I Was A Hacker For The FBI
InformationWeek, March 13, 1995. p. 12
The goverment sprung Justin Petersen for his hacking skills. Was it the
right move?
By Joseph C. Panettieri
Conventional wisdom says it takes a thief to catch a thief. Just how that
old saw relates to the worl of information technology wasn't immediately
apparent - unil now. "I worked for the FBI," says Justin Tanner Petersen, an
admitted computer hacker. Not only that, the FBI got him out of jail to do
it.
Petersen, an affable, 34-year-old cyberpunk, now awaits sentencing
in a Los Angeles County detention center for crimes to which he's pled
guilty. His court hearingfor several computer-related crimes - including
crimes commited while working for the FBIU - is set for March 27. He faces a
possible sentence of 10 years for conspiracy, computer fraud, and other
crimes.
Court papers filed in Los Angeles in connection with the case show
that in 1991, FBI agents working for the U.S. Attorney in Los Angeles
bargained to have Petersen released from jail in Texas "to investigate
[certain] individuals." The FBI maintained a relationship with Petersono for
two years, before revoking his bond, Petersen fled possible prosecution in
relation to crimes committed while he was out on bond. He was captured last
summer. No one from the FBI or Justice Department would comment on or
clarity just why the FBI was working with Petersen. But several sources
speculate that Petersen was tracking computer superhacker Kevin Mitnick.
"The Feds turned Petersen against Mitnick," says a computer security
consultant who requested anonymity. "Petersen essentially became a bounty
hunter for the FBI."
"It was pretty much suspected in the hacker community that Petersen
was working for the FBI," says Eric Corley, editor of the notorious hacker
quarterly 2600. "He showed up at a couple of hacker conventions trying to
track down [Mitnick] and other people."
Suspicious Minds
According to court documents, Petersen was arrested in July 1991, in
Dallas for possession of stolen passwords. Polica searched his apartment and
found more than a dozen stolen or fraudulent credit cards, telephone calling
cards, bank cards, five modems, 3 computers, and some 200 diskettes. He was
charged by the federal goverment in eight counts with breaking into the TRW
computer system, among other crimes.
In September 1991, while in jail, Petersen was approached by Secret
Service and FBI agents, according to court documents. As part of a deal to
get himself out of jail, Petersen pled guilty to the crimes he commited in
Texes and to computer-related crimes for which he was under indictment in
California. His case was transferred ti California. Through a series of
delayed sentencings, Petersen remainedout of jail under FBI supervision from
September 1991 to Octuber 1993. During that time he was in repeated contact
with members of the hacker community, according to sources, Petersen says
that for those two years the FBI gave him an apartment and two computers.
His work with the FBI included educating agents about the art of hacking and
aiding in the investigation of about a dozen hackers, including Mitnick, he
says.
At the time of Petersen's alleged surveillance of him, Mitnick was
on probation after being convicted of hacking Digital Equipment Corp.'s
private network and stealing the source code for several Digital products,
including VMS Version 5, and a security inspection tool called XSafe.
Petersen, working as an informant, says he learned of additional
crimes committed by Mitnick while Mitnick was on probation. When FBI agents
moved in to make an arrest in 1992, Mitnick fled. After the lenghty search,
the FBI finaly apprehended Mitnick in February in Raleigh, N.C. "All of the
Mitnick coverage fails to mention that I was the one responsible for his
becoming a fugitive," says Petersen. Mitnick, while still a fugitive, sought
revenge against Petersen by harassing him electronically, Petersen says.
What
s The Greater Risk?
The FBI worked with an outside computer expert, Tsutomu Shimomura, a
researcher with the University of California San Diego's supercomputer
center, to help capture Mitnick. The fear of illegal break-ins has also led
some companies to hire outside expertise, even their ownhackers to do
undercover work as well as test the security of corporate systems (IW, June
21, 1993, p.48). That practice, however, is one that security expoerts
trongly question.
"The risks involved with hiring a hacker are simply too great," says
Dan White, national director of information security at Ernst & Young in
Chicago. "There's no assurance that a hacker will leave systems well enough
alone after his work is done." Petersen admits he committed crimes during
his time with the FBI, specifically illegally obtaining electronic
monitoring equipment. Petersen recetly pled guilty to those crimes.
At least one technology manager wonders why the FBI would work with
Petersen at a time when corporate networks have never benn more susceptible
to security breaches." [Using Petersen] is about as dangerous a thing as the
FBI could do," says M. Lewis Temares, CIO and Dean of College Engineering at
the University of Miami. "He who strikes firt will strike second, especially
if he only gets a slap on the wrist."
Ultimately, Petersen would become a fugitive himself. In Octuber
1993, the FBI learned that he was committing crimes. At a meeting between
himself, his attorney, and Assistant U.S. Attorney David Schindler, Petersen
ducked out for a drink of water and fled, according to court documents. "The
FBI raided my house and found radio detection equipment and other access
equipment that I acquired illegally to trace Mitnick," says Petersen. "I
panicked and ran." He remained at large until he was arrested last August in
Los Angeles.
Right now, Petersen is apologetic. "It's true. I worked for the FBI
as part of a plea agreement," admits Petersen. "But I stepped over the
line."
The 10-year sentence Petersen is facing has him remorseful. Says
Petersen: "I take responsibility for [those crimes]. I clearly deserve to be
[in jail]. The question is: for how long?"
The U.S. Attorney says he will talk about the case after Petersen is
sentenced. The the full details about the FBI's hacker will come out.
|