A Forbes reporter meets with the ringleader of the gang that hacked the New York Times.

Here's an inside look into the picaresque underworld of Slut Puppy and Master Pimp.

"We were long gone when he pulled the plug."

By Adam L. Penenberg

Slut Puppy and his partner in crime, Master Pimp, hacked the New York Times on Sept. 13 because they were bored and couldn't agree on a video to watch.  They are members of the cyberspace gang, "Hacking for Girlies" (HFG), and for six months this year operated out of Slut Puppy's three-room condo, a place so tidy, so clean, it seemed positively unhackerlike.  Of course, that didn't mean there were no telltale signs that hackers typed here.  The blinds were drawn, the only light source beamed from computer screens.  It could just as easily have been 3 a.m. as 3 p.m.

On the condition we protect his anonymity, Slut Puppy agreed to give this Forbes reporter an inside account of the group's hacksploits.

If you operate on the Internet, you could get hacked.  The highwaymen of the Internet are a loosely affiliated brotherhood (and sisterhood) of techno-savvy people who make a hobby of puncturing what they regard as the pomposities of society.  As far as breaking the law is concerned, they think of themselves as kind of a cross between the Scarlet Pimpernel and Robin Hood - harassing people they don't like, thumbing their noses at the law.

Members of the brotherhood took over the New York Times' web site for three hours on that day, replacing the welcome screen with one tinged with nudity and obscenity.  In a diatribe, Slut Puppy roasted Times technology reporter John Markoff for his coverage of imprisoned hacker-martyr Kevin Mitnick.

To the people at the New York Times, the prank was sacrilege.  When they discovered the hacked page and were unable to restore their own news content, the Timesters were forced to shut down the site for nine hours.  While Times technicians located and plugged security holes, the company reported the hack to the FBI. Joseph Valiquette, spokesman for the FBI's New York office, confirmed that the agency's computer crime squad is investigating.

Today the perpetrators are two of the most wanted fugitives in cyberspace.

Although the Times prank may have been Hacking for Girlies' most spectacular hack, the newspaper was not its first target.  In April of this year it penetrated Rt66 Internet, an Albuquerque Internet service provider.  Over the next four months the gang claimed assaults on, among others, NASA's Jet Propulsion Laboratory, Motorola and Penthouse magazine before returning to Rt66 in August.

To penetrate the Times, Slut Puppy and Master Pimp employed what is called a remote root buffer overflow.  By transmitting too many data into a targeted zone, then tracking and manipulating the characters that could not fit into that space, they were able to trick the system into running their commands as if they were being issued by New York Times system administrators.

After wheedling their way inside the server, they pulled down the Times' front page and replaced it with a fake layout that Slut Puppy had composed with two other members of HFG: Sidekick Slappy and Daddy Sweetcakes, both of whom work off-site and communicate with the gang exclusively over the Internet.

Slut Puppy and Master Pimp were able to control so many functions on the site that when Times technicians tried to pull their hacked page and replace it with standard news content, the hackers, who had logged off by then, used a program that automatically slipped their page back.  For almost three hours this went back and forth, until the Times took its site off-line.  Chortles Slut Puppy, "They seemed to have no idea how we got in - or how to stop us."

On his hacked page Slut Puppy included several pointed references to John Markoff, the Times reporter who co-wrote the 1996 book Takedown, which detailed the search and capture of Kevin Mitnick, a hacker who faces a 25-count indictment on a variety of computer and wire-fraud charges.  Mitnick, whose trial starts in January, has become a martyr to hackers.

Although Slut Puppy knows Mitnick broke the law, he and many other hackers blame Markoff for hyping Mitnick's crimes in Takedown, for which he reportedly shared a $750,000 advance.  The book is also being turned into a movie, which will undoubtedly increase pro-Mitnick protest activities in cyberspace.

Markoff says he loses no sleep over Mitnick, who has already pleaded guilty and served time for possession of unauthorized access codes to cellular phones and for violating parole.  "You have to wonder how deep these hackers' thinking goes," Markoff says.  "If they have a political cause, they are accomplishing the exact opposite of their goal.  No one is doing more to promote the upcoming movie than the hackers themselves."

Markoff wasn't the only one to make it onto HFG's hit list.  Carolyn P. Meinel of Cedar Crest, N.M. is its public enemy number one.

Meinel is the author of The Happy Hacker, a kind of Hacking for Dummies volume chock-full of folksy golly-gee-isms interspersed with geek talk.  The goal of the book is to teach "newbies" how to hack legally.  The book's tone irks many of the more sophisticated hackers, who claim to be on a mission to show how porous most computer security is - the law be damned.

And here was Meinel asserting in public forums that hacker groups were like street gangs, forcing teenage initiates to commit crimes to gain membership.  "Meinel has this idea that as the Happy Hacker she is this noble leader among leaders," Slut Puppy says.  "But she pretends to know more than she does, so we thought, 'Let's make her life hell.'"

After a cozy Easter Day dinner in April, John Mocho, co-owner of Rt66 Internet, was showing his son and grandson how to upload family photos to his wife's Web site.  The hackers had nothing against Rt66.  Their target was one of the ISP's customers.

A wholesome family scene turned downright unwholesome when Mocho tried to access his ISP's front page.  Instead of the usual welcome screen, he was met with a picture of one of his customers, 52-year-old mother of six Carolyn Meinel, posing on the cover of a fictional publication, Crack Whore Magazine, as well as her credit card number.  A gang Mocho had never heard of, calling itself Hacking for Girlies, claimed responsibility.

While his son rushed his grandson into the next room, Mocho went after the hackers.  "I had never been hacked before," he said.  "This was my ISP, my customers.  I wanted them off as soon as possible."

Mocho launched a preemptive strike.  He typed in the UNIX command "kill -9", which he assumed would cripple the hackers' ability to issue commands.  Seconds later Mocho was booted off his own network.

Figuring there was only one sure way to get rid of them, he jumped into his car and, driving 55 mph in a 30 mph zone, made it to his office in three minutes flat.  Mocho cursed the day he had let his partner, Mark Schmitz, and the ISP's system administrator, Damian Bates, convince him to accept Meinel as a customer.  A lightning rod for hackers, she had already been kicked off five other ISPs.

Schmitz and Bates had preached the First Amendment.  No one, they argued, should be forced off an ISP because a bunch of hackers didn't like her.  Schmitz and Bates also figured their computer security was solid.

They figured wrong, Mocho thought grimly.  After gaining entry to his office, Mocho grabbed a network cable and yanked hard.  Rt66 was cut off from the Internet.  The phone would start taunting Mocho any minute now, with irate customers threatening to switch ISPs.

Mocho estimated that the hackers had been inside the network 20 minutes - 30 tops.  Enough time to have compromised it.  In their haste to leave, however, he surmised that they had left behind a standard "root kit" - software designed to take and maintain control over another's system.  This, in his mind, indicated they were amateurs, which cheered him.  "From a technical point, this meant they had no magic ship to get in," Mocho said.  "They probably compromised a user's account, stole someone's password."


Says Hacking for Girlies ringleader Slut Puppy: "Security was so lax we didn't know they had a firewall installed until we read about it in the New York Times the next day."


What he did not realize was that HFG had not used a root kit; evidently it had been left behind by some other hackers.  In fact, HFG had sailed in undetected on that magic ship Mocho was so sure wasn't there, burrowed deep inside millions of lines of ISP code.

It took Mocho and company 20 hours to get Rt66 up and running again.  During this process someone either missed a machine or inadvertently installed a snapshot of the hacked system by accident.  For whatever reason, the back door HFG had slipped in through remained open.  Using that same flight path, Hacking for Girlies would return to Rt66 in August.

But long before reattacking Rt66, the hackers maintained continual access to the system: sifting through customers' e-mail, noting any security improvements.  Since they despised Meinel, they read all of her mail.

Although Mocho believed the Easter hack was the first time HFG had violated his ISP, Slut Puppy says he took many a joyride through Rt66's servers well before then.  It was during one of these jaunts that Slut Puppy noticed that Rt66 was employing a product called Tripwire.

If any files are altered by a hacker, this software is designed to alert the system administrator.  But Slut Puppy knew a technique for getting around it.   Because Tripwire works by comparing numbers it assigns to each file, all he had to do was adjust the numbers that were already on the system.  It's like altering the answers on an exam to match yours, no matter how outlandish they are.

While Slut Puppy hummed "Get your clicks on root 66" and designed the Web page, Master Pimp bounced through some Sips to camouflage their itinerary.  Using the existing back door, Master Pimp typed in a keyword and within ten seconds had control of one of Rt66's servers.  From there he traversed over to the system's powerhouse, "Mack," where Slut Puppy replaced Rt66's home page with HFG's.

"Rather than continuing the gunfight, we cleaned up our tracks by erasing logs and left," Slut Puppy said.  "We were long gone when he pulled the plug."

As it happens, Meinel says that on a personal level the hackers "Have hardly done any harm to me.  They hurt bystanders.  They harm the ISPs, their customers and the credit card companies."


"We've planned not just for the day the FBI comes - we've even planned for a hostile raid where the Feds actually plant evidence."


Meinel also says the hackers can come after her all they want.  "Sure helps me sell more books," she contends.

After the Easter hack, when the ISP was considering tossing her off the network, Meinel swore to Rt66 that the credit card the hackers stole had not come from the ISP's credit card file.  Later, Meinel admitted that she had been mistaken.  This is key because Rt66 took her word the credit card file had not been breached.

Slut Puppy, on the other hand, was amazed that Rt66 didn't do anything to remove the credit card file from the network after the Easter hack.

So, on Aug. 7 Slut Puppy and Master Pimp, entering Rt66's servers the same way they did in April, made off with the whole customer credit card file - 1,749 card numbers in all.

"It was so easy getting back into their system with the same back door, we wondered if they had set a trap," Slut Puppy said.

This hack not only resulted in the ISP shutting down for some 60 hours, but also forced Rt66 to rebuild its security from scratch.

What is unfortunate is that Rt66, by doing the right thing in alerting the FBI and credit card companies to the security breach, has suffered for its good deeds.  Even with its rebuilt security - Rt66 is now one of the most secure ISPs in New Mexico - the ISP has lost 15% of its 5,000 or so members since the August hack.

"I respect the hackers' skills," Rt66 system administrator Bates grumbles, "although I didn't appreciate the obnoxious way they demonstrated them."

Internet Security Systems (ISS) of Atlanta, Ga., one of the big names in computer security, has donated a remote monitoring station for the Rt66 network.  ISS hopes to trap Hacking for Girlies the next time it tries to invade the system.

But Slut Puppy already knew about ISS' presence in Rt66 from one of his many well-placed sources.  "Needless to say, we don't plan on returning anytime soon," he says.

Of course, Slut Puppy knew that hacking the New York Times was a lot riskier than attacking Rt66 - the newspaper has immense clout in Washington, D.C.  The day after the Times hack, Slut Puppy and Master Pimp packed up the computers used in their hack spree and passed them on to others for safekeeping.  Any data gleaned from their other crimes were either deleted or protected by powerful 1,024-bit encryption.

"Even we don't know where all of the equipment is," Slut Puppy says.  "And my password to the encryption is probably unbreakable, too, since it is more than 40 characters long, case-sensitive, and combines letters, numbers and symbols.  We've planned not just for the day the FBI comes - we've even planned for a hostile raid where the Feds actually plant evidence."

The group plans to lie low until law enforcement moves on to bigger and better cases.  By the way, whence the name Hacking for Girlies?  "Chicks dig hacking," explains Slut Puppy.

(http://www.forbes.com/forbes/98/1116/6211132a.htm)