From The Hacker Crackdown
, by Bruce Sterling
See: The Hacker Crackdown: Preface to the electronic release
for copying info
Next day we heard an extensive briefing from a guy who'd been a computer cop, gotten into hot water with an Arizona city council, and now installed computer networks for a living (at a considerable rise in pay). He talked about pulling fiber-optic networks apart.
Even a single computer, with enough peripherals, is a literal "network" -- a bunch of machines all cabled together, generally with a complexity that puts stereo units to shame. FCIC people invent and publicize methods of seizing computers and maintaining their evidence. Simple things, sometimes, but vital rules of thumb for street cops, who nowadays often stumble across a busy computer in the midst of a drug investigation or a white-collar bust. For instance: Photograph the system before you touch it. Label the ends of all the cables before you detach anything. "Park" the heads on the disk drives before you move them. Get the diskettes. Don't put the diskettes in magnetic fields. Don't write on diskettes with ballpoint pens. Get the manuals. Get the printouts. Get the handwritten notes. Copy data before you look at it, and then examine the copy instead of the original.
Now our lecturer distributed copied diagrams of a typical LAN or "Local Area Network", which happened to be out of Connecticut. *One hundred and fifty-nine* desktop computers, each with its own peripherals. Three "file servers." Five "star couplers" each with thirty-two ports. One sixteen-port coupler off in the corner office. All these machines talking to each other, distributing electronic mail, distributing software, distributing, quite possibly, criminal evidence. All linked by high-capacity fiber-optic cable. A bad guy -- cops talk a lot about "bad guys" -- might be lurking on PC #47 or #123 and distributing his ill doings onto some dupe's "personal" machine in another office -- or another floor -- or, quite possibly, two or three miles away! Or, conceivably, the evidence might be "data-striped" -- split up into meaningless slivers stored, one by one, on a whole crowd of different disk drives.
The lecturer challenged us for solutions. I for one was utterly clueless. As far as I could figure, the Cossacks were at the gate; there were probably more disks in this single building than were seized during the entirety of Operation Sundevil.
"Inside informant," somebody said. Right. There's always the human angle, something easy to forget when contemplating the arcane recesses of high technology. Cops are skilled at getting people to talk, and computer people, given a chair and some sustained attention, will talk about their computers till their throats go raw. There's a case on record of a single question -- "How'd you do it?" -- eliciting a forty-five-minute videotaped confession from a computer criminal who not only completely incriminated himself but drew helpful diagrams.
Computer people talk. Hackers *brag.* Phone-phreaks talk *pathologically* -- why else are they stealing phone-codes, if not to natter for ten hours straight to their friends on an opposite seaboard? Computer-literate people do in fact possess an arsenal of nifty gadgets and techniques that would allow them to conceal all kinds of exotic skullduggery, and if they could only *shut up* about it, they could probably get away with all manner of amazing information-crimes. But that's just not how it works -- or at least, that's not how it's worked *so far.*
Most every phone-phreak ever busted has swiftly implicated his mentors, his disciples, and his friends. Most every white-collar computer-criminal, smugly convinced that his clever scheme is bulletproof, swiftly learns otherwise when, for the first time in his life, an actual no-kidding policeman leans over, grabs the front of his shirt, looks him right in the eye and says: "All right, *asshole* -- you and me are going downtown!" All the hardware in the world will not insulate your nerves from these actual real-life sensations of terror and guilt.
Cops know ways to get from point A to point Z without thumbing through every letter in some smart-ass bad-guy's alphabet. Cops know how to cut to the chase. Cops know a lot of things other people don't know.
Hackers know a lot of things other people don't know, too. Hackers know, for instance, how to sneak into your computer through the phone-lines. But cops can show up *right on your doorstep* and carry off *you* and your computer in separate steel boxes. A cop interested in hackers can grab them and grill them. A hacker interested in cops has to depend on hearsay, underground legends, and what cops are willing to publicly reveal. And the Secret Service didn't get named "the *Secret* Service" because they blab a lot.
Some people, our lecturer informed us, were under the mistaken impression that it was "impossible" to tap a fiber-optic line. Well, he announced, he and his son had just whipped up a fiber-optic tap in his workshop at home. He passed it around the audience, along with a circuit-covered LAN plug-in card so we'd all recognize one if we saw it on a case. We all had a look.
The tap was a classic "Goofy Prototype" -- a thumb-length rounded metal cylinder with a pair of plastic brackets on it. From one end dangled three thin black cables, each of which ended in a tiny black plastic cap. When you plucked the safety-cap off the end of a cable, you could see the glass fiber -- no thicker than a pinhole.
Our lecturer informed us that the metal cylinder was a "wavelength division multiplexer." Apparently, what one did was to cut the fiber-optic cable, insert two of the legs into the cut to complete the network again, and then read any passing data on the line by hooking up the third leg to some kind of monitor. Sounded simple enough. I wondered why nobody had thought of it before. I also wondered whether this guy's son back at the workshop had any teenage friends.
We had a break. The guy sitting next to me was wearing a giveaway baseball cap advertising the Uzi submachine gun. We had a desultory chat about the merits of Uzis. Long a favorite of the Secret Service, it seems Uzis went out of fashion with the advent of the Persian Gulf War, our Arab allies taking some offense at Americans toting Israeli weapons. Besides, I was informed by another expert, Uzis jam. The equivalent weapon of choice today is the Heckler & Koch, manufactured in Germany.
The guy with the Uzi cap was a forensic photographer. He also did a lot of photographic surveillance work in computer crime cases. He used to, that is, until the firings in Phoenix. He was now a private investigator and, with his wife, ran a photography salon specializing in weddings and portrait photos. At -- one must repeat -- a considerable rise in income.
He was still FCIC. If you were FCIC, and you needed to talk to an expert about forensic photography, well, there he was, willing and able. If he hadn't shown up, people would have missed him.
Our lecturer had raised the point that preliminary investigation of a computer system is vital before any seizure is undertaken. It's vital to understand how many machines are in there, what kinds there are, what kind of operating system they use, how many people use them, where the actual data itself is stored. To simply barge into an office demanding "all the computers" is a recipe for swift disaster.
This entails some discreet inquiries beforehand. In fact, what it entails is basically undercover work. An intelligence operation. *Spying,* not to put too fine a point on it.
In a chat after the lecture, I asked an attendee whether "trashing" might work.
I received a swift briefing on the theory and practice of "trash covers." Police "trash covers," like "mail covers" or like wiretaps, require the agreement of a judge. This obtained, the "trashing" work of cops is just like that of hackers, only more so and much better organized. So much so, I was informed, that mobsters in Phoenix make extensive use of locked garbage cans picked up by a specialty high-security trash company.
In one case, a tiger team of Arizona cops had trashed a local residence for four months. Every week they showed up on the municipal garbage truck, disguised as garbagemen, and carried the contents of the suspect cans off to a shade tree, where they combed through the garbage -- a messy task, especially considering that one of the occupants was undergoing kidney dialysis. All useful documents were cleaned, dried and examined. A discarded typewriter-ribbon was an especially valuable source of data, as its long one-strike ribbon of film contained the contents of every letter mailed out of the house. The letters were neatly retyped by a police secretary equipped with a large desk-mounted magnifying glass.
There is something weirdly disquieting about the whole subject of "trashing" -- an unsuspected and indeed rather disgusting mode of deep personal vulnerability. Things that we pass by every day, that we take utterly for granted, can be exploited with so little work. Once discovered, the knowledge of these vulnerabilities tend to spread.
Take the lowly subject of *manhole covers.* The humble manhole cover reproduces many of the dilemmas of computer-security in miniature. Manhole covers are, of course, technological artifacts, access-points to our buried urban infrastructure. To the vast majority of us, manhole covers are invisible. They are also vulnerable. For many years now, the Secret Service has made a point of caulking manhole covers along all routes of the Presidential motorcade. This is, of course, to deter terrorists from leaping out of underground ambush or, more likely, planting remote-control car-smashing bombs beneath the street.
Lately, manhole covers have seen more and more criminal exploitation, especially in New York City. Recently, a telco in New York City discovered that a cable television service had been sneaking into telco manholes and installing cable service alongside the phone-lines -- *without paying royalties.* New York companies have also suffered a general plague of (a) underground copper cable theft; (b) dumping of garbage, including toxic waste, and (c) hasty dumping of murder victims.
Industry complaints reached the ears of an innovative New England industrial-security company, and the result was a new product known as "the Intimidator," a thick titanium-steel bolt with a precisely machined head that requires a special device to unscrew. All these "keys" have registered serial numbers kept on file with the manufacturer. There are now some thousands of these "Intimidator" bolts being sunk into American pavements wherever our President passes, like some macabre parody of strewn roses. They are also spreading as fast as steel dandelions around US military bases and many centers of private industry.
Quite likely it has never occurred to you to peer under a manhole cover, perhaps climb down and walk around down there with a flashlight, just to see what it's like. Formally speaking, this might be trespassing, but if you didn't hurt anything, and didn't make an absolute habit of it, nobody would really care. The freedom to sneak under manholes was likely a freedom you never intended to exercise.
You now are rather less likely to have that freedom at all. You may never even have missed it until you read about it here, but if you're in New York City it's gone, and elsewhere it's likely going. This is one of the things that crime, and the reaction to crime, does to us.
The tenor of the meeting now changed as the Electronic Frontier Foundation arrived. The EFF, whose personnel and history will be examined in detail in the next chapter, are a pioneering civil liberties group who arose in direct response to the Hacker Crackdown of 1990.
Now Mitchell Kapor, the Foundation's president, and Michael Godwin, its chief attorney, were confronting federal law enforcement *mano a mano* for the first time ever. Ever alert to the manifold uses of publicity, Mitch Kapor and Mike Godwin had brought their own journalist in tow: Robert Draper, from Austin, whose recent well-received book about ROLLING STONE magazine was still on the stands. Draper was on assignment for TEXAS MONTHLY.
The Steve Jackson/EFF civil lawsuit against the Chicago Computer Fraud and Abuse Task Force was a matter of considerable regional interest in Texas. There were now two Austinite journalists here on the case. In fact, counting Godwin (a former Austinite and former journalist) there were three of us. Lunch was like Old Home Week.
Later, I took Draper up to my hotel room. We had a long frank talk about the case, networking earnestly like a miniature freelance-journo version of the FCIC: privately confessing the numerous blunders of journalists covering the story, and trying hard to figure out who was who and what the hell was really going on out there. I showed Draper everything I had dug out of the Hilton trashcan. We pondered the ethics of "trashing" for a while, and agreed that they were dismal. We also agreed that finding a SPRINT bill on your first time out was a heck of a coincidence.
First I'd "trashed" -- and now, mere hours later, I'd bragged to someone else. Having entered the lifestyle of hackerdom, I was now, unsurprisingly, following its logic. Having discovered something remarkable through a surreptitious action, I of course *had* to "brag," and to drag the passing Draper into my iniquities. I felt I needed a witness. Otherwise nobody would have believed what I'd discovered....
Back at the meeting, Thackeray cordially, if rather tentatively, introduced Kapor and Godwin to her colleagues. Papers were distributed. Kapor took center stage. The brilliant Bostonian high-tech entrepreneur, normally the hawk in his own administration and quite an effective public speaker, seemed visibly nervous, and frankly admitted as much. He began by saying he consided computer-intrusion to be morally wrong, and that the EFF was not a "hacker defense fund," despite what had appeared in print. Kapor chatted a bit about the basic motivations of his group, emphasizing their good faith and willingness to listen and seek common ground with law enforcement -- when, er, possible.
Then, at Godwin's urging, Kapor suddenly remarked that EFF's own Internet machine had been "hacked" recently, and that EFF did not consider this incident amusing.
After this surprising confession, things began to loosen up quite rapidly. Soon Kapor was fielding questions, parrying objections, challenging definitions, and juggling paradigms with something akin to his usual gusto.
Kapor seemed to score quite an effect with his shrewd and skeptical analysis of the merits of telco "Caller-ID" services. (On this topic, FCIC and EFF have never been at loggerheads, and have no particular established earthworks to defend.) Caller-ID has generally been promoted as a privacy service for consumers, a presentation Kapor described as a "smokescreen," the real point of Caller-ID being to *allow corporate customers to build extensive commercial databases on everybody who phones or faxes them.* Clearly, few people in the room had considered this possibility, except perhaps for two late-arrivals from US WEST RBOC security, who chuckled nervously.
Mike Godwin then made an extensive presentation on "Civil Liberties Implications of Computer Searches and Seizures." Now, at last, we were getting to the real nitty-gritty here, real political horse-trading. The audience listened with close attention, angry mutters rising occasionally: "He's trying to teach us our jobs!" "We've been thinking about this for years! We think about these issues every day!" "If I didn't seize the works, I'd be sued by the guy's victims!" "I'm violating the law if I leave ten thousand disks full of illegal *pirated software* and *stolen codes!*" "It's our job to make sure people don't trash the Constitution -- we're the *defenders* of the Constitution!" "We seize stuff when we know it will be forfeited anyway as restitution for the victim!"
"If it's forfeitable, then don't get a search warrant, get a forfeiture warrant," Godwin suggested coolly. He further remarked that most suspects in computer crime don't *want* to see their computers vanish out the door, headed God knew where, for who knows how long. They might not mind a search, even an extensive search, but they want their machines searched on-site.
"Are they gonna feed us?" somebody asked sourly.
"How about if you take copies of the data?" Godwin parried.
"That'll never stand up in court."
"Okay, you make copies, give *them* the copies, and take the originals."
Godwin championed bulletin-board systems as repositories of First Amendment protected free speech. He complained that federal computer-crime training manuals gave boards a bad press, suggesting that they are hotbeds of crime haunted by pedophiles and crooks, whereas the vast majority of the nation's thousands of boards are completely innocuous, and nowhere near so romantically suspicious.
People who run boards violently resent it when their systems are seized, and their dozens (or hundreds) of users look on in abject horror. Their rights of free expression are cut short. Their right to associate with other people is infringed. And their privacy is violated as their private electronic mail becomes police property.
Not a soul spoke up to defend the practice of seizing boards. The issue passed in chastened silence. Legal principles aside -- (and those principles cannot be settled without laws passed or court precedents) -- seizing bulletin boards has become public-relations poison for American computer police.
And anyway, it's not entirely necessary. If you're a cop, you can get 'most everything you need from a pirate board, just by using an inside informant. Plenty of vigilantes -- well, *concerned citizens* -- will inform police the moment they see a pirate board hit their area (and will tell the police all about it, in such technical detail, actually, that you kinda wish they'd shut up). They will happily supply police with extensive downloads or printouts. It's *impossible* to keep this fluid electronic information out of the hands of police.
Some people in the electronic community become enraged at the prospect of cops "monitoring" bulletin boards. This does have touchy aspects, as Secret Service people in particular examine bulletin boards with some regularity. But to expect electronic police to be deaf dumb and blind in regard to this particular medium rather flies in the face of common sense. Police watch television, listen to radio, read newspapers and magazines; why should the new medium of boards be different? Cops can exercise the same access to electronic information as everybody else. As we have seen, quite a few computer police maintain *their own* bulletin boards, including anti-hacker "sting" boards, which have generally proven quite effective.
As a final clincher, their Mountie friends in Canada (and colleagues in Ireland and Taiwan) don't have First Amendment or American constitutional restrictions, but they do have phone lines, and can call any bulletin board in America whenever they please. The same technological determinants that play into the hands of hackers, phone phreaks and software pirates can play into the hands of police. "Technological determinants" don't have *any* human allegiances. They're not black or white, or Establishment or Underground, or pro-or-anti anything.
Godwin complained at length about what he called "the Clever Hobbyist hypothesis" -- the assumption that the "hacker" you're busting is clearly a technical genius, and must therefore by searched with extreme thoroughness. So: from the law's point of view, why risk missing anything? Take the works. Take the guy's computer. Take his books. Take his notebooks. Take the electronic drafts of his love letters. Take his Walkman. Take his wife's computer. Take his dad's computer. Take his kid sister's computer. Take his employer's computer. Take his compact disks -- they *might* be CD-ROM disks, cunningly disguised as pop music. Take his laser printer -- he might have hidden something vital in the printer's 5meg of memory. Take his software manuals and hardware documentation. Take his science-fiction novels and his simulation-gaming books. Take his Nintendo Game-Boy and his Pac-Man arcade game. Take his answering machine, take his telephone out of the wall. Take anything remotely suspicious.
Godwin pointed out that most "hackers" are not, in fact, clever genius hobbyists. Quite a few are crooks and grifters who don't have much in the way of technical sophistication; just some rule-of-thumb rip-off techniques. The same goes for most fifteen-year-olds who've downloaded a code-scanning program from a pirate board. There's no real need to seize everything in sight. It doesn't require an entire computer system and ten thousand disks to prove a case in court.
What if the computer is the instrumentality of a crime? someone demanded.
Godwin admitted quietly that the doctrine of seizing the instrumentality of a crime was pretty well established in the American legal system.
The meeting broke up. Godwin and Kapor had to leave. Kapor was testifying next morning before the Massachusetts Department Of Public Utility, about ISDN narrowband wide-area networking.
As soon as they were gone, Thackeray seemed elated. She had taken a great risk with this. Her colleagues had not, in fact, torn Kapor and Godwin's heads off. She was very proud of them, and told them so.
"Did you hear what Godwin said about *instrumentality of a crime?*" she exulted, to nobody in particular. "Wow, that means *Mitch isn't going to sue me.*"