Hackers in Jail (Spring, 1989) ------------------------------ Story Number One By now we've probably all heard about Kevin Mitnick. Late last year, this computer hacker was arrested after being turned in by his friend, who explained it all by saying, "You're a menace to society." Mitnick has been described in the media as 25, an overweight, bespectacled computer junkie known as a "dark side" hacker for his willingness to use the computer as a weapon. His high school computer hobby was said to have turned into a lasting obsession. He allegedly used computers at schools and businesses to break into Defense Department computer systems, sabotage business computers, and electronically harass anyone - including a probation officer and FBI agents - who got in his way. He also learned how to disrupt telephone company operations and disconnected the phones of Hollywood celebrities such as Kristy McNichol, authorities said. Over the past few months, several federal court judges have refused at separate hearings to set bail for Mitnick, contending there would be no way to protect society from him if he were freed. Mitnick's family and attorney said prosecutors have no evidence for the accusations and that they are blowing the case out of proportion, either out of fear or misunderstanding of the technology. Mitnick has an amazing history, to say the least. He and a friend logged into a North American Air Defense Command computer in Colorado Springs in 1979. The friend said they did not interfere with any defense operation. "We just got in, looked around, and got out." Computer security investigators said that as a teenager Mr. Mitnick belonged to a shadowy Southern California group of computer enthusiasts, the Roscoe Gang, who met in a pizza parlor in the Los Angeles area. The group also stayed in contact through a variety of computer bulletin board systems, including one, 8BBS Santa Clara, California, run by employees of Digital. In 1981 Mr. Mitnick and three other group members were arrested on charges of stealing technical manuals from the Pacific Telephone Company. Mr. Mitnick was convicted and served six months in a youth detention center. He was caught again by University of Southern California officials in 1983 trying to break into the school's computers. In another incident, Mr. Mitnick fled to Israel to avoid prosecution after being accused of tampering with a computer storing credit information at TRW. In December, 1987, he was convicted of stealing software from Microport Systems in Santa Cruz, and was sentenced to 36 months of probation. What made Mitnick "the best," according to a friend, was his ability to talk people into giving him privileged information. He would call an official with a company he wanted to penetrate and say he was in the maintenance department and needed a computer password. He was so convincing that they would give him the necessary names or numbers. Mr. Mitnick was supposedly able to avoid being apprehended by tampering with telephone company switching equipment to mask his location. An internal memo of the Pacific Telephone Company indicated that Mitnick had compromised all of that company's switching systems. Investigators believe that Mitnick may have been the instigator of a false report released by a news service in April 1988 that Security Pacific National Bank lost $400 million in the first quarter of 1988. The report, which was released to the NY Stock Exchange and other wire services, was distributed four days after Mitnick had been turned down for a job at Security Pacific. The false information could have caused huge losses for the bank had it reached investors, but the hoax was uncovered before that could happen. The prosecutor said Mitnick also penetrated an NSA computer and obtained telephone billing data for the agency and several of its employees. As of this writing, Mitnick has been sentenced to a year in jail. They won't even let him use the phone, out of fear of what he might do. ------------------------------------------------------------------------------- Story Number Two An 18-year-old telephone phreak from Chicago who electronically broke into U.S. military computers and AT&T computers and copied 55 programs was sentenced to nine months in prison on Tuesday, February 14, in Federal District Court. Herbert Zinn, Jr. was found guilty of violating the Computer Fraud and Abuse Act of 1986 by Judge Paul E. Plunkett. In addition to a prison term, Zinn must pay a $10,000 fine and serve two and a half years of federal probation when released from prison. United States Attorney Anton R. Valukas said, "The Zinn case will serve to demonstrate the direction we are going to go with these cases in the future. Our intention is to prosecute aggressively. What we undertook is to address the problem of unauthorized computer intrusion, an all-too-common problem that is difficult to uncover and difficult to prosecute..." Zinn, a dropout from Mather High School in Chicago, was 16 at the time he committed the intrusions, using his home computer and modem. Using the handle "Shadow Hawk," Zinn broke into a Bell Labs computer in Naperville, Illinois, an AT&T computer in Burlington, North Carolina, and an AT&T computer at Robbins Air Force Base in Georgia. No classified material was obtained, but the government views as "highly sensitive" the programs copied from a computer used by NATO, which is tied into the U.S. missile command. In addition, Zinn gained access to a computer at an IBM facility in Rye, New York, and logged into computers of Illinois Bell Telephone Company and the Rochester Telephone Company. Assistant United States Attorney William Cook said that Zinn obtained access to the AT&T/Illinois Bell computers from computer bulletin board systems, which he described as "...just high-tech street gangs." During his bench trial in January, Zinn spoke in his own defense, saying that he copied the programs to educate himself and not to sell them or share them with other phreaks. The programs copied included very complex software relating to computer design and artificial intelligence. Also copied was software used by the BOC's (Bell Operating Companies) for billing and accounting on long-distance telephone calls. The authorities didn't find it difficult to identify Zinn. But rather than move immediately, they decided to give him enough time to make their case stronger. For over two months, all calls from his telephone were carefully audited. His activities on computers throughout the United States were noted, and logs were kept. Security representatives from Sprint made available notes from their investigation of his calls on their network. Finally, the "big day" arrived, and the Zinn residence was raided by FBI agents, AT&T security representatives, and Chicago police detectives. At the time of the raid, three computers, various modems, and other computer peripheral devices were confiscated. As of this writing, Zinn is still in jail. Conclusions This is without a doubt one of the most disturbing articles we've printed since we began publishing in 1984. When people actually start winding up in jail because of playing with computers, it's time to start asking some very serious questions. Let's start with the Mitnick story. Here we have what appears to be a malicious person who is determined to get those who have crossed him. OK, not very nice. In fact, this could well be a nasty, vindictive human being. And we've already proven that he has a history of trouble with the law. But is this enough to lock him up without bail? In regular life in almost any democratic society, the answer would be a resounding no. But there are special circumstances here: computers. Doing nasty things with computers has become infinitely worse than doing nasty things without computers. That's why a murderer would get bail so much easier than Kevin Mitnick. Because of computers. So let's try and pretend that computers don't really exist. Where does that leave us? He would have to have disconnected Kristy McNichol's phone using wire clippers. Vandalism, maybe trespassing. That's good for a fine of maybe $100. He and a friend walked into the North American Air Defense Command Center one day. They didn't break anything and they soon left. Had they been caught, they would have been thrown off the grounds, maybe arrested for trespassing and held overnight. The person who left the door open would be fired. Mitnick managed to manipulate central office switches by walking through their doors and adjusting them. Nobody questioned him or tried to stop him. He called up a news service and told them a fake story about a bank, which they almost printed. Again, nobody questioned him. In our society, such a person would be classified as a mischief maker, at worst a real pain in the ass. Such people currently exist all over the place. But because Mitnick used computers to perform his mischief, he's another John Hinckley. Society is indeed endangered by what's happening here. But Mitnick has nothing at all to do with it. He is simply demonstrating how vulnerable our information and our way of life has become. If one person can cause such chaos, then clearly the system is falling apart at the seams. The Zinn case is equally deplorable. A bright kid is languishing in prison because he didn't know when to stop exploring. The authorities admit they did nothing to stop him so that he would get himself in deeper. What would have been wrong with a simple warning? It might have been enough to stop him from logging into any more systems. There would have been no trial and an intelligent 18-year-old would not be locked away. All of the papers accused Zinn of stealing software. But nothing was taken. All he did was copy some programs. If these programs were so valuable, why in hell was he able to download them over the phone lines? To even suggest that this is the same as stealing is a gross distortion. There is not one shred of evidence that this kid meant to sell these programs or benefit in any way except his own knowledge. This isn't surprising most hackers are primarily interested in learning. But they say a message had to be sent to stop this kind of thing from happening. The message here is that our nation's brightest kids are being imprisoned for being a little too inquisitive. And that's a frightening thought. Judges should consider what actually took place and forget about the fact that computers were involved. Would it even be a crime if computers weren't involved? And what about intent? Did the person willfully do something that could be detrimental to an organization? Or was that simply a side-effect of the organization s carelessness? Much can be learned from what the hackers uncover. While hackers are far from being knights in shining armor, the notion of their being criminals is so far from the truth that it's almost funny. These are kids doing what kids have done for all time. The only difference here is that they've learned how to use a tool that the rest of us have ignored. And unless more of us know how to use this tool, there will be many more abuses. Not just abuses of the tool. Abuses by the tool. That's where the real danger is. We take a very hard line on this. Hacking is not wrong. Hacking is healthy. Hacking is not the same as stealing. Hacking uncovers design flaws and security deficiencies. Above all else, hacking proves that the ingenuity of a single mind is still the most powerful tool of all. We are hackers. We always will be. Our spirits will not be crushed by these horrible happenings. Call us co-conspirators, fellow anarchists, whatever you want. We intend to keep learning. To suppress this desire is contrary to everything that is human. Like the authors who rose to defend Salman Rushdie from the long arm of hysteria, we must rise to defend those endangered by the hacker witch hunts. After all, they can't lock us all up. And unless they do, hacking is here to stay.