COMPUTER OUTLAWS MORE DANGEROUS Authorities say growing number of hackers threatening national security, public safety Daily News of Los Angeles (LA) - SUNDAY September 4, 1994 By: Keith Stone Daily News Staff Writer Edition: BULLDOG Section: NEWS Page: N1 Word Count: 1,778 "Agent Steal" was captured last month in Westwood, but computer crime cop Scott Charney knows cyberspace is crawling with other criminals and spies, some more dangerous. "The threat is an increasing threat," said Charney, head of the computer crime unit for the U.S. Department of Justice. "It could be a 16-year-old kid out for fun - or it could be someone who is actively working to get information from the United States." "Agent Steal," the computer alias for Justin Tanner Petersen, belongs to a growing new breed of digital outlaws who threaten national security and public safety, Charney said. In Los Angeles alone, Petersen is one of at least four outlaw computer hackers who in recent years have demonstrated they can seize control of telephones and break into government computers. "We are out of the realm of the theoretical," Charney said. Government reports further reveal that foreign intelligence agencies and mercenary computer hackers have been sneaking through telephone lines into military and commercial computers. In Petersen's case, the flamboyant 34-year-old pleaded guilty to tapping into credit bureau telephones and computers for get-rich schemes. But FBI agents say they also believe he broke into a computer used to conduct legal wiretaps. During a telephone interview from an undisclosed location with the Daily News several weeks before his arrest, Petersen alluded to the destruction that hackers like himself can cause with a few key-strokes. "I wouldn't want the powers I have to be in the wrong hands - someone with malicious intentions," he said. Top government officials say it is too late. Former North Hollywood resident Kevin Lee Poulsen - known as the "Dark Dante" - is awaiting trial in San Francisco on espionage charges for cracking an Army computer and snooping into an FBI investigation of former Philippine President Ferdinand Marcos. The cases of Poulsen, Petersen and others illustrate how the stereotypical teen-age hacker, driven by intellectual challenge and curiosity, now is being replaced by technically sophisticated criminals driven by greed. "The nature of this changing motivation makes computer intruders' skills high-interest targets for criminal elements and hostile adversaries," according to a publicly released version of a Department of Defense report, "An Awareness Document." Hired by terrorists, these hackers could cripple the country's telephone system, "create significant public health and safety problems, and cause serious economic shocks," the September 1993 defense report adds. Further, as the world becomes wired for computer networks, the report says there is a greater threat the networks will be used for spying and terrorism. "At least one foreign intelligence service is believed to be actively engaged in the collection of intelligence through computer intrusion," the report says, but does not identify the service. Is danger overstated? Some argue the hacker danger is overstated, and that the nation's telephone system is in more jeopardy from drunk drivers who take out utility poles or someone who breaks into a switching station. They say perhaps a greater risk lies in government agencies exaggerating the hacker problem to justify the creation of overly restrictive laws, in the same way fear of communism was used to violate civil rights during the 1950s. "Of course there are people who can screw up the networks, and people who will sell themselves for a packet of comic books - but I think they (the government) greatly overstate the threat," said Northern Illinois University criminologist Jim Thomas. "Where I see the danger is when the goals become hysteria, and the answer I would argue is not tighter laws but educating the public that here are some dangers," Thomas said. But government reports give more weight to the potential for destruction. The President's National Security Telecommunications Advisory Committee warned in a 1992 report that "known individuals in the hacker community have ties with adversary organizations. Hackers frequently have international ties." They include some members of the Chaos Computer Club in Germany, who the 1993 Department of Defense report says have demonstrated their willingness to work with foreign governments. The Chaos Computer Club is believed to have cracked a NASA computer and supplied the Soviet Union's KGB with information obtained from western military systems, the report says, citing "Phrack," an on-line journal. "The group is still highly active, and its international membership is growing," the report says. In another well-documented case, the German national intelligence service began "Project Rahab," gathering 66 computer hackers and agents to infiltrate computers in the United States and elsewhere. "According to intelligence officials, Rahab's activities continue to this day," the report says. Designing defenses Nationwide, telephone companies and government agencies are designing new ways to defend against hackers and track down criminals who do breach the networks. The FBI recently opened its second computer crime unit in San Jose, the heart of the Silicon Valley. And the Department of Justice in Washington, D.C., is adding two more computer crime specialists to its staff of four, to guide local federal prosecutors in the war on digital crime. Pacific Bell spokeswoman Linda Bonniksen said the battle with hackers is never ending, but with each attack, the company learns and strengthens the system. "It is a big house, and we close as many doors as we can, and new doors will open and we will close those," Bonniksen said. An entirely secure telephone system would be possible to build, but it would cost customers too much and would be too difficult to use, she said. "It is going to be a very fine balance between a secure network and a network that is easy for people to use and priced affordably," she said. At the same time that telephone companies must protect against electronic break-ins, hackers also have burglarized offices in search of computer manuals. Anonymous memo One manual that explains how to manipulate telephone lines has been circulated widely in the computer underground, a copy of which was dropped off anonymously at the Daily News. In a 1987 internal document, Pacific Bell outlined several attacks by hackers and noted that the accuracy of computerized billing had been jeopardized. "A customer can dispute large direct-dialed calls and claim his telephone was accessed by a computer hacker," the document warns. Since 1987, Bonniksen said Pacific Bell probably has solved that problem. "Could we find a new door opened up today or tomorrow? Possibly," she said. Petersen is direct about the abilities of hackers like himself to infiltrate computers and the telephone system. "People just need to be aware that is the way it is, and there is nothing they can do about it, unless they want to spend even more money on security," he said. The most common problem involves hackers breaking into telephone networks and using other people's credit cards to call other hackers and electronic bulletin boards. Sometimes they sell the credit card numbers. The latest estimates from the FBI show that unauthorized use of long-distance telephone lines ranges from $164 million to $5 billion a year. At Execuline, a long-distance telephone company in Sacramento, intruders try to break into the system from 8,000 to 10,000 times a day to use other people's credit cards, said Jim Smith, president of the company. Thrifty Tel Inc., a long-distance company in Garden Grove, is fighting back by imposing a $2,800 tariff on people caught using their lines without permission. "It is a 24 hours a day, seven days a week nonstop problem," said Dale Herring, director of security for Thrifty-Tel. Students charged In June 1993, two Hueneme High School students were charged with fraud for using Thrifty Tel access numbers to make thousands of dollars in calls to computer bulletin boards and other hackers. The teen-agers ultimately pleaded guilty and were ordered to pay restitution. Poulsen and Petersen, together with a third hacker, Ronald Austin, carried off perhaps one of the most unusual of all electronic exploits: They seized control of Los Angeles radio station telephones to win promotional giveaways of hundreds of thousands of dollars, Porsches and a trip to Hawaii. Slight and looking younger than his 28 years, Poulsen was in federal court last month in Los Angeles to fight a prosecutor's request to unseal his plea agreement on the radio case. The judge ordered the agreement to remain sealed. Poulsen and Petersen are scheduled to be sentenced in October. Poulsen already has been in custody for 3-1/2 years - more time behind bars than any other computer hacker. Petersen is being held at the same federal detention center in Los Angeles. At the October court hearing, Petersen also is scheduled to be sentenced on charges that he tapped TRW credit bureau telephones to obtain information for credit card schemes. Petersen, a one-time Hollywood nightclub promoter with shoulder-length hair and a love for driving fast German cars, tried to defend his crimes as hurting only companies, not individuals. "I don't want people to think I'm some no-conscience criminal that is plaguing the electronic airways. I like to think of myself as having a lot of integrity, and I'm just doing what I can do to survive. This isn't a way of life for me." Petersen said. Shortly after Petersen's first arrest in 1991, the FBI persuaded him to work for them undercover, and he said one of his first duties was helping them build their case against Poulsen. But while Petersen worked undercover, federal authorities said he continued to commit computer crimes, using other people's credit cards to enrich himself. He admitted to his new crimes Oct. 22, and then somehow managed to slip out of the federal courthouse in Los Angeles. He wasn't seen again until his arrest last month. Capturing hackers is becoming increasingly difficult, federal officials acknowledge. "The hard-core members of the computer underground are now more elusive than ever," the Defense Department report says. "Weaving in and out of computers not only avoids toll charges, but also makes tracing intruders difficult, if not impossible." One outlaw hacker, Kevin "Condor" Mitnick, has been on the lam since November 1992 when he escaped law enforcement agents who had been staking out a Studio City copy shop. The FBI says the 31-year-old Panorama City recluse broke Pacific Bell's telephone codes and electronically eavesdropped on law enforcement agents to obtain drivers license information. Mitnick has developed a cult following among many hackers, and his exploits have become legend at California State University, Northridge, where he hacked on computers. Charney bristles at the glorification of outlaw hackers. "Because not everyone is computer literate, there is a tendency to view those who are as somehow mystical and that the normal rules of life don't apply to them. "But they do," he added.