http://www.siliconvalley.com/docs/news/tech/078319.htm Milwaukee Journal Sentinel Monday, Dec. 3, 2001 On Dec. 8, 1999, a network administrator for Qualcomm Inc. called the University of Wisconsin-Madison to report that he had traced a break-in of his company's computer system back to the school. Someone had obtained the highest level of access at Qualcomm, Scott Kennedy told school officials. The intruder had stolen user names and passwords and could sort through confidential company information. By 3 o'clock the next morning, school police and a university cybersleuth had cornered Jerome Heckenkamp in the stairwell of his dormitory and asked for the password for his personal computer. Court records say Heckenkamp chuckled when he gave it up. ``Hackme,'' he told them. In two separate cases, government prosecutors accused Heckenkamp of breaking into Qualcomm and other corporate computer systems while he was a student. Heckenkamp, who they say called himself ``MagicFX,'' was also accused of tampering with an unidentified witness. All told, prosecutors claim he caused more than $1 million damage, but they have not detailed exactly what he did. The first of his trials is set to begin Dec. 11 in San Diego. A second will be held in San Jose. If convicted on all counts, Heckenkamp could serve 120 years in prison and pay $5.75 million in fines. Through his attorney, Heckenkamp, now 22, declined to be interviewed for this story, but has said he is innocent and told university police and students who lived in his dorm that someone -- he didn't know who -- used his PC to break into other computers. His case illustrates how investigators track down hackers and how seriously corporations and the government take the prospect of illegal entry into computer systems. It also raises contentious privacy issues over how much control a college can have over a student's private computer. There also is Heckenkamp's own story. A home-schooled prodigy from the Town of Lisbon, Wis., Heckenkamp first went to college when he was 14 and worked at the Los Alamos National Laboratory at the time of his arrest. He taught himself algebra during his grade school years and spent only a year in public school before going to University of Wisconsin-Waukesha. At 16, he enrolled at UW-Madison, double-majored in math and computer science, and finished a master's (degree) in computer science at 19. But there were also signs well before his arrest that computers were becoming a problem for Heckenkamp. The Waukesha County Sheriff's Department visited the Heckenkamp home four times in 1996 and 1999, records show. Three of the visits came after disputes between Heckenkamp and his father over his use of the computer. The Qualcomm story begins in the fall of 1999 when the company's security personnel noticed someone was breaking into their system. The government charged that Heckenkamp first cracked into a computer at the San Diego-based company on Oct. 12 and made a series of hacks on Dec. 2 and Dec. 3. According to court records, the hacker gained access to seven different computers at the Fortune 500 company, stashed stolen user names and passwords in encrypted files and left software on each machine so he could come and go as he pleased. The intruder obtained what is known as ``root'' authority -- the highest level of control of a computer. That authority allowed the person to modify files at will. In a key misstep, the hacker left electronic footprints that allowed Kennedy to track him across three computer networks to a cluster of UW-Madison computers that handles e-mail for 60,000 people. Kennedy called the school. On Dec. 8, 1999, the university's network staff began combing through its e-mail server, and just like at Qualcomm, found that someone had grabbed user names and passwords and stored them in a file in the school's computer. ``It was very worrisome,'' Jeffrey Savoy told the court in San Diego during a hearing in July when the school network investigator discovered someone had broken in and obtained root authority. ``You are allowed to do anything on that machine you want.'' As Savoy rummaged through the file of stolen user names and passwords, he recognized the pilfered identities of several university employees -- including his own. PCs tied to the school's network have their own unique address, and in a second mistake, the hacker failed to hide his own address, according to the government. Savoy, who said under cross-examination that he is sometimes called ``007 dotcom,'' was able to trace the address to Heckenkamp. Savoy was familiar with Heckenkamp because in 1997 university officials had disciplined the student after an unauthorized break-in of a Philadelphia Internet service provider. Savoy also knew that Heckenkamp was close to finishing his master's (degree) in computer science. Savoy put a block on Heckenkamp's account so he could not get onto the Internet. With finals approaching, Savoy said he was alarmed that the hacker could damage a key part of the school infrastructure. When he got home that night, Savoy logged on again and discovered that whomever was using Heckenkamp's account -- he thought it was Heckenkamp -- had switched to another university account -- and was back online. ``I felt a heightened alert (that UW-Madison's computers) could be compromised,'' Savoy testified. ``If the intruder at this point knows that he's being investigated, based on my past experiences, they could burn bridges and that could entail destroying whole machines to cover their tracks.'' This is when Savoy used his security clearance to peer into the files of the computer now in use under the switched account. He found hacker tools. Savoy was almost certain he was dealing with Heckenkamp. The FBI's office in San Diego, meanwhile, was talking to the FBI in Madison, and Savoy and the UW-Madison police also were phoning back and forth. Savoy and the police decided to go to Heckenkamp's dorm to find out whose computer was involved. Using housing records, they first went to the room assigned to the account that had been switched. They woke up the students, examined the contents of the computer and concluded it was not involved. Then they went to Heckenkamp's room. The door was partially open. Savoy could see that Heckenkamp's computer was connected to the school network. According to court records, Savoy walked in and disconnected it from the network. As they left the room, Heckenkamp walked up. After giving up his password, Savoy asked to copy the contents of his hard drive, which would tell authorities everything that was on the computer. Here the testimony differs widely. Heckenkamp said he did not give permission, but Savoy and several police officers testified that he did. Savoy found the same hacker tools that he had seen previously. Later that day, the FBI obtained a search warrant and removed Heckenkamp's Compaq Presario and other items, including the book, ``The Hacker Crackdown.'' Jennifer Granick, Heckenkamp's attorney and clinical director at the Center for Internet and Society at Stanford University, has frequently assailed the government's overzealous prosecution of hacker cases. In this case, she believes that UW-Madison and its police invaded Heckenkamp's privacy. Granick charges that Savoy improperly tapped Heckenkamp's private dorm computer from a remote computer and looked through his files. ``The officers could have simply disconnected the computer from the wall, walked out, closed the dorm room and waited for a warrant to arrive,'' she said in court documents. UW-Madison officials have defended Savoy's actions, and Federal Judge Napoleon A. Jones Jr., who is presiding over the San Diego case, has sided with the government by ruling that the school's searches were proper and the evidence against Heckenkamp could be used in the trial. But the privacy issue is not dead because the judge in San Jose has agreed to take it up again. The government has not publicly detailed Heckenkamp's alleged exploits as MagicFX beyond charging that he hacked into a half dozen other companies, including eBay Inc. and E(ASTERISK)Trade Inc., over a nine-month period. Kevin Pursglove, a spokesman for eBay, said the company reported a March 1999 hack into the company's network by someone purporting to be MagicFX. In 1999, a hacker identifying himself as MagicFX detailed to Forbes magazine how he broke into eBay on March 13, 1999 -- Heckenkamp would have been 19 -- and briefly took down the company's home page and replaced it with a message that read, in part: ``Proof by MagicFX that you can't always trust people.'' MagicFX told Forbes he hacked eBay because he said he wanted to see how large electronic commerce sites work. He also bragged that he had broken into other sites, including monicalewinsky.com because he was ``anti-Clinton.'' Another curious aspect of Heckenkamp's case is that he was hired at Los Alamos while under investigation by the FBI. The federal research lab in New Mexico is where atomic weapons were developed and tested during World War II. Heckenkamp was hired in June 2000, about seven months after his dorm room was searched. In July, the FBI told Los Alamos officials that their new employee was a suspect in a spate of computer hacks. Heckenkamp was arrested in January of this year in New Mexico while he was working at Los Alamos. His job: Find vulnerabilities in the lab's computer network. ``He was good at what he did, obviously,'' spokesman James D. Danneskiold said. While the lab was aware of an FBI investigation, ``an investigation does not imply that someone is guilty of any crime,'' Danneskiold said. Heckenkamp was fired after his arrest. ``Heckenkamp's managers were very careful to make sure he had no access to classified data whatsoever,'' Danneskiold said. Although some of Heckenkamp's supporters say the government has tried to settle the case, both the government and his lawyers declined to comment on whether a plea bargain was discussed. Only six hackers are currently serving time in federal prisons, according to Kevin Poulsen, a convicted hacker turned journalist who reports on computer security issues. ``It is almost unheard of for a hacker case to go to trial,'' Poulsen said. ``This case, there is no confession. Normally hackers will talk about it.'' Heckenkamp grew up in a part of the Town of Lisbon, where farm fields mingle with subdivisions. One of his closest friends is his cousin, Joel Heckenkamp, a student at UW-Whitewater, who lived nearby. Joel Heckenkamp said that his cousin does not fit the model of the stereotypical hacker. While not a social gadfly, he did not seem overly interested in computers, and he had other interests. ``We skateboarded and we built our own ramps,'' said Joel Heckenkamp, now a college wrestler. ``We camped a lot and would go out into the woods near Jerome's house.'' But even before his arrest, computers had gotten Heckenkamp into trouble. Heckenkamp was disciplined by UW-Madison in 1997 -- he would have been about 16 -- for an unauthorized break-in to the Philadelphia ISP. UW-Madison officials declined to elaborate on the matter. As a teenager, there were disputes in 1996 and 1999 at home involving his computer use -- prompting the visits from the Waukesha County Sheriff's Department, records show. In the last incident, on March 10, 1999 when he was 19, Jerome turned over a chair in the living room and knocked a flashlight out of his father's hand after Thomas Heckenkamp told his son he did not want him to go on the Internet. Charges of disorderly conduct against Jerome later were dropped. ``I don't think that it was so much about computers as it was the time of the day he was using them,'' said Thomas Heckenkamp, a steadfast defender of his son's innocence against the hacker charges. Jerome Heckenkamp is free on $50,000 bond and now lives in San Jose so he can help prepare for his trial. As a condition of his bond, Heckenkamp can not use the Internet. He is doing computer work for a wealthy Californian who put up his bail and is teaching at a private school founded by the businessman's family. Joel Bumb's family business interests include Bay 101, a San Jose gaming club and the San Jose Flea Market. The flea market is reputed to be the largest venue of its kind in the country. Bumb has read many of the documents in the case and is ``completely convinced'' of Heckenkamp's innocence, he said in a fax to the Milwaukee Journal Sentinel. He said his family and the Heckenkamp family were introduced by a mutual friend. ``After meeting Jerome and becoming acquainted with him, I was taken by his unassuming nature.'' Bumb said. ``Jerome mixes youthful innocence with a mature view of the situation.'' Now, with his college days behind him, and the specter of to criminal trials before him, that ``youthful innocence'' will be put to the test. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 04:25:06 PST