Mark Seecof <marks@capnet.latimes.com> (06/11/91)
Moderator's Note: Excerpts from an article published in the {Los Angeles Times} May 17, 1991; page E1. This was sent by Mark Seecof to RISKS, and Jody Kravitz passed ot along to me, to share with TELECOM Digest readers. Thanks Jody! Thanks, Mark! PAT] Edited and submitted to RISKS Digest by Mark Seecof <marks@latimes.com> of the L.A. Times Publishing Systems Department. [elisions and bracketed comments mine -- Mark S.] ``Little Phone Company on a Hacker Attack'' By Susan Christian, Times Staff Writer. [Introductory blather...] [...] in the last seven months [small long-distance company] Thrifty Tel's [security chief] has put seven hackers in jail. And she has made 48 others atone for their sins with hard cash and hardware. The case that [security chief] Bigley calls her biggest coup -- involving a 16-year-old Buena Park boy whose alleged theft of computer data cost Thrifty Tel millions of dollars -- is pending in Orange County Superior Court. Thrifty Tel has become one of the most agressive hacker fighters in California, according to Jim Smith, president of the California Assn. of Long Distance Telephone Cos. (Caltel). ``[Bigley] is tough,'' he says. ``I would not want to be a hacker on her network.'' So far, the company has collected more than $200,000 in penalties and reimbursements from hackers. ``We do not have a hacking problem any more because we stood up and punched them in the face,'' Bigley proclaims. ``These kids think that what they're doing is no big deal -- they're not murdering anyone,'' Bigley says. ``They think we're terrible for calling them on it. Their attitude is extremely arrogant. But these are not just kids having some fun. They are using their intellect to devise ways to steal. And these are not kids who need to steal. They come from white-collar families.'' For Thrifty Tel Inc., the battle of wits started a year ago. [...Thrifty Tel is ten years old, went public in '86, and serves 7,000 customers in SoCal.] [...Last year the hackers discovered them. Hackers use computer programs to try many possible code numbers until they find the ones which unlock the system.] ``The first quarter of 1990 we came in with a half-million-dollar net profit, and everything was going great,'' Bigley says. ``Then the next quarter, all of a sudden we were lopsided. We were getting bigger bills from our carriers than we were billing out to our customers.'' With a little investigation, the company pinpointed the culprits: hackers who were eating up telephone time at as much as ten hours a ``conversation.'' Because hackers exchange information and solve secret codes via long-distance modem connections, circumventing expensive telephone charges has become their mainstay. ``It was so frustrating to sit here and watch these hackers burn through our lines,'' says Bigley, a 33-year-old San Fernando Valley resident. She has been vice-president of operations at Thrifty Tel for four years. ``I had technicians out changing customers' codes that they'd just changed a few weeks before.'' But Bigley is not the sort to throw in the towel. [...She is hard-working and persistent.] First, she devoted a couple of months to educating herself about hacking. She monitored Thrifty Tel's computers for unusual activity -- telephone calls coming into the switching facility from non-customers. ``They believe that because they're sitting in a room with a computer they're safe,'' Bigley says. ``The problem is, they're using their telephone; we can watch them in the act. It's a lot easier to catch a hacker than a bank robber.'' Bigley started making a few calls of her own. If the infiltrator seemed major league, like the Buena Park boy, she contacted the Garden Grove Police Department, whose fraud investigators went into homes with search warrants. If the hacker seemed relatively small, however, Bigley took matters into her own hands, telephoned the suspect and presented an ultimatum: Either pay up or face criminal charges. A non-negotiable condition of Bigley's out-of-court settlement provided that the guilty party relinquish his (or, infrequently, her) computer and modem. Thrifty Tel donates the confiscated weapons [computers] to law enforcement agencies. Teen-age hackers tend to be ``very intelligent and somewhat introverted,'' says Garden Grove Police Detective Richard Harrison, a fraud investigator who has arrested many of Thrifty Tel's suspects. Most of the parents he has dealt with were oblivious to their children's secret lives, Harrison says. He suggests that parents educate themselves about their children's computers. ``If a kid is spending a whole bunch of time on his computer and it's hooked up to a modem, he's not just running his software. What is he doing on that computer? Does he really need a modem?'' [ed. note -- this officer may be an expert on fraud but is clearly unqualified to make such sweeping assertions about what (young) people do with computers. Playing rogue can eat up as much time as hacking while the modem remains idle.] Not all hackers are young computer fanatics testing their limits. ``The hacking problem is two-fold,'' says Caltel president Smith, also president of the Sacramento-based long-distance telephone company Execuline. ``First, we have Information Age fraud, which is an outgrowth of the proliferation of computers in households. We have all these kids who want to talk to each other on bulletin boards, and if mom and dad had to pay for all those phone calls, the cost would be prohibitive. Then we have professional fraud -- adults as well as kids who attempt to gain access to our codes for the purpose of selling the codes. They have made a big business out of hacking.'' Smith's company has waged a more low-key defens[e] against hackers than Thrifty Tel. ``I wish I had the time to devote to hacker fraud that she [Bigley] has been able to devote,'' he says. Therein lies the reason that many telephone companies decline to file charges against hackers, says Roy Costello, a fraud investigator for GTE. ``Smaller carriers don't have the time to allow their people to do the investigation and then carry it through the court system,'' he says. [... Stuff about the sticktoitiveness of Thrifty Tel's Bigley and how she thinks that hackers are immoral and wants to defeat them.]
Jeff Sicherman <sichermn@beach.csulb.edu> (06/15/91)
In article <telecom11.453.5@eecs.nwu.edu> John Higdon <john@zygot.ati. com> writes: > On Jun 13 at 1:10, Jody Kravitz passed along the article from the {LA > Times} which appeared in RISKS: >> ``Little Phone Company on a Hacker Attack'' >> By Susan Christian, Times Staff Writer. > You may be interested to know that the {San Jose Mercur}y is about to > do a story also. However, the writer has been in close touch with > yours truly and I can guarantee the article will be somewhat more > "informed" and will carry a somewhat different slant. If I remember the original article (or a similar one in another local paper) there was some information about the VP - crusader and how much of her waking time she spends on this activity. There is more to her motivation than the company's interest and a sense of justice. I'm not sure the edited version of the article showed the whole picture very well, even as it was known then. I'm looking forward to this 'new slant'. Jeff Sicherman [Moderator's Note: Your wish is my command! I contacted John yesterday and asked him to compare the article which appeared here and in RISKS with the version which appeared in his local paper. He did so, and his comments follow in the next message of this issue. PAT]
John Higdon <john@zygot.ati.com> (06/15/91)
Mark Seecof <marks@capnet.latimes.com> quotes the {LA Times}: > ``Little Phone Company on a Hacker Attack'' > By Susan Christian, Times Staff Writer. On June 13, the {San Jose Mercury} ran a story about Ms. Bigley's courageous efforts. The writer, Alex Barnum, did a little more investigating and presented a little more balanced picture than Ms. Christian. Excerpts below: Firm's Big Phone Fees Hang up Hackers by Alex Barnum, Mercury Staff Writer "A year ago, Thrifty Tel Inc. won approval from the state Public Utilites Comission ot charge unauthorized users of its long-distance lines a 'special' rate: a $3,000 'set-up' charge, a $3,000 daily line fee, $200 an hour for labor and the costs of investigating and prosecuting the offender. "Since then, the Garden Grove company has netted $500,000 and caught 72 hackers, ranging from an 11-year-old girl to a grandma-gradpa team of professional phone hackers." [Doesn't sound as if Thrifty Tel came off too badly on that one, does it? That's $500,000 NET profit on hackers. JH] "But while many have applauded Thrifty Tel's ingenuity, others have criticized the company for taking the law into its own hands. Some Los Angeles law enforcement officials, in fact, say the approach borders on extortion ... "Others charge that Thrifty Tel is deliverately baiting its long-distance system with lax security to catch hackers and bring in new revenue. Thrifty Tel is 'a vigilante,' says John Higdon, a San Jose phone network expert." [blush].... "Even a single call can cost a hacker more than $6,000. And Thrifty Tel charges an extra $3,000 for every access code the hacker uses. Since about half of Thrifty Tel's hacker 'customers' are minors, their parents usually wind up footing the bill. "Moreover, as a condition of the settlement, Thrifty Tel requires hackers to hand over their computers which mirrors a provision in the criminal code. Bigley usually turns the computer over to authorities, although she says she kept one once. [She kept more than that according to her own conversation with me. JH] "While praising Bigley's basic strategy, law enforcement officials say she has taken it a step too far. 'She can threaten a civil suit, but not criminal charges,' says one official. 'You don't use a criminal code to enforce a civil settlement.'"... "Other critics charge that Thrifty Tel is deliberately haiting hackers with antiquated switching technology and short access codes that are easier to hack than the more modern, secure technology and 14-digit access codes of the major long-distance carriers." Mr. Barnum has all the quotes from Ms. Bigley that the {LA Times} article had, which essentially contain the circular argument that it costs money to upgrade to FGD and why should Thrifty have to spend that money on account of "thugs and criminals" while whining about all the losses suffered at the hands of the hackers. Thrifty's technique looks more like a profit center than hacker "prevention". John Higdon | P. O. Box 7648 | +1 408 723 1395 john@zygot.ati.com | San Jose, CA 95150 | M o o !
Nick Sayer <mrapple@quack.sac.ca.us> (06/15/91)
marks@capnet.latimes.com (Mark Seecof) writes: > He suggests that parents > educate themselves about their children's computers. ``If a kid is > spending a whole bunch of time on his computer and it's hooked up to a > modem, he's not just running his software. What is he doing on that > computer? Does he really need a modem?'' > [ed. note -- this officer may be an expert on fraud but is clearly > unqualified to make such sweeping assertions about what (young) people > do with computers. Playing rogue can eat up as much time as hacking > while the modem remains idle.] I heartily agree. For two years while I was in high school, I ran a perfectly legitimate BBS in San Diego. Telecom historians in that town will remember that in '85 (I think), PacBell security sent out a letter to all BBS sysops in effect saying "Big Brother is watching you." Saying that BBSs are centers of hacker activity is like saying ethnic neighborhoods are centers of drug activity: specific examples do occur, but the generalization is unjustified. If it was my town, I'd press that cop for a full, public appology. When modems are outlawed, only outlaws will have modems. Modems don't phreak, people do. etc. > Not all hackers are young computer fanatics testing their limits. Nor are all "young computer fanatics testing their limits" hackers in the sense that the article means. First, let's remember that the term 'hacker' in it's propper definition implies no illegality. Those who attempt to defraud telephone companies are more properly called "phreakers." > ``The hacking problem is two-fold,'' says Caltel president Smith, also > president of the Sacramento-based long-distance telephone company > Execuline. ``First, we have Information Age fraud, which is an > outgrowth of the proliferation of computers in households. We have > all these kids who want to talk to each other on bulletin boards, and > if mom and dad had to pay for all those phone calls, the cost would be > prohibitive. ... A big reason why there are so many boards. If there's one in your local area, then there's no need to phreak it. > [... Stuff about the sticktoitiveness of Thrifty Tel's Bigley and how > she thinks that hackers are immoral and wants to defeat them.] Thank you for sparing us her little attitude. I am offended by both her generalizations and the phreakers who "try" to make those generalizations justified. There. I feel much better. Nick Sayer mrapple@quack.sac.ca.us N6QQQ 209-952-5347 (Telebit)
Jeff Sicherman <sichermn@beach.csulb.edu> (06/16/91)
In article <telecom11.460.5@eecs.nwu.edu> John Higdon <john@zygot.ati. com> writes: > On June 13, the {San Jose Mercury} ran a story about Ms. Bigley's > courageous efforts. The writer, Alex Barnum, did a little more > investigating and presented a little more balanced picture than Ms. > Christian. Excerpts below: > "A year ago, Thrifty Tel Inc. won approval from the state Public > Utilites Comission ot charge unauthorized users of its long-distance > lines a 'special' rate: a $3,000 'set-up' charge, a $3,000 daily line > fee, $200 an hour for labor and the costs of investigating and > prosecuting the offender. > "Even a single call can cost a hacker more than $6,000. And Thrifty > Tel charges an extra $3,000 for every access code the hacker uses. > Since about half of Thrifty Tel's hacker 'customers' are minors, their > parents usually wind up footing the bill. Ethics aside, I wonder if the PUC is doing *its* job in this scenario. If Thrifty Tel is a regulated entity, doesn't its charges have to have some relationship to costs plus a reasonable profit? It's hard to see how these numbers satisfy that, not to mention the apparent fact that a setup is not really performed. If it is, are these rates even vaguely consistent with its normal ones or are they practicing discriminatory pricing with its 'users' ? I also wonder about the element of civil damages with respect to minors using this enforcement concept. If TT is, in effect, establishing a relationship post-facto, they are making (involuntary) contracts with people (the minors) who may not have the ability to enter into such contracts and make them unenforceable. Any lawyers out there (real or self-imagined) ? Jeff Sicherman [Moderator's Note: The minor entered into the contract when he manipulated the telephone connection. TT's 'post-facto' response is merely handling the paperwork involved at that point. Now the contract may indeed be unenforceable since the minor entered into it without his parent's knowledge or consent -- AND -- the transaction has nothing to do with the minor's basic 'life-needs'. Parents can be held responsible for contracts entered into by their minor children for such things as simple clothing, food and shelter, school supplies, etc, since it is the parent's responsibility to meet these requirements anyway. But I'm not sure they can be held legally responsible for long distance phone charges which arose as part of the child's entertainment. TT could claim their published rates in these cases correctly reflect the additional cost involved in locating the 'customer', setting up the account after the fact and effecting collection. They might be right. Still, it seems to me like a kind of sleazy approach if they are deliberatly making it easy to steal from them. There is a requirement in the law that victims make every effort to mitigate their losses; courts are not in the business of being collection agencies; and TT does not seem to be acting in the best of faith. PAT]
doug@admiral.uucp (Doug Fields) (06/18/91)
In article <telecom11.453.4@eecs.nwu.edu> Mark Seecof <marks@capnet. latimes.com> writes: > steal. And these are not kids who need to steal. They come from > white-collar families.'' Obviously; otherwise how could they afford the computer and modem? (I'm not saying that this is a necessity, but to have a high end '386 and a HS modem it can be a pretty safe assumption.) > with search warrants. If the hacker seemed relatively small, however, > Bigley took matters into her own hands, telephoned the suspect and > presented an ultimatum: Either pay up or face criminal charges. Not to protect the "cracker"'s actions, but this is technically extorsion, no? But five bucks says it brings in a LOT more revenue than just handing the name over to the police. > Teen-age hackers tend to be ``very intelligent and somewhat > introverted,'' says Garden Grove Police Detective Richard Harrison, a "crackers", please. I pride myself in being a legit "hacker". > educate themselves about their children's computers. ``If a kid is > spending a whole bunch of time on his computer and it's hooked up to a > modem, he's not just running his software. What is he doing on that >computer? Does he really need a modem?'' > [ed. note -- this officer may be an expert on fraud but is clearly > unqualified to make such sweeping assertions about what (young) people > do with computers. Playing rogue can eat up as much time as hacking > while the modem remains idle.] Wow; wouldn't my mother love this person. Not only am I on the computer for two hours or so a day (of course they must be the only two hours that my mother ever notices me), but I have SIX modems ... I must be a big time mafia boss in the computer business by that reasoning! Doug Fields -- 100 Midwood Road, Greenwich, CT 06830 --- (FAX) +1 203 661 2996 uucp: uunet!areyes!admiral!doug ------- Thank you areyes/mail and wizkid/news! Internet: fields-doug@cs.yale.edu --------------- (Voice@Home) +1 203 661 2967 BBS: (HST/V32) +1 203 661 1279; (MNP6) -2967; (PEP/V32) -2873; (V32/V42) -0450