Breaking the Bank By Joseph C. Panettieri March 12, 2001 Most hackers break into systems for fun. Convicted cyber criminal Justin Tanner Petersen did it for profit. Petersen is a reformed hacker and former FBI informant who went on a digital crime spree in the early 1990s. Sm@rt Partner was the first publication to extensively document Petersen's online exploits. But Petersen rarely discusses his biggest heist--until now. While running from the law in 1994, Petersen hacked Heller Financial Inc. of Glendale, Calif., and transferred $150,000 from the company's digital vaults to an account at Union Bank in Bellflower, Calif. How did he do it? Petersen, who served time for the crime and since has gone legit, is more than happy to share the details. "I used a device that analyzes X.25 packets," he says. "I connected it to a laptop that logged the data." Petersen broke into a Sprintnet office and attached the device to a specific network node. The node allowed traffic to move between remote dial-up customers, leased lines and Heller's mainframe computers. "I logged thousands of data connections," says Petersen. "Later, I scrolled through them looking for people using 'Lockbox' banking accounts. These were large companies that had access to do their own wire transfers remotely. I could see them type in their passwords." Now, for the tricky part: In order for a Heller customer to transfer funds, two different users had to log in and acknowledge the transfer. "It was a security check," says Petersen. "So I had to scroll through and look for the next time that company logged in, thus I would have both sets of passwords. To increase the difficulty, the passwords changed every 30 days." Petersen says he worked on the Heller hack for about two months before he was able to perform the $150,000 wire transfer. But even before the hack, he spent more than a year studying X.25 networks and gained access to Pacific Bell databases, which allowed him to look up Sprintnet's circuits. In the early 1990s, Petersen also rigged the California phone system to win radio station dial-in contests. That experience helped him in the Heller heist. "I don't think the designers of banking security expected someone to go to such lengths," says Petersen. The FBI caught Petersen about three weeks after the Heller hack. In early 1995, Petersen pleaded guilty to committing computer wire fraud, and he didn't emerge from prison until April 1997. Petersen had another minor run-in with the law shortly thereafter, and now lives in Hollywood. Does Petersen miss his hacking days? "No," he says. "I have had many interests over the years; hacking was just one of them. I am into digital radio these days. I like to listen to and intercept signals from data equipment over the radio. The hobby is called utility DXing, and it's legal." We'll take his word for it.