Computer security's rock 'n' roll pioneer
by Robert Trigaux
St Petersburg Times
June 15, 1998

Winn Schwartau relaxes at home in Seminole. The focus of his books and
lectures is that the country's growing dependence on computers has outgrown
our ability to manage and secure them. 
Winn Schwartau was called "Chicken Little" several years ago, when he said the
United States was vulnerable to electronic attack. Now he makes money taming
that threat. 
                                       
The Alex Trebek of computer hackers. It's a title Tampa
Bay's Winn Schwartau does not wear lightly. Each July, the Seminole
computer security guru heads to Las Vegas, dons a whimsical tie, hops up on a
hotel ballroom stage and hosts a boisterous, marathon game called Hacker
Jeopardy!
                                       
Talking the talk
Hackers have their own lingo and style of writing:
                                       
A plug-and-play is somebody who does not need any training to use a computer.
But a 404 is someone who's clueless, a reference to the World Wide Web
message "404, URL Not Found" that appears on a computer screen when
a Web site cannot be located.
                                       
Hackers also are big on abbreviations and revised spelling. IMHO stands for
"in my humble opinion" but the more popular abbreviation is IMAO:
"In my arrogant opinion." When spelling, hackers often swap
'z' in place of 's' (as in 'warez'), or
'ph' for 'f' (as in 'phreak' or 'fone'), or replace the letter 'o' with the number
'0' (as in the hacker group L0pht).
                                       
Hacker lingo is so pervasive, there's even the New Hacker's
Dictionary, recently published in its third edition.
                                       
Want to know what an obi-wan error is? It's a loop error that results in
repetition. How many times in Star Wars did Princess Leia say "Help me,
Obi-Wan, you're my only hope"?
                                       
A newbie? Someone new to the Internet or to a particular subject.
                                       
Heard of mouse droppings? They are the pixels that are not properly restored
on a PC screen when a computer mouse is moved. The game starts on the first
evening of the DefCon convention, the country's biggest annual gathering
for hackers. Last summer's DefCon5 drew 1,500 to the Aladdin Hotel and
Casino; DefCon6, which begins July 31, should be bigger. Rowdiness is the
norm. "Spot the Feds" is a popular sport. Convention breaks are
sponsored by hacker gangs like Cult of the Dead Cow.

['gang' implies (by Webster's Dictionary) a group intent on ILLEGAL activity,
 yet Cult of the Dead Cow does not partake in illegal activity.]
                                       
First, the rules: Hacker Jeopardy! giveaways, like modems, may be tossed into
the audience, so stay awake; stop hacking the hotel phone system to make free
calls; and, please, phrase your answers in the form of a question.
                                       
Schwartau leads a wall-to-wall crowd in singing a version of the Jeopardy!
theme song before turning to a makeshift Jeopardy! game board. In his best
Trebek-like voice, he shouts, "And the categories are . . . Hacking
. . . We Still Hate Cyberflicks . . . Some Net Security . . . Aliens Among Us."
                                       
The room, packed with well-oiled hackers and a few snooping federal agents,
gets noisier and the one-liners funnier as the night rolls on. Competition is
intense.
                                       
"The two possible meanings of DOS!" Schwartau yells over the din.
The correct response: What are Denial of Service or Disc Operating System?
Contestants who give a wrong question must chug their drinks.
                                       
It's chaos, but the game is a perennial DefCon hit. In his fourth year as
game-show host, the fast-talking, former rock & roll producer
Schwartau is right at home, schmoozing and matching arrogant wit with the
hacker scene. Taking a cyberspace walk on the wild side keeps Schwartau
charged.
                                       
Many attending DefCon are traditional hackers -- those who hack in pursuit of
technical knowledge only. Still, DefCon is not for wimps. Among next
month's DefCon speakers, widely known hacker 'Se7en' will
lecture on how to hack the travel industry to get free travel and hotel upgrades.
                                       
Seattle hacker "Dark Tangent" -- the handle for DefCon organizer
Jeff Moss -- admits that none of the Vegas hotels that host DefCon ever ask
the convention to come back.
                                       
The Security Experts
                                       
When DefCon's over, Schwartau (pronounced SHWORT-ow) drops the hacker
lingo and swaps his Boris-and-Natasha tie for more conservative gigs. Like
advising the U.S. military and NATO; hacking into corporations (at their
request) as head of a business called the Security Experts; running
well-attended international security conferences.
                                       
The bible of the phreaking faithful

On the first Friday of each month, they gather by pay phones around the globe
to hone the art of hacking. Who is this cyber-Floridian
anyway? Hacker confidant. Big government consultant. Libertarian advocate of
an "electronic bill of rights." Prolific writer. Internet celebrity.
Public school activist. Father, family man and entrepreneur living in a
Pinellas County home with a powerboat parked outside.

[Hacker confidant? As I am one of the people he and his assistant go to for
 information on the hacker community, I can assure you this is an exaggeration.]
                                       
But stirring the online pot takes its toll. Schwartau received threats to his
life last summer, apparently from overseas hacker groups that don't like
his meddling (or his advising federal agencies). And he has been harassed by
hacker pranks, from cutting off his electricity and screwing up his phone
service to messing with his credit record. The FBI is investigating.
Schwartau, in a rare moment of reserve, won't comment.
                                       
Schwartau does not fit easily under a single label. Some simply call him an
information warrior because he was among the first to warn that the United
States is a sitting duck in the next great conflict: not an assault with
conventional weapons, but from an information war. One fought by soldiers or
terrorists armed with computers and waged over the global Internet that
connects the hundreds, if not thousands, of computer networks relied upon by
the U.S. economy 24 hours a day.
                                       
Potential targets? Electric power and telephone networks. Air traffic control
systems. The Federal Reserve network, which each day settles $1-trillion of
the country's commercial transactions. Take out one of these and paralyze
the country.
                                       
As far back as 1991, when he coined the phrase "electronic Pearl
Harbor" in congressional testimony, Schwartau warned that the next sneak
attack on the United States may be online. That early prediction earned him
immediate criticism from security traditionalists and the nickname
"Chicken Little" for suggesting the electronic sky is falling.
                                       
Schwartau, 45, is unfazed. After years of "people laughing me off the
stage," he says the government is catching on.
                                       
Schwartau "has recognized the world is changing in significant
ways," John Alger, dean of the school of information warfare and strategy
at the National Defense University, wrote in his introduction to the 1994
second edition of Schwartau's book, Information Warfare.
                                       
Some executives swear by Schwartau. Ken Mellem, the chief executive of St.
Petersburg's high-tech mapping company Geonex Corp., met Schwartau years
ago. When Mellem helped take a company called Security Computing Corp. public,
Schwartau was hired to help promote the business.
                                       
"Winn is becoming a major force, a person doing really baseline educating
on how vulnerable we all are," Mellem said. "He's like a New
York City undercover cop who walks both sides of the law."
                                       
Now Schwartau counsels national security agencies and the military on ways to
protect the country's key computer networks. His worry is that the
country's dependence on computer networks outgrew the country's
ability to manage them about 15 years ago. Now, he says, it is time to catch up.

For starters, the White House last year established the President's
Commission on Critical Infrastructure Protection. Its job is to assess the
nation's vulnerability to computer-equipped terrorists and enemy nations.
                                       
"Nobody around the world today would attempt to defeat us on the
battlefield," said Gen. Robert Marsh, who heads the White House
commission. "While a catastrophic cyberattack has not occurred, we have
enough isolated incidents to know that the potential for disaster is real and
the time to act is now."
                                       
To Schwartau, the mere existence of a presidential commission is the latest
proof that he's not just blowing smoke. But in typically blunt style,
Schwartau still skewers the federal group for its tepid conclusions and
refusal to make public all of its findings.
                                       
He dubs the commission effort the "Clara Peller report," a reference
to the Wendy's ads of the mid-1980s, and zings the same one-liner:
"Where's the beef?"
                                       
Incognito at home
                                       
In the Tampa Bay area Schwartau remains an unknown, just another
New-Yorker-turned-Floridian in denim shirt and topsiders who likes to
breakfast at the Einstein Brothers bagel shop across from Seminole Mall. But
in the world of hackers and the intelligence communities, Schwartau is a
household name.
                                       
Mike Wallace recently interviewed Schwartau for a cable TV series on Internet
crime. The Learning Channel last spring produced Cyberwarriors, an in-depth
look at the future of warfare with prominent remarks from Schwartau. Forbes
magazine profiled Schwartau in October. Trendy Wired magazine interviewed him
in its December 1996 issue. Even G. Gordon Liddy, on his radio show, has
interviewed Schwartau on what's new in the computer wars.
                                       
In tech terms, Schwartau is a 300-megahertz whirl in a 90-megahertz world. He
talks fast. He jokes fast ("I'm up at the crack of noon"). He
eats fast (while talking). He gulps coffee -- but only decaf, since he
obviously doesn't need an extra jolt. Prone to interject the phrase
"Sanity check!" in conversation, he grows passionate on the topics
of online security, the Internet, his expanding business plans and his family.
                                       
He gets impatient with slow movers and slower thinkers. He rapid-fires his
ideas and one-liners like a Ginsu knife cutting tin cans.
                                       
Between bagel bites recently, he starts drawing on a napkin his latest idea to
convince businesses that computer security needs a fresh look. Building a
technological fortress around a company’s network is old thinking, he
says. It's like France's Maginot Line after World War I. The Germans
just went around it, and so will today's hackers.
                                       
Schwartau keeps scribbling. Businesses can let all their customers in only if
they improve their ability to detect threats and cut the time it takes to
throw hackers off their computer networks. It's a trade-off.
                                       
Schwartau recently set up a firm called the Security Experts. The company will
hack into client systems to show companies their vulnerabilities. That
business niche, known as "ethical hacking," is booming and already
has attracted heavyweights like IBM and Ernst & Young. Schwartau says his
hacker group has attempted 2,300 penetrations of business networks and failed
only twice.

[Find when they were formed.. x years vs x hacks = x/day]
                                      
Along with hacking, consulting and organizing conferences on information
warfare, Schwartau has built an impressive Web site (www.infowar.com). The
site tracks computer security and hacker news, offers top-notch guests in its
chat rooms and sells cutting-edge books on computer and international
security.
                                       
Schwartau's first love is writing. In addition to his more serious
Information Warfare books, he is freshening the plot of an already published
novel, Terminal Compromise, about a Japanese industrialist's online
attack on the United States. He also co-authored in 1996 The Complete Internet
Business Toolkit with security consultant Chris Goggans. Better known under
his former hacker handle, "Erik Bloodaxe," Goggans was a founding
member in the 1980s of the legendary hacker group Legion of Doom.

[Quote phrack article showing he wasn't founder.]
                                       
Schwartau also shows off a less serious side. Last year he penned a humorous
article for Internet Underground magazine about his ill-fated experience with
customs officials at Tampa International Airport. Dog-tired and sick with
fever, Schwartau was returning from Poland. He carried the tools of his trade:
a laptop PC, suitcases full of Defense Department reports on security, a book
titled Economic Espionage in America and a videotape labeled "Hackers
Breaking Into the Pentagon."
                                       
Not surprisingly, such possessions caught the attention of a customs
inspector, who took Schwartau aside for a second and then a third inspection
before eventually letting him pass.
                                       
"My luggage was hoisted by this time onto a long, slick aluminum tray . .
perfectly suited to carry out bovine autopsies," Schwartau wrote.
Classic Net fare, the article carried an off-angled photo of Schwartau
sporting his Boris-and-Natasha tie. The next story in the magazine discussed
Web sites that show how to make guns that shoot potatoes.
                                       
An odd road to security guru
                                       
Schwartau didn't plan a career as an online personality and security
consultant. It was, more or less, a natural evolution of a hyperactive mind
with an anti-establishment bent.
                                       
Schwartau grew up in New York City, the son of a music producer who let
'60s groups like Peter, Paul & Mary crash at his Greenwich Village home.
Schwartau worked at the Woodstock concert and followed his fa-ther into the
music business, getting to know John Lennon and other rock & roll figures.
                                       
Schwartau followed the music business to California, then took a detour. An
interest in computers and a knack for promotion hooked him up with several
early high-tech companies.
                                       
After attending a computer security convention in 1989, Schwartau realized
that the coming Internet boom, the rise of hackers and the weak security in
government and corporate America would result in opportunity. With a young
family and a yen for warm weather, Schwartau and his wife, Sherra, moved east,
settling in Pinellas County in 1992.
                                       
Interpact, one of Schwartau's businesses, operates out of their Seminole
home, just past the rooms dotted with mementos from the rock &
roll days: a Billy Joel piano and autographed Beatles and original Woodstock
posters. (Schwartau's other memorabilia include a microphone used by Adolf Hitler.)
                                       
In an alcove, eyes glued to a PC, sits Schwartau's loyal aide and Web
site maven, Betty O'Hearn. She serves as Schwartau's online eyes and
ears and -- no small feat -- maintains Infowar.com and its chat rooms.

[Betty also has difficulty being accepted by newbie hackers on IRC.]
                                    
O'Hearn is an admitted online addict. On the Internet she is dubbed
"Miss Infowar". She typically logs as many as 420 hours a month on
the Net. That's more than 13 hours every day and includes answering more
than 350 e-mails a day.
                                       
She is also a grandmother with spunk. Once when O'Hearn accompanied
Schwartau to the Pentagon, she was introduced to a general who ordered her to
call him "Bulldog." O'Hearn barked back, "Does that mean you have to lift your leg?"
                                       
In his adjacent office, Schwartau often listens to tunes from Chicago or
Fleetwood Mac over his PC speakers while surfing the Net and taking phone
calls. The walls of the room are covered with plaques and notes of
appreciation from the Defense Department, the National Computer Security
Association and the Florida Association of Computer Crime Investigators. Next
to a visitor tag from the Naval Surface Warfare Center is another button. It
reads "Best Dad."
                                       
When Schwartau is not working, he is home with his family. On occasion, he
takes his outboard out on the gulf. Not to fish. He is out there reading.
                                       
Even on a family vacation, Schwartau can't resist the online game. Last
summer, he left a contest on his Web site: $100 to the first person who could
figure out where he was on holiday.
                                       
A fine line
                                       
Shuttling between groups at such odds as hackers and federal agents is no
picnic, even for Schwartau. His secretive government consulting doesn't
always sit well with civil libertarian friends.
                                       
"There's concern the Department of Defense will take over the
country," he acknowledged. "I get grief for this."
                                       
Still, plenty of hackers keen on pushing technical (not legal) boundaries like
Schwartau for his boundless energy, humor and support of benign hacking.
                                       
"Winn's a father figure to the hacker culture," said veteran
hacker Carolyn Meinel, known as "Happy Hacker" on the Net.
"Even the worst hackers know he cares about them as human beings and does
not want them to be hurt."

[The general concensus I have seen in the last five years is NOT that he
 is a father figure. In fact, it is ONLY Ms. Meinel that has called him that.
 Further, Ms. Meinel's description "veteran hacker" is self titled.]
                                       
True hacking, Schwartau argues, should be nurtured. Without it, we'd have
no space exploration. "Remember the movie Apollo 13? When the spacecraft
was in trouble? NASA put a bunch of parts from a like craft on the table and
told its scientists to save the ship," he said. (They did.) Using stuff
in a new or different way -- that's hacking.
                                       
"We're not anti-hacker," explained Schwartau, whose laptop
computer bears the hacker motto: I Love Your Computer. "Just anti-malicious hacker."
                                       
The media's tendency to glamorize Schwartau as an online swashbuckler
doesn't always help his status with the straight-laced feds. Newspapers
and magazines have described Schwartau in the past year as the "guru of
the Internet," the "spin doctor of cyberspace" and the
"self-appointed maven of data Armageddon." And some competitors in
the security business wonder if the brash Schwartau is more hype than
substance.

[Guru? The same type of guru who doesn't even use or endorse PGP for personal
 privacy?]
                                       
To be sure, some of Schwartau's remarks border on science fiction. Take
the rumor after the Gulf War that the United States used a virus in a printer
to defeat Iraqi air defenses. That's false, Schwartau says. Instead, the
military used magnetic weapons on cruise missiles to jam Iraqi air defense
systems.
                                       
"There's a lot of circuslike promotion out there," said Richard
Power, senior vice president with the Computer Security Institute in San
Francisco. "An electronic Pearl Harbor," he said, citing
Schwartau's term, "is a lot less likely to happen than somebody
driving a truck bomb on to Wall Street."
                                       
Schwartau shrugs. To him, it pays to know both sides of the cyberworld.
"It keeps friends close, and enemies closer," he explained.
                                       
And to naysayers who doubt the likelihood of war by computer, he wishes them
well. "I hope they don't become victims."