I Was A Hacker For The FBI

By Joseph C. Panettieri

Conventional wisdom says it takes a thief to catch a thief. Just how that old saw relates to the worl of information technology wasn't immediately apparent - unil now. "I worked for the FBI," says Justin Tanner Petersen, an admitted computer hacker. Not only that, the FBI got him out of jail to do it.

Petersen, an affable, 34-year-old cyberpunk, now awaits sentencing in a Los Angeles County detention center for crimes to which he's pled guilty. His court hearingfor several computer-related crimes - including crimes commited while working for the FBIU - is set for March 27. He faces a possible sentence of 10 years for conspiracy, computer fraud, and other crimes.

Court papers filed in Los Angeles in connection with the case show that in 1991, FBI agents working for the U.S. Attorney in Los Angeles bargained to have Petersen released from jail in Texas "to investigate [certain] individuals." The FBI maintained a relationship with Petersono for two years, before revoking his bond, Petersen fled possible prosecution in relation to crimes committed while he was out on bond. He was captured last summer. No one from the FBI or Justice Department would comment on or clarity just why the FBI was working with Petersen. But several sources speculate that Petersen was tracking computer superhacker Kevin Mitnick.

"The Feds turned Petersen against Mitnick," says a computer security consultant who requested anonymity. "Petersen essentially became a bounty hunter for the FBI."

"It was pretty much suspected in the hacker community that Petersen was working for the FBI," says Eric Corley, editor of the notorious hacker quarterly 2600. "He showed up at a couple of hacker conventions trying to track down [Mitnick] and other people."

Suspicious Minds

According to court documents, Petersen was arrested in July 1991, in Dallas for possession of stolen passwords. Polica searched his apartment and found more than a dozen stolen or fraudulent credit cards, telephone calling cards, bank cards, five modems, 3 computers, and some 200 diskettes. He was charged by the federal goverment in eight counts with breaking into the TRW computer system, among other crimes.

In September 1991, while in jail, Petersen was approached by Secret Service and FBI agents, according to court documents. As part of a deal to get himself out of jail, Petersen pled guilty to the crimes he commited in Texes and to computer-related crimes for which he was under indictment in California. His case was transferred ti California. Through a series of delayed sentencings, Petersen remainedout of jail under FBI supervision from September 1991 to Octuber 1993. During that time he was in repeated contact with members of the hacker community, according to sources, Petersen says that for those two years the FBI gave him an apartment and two computers. His work with the FBI included educating agents about the art of hacking and aiding in the investigation of about a dozen hackers, including Mitnick, he says.

At the time of Petersen's alleged surveillance of him, Mitnick was on probation after being convicted of hacking Digital Equipment Corp.'s private network and stealing the source code for several Digital products, including VMS Version 5, and a security inspection tool called XSafe.

Petersen, working as an informant, says he learned of additional crimes committed by Mitnick while Mitnick was on probation. When FBI agents moved in to make an arrest in 1992, Mitnick fled. After the lenghty search, the FBI finaly apprehended Mitnick in February in Raleigh, N.C. "All of the Mitnick coverage fails to mention that I was the one responsible for his becoming a fugitive," says Petersen. Mitnick, while still a fugitive, sought revenge against Petersen by harassing him electronically, Petersen says.

What s The Greater Risk?

The FBI worked with an outside computer expert, Tsutomu Shimomura, a researcher with the University of California San Diego's supercomputer center, to help capture Mitnick. The fear of illegal break-ins has also led some companies to hire outside expertise, even their ownhackers to do undercover work as well as test the security of corporate systems (IW, June 21, 1993, p.48). That practice, however, is one that security expoerts trongly question.

"The risks involved with hiring a hacker are simply too great," says Dan White, national director of information security at Ernst & Young in Chicago. "There's no assurance that a hacker will leave systems well enough alone after his work is done." Petersen admits he committed crimes during his time with the FBI, specifically illegally obtaining electronic monitoring equipment. Petersen recetly pled guilty to those crimes.

At least one technology manager wonders why the FBI would work with Petersen at a time when corporate networks have never benn more susceptible to security breaches." [Using Petersen] is about as dangerous a thing as the FBI could do," says M. Lewis Temares, CIO and Dean of College Engineering at the University of Miami. "He who strikes firt will strike second, especially if he only gets a slap on the wrist."

Ultimately, Petersen would become a fugitive himself. In Octuber 1993, the FBI learned that he was committing crimes. At a meeting between himself, his attorney, and Assistant U.S. Attorney David Schindler, Petersen ducked out for a drink of water and fled, according to court documents. "The FBI raided my house and found radio detection equipment and other access equipment that I acquired illegally to trace Mitnick," says Petersen. "I panicked and ran." He remained at large until he was arrested last August in Los Angeles.

Right now, Petersen is apologetic. "It's true. I worked for the FBI as part of a plea agreement," admits Petersen. "But I stepped over the line."

The 10-year sentence Petersen is facing has him remorseful. Says Petersen: "I take responsibility for [those crimes]. I clearly deserve to be [in jail]. The question is: for how long?"

The U.S. Attorney says he will talk about the case after Petersen is sentenced. The the full details about the FBI's hacker will come out.