[ISN] Hacked off at the way it all played out

From: InfoSec News (isnat_private)
Date: Tue Sep 04 2001 - 23:13:43 PDT

  • Next message: InfoSec News: "Re: [ISN] Guard the Secrets, Then Catch the Spies"

    http://www.nzherald.co.nz/storydisplay.cfm?storyID=213042&thesection=technology&thesubsection=general
    
    01.09.2001 
    
    PETER GRIFFIN unravels the tangled web behind one of New Zealand's
    ground-breaking computer hacking cases.
    
    >From the outset Andrew Garrett never really fitted the stereotype of a
    computer hacker - the geeky teenager with too much time on his hands,
    working in a darkened bedroom to tap into the computers of people in
    other cities on different continents for the sheer hell of it.
    
    The former blacksmith, internet administrator and web developer looks
    old beyond his 34 years - but nevertheless relaxed as he walks the
    gleaming walkways of the recently opened Botany Downs shopping centre,
    a few minutes' drive from his Bucklands Beach home.
    
    "I can remember when this was all just fields," he says.
    
    For the last couple of years green fields have been the farthest thing
    from his mind.
    
    For a while Garrett, one of the first in this country to be hauled
    before the courts for computer-related crimes, thought he was heading
    to prison.
    
    But earlier this month he was sentenced in the Manukau District Court
    to a six-months suspended sentence and 200 hours of community service
    for four fraud-related charges and a single charge of threatening to
    damage property.
    
    Just how Garrett ended up here is a long and complicated story. It
    started with a dispute between Garrett and Telecom over an outstanding
    $12,000 payment for telephone lines to his internet business, which
    escalated towards the end of 1997.
    
    "I wanted to develop The Hive as a passive revenue stream. A business
    that I could develop and leave for my kids when I passed on," he says
    of the fledgling internet service provider he was operating at the
    time.
    
    The dispute with Telecom dragged on through the early months of 1998
    as Garrett married his fiancee Deborah. They returned from their
    honeymoon, a one-night stay at Sky City, to find Telecom had pulled
    the plug on The Hive. Further attempts to resolve the dispute with
    Telecom failed.
    
    Garrett said he realised that taking legal action against Telecom for
    what he believed was "anti-competitive" behaviour would be a waste of
    time after, he claims, a Telecom employee told him the company would
    stretch out any legal action as long as it could.
    
    Unable to afford court action, he decided to hit back at the dominant
    telco in what he believed was the only way he could.
    
    Using a Trojan horse computer program, which allowed him to gain
    remote access to the computers of others, he gathered at least 200
    passwords, from a range of account holders, including some belonging
    to Xtra, Telecom's ISP as well as Ihug, Voyager, Clearnet and Best
    Net.
    
    Garrett still maintains his motive was not revenge, as suggested by
    Judge David Harvey at the end of his trial.
    
    His first comments to the media in November 1998 painted a different
    picture.
    
    "This is only the tip of the iceberg. There will be some other nasty
    things that will happen. Telecom has caused me a lot of grief. If I
    can put the boot in, I will," he told the Herald in his first media
    interview.
    
    "Granted, I was pissed off that Telecom put me out of business," says
    Garrett. "But what I thought the public needed to know was that if you
    have an account that is charged by the hour, and someone gets hold of
    your username and password, you would be liable."
    
    Garrett sent the passwords he had obtained to Herald IT editor Chris
    Barton, bringing his hacking activities to light and spurring Telecom
    to lodge a complaint against him with the police.
    
    Soon after, appearing to revel in the attention, Garrett appeared on
    Holmes, going head to head with Telecom's spokesperson, Glen Sowry.
    That appearance, submitted in court as evidence, would come back to
    haunt Garrett when it came to the critical question of a motive.
    Simply put, some of the stuff he said on the show didn't do him any
    good.
    
    "I don't do this for me, I do this for all the businesses that Telecom
    has ripped off," he proclaimed.
    
    Around the same time came a front page splash in a Wellington paper
    with the ominous headline: "I'll bring down Telecom - hacker."
    
    "[The company] didn't give a toss ... they're a bunch of rogues. They
    put me out of business ... treated me like shit for nine months.
    They're going to be taken down and that's why ... " he told the paper.
    
    While Garrett claimed he was exposing security deficiencies in
    Telecom's network for the public good, a substantial pile of evidence
    assembled by the Crown suggested his motives were not quite so pure.
    
    Most incriminating in Garrett's case was an electronic paper trail of
    e-mail correspondence and logs for the trojan program Back Orifice on
    a computer disk found with Garrett's computer - evidence picked up
    when police knocked on his door in March 1999 armed with a search
    warrant.
    
    Looking back, the Crown may have been scratching to have much of a
    case against Garrett were it not for the goldmine of information
    obtained from his hard drive and the associated Zip disk it seized.
    
    Computer logs showed Garrett used Back Orifice to retrieve password
    details from complete strangers. They also showed an attempt to send a
    threatening message to an internet user urging them to stop using Xtra
    as an internet provider or their hard drive would be wiped.
    
    Alone, the logs were damning, but Garrett's e-mails provided an even
    greater clue to what he was planning.
    
    "Did you run that proggy [sic] I sent you. Oops I forget to tell you
    not to, the app has a Trojan implant. Every time you connect to the
    net it will e-mail me and let me know," he said in an e-mail to
    friends.
    
    "There is no law in New Zealand that covers hacking so I'm pretty
    safe. The prison thing is just scare tactics, first they need to prove
    it was me at the terminal, and that's pretty hard to do," read
    another.
    
    Signs that Garrett even expected a visit from the police were also
    evident in his online musings.
    
    "Thaeres [sic] a thought, I had better remove the data from my
    machine, just in case they order a search warrant :), hehe. Now
    where's my encryption and archiving utils?"
    
    But Garrett claims he had nothing to hide. "A guilty person flushes
    the drugs down the toilet. At the end of the day I didn't have
    anything to hide," he says.
    
    He admits he was using Back Orifice as the founder of an internet help
    channel set up to combat the trojan. In this role he would access the
    computers of people infected with Back Orifice to warn them of the
    presence of the virus.
    
    The ease with which Back Orifice can be downloaded from the web,
    configured and used means keen users have become known as "script
    kiddies", because they need possess no skill at hacking.
    
    "The concept was to use Back Orifice to fight itself," says Garrett of
    the virus developed by the hacking group Cult of the Dead Cow, which
    was unleashed across the net in mid 1998.
    
    "I wanted to set it up in such a way that anyone who logged on to an
    internet service provider would automatically be scanned on that IP
    [internet protocol] address.
    
    "If they were infected with a Back Orifice Trojan, the program would
    automatically send them a warning dialogue box telling them so," he
    says of plans he had to develop a marketable program to combat the
    rampant Trojan.
    
    His own explanation for the existence of the incriminating material is
    long-winded and complicated, and not completely consistent.
    
    Garrett believes he himself had been hacked, infected with a Trojan -
    not good old Back Orifice, but a similar program called Net666. Thus,
    his computer was opened up to remote access in a case of villain
    turned victim.
    
    Infected with Net666 whoever it was who had Garrett in their nasty
    clutches was then able to use the copy of Back Orifice on his machine
    to launch attacks on other people's computers, creating logs as he
    went and attributing them to Garrett.
    
    A bit of a long shot? Everyone seemed to think so except Garrett and
    his defence team, which included veteran defence lawyer Barry Hart.
    
    Still, there were enough confusing factors in the case to persuade one
    juror there was doubt about Garrett's guilt, leaving the jury
    undecided on four other fraud-related charges and a charge of wilful
    damage.
    
    Garrett's story reads like a bit of a tragedy. He's an intelligent
    man. As Judge Harvey said in his summing up he has "good qualities".
    
    As a young, aspiring businessman, an amicable settlement to his
    dispute with Telecom could have seen Garrett go on to bigger things in
    the internet services world, which was riding the crest of the
    technology wave at the time. Who knows where Garrett would have ended
    up if he hadn't used a computer program to access the computer
    passwords of others, then splashed himself across the national media
    revealing his bitter resentment of Telecom.
    
    But the path he took in obtaining a few passwords over the internet
    has taken a toll on Garrett and his family. He claims the stress of
    his early battles with Telecom over outstanding bills caused his wife
    to suffer a miscarriage.
    
    Later, as the case reached its final stages, charges were laid against
    a teenager for molesting Garrett's 6-year-old son. That case was
    thrown out "due to a lack of evidence" says Garrett.
    
    A few weeks later Garrett was climbing the steps of the same court
    house to begin his own trial.
    
    Garrett has also remained unemployable, a position that has left the
    family of five financially crippled. Both he and his wife suffered
    health problems, stress-related illnesses according to Garrett.
    
    In a drawn-out case that attracted many colourful metaphors, perhaps
    the best came from Crown prosecutor Michael Heron who, in his closing
    statements, compared Garrett's actions to a person breaking into
    someone's house, having a look around and taking a copy of their keys,
    collecting five cents on the way out.
    
    In hindsight, Garrett accepts that obtaining the passwords and
    usernames was illegal. "Knowing what I know now, by obtaining those
    passwords I broke the law."
    
    But he maintains he was acting in the public's interests. "Essentially
    I didn't intend to defraud anyone. I was trying to highlight the fact
    that there was an issue with the billing structure of the internet."
    
    As he prepares to carry out his community service, which will see him
    introduce elderly members of the community to his world of computers
    and the internet, Garrett is uncertain about his future.
    
    He would like to find work again in the IT industry, but pre-occupied
    with his case for so long, his own computer skills are a bit rusty.
    
    Obviously disappointed with the outcome of the case, Garrett displays
    signs of acceptance that show he is ready to move on. "I've been dealt
    my cards, now I've got to play with them."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 05:14:17 PDT