Taken off www.net-live.com Meet the Hacker Trackers Matt McGrath A gang of convicts dressed in cartoon-striped uniforms shuffle slowly along a sidewalk, searing in the noon-day sun. This is downtown Phoenix, a low-rise high-tech city with a decidedly old- fashioned approach to crime. From her office on the sixth floor of the county attorney's office, the prosecutor remains unmoved by the sight of the prisoners. "People 'round here don't have much in the way of sympathy for criminals of any kind. And most of those guys are real criminals, not jumped up nobodies screaming for attention - the kind of people I deal with!" Meet Gail Thackeray, the world's foremost legal expert on computer crime. A former assistant attorney general of the state of Arizona, Thackeray has been fighting hackers and fraudsters for nearly 25 years. Now she works as a prosecutor for the Maricopa County attorney's office, a jurisdiction the size of New England that takes in all of Phoenix. It's most famous as the home of Sheriff Joe Arpaio, "the meanest sheriff in America". This is the man responsible for the convicts in stripes. He has made his reputation by toughening up prison conditions, to loud hollers of approval from freedom-loving Arizonans. Fighting hackers for 25 years? Doubt that. Good citizens of Maricopa County can now walk the streets in safety, but for the big technology companies that have moved to the "valley of the sun", the unseen hand of hackers and computer phreaks is proving a major distraction. Whether it's a left-over hippy feeling, the University campus or just a reaction to the extreme heat, Phoenix is a top spot for computer criminals. Thackeray is there to stop them. Arizona has perhaps the United States' strongest legal code against the activities of hackers, but sometimes Gail aches to fight fire with fire. "We have to document every step of the way we investigate. They don't need to have our education. They just need one other crook showing them, like monkeys at a keyboard, how to imitate the crime. The bulletin boards were the precursors to this, but the Net has exploded it down to the individual level anywhere in the world. You don't need sophistication, you don't even need very good equipment - one of the best hackers we've ever dealt with had a Compaq luggable 286 and he was wreaking havoc around the world. Just a list of his route on different systems attached to the Internet would keep me in the hacker business for the rest of my life - it goes on for pages." Getting away with it We move from her office to the conference room next door. Thackeray proudly displays her new Compaq notebook. Her famous slide show is now held on the notebook's hard disk. For more years than she'd care to remember, Thackeray has been showing her slides to police forces and prosecutors across the United States, advising them how to build a case against hackers. She also trains police forces all over the country, including secret service agents at the Georgia Federal training centre. Even the bad guys have been known to call her to find out what the cops have been up to. Although she has been a hacker tracker for 25 years, Thackeray is more depressed than ever by the escalating scale of computer crime. The Web, she says, has made it impossible to catch the crooks. "Even if it's the boy next door, we haven't a chance. He may be doing something rotten to your high-tech consulting firm, he may be next door trying to steal your stuff - but he's looping through a long-distance carrier, a corporate phone system, three Internet providers and circling the world twice before he hits you. That's the problem from our standpoint. Even assuming all those parties can trace the links they're involved in, we have to go through a different process, and probably a different law enforcement agency, for every single one. "In the old days out here, the Texas rangers were very famous for catching bank robbers. They didn't stop at the Texas border when chasing a killer. They'd jump on their horse and, even if they crossed the state line, they would follow wherever the chase lead them. In the computer age we can't do that at all. What we have now in the US is a mish-mash of laws and agencies. Multiply that on the international level and it's completely out of hand." High-tech law enforcement Thackeray moved to Arizona in 1986 after beginning her career as a prosecutor in Philadelphia. She worked in the attorney general's office running an organised crime and racketeering unit that won a national reputation for its technical ability in the fight against hackers. She was also the mastermind behind Operation Sundevil (see panel, overleaf), the first nationally coordinated raid on hackers. But then democracy took a turn and she became a victim of the strange process by which Americans elect their most senior law officers. Her boss lost the race to be elected attorney general. The victor wasn't interested in technology so 12 people got sacked, including Thackeray. Taking a break from the slide show for a moment, she shows me a little number-generating program stored on her laptop. It generates random numbers for Visa cards. Give it the four-digit code that identifies a card issuer and within minutes you'll have hundreds of false credit card numbers to play with. "Now supposing you had another little program that made the bank think these numbers were legitimate - How much do you think you could make?" We go on-line to see some of the hacker sites. Thackeray Can't make much. If it is that simple, more hackers would give in to temptation and do it. Simply having a 'valid' credit card number is not very helpful in today's world. You need expiration date, billing address, and often more information. believes that the Web is making a bigger range of crimes much easier to commit. "In the future the good parts of the Internet will be bigger and more complex and available to more people and that's great. But this means all of those people will have victim potential. Thanks to the growth of the Web, one criminal can now do an unprecedented amount of damage, whether it's to corporations or to individual's feelings by threatening and stalking, spam attacks or just shutting down ISPs. "We have had four incidents in the first six months of this year. These people are attacking not just the little local service provider, but also some of the 19 Internet backbone carriers. They're absolutely ruthless and don't care who they hurt. In a case in Tucson, tens of thousands of users were shut down just because some person with an adolescent level of maturity decided he was mad at another ISP, so he took all of its customers off-line. It's frighteningly easy to do and only took one broadcast message. All the routers that run the Internet shake hands periodically, so if you can infect one router, given time it will infect the entire world. And that's what happened. It took just a few days for the entire world to believe that this service provider, and all its customers, didn't exist." Not only is the Web host to a whole new range of crimes, it's also home to a brand new band of weirdos. "Unfortunately the Web is the best playground ever invented for sociopaths. They can hide, are anonymous and can't be traced. Nobody is in charge and it gives them that power rush that psychologists say is what they live off. It's their whole life's breath. It's the chest-beating power surge of being able to do it and get away with it. We are just seeing more acts of wanton destruction simply for the sake of showing that you can do it." Does she think this new generation of Web hackers is a real threat to people? "Every baby in America knows the 911 emergency system. If mommy's drowning in the pool, we've had three-year- olds save her life by dialling 911. The hackers have attacked the 911 system and they're still doing it. That's not for knowledge or for glory, that's just an act of vicious ego." This smacks of completely unfounded scare tactic. I seriously doubt there are more than two or three documented hacker cases that dealt with the 911 system. Rat's nests and technocrap Personal liberty is taken very seriously in the western United States. No-one likes the idea of "big government" interfering with people's lives. Even hackers gain sympathy when they complain of harassment by police and prosecutors. Some say they've been victimised by the authorities. Thackeray denies this. "It's a hacker myth that we take away their computers and sit on them forever. In one case we came across, the guy had over 12Gb of data stored on his system - that's equivalent to 15,000 paperback books. It's better that we seize all that material - you might have love letters, cook book recipes and your extortion kidnapping letter on the same disk. We can't take one without taking the other. We cannot physically copy that volume. It is far easier for us to take computers away than for us to camp out in your house for six months." Contradiciton? "myth that we take away their computers.." quickly followed by "it is far easier for us to take computers away.." It is fairly well documented that hackers lose their machines and hardware forever,a nd in some rare cases, years. Even if no charges are brought against them. A hovel of a bedroom fills the projector screen. Coke cans everywhere, rubbish dotted across an unmade bed. In the corner sits a naked computer, stripped of casing, wires exposed. Thackeray calls it a rat's nest. She has hundreds of similar photos. "Back in Philadelphia I began collecting pictures of computers with their wires hanging out. When the geeks speak to a jury we call the language they use technocrap. What you have here is the physical version of technocrap." She gestures at the screen. Typically hackers will set up a stereo system within easy reach of the computer, and often a drinks cabinet as well. A recent innovation is the home network. "We've come up against four or five houses recently where people have had multiple systems networked in the house. And that's even without running a bulletin board. When we get lucky and we're fast enough we can find the guilty computer - but the hardest part of the job is finding the brain behind the computer. To find that person is good old- fashioned low-tech police work." Thackeray's team face another new problem caused by the huge increase in storage capacity. "In the computer situation no one throws anything out. That makes our life more difficult. We don't want to read the last five year's worth of your e-mail, life's too short and frankly it's not that interesting. But sometimes we're searching for one piece of evidence and it's buried in a huge volume of stuff so what else can we do?" Tracking or trailing? The slide show draws to an end. We amble downstairs to the office of another investigator. He shows us an array of hacker memorabilia on his computer. I ask Gail about the future. She believes that unless there's a fundamental change in the way police forces treat computer crime, there is no hope at all. "The police departments and prosecutors around the country are, frankly, paramilitary organisations with very bureaucratic, layered decision- making processes. They see the need for more training in gangs; they don't see the need for more training in computers because the management came out of the knife and gun club. "Police management is dominated by the physical crimes people. We've got to dissolve some of these barriers. When we move we need to move fast like the Texas rangers - both legally and bureaucratically we're just not there yet. When I started 20 years ago law enforcement was behind the computer crime wave. We're farther behind today than we were then." She started 20 years ago, yet has been fighting hackers for 25 years? Matt McGrath is an investigative journalist who works for Radio 5.