he information superhighway has its share of outlaws. And although the popular notion of computer crime may be of harmless youngsters hacking into their high school grades, cyberspace is the scene of virtually every level of unlawful activity, from procurement of prostitutes to securities fraud, from child pornography to industrial espionage.
It isn’t that the Internet has given us new kinds of crime, or even new criminals. It has given society’s lawless fringe a new environment and new tools for their trade. What we see in cyberspace — often in dramatic ways — are simply new expressions of traditional criminal mindset and conduct. To those who commit the crimes, the Internet is just another playing field.
“The public perception of people who break into computer systems, unfortunately, is that they are either geniuses or misguided kids showing off,” noted Eugene Spafford, Internet security expert and professor at Purdue University. “Nothing could be further from the truth. They are criminals, plain and simple.”
For some time, problems of computer crime eluded the grasp of law enforcement, and the number of unpunished offenses climbed.
Finally, the sharp rise in reported computer break-ins, from 1,334 in 1993 to 2,341 in 1994, has been followed recently by an increase in law enforcement activities to apprehend offenders.
The Federal Law Enforcement Training Center near Brunswick, Georgia, now trains police officers in cybersleuthing. And many lawful computer users are cooperating with law enforcement officials to bring criminals to justice. The message is going out: the Internet is no longer the lawless frontier. It isn’t a cyberspace Hole-in-the-Wall for modern day bandits and highwaymen. It is a place where crime can’t be tolerated and perpetrators must be brought to justice — lest the whole network be mired down in restrictive legislative attempts to deal with the problem.
What follows are the stories of some notable cyberspace outlaws, and what was behind their emergence in the world of on-line crime. That most were first criminals in the off-line world and then found their way onto the Internet serves to illustrate the potential for abuse of this new venue.
Kevin Mitnick, who has been called a “computer terrorist” by the Department of Justice, is perhaps the most high-profile computer criminal — and responsible for more havoc in the computer world today than virtually any other computer outlaw. Mitnick explored computers and telephone systems for more than a decade, turning complex systems into the instruments of his lawless trade. For years, he refined his skills and pushed himself up the ladder of computerized criminality.
In the early 1980s, he started his career in crime as a “phone phreak” — one who gets free phone service by cracking the right access codes. He also built up expertise calling up companies and pretending to be a computer repairman to obtain confidential phone numbers and access codes.
He idolired Robert Redford’s character in “Three Days of the Condor” — a graduate student hired by the CIA to excerpt the plots of novels. In a scene from the film, Redford poses as a telephone serviceman and crosses phone wires to shake his pursuers. Mitnick sometimes went by the handle “Condor.”
His trouble with the law began at an early age when he became part of a gang of Los Angeles computer hackers who broke into a system at Monroe High School. In 1981, at age 17, he stole the manuals of Pacific Bell’s COSMOS computer system and software from Microport Systems — but drew only probation for both incidents because of his age. By the late 1980s, Mitnick was no longer beating the rap. In 1989, he was convicted of computer fraud after breaking into MCI telephone computers and accessing long distance codes, as well as doing millions of dollars in damage to Digital Equipment Corporation. Judge Mariana Pfaelzer of the U.S. District Court in Los Angeles ordered him to receive therapy while in prison — likening his obsessive hacking to substance abuse — and prohibited him from use of a telephone or a computer. He served one year behind bars in a minimum-security prison. But when Mitnick was released, little had changed.
In September 1992, warrant-carrying FBI agents searched Mitnick’s Calabasas, California, office on suspicion of Mitnick having violated probation by hacking. The California Department of Motor Vehicles concurrently sought him for posing as a law enforcement officer to gain classified information and possibly creating false identities.
By November 1992, Mitnick had disappeared, a wanted man — but it didn’t slow his mania for computer crime. By late 1994, he was purloining computer files, e-mail and software from a computer belonging to Tsutomu Shimomura, computational physicist and computer security expert in San Diego. Shimomura was incensed and began a crusade to find the intruder. Then technology consultant Bruce Koball in Berkeley, California, discovered strange files stored in an account which he occasionally used. After a short inspection, he found they were Shimomura’s — and Mitnick’s undoing was under way.
Koball contacted Shimomura, who confirmed that the files were his and took off on the trail of the culprit, Mitnick, accompanied by FBI agents and federal marshals. After an elaborate cyberspace chase, Mitnick was brought down. On February 15, 1995, he surrendered from his apartment in Raleigh, North Carolina, surrounded by FBI agents.
Mitnick waived extradition and is now in jail in California, charged with computer fraud and illegal use of a telephone access device. The list of allegations against him include theft of many files and documents, including 20,000 credit card numbers from Netcom On-Line Services, which provides thousands with access to the Internet.
If convicted, Mitnick faces up to 35 years in prison and half a million dollars in fines. Until this most recent apprehension, the FBI had termed Mitnick “the most wanted computer criminal in the country” — and the techniques that snared Mitnick this time will help federal authorities gain an understanding of how to catch veteran computer thieves.
He may have seen himself as above the law, a computer hacker who used his talents strictly for juvenile fun and the pursuit of knowledge. But Kevin Poulsen’s actions turned into the first-ever espionage case against a hacker.
Poulsen, also known as “Dark Dante,” is a 29-year-old native of Pasadena, California. Once regarded as a computer child prodigy, his computer talents were the focus of his life. But his hacking obsession turned him loose in the world of crime. He had been a brilliant teen-age hacker, celebrated for high-security intrusions reminiscent of “War Games,” the 1983 film which was the hallmark of his culture. Even fellow hackers were impressed. “Kevin is extremely good at software and brave at taking chances,” said one former colleague. “Kevin was a 24-hour-a-day hacker.”
So good was Poulsen at cracking government and military systems that the defense industry offered him a dream job as a security-cleared consultant, testing the integrity of Pentagon security systems. By day, he hacked to protect government secrets. By night, he was a high-tech bandit whose intrusions became increasingly criminal.
In November 1989, Poulsen was indicted on 19 counts of conspiracy, fraud, wiretapping and money laundering. If convicted, the charges could have brought him up to 37 years in jail. But Poulsen did not go quietly. He fled, and was beyond the reach of law enforcement for 17 months.
Poulsen had burrowed deep into the giant switching networks of Pacific Bell, exploring and exploiting nearly every element of its computers. His forays led to a now-infamous incident with KIIS-FM in Los Angeles. Each week, the station ran the “Win a Porsche by Friday” contest, with a $50,000 Porsche given to the 102nd caller after a particular sequence of songs announced earlier in the day was played.
On the morning of June 1, 1990, the trio of songs was played on the air. Businessmen, students, housewives and contest fanatics jammed the lines with auto-dialers and car phones. But Poulsen had a different method. He and his associates, stationed at their computers, seized control of the station’s 25 telephone lines, blocking out all calls but their own. Then he dialed the 102nd call — and later collected his Porsche 944.
But that wasn’t all. He allegedly wiretapped the intimate phone calls of a Hollywood actress, conspired to steal classified military orders, cracked an Army computer and snooped into an FBI investigation of former Philippine president Ferdinand Marcos — all while working on national security matters.
Once authorities caught up with Poulsen, the FBI found a trove of electronic devices in his car which, according to one agent, would have “put James Bond to shame.” And even in custody, Poulsen sought to engineer computerized efforts to sabotage the FBI investigation and destroy the full evidence of his crimes.
His original indictment was later amended to add charges of espionage and possession of classified documents. Evidence of stolen classified material was found in a locker Poulsen had obtained and used — but then failed to make rental payments for. He is being held pending trial in San Francisco for theft of classified information. In June 1994, he pleaded guilty in U.S. District Court in Los Angeles to seven counts of mail, wire and computer fraud, money laundering and obstruction of justice in connection with the KIIS-FM incident and others, for which he was sentenced on April 10, 1995, to 51 months in prison and over $56,000 in restitution to radio stations he scammed. It was the longest sentence ever handed down for such a computer crime.
