Computer security's rock 'n' roll pioneer by Robert Trigaux St Petersburg Times June 15, 1998 Winn Schwartau relaxes at home in Seminole. The focus of his books and lectures is that the country's growing dependence on computers has outgrown our ability to manage and secure them. Winn Schwartau was called "Chicken Little" several years ago, when he said the United States was vulnerable to electronic attack. Now he makes money taming that threat. The Alex Trebek of computer hackers. It's a title Tampa Bay's Winn Schwartau does not wear lightly. Each July, the Seminole computer security guru heads to Las Vegas, dons a whimsical tie, hops up on a hotel ballroom stage and hosts a boisterous, marathon game called Hacker Jeopardy! Talking the talk Hackers have their own lingo and style of writing: A plug-and-play is somebody who does not need any training to use a computer. But a 404 is someone who's clueless, a reference to the World Wide Web message "404, URL Not Found" that appears on a computer screen when a Web site cannot be located. Hackers also are big on abbreviations and revised spelling. IMHO stands for "in my humble opinion" but the more popular abbreviation is IMAO: "In my arrogant opinion." When spelling, hackers often swap 'z' in place of 's' (as in 'warez'), or 'ph' for 'f' (as in 'phreak' or 'fone'), or replace the letter 'o' with the number '0' (as in the hacker group L0pht). Hacker lingo is so pervasive, there's even the New Hacker's Dictionary, recently published in its third edition. Want to know what an obi-wan error is? It's a loop error that results in repetition. How many times in Star Wars did Princess Leia say "Help me, Obi-Wan, you're my only hope"? A newbie? Someone new to the Internet or to a particular subject. Heard of mouse droppings? They are the pixels that are not properly restored on a PC screen when a computer mouse is moved. The game starts on the first evening of the DefCon convention, the country's biggest annual gathering for hackers. Last summer's DefCon5 drew 1,500 to the Aladdin Hotel and Casino; DefCon6, which begins July 31, should be bigger. Rowdiness is the norm. "Spot the Feds" is a popular sport. Convention breaks are sponsored by hacker gangs like Cult of the Dead Cow. ['gang' implies (by Webster's Dictionary) a group intent on ILLEGAL activity, yet Cult of the Dead Cow does not partake in illegal activity.] First, the rules: Hacker Jeopardy! giveaways, like modems, may be tossed into the audience, so stay awake; stop hacking the hotel phone system to make free calls; and, please, phrase your answers in the form of a question. Schwartau leads a wall-to-wall crowd in singing a version of the Jeopardy! theme song before turning to a makeshift Jeopardy! game board. In his best Trebek-like voice, he shouts, "And the categories are . . . Hacking . . . We Still Hate Cyberflicks . . . Some Net Security . . . Aliens Among Us." The room, packed with well-oiled hackers and a few snooping federal agents, gets noisier and the one-liners funnier as the night rolls on. Competition is intense. "The two possible meanings of DOS!" Schwartau yells over the din. The correct response: What are Denial of Service or Disc Operating System? Contestants who give a wrong question must chug their drinks. It's chaos, but the game is a perennial DefCon hit. In his fourth year as game-show host, the fast-talking, former rock & roll producer Schwartau is right at home, schmoozing and matching arrogant wit with the hacker scene. Taking a cyberspace walk on the wild side keeps Schwartau charged. Many attending DefCon are traditional hackers -- those who hack in pursuit of technical knowledge only. Still, DefCon is not for wimps. Among next month's DefCon speakers, widely known hacker 'Se7en' will lecture on how to hack the travel industry to get free travel and hotel upgrades. Seattle hacker "Dark Tangent" -- the handle for DefCon organizer Jeff Moss -- admits that none of the Vegas hotels that host DefCon ever ask the convention to come back. The Security Experts When DefCon's over, Schwartau (pronounced SHWORT-ow) drops the hacker lingo and swaps his Boris-and-Natasha tie for more conservative gigs. Like advising the U.S. military and NATO; hacking into corporations (at their request) as head of a business called the Security Experts; running well-attended international security conferences. The bible of the phreaking faithful On the first Friday of each month, they gather by pay phones around the globe to hone the art of hacking. Who is this cyber-Floridian anyway? Hacker confidant. Big government consultant. Libertarian advocate of an "electronic bill of rights." Prolific writer. Internet celebrity. Public school activist. Father, family man and entrepreneur living in a Pinellas County home with a powerboat parked outside. [Hacker confidant? As I am one of the people he and his assistant go to for information on the hacker community, I can assure you this is an exaggeration.] But stirring the online pot takes its toll. Schwartau received threats to his life last summer, apparently from overseas hacker groups that don't like his meddling (or his advising federal agencies). And he has been harassed by hacker pranks, from cutting off his electricity and screwing up his phone service to messing with his credit record. The FBI is investigating. Schwartau, in a rare moment of reserve, won't comment. Schwartau does not fit easily under a single label. Some simply call him an information warrior because he was among the first to warn that the United States is a sitting duck in the next great conflict: not an assault with conventional weapons, but from an information war. One fought by soldiers or terrorists armed with computers and waged over the global Internet that connects the hundreds, if not thousands, of computer networks relied upon by the U.S. economy 24 hours a day. Potential targets? Electric power and telephone networks. Air traffic control systems. The Federal Reserve network, which each day settles $1-trillion of the country's commercial transactions. Take out one of these and paralyze the country. As far back as 1991, when he coined the phrase "electronic Pearl Harbor" in congressional testimony, Schwartau warned that the next sneak attack on the United States may be online. That early prediction earned him immediate criticism from security traditionalists and the nickname "Chicken Little" for suggesting the electronic sky is falling. Schwartau, 45, is unfazed. After years of "people laughing me off the stage," he says the government is catching on. Schwartau "has recognized the world is changing in significant ways," John Alger, dean of the school of information warfare and strategy at the National Defense University, wrote in his introduction to the 1994 second edition of Schwartau's book, Information Warfare. Some executives swear by Schwartau. Ken Mellem, the chief executive of St. Petersburg's high-tech mapping company Geonex Corp., met Schwartau years ago. When Mellem helped take a company called Security Computing Corp. public, Schwartau was hired to help promote the business. "Winn is becoming a major force, a person doing really baseline educating on how vulnerable we all are," Mellem said. "He's like a New York City undercover cop who walks both sides of the law." Now Schwartau counsels national security agencies and the military on ways to protect the country's key computer networks. His worry is that the country's dependence on computer networks outgrew the country's ability to manage them about 15 years ago. Now, he says, it is time to catch up. For starters, the White House last year established the President's Commission on Critical Infrastructure Protection. Its job is to assess the nation's vulnerability to computer-equipped terrorists and enemy nations. "Nobody around the world today would attempt to defeat us on the battlefield," said Gen. Robert Marsh, who heads the White House commission. "While a catastrophic cyberattack has not occurred, we have enough isolated incidents to know that the potential for disaster is real and the time to act is now." To Schwartau, the mere existence of a presidential commission is the latest proof that he's not just blowing smoke. But in typically blunt style, Schwartau still skewers the federal group for its tepid conclusions and refusal to make public all of its findings. He dubs the commission effort the "Clara Peller report," a reference to the Wendy's ads of the mid-1980s, and zings the same one-liner: "Where's the beef?" Incognito at home In the Tampa Bay area Schwartau remains an unknown, just another New-Yorker-turned-Floridian in denim shirt and topsiders who likes to breakfast at the Einstein Brothers bagel shop across from Seminole Mall. But in the world of hackers and the intelligence communities, Schwartau is a household name. Mike Wallace recently interviewed Schwartau for a cable TV series on Internet crime. The Learning Channel last spring produced Cyberwarriors, an in-depth look at the future of warfare with prominent remarks from Schwartau. Forbes magazine profiled Schwartau in October. Trendy Wired magazine interviewed him in its December 1996 issue. Even G. Gordon Liddy, on his radio show, has interviewed Schwartau on what's new in the computer wars. In tech terms, Schwartau is a 300-megahertz whirl in a 90-megahertz world. He talks fast. He jokes fast ("I'm up at the crack of noon"). He eats fast (while talking). He gulps coffee -- but only decaf, since he obviously doesn't need an extra jolt. Prone to interject the phrase "Sanity check!" in conversation, he grows passionate on the topics of online security, the Internet, his expanding business plans and his family. He gets impatient with slow movers and slower thinkers. He rapid-fires his ideas and one-liners like a Ginsu knife cutting tin cans. Between bagel bites recently, he starts drawing on a napkin his latest idea to convince businesses that computer security needs a fresh look. Building a technological fortress around a companys network is old thinking, he says. It's like France's Maginot Line after World War I. The Germans just went around it, and so will today's hackers. Schwartau keeps scribbling. Businesses can let all their customers in only if they improve their ability to detect threats and cut the time it takes to throw hackers off their computer networks. It's a trade-off. Schwartau recently set up a firm called the Security Experts. The company will hack into client systems to show companies their vulnerabilities. That business niche, known as "ethical hacking," is booming and already has attracted heavyweights like IBM and Ernst & Young. Schwartau says his hacker group has attempted 2,300 penetrations of business networks and failed only twice. [Find when they were formed.. x years vs x hacks = x/day] Along with hacking, consulting and organizing conferences on information warfare, Schwartau has built an impressive Web site (www.infowar.com). The site tracks computer security and hacker news, offers top-notch guests in its chat rooms and sells cutting-edge books on computer and international security. Schwartau's first love is writing. In addition to his more serious Information Warfare books, he is freshening the plot of an already published novel, Terminal Compromise, about a Japanese industrialist's online attack on the United States. He also co-authored in 1996 The Complete Internet Business Toolkit with security consultant Chris Goggans. Better known under his former hacker handle, "Erik Bloodaxe," Goggans was a founding member in the 1980s of the legendary hacker group Legion of Doom. [Quote phrack article showing he wasn't founder.] Schwartau also shows off a less serious side. Last year he penned a humorous article for Internet Underground magazine about his ill-fated experience with customs officials at Tampa International Airport. Dog-tired and sick with fever, Schwartau was returning from Poland. He carried the tools of his trade: a laptop PC, suitcases full of Defense Department reports on security, a book titled Economic Espionage in America and a videotape labeled "Hackers Breaking Into the Pentagon." Not surprisingly, such possessions caught the attention of a customs inspector, who took Schwartau aside for a second and then a third inspection before eventually letting him pass. "My luggage was hoisted by this time onto a long, slick aluminum tray . . perfectly suited to carry out bovine autopsies," Schwartau wrote. Classic Net fare, the article carried an off-angled photo of Schwartau sporting his Boris-and-Natasha tie. The next story in the magazine discussed Web sites that show how to make guns that shoot potatoes. An odd road to security guru Schwartau didn't plan a career as an online personality and security consultant. It was, more or less, a natural evolution of a hyperactive mind with an anti-establishment bent. Schwartau grew up in New York City, the son of a music producer who let '60s groups like Peter, Paul & Mary crash at his Greenwich Village home. Schwartau worked at the Woodstock concert and followed his fa-ther into the music business, getting to know John Lennon and other rock & roll figures. Schwartau followed the music business to California, then took a detour. An interest in computers and a knack for promotion hooked him up with several early high-tech companies. After attending a computer security convention in 1989, Schwartau realized that the coming Internet boom, the rise of hackers and the weak security in government and corporate America would result in opportunity. With a young family and a yen for warm weather, Schwartau and his wife, Sherra, moved east, settling in Pinellas County in 1992. Interpact, one of Schwartau's businesses, operates out of their Seminole home, just past the rooms dotted with mementos from the rock & roll days: a Billy Joel piano and autographed Beatles and original Woodstock posters. (Schwartau's other memorabilia include a microphone used by Adolf Hitler.) In an alcove, eyes glued to a PC, sits Schwartau's loyal aide and Web site maven, Betty O'Hearn. She serves as Schwartau's online eyes and ears and -- no small feat -- maintains Infowar.com and its chat rooms. [Betty also has difficulty being accepted by newbie hackers on IRC.] O'Hearn is an admitted online addict. On the Internet she is dubbed "Miss Infowar". She typically logs as many as 420 hours a month on the Net. That's more than 13 hours every day and includes answering more than 350 e-mails a day. She is also a grandmother with spunk. Once when O'Hearn accompanied Schwartau to the Pentagon, she was introduced to a general who ordered her to call him "Bulldog." O'Hearn barked back, "Does that mean you have to lift your leg?" In his adjacent office, Schwartau often listens to tunes from Chicago or Fleetwood Mac over his PC speakers while surfing the Net and taking phone calls. The walls of the room are covered with plaques and notes of appreciation from the Defense Department, the National Computer Security Association and the Florida Association of Computer Crime Investigators. Next to a visitor tag from the Naval Surface Warfare Center is another button. It reads "Best Dad." When Schwartau is not working, he is home with his family. On occasion, he takes his outboard out on the gulf. Not to fish. He is out there reading. Even on a family vacation, Schwartau can't resist the online game. Last summer, he left a contest on his Web site: $100 to the first person who could figure out where he was on holiday. A fine line Shuttling between groups at such odds as hackers and federal agents is no picnic, even for Schwartau. His secretive government consulting doesn't always sit well with civil libertarian friends. "There's concern the Department of Defense will take over the country," he acknowledged. "I get grief for this." Still, plenty of hackers keen on pushing technical (not legal) boundaries like Schwartau for his boundless energy, humor and support of benign hacking. "Winn's a father figure to the hacker culture," said veteran hacker Carolyn Meinel, known as "Happy Hacker" on the Net. "Even the worst hackers know he cares about them as human beings and does not want them to be hurt." [The general concensus I have seen in the last five years is NOT that he is a father figure. In fact, it is ONLY Ms. Meinel that has called him that. Further, Ms. Meinel's description "veteran hacker" is self titled.] True hacking, Schwartau argues, should be nurtured. Without it, we'd have no space exploration. "Remember the movie Apollo 13? When the spacecraft was in trouble? NASA put a bunch of parts from a like craft on the table and told its scientists to save the ship," he said. (They did.) Using stuff in a new or different way -- that's hacking. "We're not anti-hacker," explained Schwartau, whose laptop computer bears the hacker motto: I Love Your Computer. "Just anti-malicious hacker." The media's tendency to glamorize Schwartau as an online swashbuckler doesn't always help his status with the straight-laced feds. Newspapers and magazines have described Schwartau in the past year as the "guru of the Internet," the "spin doctor of cyberspace" and the "self-appointed maven of data Armageddon." And some competitors in the security business wonder if the brash Schwartau is more hype than substance. [Guru? The same type of guru who doesn't even use or endorse PGP for personal privacy?] To be sure, some of Schwartau's remarks border on science fiction. Take the rumor after the Gulf War that the United States used a virus in a printer to defeat Iraqi air defenses. That's false, Schwartau says. Instead, the military used magnetic weapons on cruise missiles to jam Iraqi air defense systems. "There's a lot of circuslike promotion out there," said Richard Power, senior vice president with the Computer Security Institute in San Francisco. "An electronic Pearl Harbor," he said, citing Schwartau's term, "is a lot less likely to happen than somebody driving a truck bomb on to Wall Street." Schwartau shrugs. To him, it pays to know both sides of the cyberworld. "It keeps friends close, and enemies closer," he explained. And to naysayers who doubt the likelihood of war by computer, he wishes them well. "I hope they don't become victims."