[ISN] Meet the Hacker Trackers

From: mea culpa (jerichoat_private)
Date: Mon Aug 03 1998 - 14:47:21 PDT

  • Next message: mea culpa: "[ISN] Quick Note on Back Orifice..."

    Forwarded From: Simon Taplin <stickerat_private>
    
    Taken off www.net-live.com
    
    Meet the Hacker Trackers 
    
    A gang of convicts dressed in cartoon-striped uniforms shuffle slowly
    along a sidewalk, searing in the noon-day sun. This is downtown Phoenix, a
    low-rise high-tech city with a decidedly old- fashioned approach to crime.
    >From her office on the sixth floor of the county attorney's office, the
    prosecutor remains unmoved by the sight of the prisoners. "People 'round
    here don't have much in the way of sympathy for criminals of any kind. And
    most of those guys are real criminals, not jumped up nobodies screaming
    for attention - the kind of people I deal with!"
    
    Meet Gail Thackeray, the world's foremost legal expert on computer crime.
    A former assistant attorney general of the state of Arizona, Thackeray has
    been fighting hackers and fraudsters for nearly 25 years. Now she works as
    a prosecutor for the Maricopa County attorney's office, a jurisdiction the
    size of New England that takes in all of Phoenix. It's most famous as the
    home of Sheriff Joe Arpaio, "the meanest sheriff in America". This is the
    man responsible for the convicts in stripes. He has made his reputation by
    toughening up prison conditions, to loud hollers of approval from
    freedom-loving Arizonans. 
    
    Good citizens of Maricopa County can now walk the streets in safety, but
    for the big technology companies that have moved to the "valley of the
    sun", the unseen hand of hackers and computer phreaks is proving a major
    distraction. Whether it's a left-over hippy feeling, the University campus
    or just a reaction to the extreme heat, Phoenix is a top spot for computer
    criminals. Thackeray is there to stop them.
    
    Arizona has perhaps the United States' strongest legal code against the
    activities of hackers, but sometimes Gail aches to fight fire with fire.
    "We have to document every step of the way we investigate. They don't need
    to have our education. They just need one other crook showing them, like
    monkeys at a keyboard, how to imitate the crime. The bulletin boards were
    the precursors to this, but the Net has exploded it down to the individual
    level anywhere in the world. You don't need sophistication, you don't even
    need very good equipment - one of the best hackers we've ever dealt with
    had a Compaq luggable 286 and he was wreaking havoc around the world. Just
    a list of his route on different systems attached to the Internet would
    keep me in the hacker business for the rest of my life - it goes on for
    pages." 
    
    Getting away with it 
    
    We move from her office to the conference room next door. Thackeray
    proudly displays her new Compaq notebook. Her famous slide show is now
    held on the notebook's hard disk. For more years than she'd care to
    remember, Thackeray has been showing her slides to police forces and
    prosecutors across the United States, advising them how to build a case
    against hackers. She also trains police forces all over the country,
    including secret service agents at the Georgia Federal training centre. 
    Even the bad guys have been known to call her to find out what the cops
    have been up to.
     
    Although she has been a hacker tracker for 25 years, Thackeray is more
    depressed than ever by the escalating scale of computer crime. The Web,
    she says, has made it impossible to catch the crooks. "Even if it's the
    boy next door, we haven't a chance. He may be doing something rotten to
    your high-tech consulting firm, he may be next door trying to steal your
    stuff - but he's looping through a long-distance carrier, a corporate
    phone system, three Internet providers and circling the world twice before
    he hits you. That's the problem from our standpoint. Even assuming all
    those parties can trace the links they're involved in, we have to go
    through a different process, and probably a different law enforcement
    agency, for every single one. 
    
    "In the old days out here, the Texas rangers were very famous for catching
    bank robbers. They didn't stop at the Texas border when chasing a killer.
    They'd jump on their horse and, even if they crossed the state line, they
    would follow wherever the chase lead them. In the computer age we can't do
    that at all. What we have now in the US is a mish-mash of laws and
    agencies. Multiply that on the international level and it's completely out
    of hand." 
    
    High-tech law enforcement 
    
    Thackeray moved to Arizona in 1986 after beginning her career as a
    prosecutor in Philadelphia. She worked in the attorney general's office
    running an organised crime and racketeering unit that won a national
    reputation for its technical ability in the fight against hackers. She was
    also the mastermind behind Operation Sundevil (see panel, overleaf), the
    first nationally coordinated raid on hackers. But then democracy took a
    turn and she became a victim of the strange process by which Americans
    elect their most senior law officers. Her boss lost the race to be elected
    attorney general. The victor wasn't interested in technology so 12 people
    got sacked, including Thackeray.
    
    Taking a break from the slide show for a moment, she shows me a little
    number-generating program stored on her laptop. It generates random
    numbers for Visa cards. Give it the four-digit code that identifies a card
    issuer and within minutes you'll have hundreds of false credit card
    numbers to play with. "Now supposing you had another little program that
    made the bank think these numbers were legitimate - How much do you think
    you could make?" We go on-line to see some of the hacker sites. Thackeray
    believes that the Web is making a bigger range of crimes much easier to
    commit. "In the future the good parts of the Internet will be bigger and
    more complex and available to more people and that's great. But this means
    all of those people will have victim potential. Thanks to the growth of
    the Web, one criminal can now do an unprecedented amount of damage,
    whether it's to corporations or to individual's feelings by threatening
    and stalking, spam attacks or just shutting down ISPs.
    
    "We have had four incidents in the first six months of this year.  These
    people are attacking not just the little local service provider, but also
    some of the 19 Internet backbone carriers. They're absolutely ruthless and
    don't care who they hurt. In a case in Tucson, tens of thousands of users
    were shut down just because some person with an adolescent level of
    maturity decided he was mad at another ISP, so he took all of its
    customers off-line. It's frighteningly easy to do and only took one
    broadcast message. All the routers that run the Internet shake hands
    periodically, so if you can infect one router, given time it will infect
    the entire world. And that's what happened. It took just a few days for
    the entire world to believe that this service provider, and all its
    customers, didn't exist."  Not only is the Web host to a whole new range
    of crimes, it's also home to a brand new band of weirdos. "Unfortunately
    the Web is the best playground ever invented for sociopaths. They can
    hide, are anonymous and can't be traced. Nobody is in charge and it gives
    them that power rush that psychologists say is what they live off. It's
    their whole life's breath. It's the chest-beating power surge of being
    able to do it and get away with it. We are just seeing more acts of wanton
    destruction simply for the sake of showing that you can do it."
    
    Does she think this new generation of Web hackers is a real threat to
    people? "Every baby in America knows the 911 emergency system. If mommy's
    drowning in the pool, we've had three-year- olds save her life by dialling
    911. The hackers have attacked the 911 system and they're still doing it.
    That's not for knowledge or for glory, that's just an act of vicious ego."
    
    Rat's nests and technocrap 
    
    Personal liberty is taken very seriously in the western United States.
    No-one likes the idea of "big government" interfering with people's lives.
    Even hackers gain sympathy when they complain of harassment by police and
    prosecutors. Some say they've been victimised by the authorities.
    
    Thackeray denies this. "It's a hacker myth that we take away their
    computers and sit on them forever. In one case we came across, the guy had
    over 12Gb of data stored on his system - that's equivalent to 15,000
    paperback books. It's better that we seize all that material - you might
    have love letters, cook book recipes and your extortion kidnapping letter
    on the same disk. We can't take one without taking the other. We cannot
    physically copy that volume. It is far easier for us to take computers
    away than for us to camp out in your house for six months."
    
    A hovel of a bedroom fills the projector screen. Coke cans everywhere,
    rubbish dotted across an unmade bed. In the corner sits a naked computer,
    stripped of casing, wires exposed. Thackeray calls it a rat's nest. She
    has hundreds of similar photos. "Back in Philadelphia I began collecting
    pictures of computers with their wires hanging out. When the geeks speak
    to a jury we call the language they use technocrap. What you have here is
    the physical version of technocrap." She gestures at the screen. Typically
    hackers will set up a stereo system within easy reach of the computer, and
    often a drinks cabinet as well.
    
    A recent innovation is the home network. "We've come up against four or
    five houses recently where people have had multiple systems networked in
    the house. And that's even without running a bulletin board. When we get
    lucky and we're fast enough we can find the guilty computer - but the
    hardest part of the job is finding the brain behind the computer. To find
    that person is good old- fashioned low-tech police work."
    
    Thackeray's team face another new problem caused by the huge increase in
    storage capacity. "In the computer situation no one throws anything out.
    That makes our life more difficult. We don't want to read the last five
    year's worth of your e-mail, life's too short and frankly it's not that
    interesting. But sometimes we're searching for one piece of evidence and
    it's buried in a huge volume of stuff so what else can we do?" 
    
    Tracking or trailing?
    
    The slide show draws to an end. We amble downstairs to the office of
    another investigator. He shows us an array of hacker memorabilia on his
    computer. I ask Gail about the future. She believes that unless there's a
    fundamental change in the way police forces treat computer crime, there is
    no hope at all. "The police departments and prosecutors around the country
    are, frankly, paramilitary organisations with very bureaucratic, layered
    decision- making processes. They see the need for more training in gangs;
    they don't see the need for more training in computers because the
    management came out of the knife and gun club.
    
    "Police management is dominated by the physical crimes people.  We've got
    to dissolve some of these barriers. When we move we need to move fast like
    the Texas rangers - both legally and bureaucratically we're just not there
    yet. When I started 20 years ago law enforcement was behind the computer
    crime wave. We're farther behind today than we were then." 
    
    Matt McGrath is an investigative journalist who works for Radio 5.
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:05 PDT