Mark Seecof <marks@capnet.latimes.com> (06/11/91)
Moderator's Note: Excerpts from an article published in the {Los
Angeles Times} May 17, 1991; page E1. This was sent by Mark Seecof to
RISKS, and Jody Kravitz passed ot along to me, to share with TELECOM
Digest readers. Thanks Jody! Thanks, Mark! PAT]
Edited and submitted to RISKS Digest by Mark Seecof <marks@latimes.com>
of the L.A. Times Publishing Systems Department.
[elisions and bracketed comments mine -- Mark S.]
``Little Phone Company on a Hacker Attack''
By Susan Christian, Times Staff Writer.
[Introductory blather...]
[...] in the last seven months [small long-distance company] Thrifty
Tel's [security chief] has put seven hackers in jail. And she has
made 48 others atone for their sins with hard cash and hardware. The
case that [security chief] Bigley calls her biggest coup -- involving
a 16-year-old Buena Park boy whose alleged theft of computer data cost
Thrifty Tel millions of dollars -- is pending in Orange County Superior
Court.
Thrifty Tel has become one of the most agressive hacker fighters in
California, according to Jim Smith, president of the California Assn.
of Long Distance Telephone Cos. (Caltel). ``[Bigley] is tough,'' he
says. ``I would not want to be a hacker on her network.'' So far,
the company has collected more than $200,000 in penalties and
reimbursements from hackers.
``We do not have a hacking problem any more because we stood up and
punched them in the face,'' Bigley proclaims. ``These kids think that
what they're doing is no big deal -- they're not murdering anyone,''
Bigley says. ``They think we're terrible for calling them on it.
Their attitude is extremely arrogant. But these are not just kids
having some fun. They are using their intellect to devise ways to
steal. And these are not kids who need to steal. They come from
white-collar families.''
For Thrifty Tel Inc., the battle of wits started a year ago.
[...Thrifty Tel is ten years old, went public in '86, and serves 7,000
customers in SoCal.] [...Last year the hackers discovered them.
Hackers use computer programs to try many possible code numbers until
they find the ones which unlock the system.]
``The first quarter of 1990 we came in with a half-million-dollar net
profit, and everything was going great,'' Bigley says. ``Then the
next quarter, all of a sudden we were lopsided. We were getting
bigger bills from our carriers than we were billing out to our
customers.'' With a little investigation, the company pinpointed the
culprits: hackers who were eating up telephone time at as much as ten
hours a ``conversation.'' Because hackers exchange information and
solve secret codes via long-distance modem connections, circumventing
expensive telephone charges has become their mainstay. ``It was so
frustrating to sit here and watch these hackers burn through our
lines,'' says Bigley, a 33-year-old San Fernando Valley resident. She
has been vice-president of operations at Thrifty Tel for four years.
``I had technicians out changing customers' codes that they'd just
changed a few weeks before.''
But Bigley is not the sort to throw in the towel. [...She is
hard-working and persistent.] First, she devoted a couple of months
to educating herself about hacking. She monitored Thrifty Tel's
computers for unusual activity -- telephone calls coming into the
switching facility from non-customers. ``They believe that because
they're sitting in a room with a computer they're safe,'' Bigley says.
``The problem is, they're using their telephone; we can watch them in
the act. It's a lot easier to catch a hacker than a bank robber.''
Bigley started making a few calls of her own. If the infiltrator
seemed major league, like the Buena Park boy, she contacted the Garden
Grove Police Department, whose fraud investigators went into homes
with search warrants. If the hacker seemed relatively small, however,
Bigley took matters into her own hands, telephoned the suspect and
presented an ultimatum: Either pay up or face criminal charges.
A non-negotiable condition of Bigley's out-of-court settlement
provided that the guilty party relinquish his (or, infrequently, her)
computer and modem. Thrifty Tel donates the confiscated weapons
[computers] to law enforcement agencies.
Teen-age hackers tend to be ``very intelligent and somewhat
introverted,'' says Garden Grove Police Detective Richard Harrison, a
fraud investigator who has arrested many of Thrifty Tel's suspects.
Most of the parents he has dealt with were oblivious to their
children's secret lives, Harrison says. He suggests that parents
educate themselves about their children's computers. ``If a kid is
spending a whole bunch of time on his computer and it's hooked up to a
modem, he's not just running his software. What is he doing on that
computer? Does he really need a modem?''
[ed. note -- this officer may be an expert on fraud but is clearly
unqualified to make such sweeping assertions about what (young) people
do with computers. Playing rogue can eat up as much time as hacking
while the modem remains idle.]
Not all hackers are young computer fanatics testing their limits.
``The hacking problem is two-fold,'' says Caltel president Smith, also
president of the Sacramento-based long-distance telephone company
Execuline. ``First, we have Information Age fraud, which is an
outgrowth of the proliferation of computers in households. We have
all these kids who want to talk to each other on bulletin boards, and
if mom and dad had to pay for all those phone calls, the cost would be
prohibitive. Then we have professional fraud -- adults as well as
kids who attempt to gain access to our codes for the purpose of
selling the codes. They have made a big business out of hacking.''
Smith's company has waged a more low-key defens[e] against hackers
than Thrifty Tel. ``I wish I had the time to devote to hacker fraud
that she [Bigley] has been able to devote,'' he says.
Therein lies the reason that many telephone companies decline to file
charges against hackers, says Roy Costello, a fraud investigator for
GTE. ``Smaller carriers don't have the time to allow their people to
do the investigation and then carry it through the court system,'' he
says.
[... Stuff about the sticktoitiveness of Thrifty Tel's Bigley and how
she thinks that hackers are immoral and wants to defeat them.]Jeff Sicherman <sichermn@beach.csulb.edu> (06/15/91)
In article <telecom11.453.5@eecs.nwu.edu> John Higdon <john@zygot.ati. com> writes: > On Jun 13 at 1:10, Jody Kravitz passed along the article from the {LA > Times} which appeared in RISKS: >> ``Little Phone Company on a Hacker Attack'' >> By Susan Christian, Times Staff Writer. > You may be interested to know that the {San Jose Mercur}y is about to > do a story also. However, the writer has been in close touch with > yours truly and I can guarantee the article will be somewhat more > "informed" and will carry a somewhat different slant. If I remember the original article (or a similar one in another local paper) there was some information about the VP - crusader and how much of her waking time she spends on this activity. There is more to her motivation than the company's interest and a sense of justice. I'm not sure the edited version of the article showed the whole picture very well, even as it was known then. I'm looking forward to this 'new slant'. Jeff Sicherman [Moderator's Note: Your wish is my command! I contacted John yesterday and asked him to compare the article which appeared here and in RISKS with the version which appeared in his local paper. He did so, and his comments follow in the next message of this issue. PAT]
John Higdon <john@zygot.ati.com> (06/15/91)
Mark Seecof <marks@capnet.latimes.com> quotes the {LA Times}:
> ``Little Phone Company on a Hacker Attack''
> By Susan Christian, Times Staff Writer.
On June 13, the {San Jose Mercury} ran a story about Ms. Bigley's
courageous efforts. The writer, Alex Barnum, did a little more
investigating and presented a little more balanced picture than Ms.
Christian. Excerpts below:
Firm's Big Phone Fees Hang up Hackers
by Alex Barnum, Mercury Staff Writer
"A year ago, Thrifty Tel Inc. won approval from the state Public
Utilites Comission ot charge unauthorized users of its long-distance
lines a 'special' rate: a $3,000 'set-up' charge, a $3,000 daily line
fee, $200 an hour for labor and the costs of investigating and
prosecuting the offender.
"Since then, the Garden Grove company has netted $500,000 and caught
72 hackers, ranging from an 11-year-old girl to a grandma-gradpa team
of professional phone hackers."
[Doesn't sound as if Thrifty Tel came off too badly on that one, does
it? That's $500,000 NET profit on hackers. JH]
"But while many have applauded Thrifty Tel's ingenuity, others have
criticized the company for taking the law into its own hands. Some Los
Angeles law enforcement officials, in fact, say the approach borders
on extortion ...
"Others charge that Thrifty Tel is deliverately baiting its long-distance
system with lax security to catch hackers and bring in new revenue.
Thrifty Tel is 'a vigilante,' says John Higdon, a San Jose phone
network expert." [blush]....
"Even a single call can cost a hacker more than $6,000. And Thrifty
Tel charges an extra $3,000 for every access code the hacker uses.
Since about half of Thrifty Tel's hacker 'customers' are minors, their
parents usually wind up footing the bill.
"Moreover, as a condition of the settlement, Thrifty Tel requires
hackers to hand over their computers which mirrors a provision in the
criminal code. Bigley usually turns the computer over to authorities,
although she says she kept one once. [She kept more than that
according to her own conversation with me. JH]
"While praising Bigley's basic strategy, law enforcement officials say
she has taken it a step too far. 'She can threaten a civil suit, but
not criminal charges,' says one official. 'You don't use a criminal
code to enforce a civil settlement.'"...
"Other critics charge that Thrifty Tel is deliberately haiting hackers
with antiquated switching technology and short access codes that are
easier to hack than the more modern, secure technology and 14-digit
access codes of the major long-distance carriers."
Mr. Barnum has all the quotes from Ms. Bigley that the {LA Times}
article had, which essentially contain the circular argument that it
costs money to upgrade to FGD and why should Thrifty have to spend
that money on account of "thugs and criminals" while whining about all
the losses suffered at the hands of the hackers. Thrifty's technique
looks more like a profit center than hacker "prevention".
John Higdon | P. O. Box 7648 | +1 408 723 1395
john@zygot.ati.com | San Jose, CA 95150 | M o o !Nick Sayer <mrapple@quack.sac.ca.us> (06/15/91)
marks@capnet.latimes.com (Mark Seecof) writes: > He suggests that parents > educate themselves about their children's computers. ``If a kid is > spending a whole bunch of time on his computer and it's hooked up to a > modem, he's not just running his software. What is he doing on that > computer? Does he really need a modem?'' > [ed. note -- this officer may be an expert on fraud but is clearly > unqualified to make such sweeping assertions about what (young) people > do with computers. Playing rogue can eat up as much time as hacking > while the modem remains idle.] I heartily agree. For two years while I was in high school, I ran a perfectly legitimate BBS in San Diego. Telecom historians in that town will remember that in '85 (I think), PacBell security sent out a letter to all BBS sysops in effect saying "Big Brother is watching you." Saying that BBSs are centers of hacker activity is like saying ethnic neighborhoods are centers of drug activity: specific examples do occur, but the generalization is unjustified. If it was my town, I'd press that cop for a full, public appology. When modems are outlawed, only outlaws will have modems. Modems don't phreak, people do. etc. > Not all hackers are young computer fanatics testing their limits. Nor are all "young computer fanatics testing their limits" hackers in the sense that the article means. First, let's remember that the term 'hacker' in it's propper definition implies no illegality. Those who attempt to defraud telephone companies are more properly called "phreakers." > ``The hacking problem is two-fold,'' says Caltel president Smith, also > president of the Sacramento-based long-distance telephone company > Execuline. ``First, we have Information Age fraud, which is an > outgrowth of the proliferation of computers in households. We have > all these kids who want to talk to each other on bulletin boards, and > if mom and dad had to pay for all those phone calls, the cost would be > prohibitive. ... A big reason why there are so many boards. If there's one in your local area, then there's no need to phreak it. > [... Stuff about the sticktoitiveness of Thrifty Tel's Bigley and how > she thinks that hackers are immoral and wants to defeat them.] Thank you for sparing us her little attitude. I am offended by both her generalizations and the phreakers who "try" to make those generalizations justified. There. I feel much better. Nick Sayer mrapple@quack.sac.ca.us N6QQQ 209-952-5347 (Telebit)
Jeff Sicherman <sichermn@beach.csulb.edu> (06/16/91)
In article <telecom11.460.5@eecs.nwu.edu> John Higdon <john@zygot.ati. com> writes: > On June 13, the {San Jose Mercury} ran a story about Ms. Bigley's > courageous efforts. The writer, Alex Barnum, did a little more > investigating and presented a little more balanced picture than Ms. > Christian. Excerpts below: > "A year ago, Thrifty Tel Inc. won approval from the state Public > Utilites Comission ot charge unauthorized users of its long-distance > lines a 'special' rate: a $3,000 'set-up' charge, a $3,000 daily line > fee, $200 an hour for labor and the costs of investigating and > prosecuting the offender. > "Even a single call can cost a hacker more than $6,000. And Thrifty > Tel charges an extra $3,000 for every access code the hacker uses. > Since about half of Thrifty Tel's hacker 'customers' are minors, their > parents usually wind up footing the bill. Ethics aside, I wonder if the PUC is doing *its* job in this scenario. If Thrifty Tel is a regulated entity, doesn't its charges have to have some relationship to costs plus a reasonable profit? It's hard to see how these numbers satisfy that, not to mention the apparent fact that a setup is not really performed. If it is, are these rates even vaguely consistent with its normal ones or are they practicing discriminatory pricing with its 'users' ? I also wonder about the element of civil damages with respect to minors using this enforcement concept. If TT is, in effect, establishing a relationship post-facto, they are making (involuntary) contracts with people (the minors) who may not have the ability to enter into such contracts and make them unenforceable. Any lawyers out there (real or self-imagined) ? Jeff Sicherman [Moderator's Note: The minor entered into the contract when he manipulated the telephone connection. TT's 'post-facto' response is merely handling the paperwork involved at that point. Now the contract may indeed be unenforceable since the minor entered into it without his parent's knowledge or consent -- AND -- the transaction has nothing to do with the minor's basic 'life-needs'. Parents can be held responsible for contracts entered into by their minor children for such things as simple clothing, food and shelter, school supplies, etc, since it is the parent's responsibility to meet these requirements anyway. But I'm not sure they can be held legally responsible for long distance phone charges which arose as part of the child's entertainment. TT could claim their published rates in these cases correctly reflect the additional cost involved in locating the 'customer', setting up the account after the fact and effecting collection. They might be right. Still, it seems to me like a kind of sleazy approach if they are deliberatly making it easy to steal from them. There is a requirement in the law that victims make every effort to mitigate their losses; courts are not in the business of being collection agencies; and TT does not seem to be acting in the best of faith. PAT]
doug@admiral.uucp (Doug Fields) (06/18/91)
In article <telecom11.453.4@eecs.nwu.edu> Mark Seecof <marks@capnet. latimes.com> writes: > steal. And these are not kids who need to steal. They come from > white-collar families.'' Obviously; otherwise how could they afford the computer and modem? (I'm not saying that this is a necessity, but to have a high end '386 and a HS modem it can be a pretty safe assumption.) > with search warrants. If the hacker seemed relatively small, however, > Bigley took matters into her own hands, telephoned the suspect and > presented an ultimatum: Either pay up or face criminal charges. Not to protect the "cracker"'s actions, but this is technically extorsion, no? But five bucks says it brings in a LOT more revenue than just handing the name over to the police. > Teen-age hackers tend to be ``very intelligent and somewhat > introverted,'' says Garden Grove Police Detective Richard Harrison, a "crackers", please. I pride myself in being a legit "hacker". > educate themselves about their children's computers. ``If a kid is > spending a whole bunch of time on his computer and it's hooked up to a > modem, he's not just running his software. What is he doing on that >computer? Does he really need a modem?'' > [ed. note -- this officer may be an expert on fraud but is clearly > unqualified to make such sweeping assertions about what (young) people > do with computers. Playing rogue can eat up as much time as hacking > while the modem remains idle.] Wow; wouldn't my mother love this person. Not only am I on the computer for two hours or so a day (of course they must be the only two hours that my mother ever notices me), but I have SIX modems ... I must be a big time mafia boss in the computer business by that reasoning! Doug Fields -- 100 Midwood Road, Greenwich, CT 06830 --- (FAX) +1 203 661 2996 uucp: uunet!areyes!admiral!doug ------- Thank you areyes/mail and wizkid/news! Internet: fields-doug@cs.yale.edu --------------- (Voice@Home) +1 203 661 2967 BBS: (HST/V32) +1 203 661 1279; (MNP6) -2967; (PEP/V32) -2873; (V32/V42) -0450