jdj1574@uxf.cso.uiuc.edu (10/04/88)
Okay, this is part II of the story Night of the Hackers, for those of you who expressed an interest... **** Epilog: A few weeks after this reporter submitted this article to Newsweek, he found that his credit had been altered, his driver's license revoked, and even his social security records changed. Just in case you all might like to construe this as a 'Victimless' crime. The next time a computer fouls up your billing on some matter, and costs you, think about it. This is the follow-up to the previous article concerning the Newsweek reporter. It spells out some of the real dangers to all of us, due to this type of acti- vity. ______________________ REVENGE OF THE HACKERS ---------------------- In the mischievous fraternity of computer hackers, few things are prized more than the veil of secrecy. As newsweek San Francisco correspondent Richard Sandza found out after writing a story on the electronic underground's ability to exact revenge can be unnerving. Also severe.... "Conference!" someone yelled as I put the phone to my ear. Then came a mind-piercing "beep," and suddenly my kitchen seemed full of hyperactive 15-year-olds. "You the guy who wrote the article in Newsweek?" someone sholted from the depths of static, and giggles. "We're going to disconnect your phone," on shrieked. "We're going to blow up your house," called another. I hung up. Some irate readers write letters to the editor. A few call thier lawyers. Hackers, However, use the computer and the telephone and for more than simple coment. Within days, computer "bulletin boards" around the country were lit up with attacks on Newsweek's "Montana Wildhack" (a name I took from a Kurt Vonnegut character), questioning everything from my manhood to my prose style. "Until we get real god revenge," said one message from Unknown Warrior, "I would like to suggest that everyone with an autl d modem call Montana butthack then hang up when he answers." Since then the hackers of America have called my home at least 2000 times. My harshest critics communicate on Dragonfire, a Gainesville, Texas, bulletin board where I am on teletrial, a video-lynching in which a computer user with grievance dials the board and presses charges against the offending party. Other hackers -- including the defendant -- post concurrences or rebuttals. Despite the mealtime interruptions, all of this was at most a minor nuisance; some was amusing, even fun. FRAUD: The fun stopped with a call from a man who identified himself only as Joe. "I'm calling to warn you," he said. When I barked back, he said, "Wait, I'm on your side. Someone has broken into TRW and obtained a list of all your credit card numbers, your home address, social security number and wife's name and is posting it on bulletin boards around the country." He named the charge cards in my wallet. Credit card numbers are a very hote commodity among some hackers. To get one froma computer system and post it is the hacker equivalent of making the team. After hearing from Joe, I visited the local office of the TRW credit bureau and got a copy of my credit record. sure enough, it showed a nov. 13 inquiry by the Lenox (Mass.) Savings Bank, an institution with no reason whatever to ask about me. Clearly some hacker had used Lenox's password to the TRW computers to get to my files (the bank has since changed the password). It wasn't long before I found out what was being done with my credit card numbers, thanks to another friendly hacker who tipped me to Pirate 80, a bulletin board in Charleston, WV, where I found this: "I'm sure you guys have heard about Richard Stza or Montana Wildhack. He's the guy who wrote the obscene story about phreaking in Newsweek. Well, my friend did a credit card check on TRW ... try this number, it's a Visa... Please nail this guy bad... Captain Quieg. Captain uieg may himself be nailed. He has violated the Credit Card Fraud act of 1984 signed by President Reagan on oct. 12. The law provides a $10,000 fine and up to a 15-year prison term for "trafficking" in illegally obtained credit-card account numbers. His "friend" has commited a felony violation of the California computer-crime law. TRW spokeswoman Delia fernandez said that TRW would "be more than happy to prosecute" both of them. TRW has good reason for concern. Its computers contain the credit histories of 120 million people. Last year TRW sold 50 million credit reports on their customers. But these highly confidential personal records are so poorly guarded that computerized teenagers can ransack the files and depart undetected. TRW passwords -- unlike many others -- often print out when entered by TRW's customers. Hackers then look for discarded printouts. A good source: te trash of banks and automobile dealerships, which routinely do credit checks. "Everybody hacks TRW," says Cleveland hacker King Blotto, whose bulletin board has a security system the pentagon would envy. It's the easiest." For her part, Fernandez insists that TRW "does everything it can to keep the system secure." In my case, however, that was not enough. My credit limits would hardly support big-time fraud, but victimization takes many forms. Another hacker said it was likely that merchandise would be ordered in my name and shipped to me -- just to harrass me. "I used to use credit card numbers against someone I didn't like," the hacker said. "I'd call Sears and have a dozen toilets shipped to his house." Meanwhile, back on Dragonfire, my teletrial was going strong. The charges, as pressed by Unknown Warrior, include "endangering all phreaks and hacks." The judge in this case is a hacker with the apt name of Ax Murderer. Possible sentences range from "exile from the entire planet" to "Kill the dude." King Blotto has taken up my defense, using hacker power to make his first pleading: he dialed up Dragonfire, broke into its operating system and "crashed" the bulletin board, destroying all of its messages naming me. The board is back up now, with a retrial in ful swing. But then, exile from the electronic underground looks better all the time. ***** That's it. The one thing that I was curious about after reading this article is, why did this guy decide to write an article about BBS? He obviously doesn't know too terribly much about them (even now). Well, hope this was worthwhile to you. "L8r" --Jon jdj1574@uxf.cso.uiuc.edu