NOT A DAY TOO SOON.
Well, I was close to keeping my 30 day minimum on posts, but here I am on a Friday, end of the week and end the month with little to do to keep my busy. I'm close to hitting my goals, but anything I start now won't get done this month. This leaves me with a decision. Do I take it easy and then get back to it on Monday, or put in a bunch of effort for little or nothing? I chose the latter. I need the break since I'm getting really burned out. Too many things, too much micro management, and a sense I'm falling behind. Yes, it IS time to stop and take a deep breathe before I continue on. Which brings me to this excellent story I'm about to share with you.
*UPDATE*: I got my Twitter account re-instated. Google thought one of the video's I posted from YouTube contained malware. Oh the irony.
WHEN BEING ON PAGE 1 OF GOOGLE IS NOT A GOOD THING
Most people know I'm on Twitter (not linked because they suspended my account for some reason. I think its because I posted 3 youtube videos over the course of several hours. I'll update this more later) and know my screen name is phiberoptik. I really don't want to get into a huge conversation about why people pick the screen names they do, but I had a specific reason why I picked phiberoptik. It nothing to do with getting a high rank in Google. It was actually as a throw back to the golden age of hacking and world famous hackers. Phiber Optik was part of the hacker group which called themselves Masters of Deception. Many of the members used to be part of the Legion of Doom which also had a group of very famous hackers. I'm not going to rehash all of their exploits, but I can tell you both groups went at each other in an all out war which mostly took place in cyberspace (I hate that word, but what else do you call it?) over the span of several years. Since I was in college at the time and had heard of both groups, I figured it was a cool name and I wouldn't I idolized say Mark Abene, but his skills were impressive to say the least. I also had a roommate who was a hacker and knew of both groups and had meet several of the guys at one the famous 2600 meetings in New York City.
The point of all this is I've had my twitter account for several months and no one has ever message me to find out if I'm the "real" Phiber Optik, until a few weeks ago, I got several direct messages asking me if I was indeed him. I was baffled why all the inquires now, after having my account for so long. I did what any normal does. I went out to Google and typed in phiber optik and wouldn't know what was #3 on the first page? My Twitter account!! I thought it explained a lot and I think I'm going to have to put a disclaimer in my profile to let people know I'm not Mark Abene (Phiber Optik), I'm just a fan.
Which brings me to my brief stint as a hacker. In college, I lived with several engineers, two of which were computer science engineering students. My roommate Clark, was basically going through the motions of getting his degree as he was already programming in true third gen languages (this was in the early 1990's when most people had never heard of C++ and they had already spent several years programming with it) with one of our friends whose Dad owned a software company and employed them both. The funny part is they both worked at Great Plains Software company in Fargo and after they were purchased by Microsoft in early 2000, both were brought back in to help transition the software since much of it had been written by them.
ANYWAYS, my roommate had been a hacker for some time and during the early years of my college career he was doing some data entry for a company at night, doing server updates and patching some of their software. He used the downtime during the updates to log in and use the companies server to get out and jump to several other unprotected servers and generally wonder around, poking around and sniffing in files here and there. His hacking was never done to get passwords or leave sniffers on a person's network, or take down the network, it was done in fun, and as a way to kill several hours while he completed his other work. In a few months, his fun was about to turn very very dangerous.
The story goes, Clark was working on his CS degree, and visited several bulletin boards where all types of people met to swap funny stories, pictures and code. While on one board, one discussion got pretty heated when someone attacked at the programmers saying if it wasn't for engineers, there would be nothing for the programmers to do. Most responses were if the programmers didn't write the code for the engineers, none of their shit would work properly. It is the age old argument of which came first, the chicken or the egg?
Well, my roommate is a pretty laid back guy, but for some reason, the arrogance of this particular poster really irked him. He decided he was going to get even, and so he started to track his prey across the bulletin boards and eventually found out from some low level hacking and human engineering, his target just happened to be a professor at Michigan Tech in Houghton Michigan. Clark decided he needed to take his game up a notch and laid out a plan.
You have to understand these whole scenario was taking place in the early 1990's. Network security back then was almost non-existent. Firewalls? Anti-virus software? Not even close. Clark simply walked right into the NDSU library and told the person at the desk he was a grad student working for an engineering professor and needed his login and password so he could post his grades for tests. No breaking into the network, no lock picking, no nothing. He went in and ASKED for the login and password and the library admin gladly handed it over to me.
The reason Clark did this was for several reasons. First, back in the 1990's network privileges were pretty simple. Either you had administrative logins (like faculty) or non-administrative logins (which were all the students). By having the professors login and password, Clark suddenly had a "super user" on the NDSU network. Although most professors simply used their accounts for email, Clark could use his to mask his real identity as well as jump from network to network by using the NDSU network as a jumping off point.
Now Clark had two things he needed. He knew who his target was, and now he had the proper access to start some real fireworks. He knew he was holding all the aces and gave the professor one more time to recant his arrogance before he let loose with a barrage of attacks on the Michigan Tech networks. He once told me, he tried to reason with the man, but there was no reasoning with him. He gave him an out and he did not take it. He never threatened the professor directly or threaten to damage any of the network at Tech, which was probably the smartest thing he did. He simply told him he should realize the importance of programmers - nothing too major, but he wouldn't recant - he hated programmers. Unfortunately, he was about to change his mind.
I can't divulge the date, but at a certain time and date, Clark logged in using the professors login and skipped across several networks, before sending what appeared to be a harmless email to another Michigan Tech student he befriended on another board with one of his alias names he used when he was hacking. The email contained a trojan horse virus and as soon as the student opened the email, the virus would be launched. It was a simple virus. It scanned the network, looking for files to attack, disable and delete. Clark had no idea how potent his virus was. Within 4 hours, the ENTIRE Michigan Tech network had collapsed. Several days later when he logged onto the bulletin board, he was shocked to see over 100 messages relating what had happened. It took three days to patch the Tech network and get back up and running. 80% of the user accounts had been deleted, including all of the faculty accounts. He had no idea, but he said he walked around for a full week with a huge grin on his face. He had wrought destruction of his target and then he started thinking about rubbing it in. He admitted to me later on, "I got greedy. I was like any other hacker at the time, I wanted people to know it was me. I wanted this professor to understand that programmers were superior, and we could pull the plug whenever we wanted to. Coming out of the woodwork and taunting this professor was pretty dumb, and in the end, it's how the FBI got me."
This is how they caught him. He told me after he went back on the bulletin board and started taunting the professor, asking him why he wasn't on for several days and eventually got him to admit their network crashed. Clark started dropping hints it was him and continued to try and get the professor to admit programmers where superior. It turns out right after the network crashed and Tech had surmised someone let a virus loose on their network and it determined it was done with malicious intent, they brought in the feds and started tracking Clark and comparing Clark's posts to when he was logging in and out of the system. It came to a head one afternoon in one of the old computer clusters.
Clark said it was just like in the movies. He was sitting at his desk when three guys walked into the room. Two in suits (with sunglasses) and the computer admin who ran the cluster room. They walked straight over to him and he tried to blurt something out to the effect of, "Give me just a minute guys, I'm logging out here." to which the two federal agents said, "There's no need to Clark, we know who you are and what you've been up to." Clark told he nearly shit his pants. He knew of the feds, he knew they didn't like hackers and lucky for him, there were no laws in place to deal with him or what he had done.
He got pulled into an office and the agents told him what they knew and if there was anything he'd like to tell them. He knew he was in deep shit and just told them what he did, how he did it, and then told them he didn't mean any harm, it was just a personal thing he had with this professor. The agents told him he was in big trouble but unfortunately there were no laws to prosecute him under and since it would have been a federal case and because he didn't break into any government facilities or download any sensitive files, they weren't going to bring charges against him. He was also told they considered him a small fish in a growing murky backwater of hackers. The feds were after bigger fish to bring the hammer down on. Who was going to care about a hacker in North Dakota who crashed some university system because of an argument?
In any case, he was told he as now "on the list" of hackers who be under surveillance for the next several years, just in case he ever thought about doing something like this again. The feds told him they would be back and they would press charges. They said by then the set of statues being drawn up in congress would be in full effect and the federal charges would bring fines and jail time.
Clark said it was ironic he got busted when he did. Only a few years later the largest federal manhunt resulted in the capture and conviction of Kevin Mitnick. Mitnick was sentenced to 46 months in 1999, 4 years after his capture in 1995.
The university did punish him by taking away his network privileges for a year which meant no email, no computer login and no access to any of the computer clusters on campus. He told me he was lucky, and by god he learned his lesson. He hung up his hacker career and just stuck with developing software. It's something not a lot of people know about Clark, but I do. When people ask him about it, he just shrugs and says, "A hacker? Who me? I write software, I don't break into networks. That stuff is for kids."
My life served up ice cold in a dirty ashtray.
About Me
- Snarls
- Just another dark, wondering wretch, looking for the answers to lifes riddles.
Blog Archive
-
►
2007
(15)
- December (2)
- November (2)
- August (1)
- July (1)
- June (1)
- May (1)
- April (2)
- March (2)
- February (1)
- January (2)
-
►
2005
(13)
- December (1)
- October (1)
- September (1)
- July (1)
- April (1)
- March (1)
- February (5)
- January (2)