ATM machine and the ATM machine doesn't work. Your digital watch falls off. Your disk is gone, you know?

The $300 price tag scares me. I know someone with one of these devices and he's never told me if, or when, or how he's used it. He just says he has one and it's functional. And that's all I want to know. What's he going to do with it? "He pissed me off. Buzz! He's gone."

Matt: This is all we need....

Tangent: They were talking about giving these guns to border patrol guards so they can zap Mexican cars as they drive across the border and fry their fuel injection. All it's going to take is, like, 400 or 500 Mexican border guards with these toys.

Can you imagine these things in New York?

Matt: What about the guy with the pacemaker?

ASAP: Or planes flying into an airport?

Dune: You could take a lot of planes out.

Tangent: It's so cheap. It's really frightening. If my enemy gets one, I'm getting one.

ASAP: How many are out there?

Tangent: There are only three or four people who know how to build them, and they're really tight lipped. I mean, if you experiment wrong, then you've waved yourself.

Dune: Yeah, this is a high-energy device. You could be a half-mile away and take out a computer in Oracle.

ASAP: How many pulses would it take to wipe out Oracle?

Tangent: One. One pulse.

ASAP: Would wipe out Oracle?!

Tangent: It dumps 2 million watts in one-thousandth of a second. It's equivalent to 10 amp minutes, but it's so compressed over like one-thousandth of a second that it's one huge pulse instead of smaller pulses.

ASAP: So what happens? Do screens go blank automatically?

Tangent: All your polarity would shift on your magnetic disk. We used these in the Persian Gulf. We cooked the radar installation. You could fly into Citibank instead of Baghdad.

Dune: If you had a Cessna and a herf gun, you could fly over Silicon Valley and-POW!-there goes Sun Microsystems-POW!-there goes Intel!

Tangent: If you wanted to protect a 10-by-10-by-10 cube to tempest-grade quality-tempest is a level of protection against electromagnetic radiation-it would cost $10,000. Imagine telling your boss, "Mr. CEO, you need to protect against a mad bomber."

Dune: Don't worry, it only costs you like...a billion dollars.

Matt: What is the good of a herf gun?

Tangent: Nothing. It's pure evil.

Prank #5: Call Girl

Tangent: Someone put a diagnostic mode on a cell phone and went into stomp mode. It was a call girl picking up....I shouldn't even talk about this one. A john was talking to the madam, and for some reason, we were getting all sides of the conversation because it wasn't changing cells. There was no handoff. "For $600, he wants a yellow and a brown." He says he's only got $300 or $400, and what will that get him? They negotiate, and they're calling back and forth, and finally the guy says, "I don't have the money." I had their numbers, so I call up and say: "I'll do that for $200." He says, "No man, I don't want a dude."

The cell-phone industry does nothing to prevent it.

ASAP: You could go up on one of the World Trade Center towers and aim it straight down at Wall Street....

Dune: Sure.

Tangent: They'd be toast.

Dune: Toast.

ASAP: What is the state of the hacker culture right now?

Dune: Chaos.

Tangent: There's also a lot of people nowadays doing some real damage.

ASAP: What kind of damage?

Dune: People formatting hard drives. People going out and being deliberately malicious just to piss people off.

Tangent: I've heard some attitudes which I just do not agree with.

Dune: I don't either.

Tangent: [Mimicking a bad hacker] If you are paying some administrator $60,000 a year and they can't keep their site secure, they have no business being there. If I'm like a 20-year-old kid out of college, I can take them down. They deserve it. If they don't have backups and can't restore, then it's their problem.

Dune: So if I shoot you in the chest and you don't have a bulletproof vest on, you deserve it? I don't think so.

ASAP: It almost seems like the security industry is helpless.

Jeromie: I wouldn't say that. I would say that new applications come out faster than the security does. For example, if you are running an implementation where you have multiple platforms on your network, you have a firewall set up. You don't allow anyone to come inbound, unless they're using encryption. Well then, yeah, you're relatively safe. But most people don't have the money to implement it properly or they don't have the intelligence to implement it properly.

Dune: Or even worse, they have bad people giving them wrong information.

Tangent: It's ignorance in the community. And it's not necessarily the consumers' fault. The manufacturers are making false claims.

Firewalls are hard on the outside, crunchy on the inside. Once you are inside, it's just payday. You're in heaven.

Jeromie: I would say that none of the companies that I work with are totally secure. Ninety-nine percent of the time we go in and we see modems sitting on people's desks; people are allowed to bring in pcAnywhere software. They can get into their computer with nothing: no id or password. Then they connect with T1 lines out to their vendors; they have no security between them and their vendors.

I mean, the Internet is nothing. They have plenty of problems internally already. If your management's freaking out about getting on the Internet because of the security, then they're under the false assumption that their network is already secure. I would bet your and my bottom dollar I could go into just about any company in the United States and find huge, gaping holes...everywhere.

Tangent: A few months after Kevin Mitnick raided Tsutomu Shimomura, he was raided again. It wasn't like he got more secure or anything. It's just how you set up your firewall.

Jeromie: Implementation is a huge problem.

Tangent: A huge problem.

ASAP: You might have brilliant firewall inventors but the implementers aren't up to par....

Jeromie: If you go to Sun Microsystems you can buy a firewall just like you buy WordPerfect. Get it sent to you in the mail with a manual and you set it up. You implement it, but you have no idea about security and you leave nfs [network file sharing] or x11 on and a few weeks later someone compromises your system.

ASAP: So it boils down to this: One must choose open discourse or security.

Jeromie: Here's a typical example: We went into a university that had Nobel Prize winners working there and they said they needed to nfs-mount their friends' drives over at Berkeley because they did research with them. And the 17 people said, "We're installing this firewall and you can't do nfs anymore." And the Nobel Prize guys said, "Forget it." So they had to leave their firewall open.

Tangent: Now anyone can read the Nobel Prize winners' research.

Jeromie: Yep.

ASAP: What are your impressions of information systems managers?

Tangent: Overworked, overstressed and underpaid.

Jeromie: Generally, they know a lot about networking, but they don't know a lot about security.

Tangent: Security is a full-time job.

Jeromie: Security is all I do-every day. I'm only 23 years old. I talk to people who are twice my age and they have no concept about what I'm talking about.

[Laughter.]



Aug. 26 / June 03, 1996 contents

ASAP Home