http://www.nzherald.co.nz/storydisplay.cfm?storyID=213042&thesection=technology&thesubsection=general 01.09.2001 PETER GRIFFIN unravels the tangled web behind one of New Zealand's ground-breaking computer hacking cases. >From the outset Andrew Garrett never really fitted the stereotype of a computer hacker - the geeky teenager with too much time on his hands, working in a darkened bedroom to tap into the computers of people in other cities on different continents for the sheer hell of it. The former blacksmith, internet administrator and web developer looks old beyond his 34 years - but nevertheless relaxed as he walks the gleaming walkways of the recently opened Botany Downs shopping centre, a few minutes' drive from his Bucklands Beach home. "I can remember when this was all just fields," he says. For the last couple of years green fields have been the farthest thing from his mind. For a while Garrett, one of the first in this country to be hauled before the courts for computer-related crimes, thought he was heading to prison. But earlier this month he was sentenced in the Manukau District Court to a six-months suspended sentence and 200 hours of community service for four fraud-related charges and a single charge of threatening to damage property. Just how Garrett ended up here is a long and complicated story. It started with a dispute between Garrett and Telecom over an outstanding $12,000 payment for telephone lines to his internet business, which escalated towards the end of 1997. "I wanted to develop The Hive as a passive revenue stream. A business that I could develop and leave for my kids when I passed on," he says of the fledgling internet service provider he was operating at the time. The dispute with Telecom dragged on through the early months of 1998 as Garrett married his fiancee Deborah. They returned from their honeymoon, a one-night stay at Sky City, to find Telecom had pulled the plug on The Hive. Further attempts to resolve the dispute with Telecom failed. Garrett said he realised that taking legal action against Telecom for what he believed was "anti-competitive" behaviour would be a waste of time after, he claims, a Telecom employee told him the company would stretch out any legal action as long as it could. Unable to afford court action, he decided to hit back at the dominant telco in what he believed was the only way he could. Using a Trojan horse computer program, which allowed him to gain remote access to the computers of others, he gathered at least 200 passwords, from a range of account holders, including some belonging to Xtra, Telecom's ISP as well as Ihug, Voyager, Clearnet and Best Net. Garrett still maintains his motive was not revenge, as suggested by Judge David Harvey at the end of his trial. His first comments to the media in November 1998 painted a different picture. "This is only the tip of the iceberg. There will be some other nasty things that will happen. Telecom has caused me a lot of grief. If I can put the boot in, I will," he told the Herald in his first media interview. "Granted, I was pissed off that Telecom put me out of business," says Garrett. "But what I thought the public needed to know was that if you have an account that is charged by the hour, and someone gets hold of your username and password, you would be liable." Garrett sent the passwords he had obtained to Herald IT editor Chris Barton, bringing his hacking activities to light and spurring Telecom to lodge a complaint against him with the police. Soon after, appearing to revel in the attention, Garrett appeared on Holmes, going head to head with Telecom's spokesperson, Glen Sowry. That appearance, submitted in court as evidence, would come back to haunt Garrett when it came to the critical question of a motive. Simply put, some of the stuff he said on the show didn't do him any good. "I don't do this for me, I do this for all the businesses that Telecom has ripped off," he proclaimed. Around the same time came a front page splash in a Wellington paper with the ominous headline: "I'll bring down Telecom - hacker." "[The company] didn't give a toss ... they're a bunch of rogues. They put me out of business ... treated me like shit for nine months. They're going to be taken down and that's why ... " he told the paper. While Garrett claimed he was exposing security deficiencies in Telecom's network for the public good, a substantial pile of evidence assembled by the Crown suggested his motives were not quite so pure. Most incriminating in Garrett's case was an electronic paper trail of e-mail correspondence and logs for the trojan program Back Orifice on a computer disk found with Garrett's computer - evidence picked up when police knocked on his door in March 1999 armed with a search warrant. Looking back, the Crown may have been scratching to have much of a case against Garrett were it not for the goldmine of information obtained from his hard drive and the associated Zip disk it seized. Computer logs showed Garrett used Back Orifice to retrieve password details from complete strangers. They also showed an attempt to send a threatening message to an internet user urging them to stop using Xtra as an internet provider or their hard drive would be wiped. Alone, the logs were damning, but Garrett's e-mails provided an even greater clue to what he was planning. "Did you run that proggy [sic] I sent you. Oops I forget to tell you not to, the app has a Trojan implant. Every time you connect to the net it will e-mail me and let me know," he said in an e-mail to friends. "There is no law in New Zealand that covers hacking so I'm pretty safe. The prison thing is just scare tactics, first they need to prove it was me at the terminal, and that's pretty hard to do," read another. Signs that Garrett even expected a visit from the police were also evident in his online musings. "Thaeres [sic] a thought, I had better remove the data from my machine, just in case they order a search warrant :), hehe. Now where's my encryption and archiving utils?" But Garrett claims he had nothing to hide. "A guilty person flushes the drugs down the toilet. At the end of the day I didn't have anything to hide," he says. He admits he was using Back Orifice as the founder of an internet help channel set up to combat the trojan. In this role he would access the computers of people infected with Back Orifice to warn them of the presence of the virus. The ease with which Back Orifice can be downloaded from the web, configured and used means keen users have become known as "script kiddies", because they need possess no skill at hacking. "The concept was to use Back Orifice to fight itself," says Garrett of the virus developed by the hacking group Cult of the Dead Cow, which was unleashed across the net in mid 1998. "I wanted to set it up in such a way that anyone who logged on to an internet service provider would automatically be scanned on that IP [internet protocol] address. "If they were infected with a Back Orifice Trojan, the program would automatically send them a warning dialogue box telling them so," he says of plans he had to develop a marketable program to combat the rampant Trojan. His own explanation for the existence of the incriminating material is long-winded and complicated, and not completely consistent. Garrett believes he himself had been hacked, infected with a Trojan - not good old Back Orifice, but a similar program called Net666. Thus, his computer was opened up to remote access in a case of villain turned victim. Infected with Net666 whoever it was who had Garrett in their nasty clutches was then able to use the copy of Back Orifice on his machine to launch attacks on other people's computers, creating logs as he went and attributing them to Garrett. A bit of a long shot? Everyone seemed to think so except Garrett and his defence team, which included veteran defence lawyer Barry Hart. Still, there were enough confusing factors in the case to persuade one juror there was doubt about Garrett's guilt, leaving the jury undecided on four other fraud-related charges and a charge of wilful damage. Garrett's story reads like a bit of a tragedy. He's an intelligent man. As Judge Harvey said in his summing up he has "good qualities". As a young, aspiring businessman, an amicable settlement to his dispute with Telecom could have seen Garrett go on to bigger things in the internet services world, which was riding the crest of the technology wave at the time. Who knows where Garrett would have ended up if he hadn't used a computer program to access the computer passwords of others, then splashed himself across the national media revealing his bitter resentment of Telecom. But the path he took in obtaining a few passwords over the internet has taken a toll on Garrett and his family. He claims the stress of his early battles with Telecom over outstanding bills caused his wife to suffer a miscarriage. Later, as the case reached its final stages, charges were laid against a teenager for molesting Garrett's 6-year-old son. That case was thrown out "due to a lack of evidence" says Garrett. A few weeks later Garrett was climbing the steps of the same court house to begin his own trial. Garrett has also remained unemployable, a position that has left the family of five financially crippled. Both he and his wife suffered health problems, stress-related illnesses according to Garrett. In a drawn-out case that attracted many colourful metaphors, perhaps the best came from Crown prosecutor Michael Heron who, in his closing statements, compared Garrett's actions to a person breaking into someone's house, having a look around and taking a copy of their keys, collecting five cents on the way out. In hindsight, Garrett accepts that obtaining the passwords and usernames was illegal. "Knowing what I know now, by obtaining those passwords I broke the law." But he maintains he was acting in the public's interests. "Essentially I didn't intend to defraud anyone. I was trying to highlight the fact that there was an issue with the billing structure of the internet." As he prepares to carry out his community service, which will see him introduce elderly members of the community to his world of computers and the internet, Garrett is uncertain about his future. He would like to find work again in the IT industry, but pre-occupied with his case for so long, his own computer skills are a bit rusty. Obviously disappointed with the outcome of the case, Garrett displays signs of acceptance that show he is ready to move on. "I've been dealt my cards, now I've got to play with them." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 05:14:17 PDT