The FBI fights computer crime

The FBI fights computer crime with weapons that are at least ten years old, according to one insider with contacts deep inside the “hacker” community.

Hampered by the lack of a single federal law that specifically prohibits computer crime, and hamstrung by the fact that probably three quarters of the computer mischief is done by juveniles who can’t be prosecuted to the full extent of the law, the famous federal police force nevertheless leads the fight against computer crime in the U.S.

The agency’s chief weapon is training, according to John Lewis, the supervisory special agent who teaches a special three week course, “Investigative Techniques of Computer-Related Crime” at the ca-p|s-like FBI Academy Quantico, Virginia. Lewis and his fellow instructors train FBI agents, local police and foreign agencies like Scotland Yard and the Royal Canadian Mounted Police on the basics of computers and how to investigate computer crimes. Most of the students go in knowing nothing about computers and come out “computer literate” three weeks later, according to Lewis.

The FBI course is aimed at giving agents a general knowledge of computers and how they operate, with a focus on how to find evidence of a crime. An old IBM System 3, using transaction records supplied by a friendly bank, simulates real banking records. Instructors build frauds into the simulated transactions and challenge students to go in and detect the frauds. Students then build a criminal case based on the evidence they uncover. Telecommunications, bulletin boards and “phone phreak” tricks used to defraud the telephone system are touched on only very briefly or not at all.

Bureaucracy appears to be one of the main obstacles to bringing agents up to date on computer technology. Like many federal agencies, the FBI suffers from budgetary and organizational inertia that keeps it behind private industry. For instance, Anthony Adamski, chief of the financial-crimes unit, still relies on a secretary to pound out his correspondence on a typewriter- no computer terminals or word processors are evident in his big, new office in Washington D.C. A bulk buy of some 6,000 Burroughs microcomputers mean that desktop computers will be showing up on the agents’ desks soon, however.

Adamski says the FBI has only recently begun to keep statistics on computer crime. Therefore, no one can say officially whether computer-related crime is going up or down or staying the same. Yet the gut feeling of Adamski and training specialists at Quantico is that there has been no big increase of computer crime in recent years. The movie War Games and the arrests last July of Neal Patrick and the “414s” fueled interest by the media in computer break-ins but has produced no substantial increase in the crimes, they say.

To some, even the limited amount of computer-crime training the bureau does appears wasteful. Donn Parker, a senior management-systems consultant with SRI in Menlo Park, California, explains why: “The problem is that the FBI gets a whole class of people, gets them all keyed up, and teaches them how to [detect computer crime]. Then the agents get home and they look around and can’t find any use for all that training.”

There’s not enough work to warrant training a number of prosecutors in every jurisdiction to handle these cases, says Parker, an internationally recognized expert whose latest book is called Fighting Computer Crime (Scribners).

“There’s only enough [cases] for one or two people in a given area to specialize in handling computer offenses.

“On the other hand, the FBI has indicated that it is handling a large number of these high-tech crimes all across the country. Of course, a high number might be a very small number relative to the number of FBI agents,” he says.

But training alone does not account for the bureau’s successes in tracking down hackers, as in the headline-grabbing arrests last July of the “414” group of teenage computer hackers who broke into computers at Security Pacific Bank, the Memorial Sloan-Kettering Cancer Center and the Los Alamos National Laboratory. For penetration into the hacker networks, the FBI relies on a far older crime-fighting technique: the informer.

According to one of its own informants, the FBI was embarrassingly slow to catch on to the hackers. Gerald Schmidt (not his real name), one of a loose network of hackers who help the government keep tabs on the hacker underground, tells how he first contacted the bureau: “A few years ago the first pirate bulletin boards appeared. A pirate board is one that exists solely for the theft of copyrighted software and phone-phreaking information. [Phone phreaking information includes long-distance dialing codes, passwords that let you on telephone company computers and the like.] I took a look at a couple of these bulletin boards and said “Holy cow, we’ve got a problem!”

“I had to make a delivery right near a local FBI office,” Schmidt says. “And so I walked into the FBI and said, ‘I’ve got information on software piracy.’ The FBI had to have something where someone stole money. I said, ‘They’re not selling the software, they’re just putting it on bulletin board systems.’

“‘What’s a bulletin board?’ They asked. I said, ‘A home computer connected to a modem.’ They said, ‘What’s a modem?” Then Schmidt showed the agent some printouts from the pirates’ bulletin boards. They were interested but had no computer-crime trained agents in their office. The agents asked Schmidt to monitor the pirate boards for them, offering to pay his phone bill and to cover his expenses for printer paper and ribbons. He began supplying the agents with reams of printouts.

The recent, well publicized crackdown on hackers, made possible in part by FBI informants, has driven much of this activity underground, and made the hackers very abqutious. In retaliation, some of Schmidt’s fellow informants have had their covers blown in hacker newsletters like Tap and 2600, but others remain in place.

Some are said to occupy high positions in the strange pecking order that gives respect and admiration to the person who can ferret out and share with his fellows the most secret and detailed computer passwords and details.

(2600 Hertz is one of the frequencies used in so-called blue boxes [or an ordinary personal computer if you know how to do it]- illegal hardware devices that enable users to make long- distance calls anywhere without charge and without detection. The companion hacker device- the black box- lets anyone call you long distance without charge.)

Why do Schmidt and other hacker-informants turn in their friends?

For Schmidt the answer is two-fold: First, he believes that the malicious hackers who delete files and scramble computer records in sensitive government and medical computer systems have gone too far and should be stopped. Trashing nonclassified medical records at the Sloan-Kettering center, for instance, is easy to do. The computer has easy access for doctors and researchers and contains no classified material. Yet a doctor could kill a patient by prescribing a medicine or surgery based on incorrect records- computer records that have been tampered with.

The second reason is the same one that got Schmidt interested in hacking in the first place: the intellectual challenge. “It’s the ultimate hack,” he says. “Hacking the hackers.”

The information Schmidt began supplying to the FBI was a sample of computer hacking that is still going on: a variety of antisocial behavior ranging from silly pranks and braggadocio to malicious mischief to dangerous criminal behavior. Schmidt divides the illegal hacking into three categories: software piracy, free long-distance-calling services and breaking into mainframe computers, which he considers the most serious of the three.

Schmidt estimates the damages of these kinds of hacking in ballpark figures: “The theft of long-distance services is about $100 million a year nationwide,” he says. “Piracy of software is easily that much. Credit-card fraud is about $200 million.” To demonstrate the potential for fraud, Schmidt provided Infoworld with the Visa and MasterCard numbers, names and expiration dates for half a dozen credit cards. He obtained the information from pirate bulletin boards.

According to Schmidt, the dollar amounts are only part of the story, GTE Telemail, an electronic mail system, was broken into by at least four gangs of hackers, he says. “They were raising hell. The system got shut down one time for a day. None of these people have been charged, nor have any of the 414s been charged yet. “We have a major problem with hackers, phreaks and thieves,” says Schmidt, who estimates that 75% of criminal hackers are teenagers and the other 25% are adults using teenagers to do their dirty work for them.

“Adults are masterminding some of this activity. There are industrial spies, people playing the stock market with the information- just about any theft or fraud you can do with a computer. There are no foreign agents or organized crime yet, but it’s inevitable,” he says. “I believe there are some people out there now with possible organized-crime connections.

“It’s an epidemic. In practically every upper-middle class high school this is going on. I know of a high-school computer class in a school in the north Dallas suburbs where the kids are trying everything they can think of to get into the CIA computers.”

“It’s a strange culture,” says SRI’s Parker, “a rite of passage among technology-oriented youth. The inner circle of hackers say they do it primarily for educational purposes and for curiosity. They want to find out what all those computers are being used for. There’s a meritocracy in the culture, each one trying to out do the other. The one who provides the most phone numbers and passwords to computer systems rises to the top of the hackers.

“For the most part it’s malicious mischief,” Parker says. “They rationalize that they’re not really breaking any laws, just ‘visiting’ computers. But that’s hard to believe when they also say they’ve got to do their hacking before they turn 18 so they don’t come under adult jurisdiction. After 18, they have to do it vicariously through surrogates. They are some grand old men of hacking who egg on the younger ones… There have been some cases of a Fagin complex- a gang of kids led by one or more adults- in Los Angeles.”

Who are the hackers and what secret knowledge do they have?

A 17-year-old youth in Beverly Hills, California, announced himself to other hackers on a bulletin board in this way: “Interests include exotic weapons, chemicals, nerve gases, proprietary information from Pacific Telephone…”

Prized secret knowledge includes the two area codes in North America that have not yet installed electronic switching system central-office equipment. Using this information you can call those areas and use a blue box to blow the central office equipment, and then call anywhere in the world without charge. Other secret information lets you avoid being traced when you do this.

A knowledge of the phone systems lets hackers share one of the technological privileges usually available only to large corporate customers: long-distance conference calls connecting up to 59 hackers. Schmidt estimates there are three or four conference calls made every night. The hackers swap more inside information during the phone calls.

Thanks to packet-switching networks and the fact that they don’t have to pay long-distance charfus, time and distance mean B!5=MQr=Q!%9″=B -IM9″UkW-]$[Z,.kV+W..H4ook into phone lines via modems make it easy to obtain copyrighted software without human intervention.

“Software piracy exists only because they can do it over the phone long distance without paying for it,” Schmidt says. “some stuff gets sent through the mail, but very little. There are bulletin boards that exist solely for the purpose of pirating software. A program called ASCII Express Professional (AE Pro) for the Apple was designed specifically for modem-to-modem transfers. You can make a copy of anything on that computer. It can be copyrighted stuff- WordStar, anything. There are probably about three dozen boards like that. Some boards exchange information on breaking onto mainframes.

“In 1982 the FBI really didn’t know what to do with all this information,” Schmidt says. “There isn’t a national computer- crime statue. And unless there’s $20,000 involved, federal prosecutors won’t touch it.”

Since then, the public and federal prosecutors’ interest has picked up. The film War Games and the arrest of 414 group in Milwaukee “created a lot of interest on Congress and with other people,” FBI instructor Lewis says. “But, for ourselves it didn’t really have any impact.”

“We’d been providing the training already,” says Jim Barko, FBI unit chief of the EFCTU (economic and financial crimes training unit). He says public interest may make it easier to fight computer crime. “There are more people interested in this particular area now as a problem. War Games identified the problem. But I think it was just circumstantial that the movie came out when it did.” Despite the help of knowledgeable informants like Schmidt, tracking down hackers can be frustrating business for the FBI. SRI’s Parker explains some of the pitfalls of going after hackers: “Some FBI agents are very discouraged about doing something about the hacking thing. The cost of investigation relative to the seriousness of each case is just too high,” he says. “Also, federal regulations from the Department of Justice make it almost impossible for the FBI to deal with a juvenile.”

An FBI agent cannot question a juvenile without his parents or a guardian being present. The FBI approach has been mostly to support lhe local police because local police are the only ones who can deal with juveniles. Another difficulty the agency faces is the regulations about its jurisdiction.

“There has to be an attack on a government agency, a government contractor or a government-insured institution for the FBI to have clear-cut jurisdiction,” Parker says.

The FBI gets called into a case only after a crime has been detected by the complaining party. The FBI has done a generally competent job of investigating those crimes it was called in to investigate, in Parker’s view. But the federal agency’s job is not to help government or financial institutions attempt to prevent crimes, nor is its function to detect the crimes in the first place.

“We’re not out detecting any type of crime,” says Lewis. “We like to think we can prevent them. We can make recommendations. But do we detect bank robberies or are they reported to us? Or kidnapping- do we detect those? Or skyjacking? There must be some evidence of crime, a crime over which the FBI has jurisdiction. Then we open a case.” And despite the spate of arrests and crackdowns last summer, it looks like the FBI will have its hands full in the future: The hackers have not gone away. Like mice running through the utility passages of a large office building, they create damage and inconvenience, but are tolerated as long as their nuisance remains bearable.

That status could change at any time, however.

Meanwhile, little electronic “sting” operations similar to Abscam keep the element of danger on the hacker’s game. An Air Force telephone network called AUTOVON (a private telephone system connecting computers on every Air Force installation in the world), was reportedly cracked by a hacker last last year. The hacker published lists of AUTOVON dialups on a bulletin board.

The breach came to the attention `oo the Department of Defense on late 1983, but apparently nothing was done to stop the hackers. Then, in January, the AUTOVON number was answered in a sultry female voice. We wish to thank one and all for allowing us to make a record of all calls for the past few months. You will be hearing from us real soon. Have a happy New Year.”

That’s a New Year’s message calculated to give any hacker a chill.

(Schmidt, of course, is an attention-grabbing jerk..)

Call Crystal Castle BBS – 15 SIGs – 130 Archive files, including Articles, Essays, game cheats/solves, How to.. etc.. 1200 active/open messages

Phone number? (408) 733-1364

King Rat (Robert)

essays, game cheats/solves, How to.. etc..

Don't miss