In Response To: Unplugged! The biggest hack in history

http://www.aviary-mag.com/Martin/The_Phonemasters_And_I/the_phonemasters_and_i.html

In Response To: Unplugged! The biggest hack in history

Original Article
http://www.zdnet.com/filters/printerfriendly/0,6061,2345639-2,00.html
By John Simons, WSJ Interactive Edition
October 1, 1999 8:54 AM PT

The Phonemasters and I

In 1994, I was learning as much about computers and telephony as I could possibly take in. Had an extra 500 page manual? I'd digest it in days. Anything related to phones was of particular interest to me. For some reason, the computers that ran the phone systems were interesting and I found myself with an insatiable curiosity for them. Some called it an obsession. Ironic that I hated talking on phones with anyone, even with the people sharing new information about the systems I was learning about. It didn't take long for me to move on to switches and systems that were the core of the telephone network.

To this day, I can still say I never did anything harmful, destructive or malicious to any phone or computer network out there. It was all about learning the systems. The natural curiosity of a young man, focused on technology that was becoming more and more widespread. It was about knowledge, nothing else.

You find yourself a newcomer to the concept of hacking, new to technology and learning. Who do you turn to? If you are truly into it because of the love of the system, anyone willing to help. That is how I ran into two of the 'phonemasters' back in 1994. Fortunate for me, I ran into some of the best teachers I have ever encountered. Given that one of my primary functions in my current professional life is teaching government agencies and fortune 500 companies, that statement shouldn't be taken lightly.

I remember my first talk with one of the phonemasters. He was soft-spoken from the beginning, talking with a cool and reserved voice. When it came to phone systems, his voice became that of an expert. The information and advice he passed on to me was flawless. If I didn't know better, I could have easily believed he was an employee of the phone company, or some other expert on the subject material. It didn't take long for our email to lead to talking on the phone. We had maybe ten conversations over a year long period. Each one an hour or more of us discussing phone systems and the intricacies involved.

While i didn't know them as close friends, we were on a first name basis for the conversations we had. Back then, a first name was a sure sign of trust and/or respect. They trusted me, I respected and trusted them implicitly. It started out talking with 'T' and eventually lead to a handful of conversations with 'G' (two of the three 'phonemasters').

Ethics

Simons says in his article that the Phonemasters had "Unlimited potential for harm". While this is technically true, consider the long haul. Over five years of having this powerful access, and what harm was done? None. Like so many hackers, being malicious is not in their book. A sense of power and exploring maybe, but causing harm to anyone just wasn't considered. Simons goes on to tell us about FBI evidence that alleges they had planned on breaking into the National Crime Information Center (NCIC). So? They wouldn't be the first to compromise the FBI's pride and joy of a network.

While the three 'phonemasters' were close friends, they periodically reached out to talk to others. Often times imparting new bits of knowledge to newcomers to hacking, they enjoyed teaching. None of them bragged about their skills, demanded tribute or anything indicating they had large egos. It was during these external talks that lead to the incident Simons refers to on January 23. He writes: "On Jan. 23, while probing a U S West telephone database, Cantrell, Bosanac, Lindsley and others stumbled over a list of telephone lines that were being monitored by law enforcement. On a lark, they decided to call one of the people -- a suspected drug dealer, says Morris -- and let him know his pager was being traced by the police." The idea of notifying the owners of traced lines actually came from another Mid West hacker who shared the deed on a conference call with two of the phonemasters. Sorry, can't blame them for that idea.

Side affects of their raid

   "Morris hastily arranged for an FBI raid. On Feb. 22, 1995, agents
    raided Cantrell's home, Lindsley's college dorm room, and burst into
    Bosanac's bedroom in San Diego."

I remember this night quite well. A couple hackers I knew were in an absolute state of panic. They were baffled over the raid and kept wondering why they weren't recipients of an FBI visit of their own. One of the hackers admitted to me that he too had been hacking some of the same phone computers that the phonemasters had. He had even found printouts of their activity in the trash can of a U.S. West Central Office and later confirmed it was their activity that generated these printouts.

Another hacker in touch with the phonemasters paid me a visit that night. He was openly sweating and a little out of breath. I quickly found out that he had spent the day cleaning his place, in fear of impending FBI raid. Throwing out over forty technical manuals detailing the use of various phone systems. He had also thrown out a wide range of hardware and other extraneous equipment he felt were no longer needed. Some of his friends were not thrilled with his decision. A veritable gold mine of information was lost forever.

Co-conspirators

Three individuals are being charged with crimes related to this long term intrusion. After half a decade of running through phone, credit and every other system out there, a question emerges. Did they do it alone? Of course not.

During on of my phone conversations with 'T', he told me about a night he was dabbling on some system. He typed in a long command and received an error message. Trying again and altering his syntax yielded no success either. As he sat there pondering the correct command to type in, someone else on the system did it for him. Alarmed at first, he wondered who could have done it for him. Perhaps one of the other phonemasters he thought? Not this time, instead, a legitimate phone technician was the one to help. He went on to describe the hours of technical help the phone company employee gave him. The whole time fully aware that his student had no right to be on the system.

The sum of the charges...

While the three 'phonemasters' did break laws by intruding into these sensitive and critical systems, there are a few things we need to remember. If such vital and life saving systems are vulnerable to this widespread and lengthy hack, why are we relying on them? Why hasn't the government put more resources or some form of standards on these mission critical systems?

Based on my limited conversations with them, I can say it is somewhat comforting knowing these three were involved rather than malicious hackers. More importantly, that these technically brilliant hackers were at the keyboard. The systems they were in like the AT&T 1AESS switch isn't the most fault tolerant system. Commands that go awry have a tendency to leave thousands of people without phone service. Novice hackers finding themselves with the same hackers the 'phonemasters' enjoyed could have presented a real threat to citizens everywhere.

When you read these articles, remember that the sum of their charges do not paint a full picture of what kind of people they really are.